** A **
abuse, computer
The willful or negligent unauthorized activity that affects the availability,
confidentiality, or integrity
of computer resources. Computer abuse includes
fraud, embezzlement, theft, malicious damage, unauthorized use, denial
of service, and misappropriation. {see also: fraud,
computer}
access
The ability and means to communicate with or otherwise interact with a
system in order to use system resources to either
handle information or gain knowledge of the information the system contains.
Also, the privilege to use computer information
in some manner.
accountability
The property that enables activities on a system to be traced to individuals
who may then be held responsible for their actions. It requires an authentication
system (to identify users) and an audit trail
(to log activities against users). {see also: availability,
confidentiality, integrity}
active attack
See attack
administrative security
The management constraints and supplemental controls established to provide
an acceptable level of protection for data.
adware
Any software application in which advertising banners are displayed while
the program is running; applications include additional code that delivers
the ads, which can be viewed through pop-up windows or through a bar that
appears on a computer screen.{see also: spyware}
attack
An attempt to subvert or bypass a system's security, which may or may
not be successful.
- Active vs. passive: An "active attack" attempts
to alter system resources or affect their operation.
A "passive attack" attempts to learn or make use of information
from the system but does not affect system resources.
- Insider vs. outsider: An "insider attack" is an
attack initiated by an entity inside the security perimeter (an "insider"),
i.e., an entity that is authorized to access system
resources but uses them in a way not approved
by those who granted the authorization.
An "outsider attack" is initiated from outside the perimeter,
by an unauthorized or illegitimate user of the system (an "outsider").
In the Internet, potential outside attackers
range from amateur pranksters to organized criminals, international
terrorists, and hostile governments.
audit
1) The process of compiling a list of all software
and/or hardware installed on one or more PCs.
Once the audit has been performed, the data can be analyzed to check for
unauthorized software, missing hardware
components, etc.
2) The process of compiling a list of all security relevant events. This
should include the user causing the event.
audit trail
A chronological record of when users log in, how long they arc engaged
in various activities, what they were doing, and whether any actual or
attempted security violations occurred.
authentication
The process of establishing the legitimacy of a user before allowing access
to requested information. During the process, the user enters a name or
account number (identification) and password (authentication). {see also:
authorization}
authorization
The process of determining what types of activities are permitted. Usually,
authorization is in the context of authentication.
Once a user has been authenticated, the user may be authorized different
types of access or activity. {see also: authentication}
availability
The requirement that information and/or services be available to an authorized
user on demand. Attacks against the availability
of an information resource are called denial
of service (DoS) attacks. {see also: accountability,
confidentiality, integrity}
back door
An undocumented way of gaining access to a program,
online service or an entire computer system; a hidden computer flaw known
to an intruder, or a hidden computer mechanism
(usually software) installed by an intruder,
who can activate the back door to gain access to
the computer without being blocked by security services or mechanisms.
Frequently left by rootkits as well as Trojan
horses and other forms of malware. Also referred
to as a trap door.
bandwidth
A term that describes the amount of information that can be passed through
a communications channel in a given amount of time; that is, the capacity
of the channel. Bandwidth is usually expressed in '(kilo/mega)bits per
second'.
biometrics
The use of a computer user's unique physical characteristics -- such as
fingerprints, voice, and retina -- to identify that user .
bit
Short for binary digit, the smallest unit of data in a computer.
A bit has a single binary value, either 0 or 1, and is abbreviated with
a small "b".
black hat
A term used to describe a hacker who has the intention of causing damage
or stealing information.
bridge
A product that connects a LAN to another LAN that
uses the same protocol. {see also: gateway, hub,
router, switch}
buffer overflow
A buffer is an area of memory used to hold data for processing, and it
has a predetermined size based on the hardware platform and the operating
system. If the data being placed into the buffer is too large, not checked,
and allowed to overflow the buffer, it can have unexpected effects. At
best, the excess data is simply lost; at worst, the excess data might
overwrite other legitimate data, allowing a cracker
to take control of a system or simply crash it.
byte
A unit of data that is eight binary digits (bits) long,
and is abbreviated with an upper-case "B". A byte is the unit
most computers use to represent a character such as a letter, number,
or typographic symbol (for example, "g", "5", or "?"). Byte multiples
are based on powers of 2 and commonly expressed as a "rounded off" decimal
number. {see also: kilobyte, megabyte,
gigabyte, terabyte}
ciphertext
Data that has been encrypted
compromise
An intrusion of security policy, which has the
potential of disclosing private system information to an unauthorized
user.
compromise, data
A security incident in which information
is exposed to potential unauthorized access, such
that unauthorized disclosure, alteration, or
use of the information may have occurred.
computer abuse
See abuse, computer
computer fraud
See fraud, computer
Computer Fraud and Abuse Act, 18 U.S.C. §1030:
The primary federal anti-hacking statute; criminalizes seven forms of
activities:
1) Section (a)(1) prohibits the knowing access
of computers to obtain classified information without authorization
or in excess of authorization;
2) Section (a)(2) prohibits the intentional access
of a computer to obtain information from a financial institution, the
federal government, or any protected computer involved in interstate
or foreign communications (essentially any computer connected to the
Internet) without authorization
or in excess of authorization;
3) Section (a)(3) prohibits the intentional and unauthorized
access of computers of the federal government,
or computers used by or for the government when the access
affects the government's use of that computer;
4) Section (a)(4) prohibits the knowing access
of a protected computer without authorization
or in excess of authorization with the
intent to defraud;
5) Section (a)(5)(A) prohibits anyone from knowingly causing
the transmission of a program, information, code, or command, and as
a result of such conduct, intentionally causes damage without authorization,
to a protected computer. Section (a)(5)(B) prohibits the intentional
unauthorized access of a computer that recklessly
causes damage. Section (a)(5)(C) covers the intentional unauthorized
access of a computer that negligently causes damage;
6) Section (a)(6) prohibits the knowing trafficking of computer
passwords with the intent to defraud;
7) Section (a)(7) prohibits the transmission of communications
containing threats to cause damage to a protected computer.
computer security
Technological and managerial procedures applied to computer systems to
ensure the availability, integrity,
and confidentiality of information managed
by the computer system. Often synonymous with information
security.
Computer Security Act of 1987
Requires agencies to identify sensitive systems, conduct computer security
training, and develop computer security plans.
computer security incident
See incident, computer security
confidentiality
A requirement that private or confidential information not be disclosed
to unauthorized individuals, entities, or processes. Data whose confidentiality
has failed is said to be compromised. {see also: accountability,
availability, integrity}
confidentiality, data
The property that information is not made available or disclosed to unauthorized
individuals, entities, or processes. {see also: integrity,
data; security, data}
corruption
An action that undesirably alters system operation by adversely modifying
system functions or data.
countermeasure
Any action or device that reduces a computer system's vulnerability
cracker
Generally considered to be a hacker who has turned
to the dark side; that is, a hacker who breaks into
other systems with the specific purpose of causing damage or stealing
data. A derogative term, it should be used instead of hacker
for computer security incidents. {see
also: intruder,
packet monkey, script
kiddie}
cracking
The act of breaking into a computer system. {see also: hacking}
crimeware
Crimeware is any computer program or set of programs designed expressly
to facilitate illegal activity online. (more
info)
critical
A condition of a service or other system resource
such that denial of access to (i.e., lack of availability
of) that resource would jeopardize a system user's
ability to perform a primary function or would result in other serious
consequences. {see also: sensitive (information)}
cryptography
Protecting information or hiding its meaning by converting it into a secret
code before sending it out over a public network.
data compromise
See compromise, data
data confidentiality
See confidentiality, data
data integrity
See integrity, data
data security
See security, data
decentralized server
See server, decentralized
deception
A circumstance or event that may result in an authorized entity receiving
false data and believing it to be true.
demilitarized zone
A computer host or small network inserted as a "neutral zone" between
a company's private network and the outside public network. It prevents
outside users from getting direct access to a server that has company
data. (The term comes from the geographic buffer zone that was set up
between North Korea and South Korea following the war in the early 1950s.)
A DMZ is an optional and more secure approach to a firewall and effectively
acts as a proxy server as well. In a typical DMZ configuration for a small
company, a separate computer (or host in network terms) receives requests
from users within the private network for access to Web sites or other
companies accessible on the public network. The DMZ host then initiates
sessions for these requests on the public network. However, the DMZ host
is not able to initiate a session back into the private network. It can
only forward packets that have already been requested. Users of the public
network outside the company can access only the DMZ host. The DMZ may
typically also have the company's Web pages so these could be served to
the outside world. However, the DMZ provides access to no other company
data. In the event that an outside user penetrated the DMZ host's security,
the Web pages might be corrupted but no other company information would
be exposed.
denial of service (DoS)
The prevention of authorized access to a system
resource or the delaying of system operations
and functions. {see also: distributed denial of
service (DDoS) attack, e-mail bomb}
disclosure
A circumstance or event whereby an entity gains access
to data for which the entity is not authorized.
distributed denial-of-service (DDoS) attack
An attack in which a multitude of compromised systems
attack a single target, thereby causing denial
of service for users of the targeted system. The flood of incoming
messages to the target system essentially forces it to shut down, thereby
denying service to the system to legitimate users. {see also: denial
of service (DoS)}
DMZ
See demilitarized zone
dumpster diving
Looking through trash for personal data, access codes, or other sensitive information
e-mail bomb
Code that, when executed, sends many messages to the same address(s) for
the purpose of using up disk space and/or overloading the e-mail or web
server. {see also: denial of service (DoS),
logic bomb, malicious
logic, malware, Trojan
horse, virus, worm}
encryption
The process of changing data into a form that can be read only by the
intended receiver. Encryption is the conversion of data into a form, called
a ciphertext, which cannot be easily understood by unauthorized people.
Decryption is the process of converting encrypted data back into its original
form, so it can be understood.
exposure
A threat action whereby sensitive data is directly
released to an unauthorized entity.
extranet
A computer network that an organization uses to carry application data
traffic between the organization and its business partners. {see also:
intranet, virtual private network
(VPN)}
failover
A backup operational mode in which the functions of a system component
(such as a processor, server, network, or database, for example) are assumed
by secondary system components when the primary component becomes unavailable
through either failure or scheduled down time.
firewall
A system designed to prevent unauthorized access
to or from a private network. Firewalls can be implemented in both hardware
and software, or a combination of both. They are
frequently used to prevent unauthorized Internet
users from accessing private networks connected to the Internet,
especially intranets. All messages entering or
leaving the intranet pass through the firewall,
which examines each message and blocks those that do not meet the specified
security criteria/policy requirements.
firmware
Software (programs or data) that has been written
onto read-only memory (ROM).
Firmware is a combination of software and hardware.
ROM
s,
PROM
s and
EPROM
s that have data or programs recorded on them are considered firmware.
fraud, computer
Computer-related crimes involving deliberate misrepresentation, unauthorized
disclosure, or alteration of data in order to
obtain something of value. {see also: abuse,
computer}
gateway
A network point that acts as an entrance to another network. {see also:
bridge, hub, router,
switch}
gigabyte
A measurement of digital data storage or transfer capacity, abbreviated
GB. A true gigabyte is equal to a kilo-kilo-kilobyte
(1024*1024*1024 bytes) or 1,073,741,824 bytes. This
is usually confused with the advertising gigabyte which is only 1,000,000,000
(one billion) bytes.
hacker
A slang term for a computer enthusiast, i.e., a person who enjoys learning
programming languages and computer systems and can often be considered
an expert on the subject(s). The pejorative sense of hacker is becoming
more prominent largely because the popular press has co-opted the term
to refer to individuals who gain unauthorized access to computer systems
for the purpose of stealing and corrupting data. {see instead: cracker}
hacking
Unauthorized use, or attempts to circumvent or bypass the security mechanisms
of an information system or network. {see also: cracking}
hacktivism
The act of hacking, or breaking into a computer
system, for a politically or socially motivated purpose. The individual
who performs an act of hacktivism is said to be a hacktivist.
hardware
Refers to objects that you can actually touch, like disks, disk drives,
display screens, keyboards, printers, boards, and chips. In contrast,
software is untouchable. Software
exists as ideas, concepts, and symbols, but it has no substance.
hijacking
The process of taking over a live connection between two users so that
the attacker can masquerade as one of the users.
hub
A common connection point for devices in a network, commonly used to connect
segments of a LAN. A hub contains multiple ports;
when a packet arrives at one port, it is copied to the other ports so
that all segments of the LAN can see all packets. {see also: bridge,
gateway, router, switch}
incident, computer security
Any intrusion or attempted intrusion
into an information system; incidents can include probes of multiple computer
systems.
information security
The result of any system of policies and/or procedures for identifying,
controlling, and protecting information from unauthorized disclosure.
Often synonymous with computer security.
insider attack
See attack
insiders
Those individuals who work for the target organization or have a relationship
with the organization that grants the individual some level of access.
This includes employees, contractors, business partners, customers, subcontractors,
etc.
integrity
The assurance that information can only be accessed or modified by those
authorized to do so. Data whose integrity has failed is said to be corrupted.
{see also: accountability, availability,
confidentiality}
integrity, data
The property that data has not been changed, destroyed, or lost in an
unauthorized or accidental manner. {see also: confidentiality,
data; security, data}
internet vs. Internet
Not capitalized: A popular abbreviation for "internetwork".
Capitalized: "The Internet" is the single, interconnected,
worldwide system of commercial, government, educational, and other computer
networks that share the set of protocols specified by the Internet Advisory
Board. {see also: web vs. Web}
intranet
A computer network, especially one based on Internet
technology, that an organization uses for its own internal, and usually
private, purposes and that is closed to outsiders. {see also: extranet,
virtual private network (VPN)}
intruder
An entity that gains or attempts to gain access
to a system or system resource without having
authorization to do so. {see also: ankle-biter,
cracker, packet monkey,
script kiddie}
intrusion
Any set of actions that attempt to compromise
the integrity, confidentiality,
or availability of a resource.
intrusion detection
Detection of break-ins or break-in attempts either manually or via software
expert systems that operate on logs or other information available on
the network.
intrusion detection system (IDS)
A hardware/software solution
that inspects all inbound and outbound network activity and identifies
suspicious patterns that may indicate a network or system attack from
someone attempting to break into or compromise
a system.
intrusion, security
A security event, or a combination of multiple security events, that constitutes
a security incident in which an intruder
gains, or attempts to gain, access to a system (or
system resource) without having authorization
to do so.
IP spoofing
An attack where the attacker disguises himself or herself as another user
by means of a false IP network address.
keylogger
A hardware device or a software application designed to capture user keystrokes. The device or application is usually installed without the user's knowledge, and is used to capture user information (passwords, credit card information, PINs, etc.). The information is later retrieved by the intruder.
keystroke monitoring
The process of recording every character typed by a computer user on a
keyboard.
kilobyte
A measurement of digital data storage or transfer capacity, abbreviated
KB. A true kilobyte is equal to 1,024 bytes. This
is usually confused with the advertising kilobyte which is only 1,000
(one thousand) bytes.
LAN
See local area network
LAN-jacking
See war driving
letterbomb
An e-mail containing live data intended to cause damage to the recipient's
computer. {see also: e-mail bomb}
load balancing
Dividing the amount of work that a computer has to do between two or more
computers so that more work gets done in the same amount of time and,
in general, all users get served faster. This can be applied to network appliances, as well.
local area network
A group of computers and associated devices that share a common communications
line and typically share the resources of a single processor or server
within a small geographic area (for example, within an office building
or on a campus). Usually, the server has applications and data storage
that are shared in common by multiple computer users. A local area network
may serve as few as two or three users (for example, in a home network)
or many as thousands of users (for example, in a university setting).
logging
The process of storing information about events that occurred on a firewall, network, or server.
logic bomb
Malicious logic that activates when specified
conditions are met. Usually intended to cause denial
of service or otherwise damage system resources.
{see also: e-mail bomb, malicious
logic, malware, Trojan
horse, virus, worm}
malicious logic
Hardware, software, or
firmware that is intentionally included or inserted in a system for a
harmful purpose. {see also: e-mail bomb, logic
bomb, malware, Trojan
horse, virus, worm}
malware
A generic term increasingly being used to describe any form of malicious
software. A contraction of "malicious software".
{see also: e-mail bomb, logic
bomb, malicious logic, Trojan
horse, virus, worm)
megabyte
A measurement of digital data storage or transfer capacity, abbreviated
MB. A true megabyte is equal to a kilo-kilobyte
(1024*1024 bytes) or 1,048,576 bytes. This is usually
confused with the advertising megabyte which is only 1,000,000 (one million)
bytes.
Moore's Law
The observation made in 1965 by Gordon Moore, co-founder of Intel, that
the number of transistors per square inch on integrated circuits had doubled
every year since the integrated circuit was invented. Moore predicted
that this trend would continue for the foreseeable future. In subsequent
years, the pace slowed down a bit, but data density has doubled approximately
every 18 months, and this is the current definition of Moore's Law, which
Moore himself has blessed. Most experts, including Moore himself, expect
Moore's Law to hold for at least another two decades.
need-to-know
The necessity for access to, knowledge of, or possession
of specific information required to carry out official duties.
network security
Protection of networks and their services from unauthorized modification,
destruction, or disclosure, and provision of
assurance that the network performs its critical functions correctly and
there are no harmful side-effects. Network security includes providing
for data integrity.
non-public IT resources
Any IT resources that require a higher level of protection from exposure
by user login or other authentication. These can also be either external
(such as a study website that requires a login to access it) or internal
(study websites, internal databases on servers, mapped shares, etc.) {see
also: public IT resources}
ohnosecond
That minuscule fraction of time in which you realize that your (insert
function here) has been compromised.
one-time password
A password that can be used only once, usually randomly generated by special
software.
outsider attack
See attack
packet monkey
Someone who intentionally inundates a Web site or network with data packets,
resulting in a denial-of-service situation
for users of the attacked site or network. Packet monkeys typically use
tools created and made available on the Internet
by hackers, but have little understanding of the
harm that may be caused. Typically, packet monkey exploits are random
and without any purpose other than the thrill of making an effect. {see
also: ankle-biter, cracker,
intruder, script kiddie}
passive attack
See attack
password
A data string used to verify the identity of a user.
peer-to-peer
Referred to as P2P, a type of transient Internet
network that allows a group of computer users with the same networking
program to connect with each other and directly access files from one
another's hard drives. {see also: Health Science Center
P2P policy}
penetration
Gaining unauthorized logical access to sensitive
data by circumventing a system's protections.
penetration test
A system test in which evaluators attempt to circumvent the security features
of the system.
personnel security
Procedures to ensure that persons who access a system
have proper clearance, authorization, and
need-to-know as required by the system's security
policy.
phishing
The use of e-mail spam and social engineering to entice users to give up personal
information (passwords, credit card information, etc.). The phishing e-mail (phish)
identifies itself as being from a trusted entity (bank, credit union, service provider,
credit card company, e-mail administrator, etc.)
phracker
A person who combines phone phreaking with computer
hacking.
phreaker
A person who hacks telephone systems, usually for the purpose of making
free phone calls.
physical security
The measures used to provide physical protection of resources
against deliberate and accidental threats. ("Guns, gates, and guards.")
piggyback
Gaining unauthorized access to a computer system via another user's legitimate
connection. This is similar to tailgating through a security checkpoint.
ping of death
A form of denial of service caused by sending oversized and malformed pings to a computer.
piracy
The copying or usage of software, music, or moview
without permission from the copyright holders. There are potentially stiff
penalties for software piracy. In the United States,
software pirates can be punished with statutory
damages of up to $100,000. If convicted of a felony charge of software
piracy, offenders can get up to a five-year prison sentence plus fines
of up to $250,000 for each work that is infringed.
privacy
The right of individuals to control or influence what information related
to them may be collected and stored, and by whom and to whom that information
may be disclosed.
privilege
An authorization or set of authorizations
to perform security-relevant functions, especially in the context of a
computer operating system.
public IT resources
Any non-sensitive, generally available information that can be made available
without the need for individual logins or other forms of authentication.
Public IT resources can be either externally available (such as the Health Science Center
website and some departmental or study sites) or could be internal only
(such as a departmental website with documents and information only for
members of that department). Databases and other potentially sensitive
or proprietary information are rarely public IT resources. {see also:
non-public IT resources}
resource
Generally, anything that can be used and/or shared while performing a
function. Physical devices, such as printers, disk drives, and memory,
are resources. Logical devices, such as directories, programs, files,
and data, are also included. The term has recently grown to include other,
more esoteric items such as time, bandwidth,
and user effort.
retro-virus
A virus that waits until all possible backup media
are infected, too, so that it is not possible to restore the system to
an uninfected state. {see also: virus}
risk assessment
The process of studying the vulnerabilities, threats to, and likelihood
of attacks on a computer system or network.
rootkit
A collection of tools that allows a hacker to provide
a back door into a system, collect information
on other systems on the network, mask the fact that the system is compromised,
and much more; a classic example of the use of a Trojan
horse.
router
Hardware or software that determines the next network point to which a
packet should be forwarded toward its destination; it is connected to
at least two networks and decides which way to send each information packet
based on its current understanding of the state of the networks it is
connected to. {see also: bridge, gateway,
hub, switch}
sanitize
Delete sensitive data from a file, a device,
or a system; or modify data so as to be able to downgrade its classification
level.
script kiddie
(Also, script kiddy) A derogative term, originated by the more sophisticated
crackers of computer security systems, for the
more immature, but unfortunately often just as dangerous exploiter of
security lapses on the Internet. The typical script
kiddie uses existing and frequently well-known and easy-to-find techniques
and programs or scripts to search for and exploit weaknesses in other
computers on the Internet - often randomly and
with little regard or perhaps even understanding of the potentially harmful
consequences. Hackers view script kiddies with alarm
and contempt since they do nothing to advance the "art" of hacking
but sometimes unleashing the wrath of authority on the entire hacker
community. While a hacker will take pride in the
quality of an attack - leaving no trace of an intrusion,
for example - a script kiddie may aim at quantity, seeing the number of
attacks that can be mounted as a way to obtain attention and notoriety.
Script kiddies are sometimes portrayed in media as bored, lonely teenagers
seeking recognition from their peers. {see also:
cracker, intruder, packet
monkey}
security incident
A security-relevant system event in which the system's security policy
is disobeyed or otherwise breached.
security intrusion
See intrusion, security
security, administrative
See administrative security
security, data
The protection of data from disclosure, alteration,
destruction, or loss that either is accidental or is intentional but unauthorized.
Both data confidentiality and data
integrity are needed to achieve data security. {see also: confidentiality,
data; integrity, data}
security, information
See information security
security, network
See network security
security, personnel
See personnel security
security, physical
See physical security
sensitive (information)
Information is sensitive if disclosure, alteration,
destruction, or loss of the information would adversely affect the interests
or business of its owner or user. {see also: critical}
server
Any computer system connected to the Health Science Center network that:
1) is a data processing device which has an assigned IP address within
the University’s static IP range and is capable of either multiple
simultaneous connections or any remote connections to allow use or administration
of the system,
or
2) is a data processing device shown to be offering connectivity or services
that are consistent with those that would be offered by a server (i.e.
telnet, ftp, smtp, web pages, and others).
Printers and other peripheral devices with assigned static IP addresses
are not servers, but desktop PCs (any OS) that host a web page or allow
remote logins must be treated as servers, whether they have static IPs
or not, because those services open the computer and the network up to
some of the same threats as servers. Desktop computers offering shared
directories and files will not be considered servers unless they are specifically
designated as such by the owning department. Servers that reside on the
Health Science Center network but are fully or partially owned or managed by other institutions
must still meet University standards in order to remain on the network.
Systems that reside on other institution’s networks but are owned
by the University and used primarily for University-related functions are considered
Health Science Center servers and must comply with University standards except where
they conflict with established standards or functionality on the network
where they reside. {see also: server, decentralized}
server, decentralized
Any server that is physically located outside of the Health Science Center Central Computing
Facility or is not administered by Systems and Network Operations staff
smart card
A credit-card-sized device with embedded microelectronics circuitry for
storing information about an individual.
sniffer
A program and/or device that monitors data traveling over a network. Sniffers
can be used both for legitimate network management functions and for stealing
information off a network.
social engineering
The acquisition of sensitive information or inappropriate
access privileges by an
outsider, based upon the building of inappropriate trust relationships
with insiders. Security experts propose that as
our culture becomes more dependent on information, social engineering
will remain the greatest threat to any security system. Prevention includes
educating people about the value of information, training them to protect
it, and increasing people's awareness of how social engineers operate.
- "Always remember: amateurs hack systems, professionals hack people."
Bruce Schneier, CTO, Counterpane Internet Security, Inc. Dec 2000
software
Computer instructions or data. Anything that can be stored electronically
is software. The storage devices and display devices are hardware.
spam
Verb: To indiscriminately send unsolicited, unwanted, irrelevant,
or inappropriate messages, especially commercial advertising in mass quantities.
Noun: electronic "junk mail".
In sufficient volume, spam can cause denial
of service. According to the SPAM Web site, the term was adopted as
a result of the Monty Python skit in which a group of Vikings sang a chorus
of 'SPAM, SPAM, SPAM . . .' in an increasing crescendo, drowning out other
conversation. Hence, the analogy applied because unsolicited commercial
e-mail was drowning out normal discourse on the Internet.
spim
Unsolicited e-mail ("spam") on
instant messaging (IM); spam + IM = spim
spoofing
The process of disguising one computer user as another.
spyware
Any software that covertly gathers user information through the user's
Internet connection without his or her knowledge,
usually for advertising purposes; typically bundled as a hidden component
of freeware or shareware programs that can be downloaded from the Internet;
once installed, monitors user activity on the Internet and transmits that
information in the background to someone else; can also gather information
about e-mail addresses and even passwords and credit card numbers. {see
also: adware, peer-to-peer, Trojan
horse}
[DRAFT] Unwanted technologies that impair users' control over: material
changes that affect their user experience, privacy, or system security;
use of their system resources, including what programs are installed on
their computers; or collection, use, and distribution of their personal
information (www.antispywarecoalition.org)
switch
A network device that selects a path or circuit for sending a data to
its next destination. {see also: bridge, gateway,
hub, router}
tailgating
The act of following an authorized user through a security checkpoint or access-controlled door. The tailgater does not have the necessary credentials but takes advantage of the authorized user not being vigilant.
terabyte
A measurement of digital data storage or transfer capacity, abbreviated
TB. A true terabyte is equal to a kilo-kilo-kilo-kilobyte
(or mega-megabyte = 1024*1024*1024*1024 bytes)
or 1,099,511,627,776 bytes. This is usually confused with the advertising
terabyte which is only 1,000,000,000,000 bytes.
trap door
See back door
Trojan horse
An apparently useful and innocent program containing additional hidden
code, which allows the unauthorized collection, exploitation, falsification,
or destruction of data. {see also: e-mail bomb,
logic bomb, malicious
logic, malware, virus,
worm}
uniform resource locator
Abbreviated URL, it is the standardized format for the global addresses
of documents and other resources on the Internet or World Wide Web, generally
in the form "protocol.organization_or_domain.domain_type".
"www.uthscsa.edu" is the URL for the UT Health Science
Center's home page on the Web; "www" is the protocol
(World Wide Web), "uthscsa" is the domain, and "edu"
represents an educational institution. A more detailed explanation can
be found here.
vaporware
A sarcastic term used to designate software and
hardware products that have been announced and
advertised but are not yet available.
virtual private network (VPN)
A restricted-use, logical (i.e., artificial or simulated) computer network
that is constructed from the system resources
of a relatively public, physical (i.e., real) network (such as the Internet),
often by using encryption (located at hosts
or gateways), and often by tunneling links of the virtual network across
the real network. {see also: extranet, intranet}
virus
A program or piece of code that is loaded onto a computer without the
user's knowledge and runs against the user's wishes. Most viruses can
also replicate themselves. {see also: e-mail bomb,
logic bomb, malicious
logic, malware, retro-virus,
Trojan horse, worm}
virus hoax
A false warning about a computer virus. Typically,
the warning arrives in an e-mail note or is distributed through a note
in a company's internal network. These notes are usually forwarded using
distribution lists and they will typically suggest that the recipient
forward the note to other distribution lists. Though they are only hoaxes,
they do serve to waste valuable network resources
and personnel time and effort.
WAN
See wide area network
warez
The slang name for pirated software (a corruption
of "softwares", pronounced "wares") used by those who obtain
and circulate pirated software for pleasure or
profit. The term is used mostly in the US.
war dialer
A program that dials a given list or range of numbers and records those
which answer with modem tones, which might be entry points to computer
or telecommunications systems.
war driving
A computer cracking technique that involves driving
through a neighborhood with a wireless-enabled notebook computer and mapping
houses and businesses that have wireless access points.
web vs. Web
Capitalized: Either a noun or an adjective referring specifically
to the World Wide Web. {see also: internet
vs. Internet}
Not capitalized: Usually an adjective referring generically to
technology --such as web browsers, web servers, HTTP, and HTML -- that
is used in the Web or similar networks.
whacker
A hacker/cracker of wireless
networks; a wireless hacker.
white hat
A hacker whose intentions are not criminal or malicious.
wide area network
A geographically dispersed telecommunications network. The term distinguishes
a broader telecommunication structure from a local area
network (LAN). A wide area network may be privately owned or rented,
but the term usually connotes the inclusion of public (shared user) networks.
World Wide Web ("the Web", WWW, W3)
The global, hypermedia-based collection of information and services that
is available on Internet servers and is accessed
by browsers using Hypertext Transfer Protocol and other information retrieval
mechanisms.
worm
A program or algorithm that replicates itself over a computer network,
often clogging networks and information systems as it spreads, and usually
performs malicious actions, such as using up the computer's resources
and possibly shutting the system down (denial
of service (DoS)). {see also: denial
of service (DoS), e-mail bomb, logic
bomb, malicious logic, malware,
Trojan horse, virus}
|