Security Terminology

Adware -

Back door -

Botnet -

Also known as a "zombie army", botnets are created by hidden software planted into a computer system by attackers.  The program(s) allow those attackers to remotely control the PC.  The infected machine becomes part of a large group (usually thousands) of controlled computers.  Botnets are often used to send massive amounts of spam email.

Brute-force attack -

A method of breaking an encrypted value by trying a large number of possibilities.

Cross-site scripting (XSS) -

Dialer -

An unwanted program that uses modem connections to either dial back to the attacker, or cause the victim to use high rate billing numbers making connections.

Dictionary Attack -

This attack occurs when hackers run sophisticated software that can rapidly guess passwords that are based on words from multiple dictionaries, including words spelled backwards, common misspellings, substitutions, and profanity.

Distributed Denial of Service (DDoS) -

Downloader -

Low-profile malware that exists to install itself, so it can then download and install a more sophisticated or updated malware agent.

Firewall -

A software program that acts as a barrier between your computer and the Internet.  It stops unwanted data requests to your computer and permits legitimate requests.  Compare it your home's front door.  If you didn't have a front door, intruders could come and go as they pleased, stealing and damaging your property.

Flow assembly -

A process that analyzes the entire network connection, not just the individual packets,  to block malicious traffic that may have been inserted into the communication stream to  take advantage of an open connection.  Flow assembly complements TCP reassembly by analyzing traffic at a  higher level to prevent advanced threats.

Heuristics -

A type of technology that identifies and stops malicious code based on its behavior, rather than matching a  particular attack signature or pattern.  Heuristics can prevent evolving threats which will change minor aspects  of their signatures to bypass traditional IPS solutions.

Insider threats -

Persons with malicous intent that are currently employed by a company.  Malicious intent may include attempting to compromise the company network or stealing proprietary data.

Instant messaging -

A means of communicating with another person, or chatting, through a program online.  Instant messaging can be used to introduce Trojans, viruses and other malware into the network.

Keylogger -

An unwanted computer program which captures all keystrokes and stores the information for retrieval by the attacker.

Malware -

Short for malicious software, a program or file designed to damage or disrupt a computer system, such as a virus, worm, or a Trojan horse.

Man-in-the-middle attack -

 This attack happens when an attacker intercepts traffic and fools the users at both ends into believing that they are communicating with each other.  The attacker may alter the data or simply eavesdrop and pass it along.

Password Stealer (PWS) -

An unwanted program that steals the login credentials for specific online applications; a key component in identity theft attacks.

Peer-to-peer (P2P) networks -

A type of network topology (physical arrangement of network equipment and computers) which facilitates the transfer of files infected with Trojans and viruses designed to introduce denial of service attacks and corrupt data.

Phishing -

A type of email fraud where the perpetrator sends out legitimate-looking email that appears to come from well-known or trustworthy website.  It's an attempt to gather personal and/or financial information from the email recipient.

Pop-up window -

A screen, usually an advertisement, that appears unexpectedly while a user is surfing the internet.  Many of these contain viruses or spyware (launched by clicking on them) or are simply annoyances.  If one of these appears on your screen, you can press Alt + F4 on your keyboard to safely close the active window.

Port -

A virtual doorway on a system where internet traffic can enter and exit.  Different services use different port numbers.  For example, when a user sends an email, the email exits the system through port 25.  An incoming email uses port 110 to enter the system.  Ports can be opened and closed with firewalls.

Port assignment -

When IPs assume that a particular type of traffic will appear on a particular TCP/IP port. If they do and the traffic type matches the assumed port and is allowed through, attackers could gain access.

Port following -

This process tracks communication sessions to ensure that the port initially used to establish a connection is the only one used. This prevents hackers who access an open port with authentic credentials from connecting to another open port to transfer data unnoticed.

Port scanning -

The process of utilizing software to analyze a system's open ports.  Port scanning is used by security professionals to identify vulnerabilities.  On the other hand, hackers and malware use port scanning to determine how to compromise systems. 

Protocol analysis -

This process examines network traffic for deviant behavior that does not match accepted norms and can decode protocols down to Layer 2 of the OSI model.

Protocol tunneling -

A process that layers malicious data usually within a higher level protocol, allowing it to traverse network segments where lower level protocols might be blocked.

Reformat -

To erase the contents of a hard drive.  The term reformat often refers to erasing the hard drive and reinstalling the operating system after.  Home users usually perform these steps by using the operating system CD or recovery CD provided by the computer manufacturer.

RFC compliance checking -

This process compares traffic against RFC standards for network communications between hosts, and between applications and the network stack.

Rootkit -

Malware that invades the system at an especially deep level, emulating parts of the operating   system. Like botnets, this usually is the payload of a worm or Trojan.

Social Engineering -

The act of tricking users into providing confidential information or performing actions.

Social networking -

Participating in an online community where people can build profiles to keep in touch with others and share interests, photographs, and snippets of their daily lives.

Spam -

Junk email; unwanted email.  A common carrier for spyware and phishing scams that entice users to visit malicious websites, and then potentially introduce malware to the network.

Spear phishing -

An information-gathering (identity theft) technique which specifically  targets a narrow audience by mimicking emails and websites from online auction sites or well known banks.

Spyware -

Freeware with adware that becomes intrusive by monitoring your  surfing. It uses this info to display ads that are tailored to your  interests. Sometimes spyware installs itself on your computer without your knowledge when you are installing something else (usually  freeware). It can then record your keystrokes (even your passwords!),  spy on chat programs and other applications, change things in your  browser or download more spyware onto your computer. It often reports  its findings back to the spyware creator who will either sell it to  someone else or use your info for marketing purposes.

SQL injection -

A technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Stateful pattern matching -

A technique that uses advanced algorithms to detect attack patterns, but only in particular portions of traffic where an attack could actually exists. Greatly reduces false positives.

Statistical analysis -

A process that creates a baseline of network activity over time and then constantly compares current activity to the baseline to identify and prevent deviations.

TCP reassembly -

This process reassembles network packets, examining them for potential threats.

Trojan (Trojan Horse) -

The most prevalent malware (virus) at present, it appears to be a legitimate file before installing itself and delivering its payload of malware.  The term "trojan horse" comes from a time in history - during the Trojan War.  In order to gain access to the city of Troy, the Greeks built a large figure of a horse in which a force of their men hid.  After the horse was accepted into the city, the men waited until evening to creep out of the horse and open the gates for the rest of the Greek army to enter.  The Greek Army ended the war by destroying the city.

Virus -

A piece of unwanted software that infects and damages the host but cannot self-propagate. Like a worm, a virus can ve used to insert crimeware into a system, including code used in identity scams and data harvesting.

WEP -

Wired Equivalent Privacy.  A type of encryption for wireless networks that was originally designed to provide wireless connections with the same security as wired connections.  WEP has weaknesses such as static pre-shared keys that cannot be changed without administration and short, predictable key values.  A wireless network with WEP is still better than a wireless network with no security and may prevent casual snooping.  The most secure way to implement WEP is with open authentication and long WEP keys.  Open authentication means the encryption key and the authentication key are different and less susceptible to compromise.  Long WEP keys provide greater network security.  For example, a 128-bit key is stronger than a 64-bit key.  WPA and WPA2 were designed to take the place of WEP and provide better wireless security.  Go to wireless security page

WEP key -

A hexadecimal (alphanumeric) password used to connect computers and other devices to a wireless network with WEP security.  Longer WEP keys provide greater security.  For example, a 128-bit WEP key provides better protection than a 64-bit WEP key.

Worm -

A self-propagating virus. Once inside a system it can delete or encrypt files, send files using email or take other actions to compromise systems and harvest user information, while also spreading itself to other networks over a network.

WPA -

Wi-Fi Protected Access.  A type of encryption for wireless networks that was intended as an intermediate measure to replace WEP while a fully secured system was prepared.  WPA can typically be implemented in WEP-capable devices through a software/firmware update.  WPA uses passphrases rather than hexadecimal (alphanumeric) keys.  Long and complex passphrases provide the best WPA security.

WPA or WPA2 passphrase -

A password or sentence used to connect computers or devices to a wireless network secured with WPA or WPA2.  Long and complex passphrases provide the best security.

WPA2 -

Wi-Fi Protected Access 2.  This is the most secure form of wireless security.  WPA2 is intended to eventually replace both WEP and WPA.  WPA2 is similar to WPA but requires special hardware for performing encryption, so older routers may not have this feature.  WPA2 uses passphrases rather than hexadecimal (alphanumeric) keys.  Long and complex passphrases provide the best security.