Glossary of Common Security Terms in Computer Environments

Glossary of Common Security Terms in Computer Environments

Access Authorization

Access authorization restricts access to a computer to group of users through the use of authentication systems. These systems can protect either the whole computer – such as through an interactive logon screen – or individual services, such as an FTP server. There are many methods for identifying and authenticating users, such as passwords, identification cards, and, more recently, smart cards and biometric systems. (
http://en.wikipedia.org/wiki/Computer_security
)

Threat Level
: N/A

Protection Level
: Very Important

ACL – Access Control List

An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable file, or program). Microsoft Windows NT/2000, Novell’s NetWare, Digital’s OpenVMS, and Unix-based systems are among the operating systems that use access control lists. The list is implemented differently by each operating system. (
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213757,00.html
)

Threat Level
: N/A

Protection Level
: Very Important

Adware

Software that is designed to infiltrate a computer system without the owners approval or knowledge and then presents unwanted ads for goods and services to the user while the computer system is being used.

Threat Level
: Very High

Protection Level
: N/A

Anti-Virus Software/Anti-Spyware Software

Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware). (
http://en.wikipedia.org/wiki/Computer_security
)

Threat Level
: N/A

Protection Level
: Very Important

Authentication

The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization , which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. (
http://www.saol.com/glossary.asp
)

Threat Level
: N/A

Protection Level
: Very Important

Backups

Backups are a way of securing your information; they are another copy of all your important computer files kept in another location. These files are kept on hard disks, CD-Rs, CD-RWs, and tapes. Backups can be kept in a multitude of locations, some of the suggested places would be a fireproof, waterproof, and heat proof safe, or in a separate, offsite location than that in which the original files are contained. Some individuals and companies also keep their backups in safe deposit boxes inside the vaults of banks. There is also a fourth option, which involves using one of the companies on the Internet that backs up files for both business and individuals.

Backups are also important for reasons other than security. Natural disasters, such as earthquakes, hurricanes, or tornadoes, may strike the building where the computer is located. The building can be on fire, or an explosion may occur. There needs to be a recent backup at an alternate secure location, in case of such kind of disaster. The backup needs to be moved between the geographic sites in a secure manner, so as to prevent it from being stolen. (
http://en.wikipedia.org/wiki/Computer_security
)

Threat Level
: N/A

Protection Level
: Very Important

Biometric System

An automated system capable of capturing a biometric sample from an end user; extracting biometric data from that sample; comparing the biometric data with that contained in one or more reference templates; deciding how well they match; and indicating whether or not an identification or verification of identity has been achieved. (
http://www.authentec.com/getpage.cfm
)

Threat Level
: N/A

Protection Level
: Important for High-Level Security Systems

Computer Contaminant

Term sometimes used for computer malware – particularly in a legal context.

Threat Level
: N/A

Protection Level
: N/A

Crack

Reverse the encryption of an encrypted electronic message without the consent of the original sender of the message.

Threat Level
: N/A

Protection Level
: N/A

Cryptography

Cryptography is the art of keeping messages secret by using different methods. It normally deals with all aspects of secure messaging, authentication, digital signatures, and electronic money. Cryptanalysis is the art of breaking these methods. Cryptology is the study of cryptography and cryptanalysis. (
http://www.infosec.gov.hk/english/general/glossary.htm
)

Threat Level
: N/A

Protection Level
: Very Important

DOS – Denial of Service

A denial of service attack is when an attacker consumes the resources on your computer for things it was not intended to be doing, thus preventing normal use of your network resources to legimite purposes. (
http://gul.ime.usp.br/Docs/docs/howto/other-formats/html/HOWTO-INDEX-html/Security-HOWTO-12.html
)

Threat Level
: Moderate

Protection Level
: N/A

Electronic Messaging System

Variety of methods to use computers to convey a message from one person to another. E-mail, computer bulletin boards, message centers, blogs, mobile phone text messages, on-line messaging systems are all considered electronic messaging systems.

Threat Level
: N/A

Protection Level
: N/A

Encryption

Encryption is used to protect your message from the eyes of others. It can be done in several ways by switching the characters around, replacing characters with others, and even removing characters from the message. These have to be used in combination to make the encryption secure enough, that is to say, sufficiently difficult to crack. (
http://en.wikipedia.org/wiki/Computer_security
)

Threat Level
: N/A

Protection Level
: Important

Firewall

Firewalls are systems which help protect computers and computer networks from attack and subsequent intrusion by restricting the network traffic which can pass through them, based on a set of system administrator defined rules. (
http://en.wikipedia.org/wiki/Computer_security
)

Threat Level
: N/A

Protection Level
: Very Important

Intrusion Detection System

Intrusion-detection systems can scan a network for people that are on the network but who should not be there or are doing things that they should not be doing, for example trying a lot of passwords to gain access to the network. (
http://en.wikipedia.org/wiki/Computer_security
)

Threat Level
: N/A

Protection Level
: Important

Logic Bomb

Logic bombs maliciously cause legitimate applications to fail. “An application, for example, might delete itself from the disk after a couple of runs as a copy protection scheme.”(
http://en.wikipedia.org/wiki/Computer_virus
)

Threat Level
: High

Protection Level
: N/A

Malware

Software that is designed to infiltrate a computer system without the owners approval or consent and damage or violate the computer system in some way. Malware is a general term that includes computer viruses, spyware, worms, Trojan horses, adware, and other undesireable and unwanted software.

Threat Level
: High

Protection Level
: N/A

Phishing

The act of tricking someone into giving them confidential information or tricking them into doing something that they normally wouldn’t do or shouldn’t do. For example: sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. (
http://www.michigan.gov/cybersecurity/0,1607,7-217-34415—,00.html
)

Threat Level
: Very High

Protection Level
: N/A

Public and Private Key

Private Key: The component of a pair of cryptographic keys used in Public Key cryptography (asymmetric) system that is secret and known only to the owner of the public key pair. The owner uses the private key to sign data and/or decrypt data.

Public Key: The publicly disclosable component of a pair of cryptographic keys used in Public Key cryptography (asymmetric) system. An entity’s public key can (and is) used by anyone to encrypt the data for the public key owner and/or to verify digital signaturse of the public key owner. (
http://www.orionsec.com/Security_Glossary.html
)

Threat Level
: N/A

Protection Level
: Important for Specific Applications

Smart Card

Also known as a chip card or IC (integrated circuit) card. A card containing one or more computer chips or integrated circuits for identification, data storage or special-purpose processing used to validate personal identification numbers (PINs), authorise purchases, verify account balances and store personal records. (
http://www.rba.gov.au/Glossary/text_only.asp
)

Threat Level
: N/A

Protection Level
: Important for Specific Applications

Spam

Abusive use of electronic messaging to send unsolicited and undesired messages in bulk. The most common spam method is e-mail spam which uses electronic mail (e-mail) to send unwanted messages to users.

Threat Level
: Very High

Protection Level
: N/A

Spyware

Software that is designed to infiltrate a computer system without the owners approval or knowledge and then actively captures information about the use of the computer and sends it to a central database for commercial use and analysis.

Threat Level
: Very High

Protection Level
: N/A

SSL – Secure Socket Layer

A security protocol methodology designed to create a secure connection to the server for the transmission of confidential data through the Internet. SSL uses public key encryption, one of the industry’s strongest encryption methods, to protect data as it travels over the Internet. Originally created by Netscape. (
http://webcontent-m1.com/m1/en/support/Library/glossary
)

Threat Level
: N/A

Protection Level
: Very Important for Financial Transactions

Strong Password

A password that is at least eight characters in length, has upper and lower case letters, and contains at least one number (0,1,2,…) and at least one special character (!@#$%…).

Threat Level
: N/A

Protection Level
: Very Important

Trojan Horse

A Trojan horse is just a computer program. The program pretends to do one thing (like claim to be a picture) but actually does damage when one starts it (it can completely erase one’s files). Trojan horses cannot replicate automatically. (
http://en.wikipedia.org/wiki/Computer_virus
)

Threat Level
: N/A

Protection Level
: Very Important for Financial Transactions

Trusted System

A system (typically a computer or server) that is set up so that when your computer is attached to it, your computer has no choice but to “trust” the system. That is, any information provided by the attached system is trusted by your computer and not challenged for authenticity or threat.

Threat Level
: N/A

Protection Level
: N/A

Viruses (E-mail virus)

An e-mail virus will use an e-mail message as a mode of transport, and usually will copy itself by automatically mailing itself to hundreds of people in the victim’s address book. (
http://en.wikipedia.org/wiki/Computer_virus
)

Threat Level
: Very High

Protection Level
: N/A

Worm

A worm is a piece of software that uses computer networks and security flaws to create copies of itself. A copy of the worm will scan the network for any other machine that has a specific security flaw. It replicates itself to the new machine using the security flaw, and then begins scanning and replicating anew. (
http://en.wikipedia.org/wiki/Computer_virus
)

Threat Level
: High

Protection Level
: N/A