AntiVirus Program - Software that searches for known viruses. Also known as a "virus scanner." As new viruses are discovered by the antivirus vendor, their binary patterns are added to a signature database that is downloaded periodically to the user's antivirus program via the Web.

Authenticate - To verify (guarantee) the identity of a person or company. To ensure that the individual or organization is really who it says it is.

Backup - Additional resources or duplicate copies of data on different storage media for emergency purposes.

Banner Ad - A graphic image used on Web sites to advertise a product or service. Banner ads come in numerous sizes, but are often rectangles 460 pixels wide by 60 pixels high. Also 460 x 55 and 392 x 72 sizes are commonly used.

Biometrics - The biological identification of a person. Examples are iris and retinal patterns, hand geometry and voice. Increasingly built into laptop computers, fingerprint readers have become popular as a secure method for identification. Biometrics not only deals with static patterns, but action as well. The dynamics of actually writing a signature can be analyzed, not just the resulting pattern.

Brute Force - The systematic, exhaustive testing of all possible methods that can be used to break a security system. For example, in cryptanalysis, trying all possible keys in the keyspace to decrypt a ciphertext.

Buffer Overflow - A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. Any aberrant behavior can result when control data, such as a binary flag, is altered erroneously (it only takes one bit!). Various instructions transfer data until a null or return or some other character signals the end of the data string. Such instructions are potentially dangerous and can be avoided by using instructions that read or transfer a precise number of bytes.

Bug - A persistent error in software or hardware. If the bug is in software, it can be corrected by changing the program. If the bug is in hardware, new circuits have to be designed.

Client - The user's computer (PC, Mac, workstation). The term implies that the client is connected to a network.

Cracker - A person who breaks into a computer system without authorization, whose purpose is to do damage (destroy files, steal credit card numbers, plant viruses, etc.). Because a cracker uses low-level hacker skills to do cracking, the terms "cracker" and "hacker" have become synonymous with the latter becoming the most widely used term.

Cryptography - The conversion of data into a secret code for transmission over a public network. The original text, or "plaintext," is converted into a coded equivalent called "ciphertext" via an encryption algorithm. The ciphertext is decoded (decrypted) at the receiving end and turned back into plaintext.

Data Integrity - The quality of correctness, completeness, wholeness, soundness and compliance with the intention of the creators of the data. It is achieved by preventing accidental or deliberate but unauthorized insertion, modification or destruction of data in a database.

Decode - To convert coded data back into its original form.

Denial of Service (DoS) - An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. A distributed denial of service (DDOS) attack uses multiple computers throughout the network that it has previously infected. The computers act as "zombies" and work together to send out bogus messages, thereby increasing the amount of phony traffic.

Digital Signature - A digital guarantee that information has not been modified, as if it were protected by a tamper-proof seal that is broken if the content were altered. The two major applications of digital signatures are for setting up a secure connection to a Web site and verifying the integrity of files transmitted (more below).

Download - To receive a file transmitted over a network. In any communications session, "download" means receive, and "upload" means send. The time it takes to download data depends on the size of the file and network speed. Via the standard V.92 analog dial-up modem, small Web pages take a few seconds if everything is running smoothly, but a 20MB video file can take an hour. Downloading over a DSL or cable modem can be up to 150 times faster. Downloading from a file server on a local network (LAN) is faster yet.

Drive-By Download - A program that is automatically installed in your computer by merely visiting a Web site, without having to explicitly click on a link on the page. Typically spyware that reports information back to the vendor, drive-by downloads are deployed by exploiting flaws in the browser and operating system code. Of course, Internet Explorer and Windows are the primary targets. Routinely installing security patches is the best deterrent.

E-mail Program - Software in the user's computer that can access the mail servers in a local or remote network. Also known as an "e-mail client," "mail client," "mail program," and "mail reader," it provides the ability to send and receive e-mail messages and file attachments.

Encryption - The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys.

Exploit - In computer security, an unethical or illegal attack that takes advantage of some vulnerability.

File Sharing Protocol - A high-level network protocol that provides the structure and language for file requests between clients and servers. It provides the commands for opening, reading, writing and closing files across the network and may also provide access to the directory services. Sometimes called a "client/server protocol," it functions at the application layer (layer 7 of the OSI model).

Filter - To select data. Filters use patterns (masks) against which all data are compared and only matching data are "passed through," hence the concept of a filter. For example, e-mail clients and servers can look for messages with text patterns that are recognized as spam and delete them. An e-mail client can be set up to filter messages and store them in separate mailboxes as a way of organizing the mail, or it can be set to alert the user when a certain type of message arrives.

Fingerprint - The pattern on a person's finger or a pattern of code in software.

Firewall - The primary method for keeping a computer secure from intruders. A firewall allows or blocks traffic into and out of a private network or the user's computer. Firewalls are widely used to give users secure access to the Internet as well as to separate a company's public Web server from its internal network. Firewalls are also used to keep internal network segments secure; for example, the accounting network might be vulnerable to snooping from within the enterprise.

In the home, a personal firewall typically comes with or is installed in the user's computer. Personal firewalls may also detect outbound traffic to guard against spyware, which could be sending your surfing habits to a Web site. They alert you when software makes an outbound request for the first time.

FTP - (File Transfer Protocol) A protocol used to transfer files over a TCP/IP network (Internet, Unix, etc.). For example, after developing the HTML pages for a Web site on a local machine, they are typically uploaded to the Web server using FTP.

Hack - To write program source code. Also called "hacking." Often refers to writing a small program or adding code to an existing program to solve a problem in a hurry. A hack also implies writing in a programming language rather than a macro language or other high-level language oriented to the user.

Host - A computer that acts as a source of information or signals. The term can refer to any computer, from a centralized mainframe to a server to a client PC (user's machine). In a network, clients and servers are hosts because they are both sources of information in contrast to network devices, such as routers and switches, which are responsible only for directing traffic.

HTTP HTTPS - The communications protocol used to connect to servers on the Web. Its primary function is to establish a connection with a Web server and transmit HTML pages to the client browser or any other files required by an HTTP application. Addresses of Web sites begin with an http:// prefix; however, Web browsers typically default to the HTTP protocol. For example, typing www.yahoo.com is the same as typing http://www.yahoo.com.

Identity Theft - Stealing the identity of others by using their credit card, drivers license, social security or other personal identification numbers. With "true name" identity theft, the thief uses the information to open new accounts. With "account takeover" identity theft, the thief uses the information to access existing accounts.

Not only can the thieves run up bills for the victims, but they can commit crimes pretending to be the victim, who may have enormous difficulty proving otherwise. Although catalog shopping by telephone has been around for decades, it is possible that an order taker might find someone acting suspicious. However, the complete lack of human interaction on the Web has caused identity theft to increase. In 1998, the U.S. Congress made identity theft a federal offense.

IP address - (Internet Protocol address) The address of a device attached to an IP network (TCP/IP network). Every client, server and network device must have a unique IP address for each network connection (network interface). Every IP packet contains a source IP address and a destination IP address.

ISP - (Internet Service Provider) An organization that provides access to the Internet. Small ISPs provide service via modem and ISDN while the larger ones also offer private line hookups (T1, fractional T1, etc.). Customers are generally billed a fixed rate per month, but other charges may apply. For a fee, a Web site can be created and maintained on the ISP's server, allowing the smaller organization to have a presence on the Web with its own domain name.

Keystroke Logger - A program or hardware device that captures every key depression on the computer. Also known as "Keystroke Cops," they are used to monitor an employee's activities by recording every keystroke the user makes, including typos, backspacing and retyping.

A software-based keystroke logger can also be a Trojan that was installed clandestinely with the intent to steal passwords and confidential information.

LAN - (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. The "servers" hold programs and data that are shared by the clients. Servers come in a wide range of sizes from Intel-based servers to mainframes.

MAC - (Media Access Control address) The unique serial number burned into Ethernet and Token Ring adapters that identifies that network card from all others.

Malware - (MALicious softWARE) Software designed to destroy, aggravate and otherwise make life unhappy.

MAPI - (Mail API) A programming interface from Microsoft that enables a client application to send to and receive mail from Exchange Server or a Microsoft Mail (MS Mail) messaging system. Microsoft applications such as Outlook, the Exchange client and Microsoft Schedule use MAPI.
Microsoft Baseline Security Analyzer – Security tool used by Microsoft to allow users to scan their computer for any security vulnerabilities.

Password - A secret word or code used to serve as a security measure against unauthorized access to data. It is normally managed by the operating system or DBMS. However, the computer can only verify the legitimacy of the password, not the legitimacy of the user.

Password Lockout – When a user has tried to enter the password too many times and is now locked out to prevent brute force hacking. Often there is a time limit to the lockout period.

Password Requirements – The criteria that must be met by a password in order for a system to accept it as a secure password.

Patch – An file used to fix or enhance a piece of already existing software. Often used in security for patching holes and making known vulnerabilities secure.

Peer-to-Peer - From user to user. Peer-to-peer implies that either side can initiate a session and has equal responsibility. Peer-to-peer is a somewhat confusing term, because it has always been contrasted to a central system that initiates and controls everything. But in practice, two users on a peer-to-peer system often require data from a third computer. For example, the infamous Napster file sharing service was always called a "peer-to-peer network," but its use of a central server to store the public directory made it both centralized and peer-to-peer.

Phishing - Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, bank or retail establishment. E-mails can be sent to people on selected lists or on any list, expecting that some percentage of recipients will actually have an account with the real organization.

Piggybacking - Gaining access to a restricted communications channel by using the session another user already established. Piggybacking can be defeated by logging off before leaving a workstation or terminal or by initiating a protected mode, such as via a screensaver, that requires re-authentication before access can be resumed.

Private Key - The unpublished key in a public key cryptographic system, which uses a two-part key: one private and one public. The private key is kept secret and never transmitted over a network. Contrast with "public key," which can be published on a Web site or sent in an ordinary e-mail message.

Protocol - The format and procedure that governs the transmitting and receiving of data. The term comes from the Greek "protokollon," which was the cover page to a manuscript that provided a description of the contents.

Public Key - An encryption key that can be made public or sent by ordinary means such as an e-mail message.
Remote Access - The ability to log on to a computer or network within an organization from an external location. Remote access is typically accomplished by directly dialing up analog or ISDN modems or via a connection to the Internet.

Rootkit - A type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It enables an attacker to have "root" access to the computer, which means it runs at the lowest level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the Unix world and started out as a set of altered utilities such as the ls command, which is used to list file names in the directory (folder).

S/MIME - (Multipurpose Internet Mail Extensions) The most common method for transmitting non-text files via Internet e-mail, which was originally designed for only ASCII text. MIME encodes the files using one of two encoding methods and decodes it back to its original format at the receiving end. A MIME header is added to the file which includes the type of data contained and the encoding method used. The MIME "type" has become the de facto standard for describing files on the Internet

Server - A computer system in a network that is shared by multiple users. Servers come in all sizes from x86-based PCs to IBM mainframes. A server may have a keyboard, monitor and mouse directly attached, or one keyboard, monitor and mouse may connect to any number of servers via a switch. In large companies, servers often reside in racks in the datacenter, and all access is via their network connections. See server farm and rack mounted.

Session - In communications, the active connection between a user and a computer or between two computers.

SMTP - (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. SMTP was originally designed for only plain text (ASCII text), but MIME and other encoding methods enable executable programs and multimedia files to be attached to and transported with the e-mail message.

Spam - E-mail that is not requested. Also known as "unsolicited commercial e-mail" (UCE), "unsolicited bulk e-mail" (UBE), "gray mail" and just plain "junk mail," the term is both a noun (the e-mail message) and a verb (to send it). Spam is used to advertise products or to broadcast some political or social commentary.

The term was supposedly coined from a Monty Python comedy sketch in the early 1970s, in which every item on a restaurant menu contained SPAM, and there was nothing a customer could do to get a meal without it. The sketch was derived from the fact that in England during World War II, SPAM (Hormel's processed meat) was abundantly available while other foods were rationed. Many believe spam is an acronym for "sales promotional advertising mail" or "simultaneously posted advertising message."

SpyBot / Adaware – Anti-spyware designed to get rid of any spyware on the computer they are run on. Both are freeware and recommended for use to increase performance of local machines.

Spyware - Software that sends information about your Web surfing habits to its Web site. Often quickly installed in your computer in combination with a free download you selected from the Web, spyware transmits information in the background as you move around the Web. Also known as "parasite software," "scumware," "junkware" and "thiefware," spyware is occasionally installed just by visiting a Web site.

SSID - (Service Set IDentifier) The name assigned to a wireless Wi-Fi network. All devices must use this same, case-sensitive name to communicate, which is a text string up to 32 bytes long. Typically set to the equipment vendor's name, such as "linksys," it can be manually changed by going into the configuration settings of the access point by a browser. The client machines will identify all the wireless networks they find when they boot up.

SSL - (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. Look for a lock icon at the bottom of your browser when you order merchandise on the Web. If the lock is closed, you are on a secure SSL or TLS connection.

Telnet - A terminal emulation protocol used on the Internet and TCP/IP-based networks. A Telnet program allows a user at a terminal or PC to log onto a remote computer and run a program and execute other Unix commands. Originally developed for ARPAnet, Telnet is a common utility in the TCP/IP protocol suite, but it is not secure and transfers commands in the clear. Secure shell (SSH) provides an encrypted alternative that is widely used.

TLS - (Transport Layer Security) A security protocol from the IETF that is based on the Secure Sockets Layer (SSL) 3.0 protocol developed by Netscape. TLS uses digital certificates to authenticate the user as well as authenticate the network (in a wireless network, the user could be logging on to a rogue access point).

Trojan - A program that appears legitimate, but performs some illicit activity when it is run. It may be used to locate password information or make the system more vulnerable to future entry or simply destroy programs or data on the hard disk. A Trojan is similar to a virus, except that it does not replicate itself. It stays in the computer doing its damage or allowing somebody from a remote site to take control of the computer. Trojans often sneak in attached to a free game or other utility. For information about various Trojans that are spread on the Internet, visit the Lockdown Corporation at www.lockdowncorp.com.

Update - To change data in a file or database. The terms update and edit are often used synonymously, although "update" is more often used to refer to changes in a database and "edit" is used for altering the content of text files.

The terms "update" and "upgrade" are also used synonymously although update generally refers to adding and deleting elements of data and upgrade refers to changing to new versions of software. For example, we revise this Encyclopedia database and then release a software upgrade that contains the updated database.

Virus - Software used to infect a computer. After the virus code is written, it is buried within an existing program. Once that program is executed, the virus code is activated and attaches copies of itself to other programs in the system. Infected programs copy the virus to other programs.

The effect of the virus may be a simple prank that pops up a message on screen out of the blue, or it may destroy programs and data right away or on a certain date. It can lay dormant and do its damage once a year. For example, the Michelangelo virus contaminates the machine on Michelangelo's birthday.

Vulnerability - A security exposure in an operating system or other system software or application software component. Before the Internet became mainstream and exposed every organization in the world to every attacker on the planet, vulnerabilities surely existed, but were not as often exploited.

WEP - (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. Introduced in 1997, WEP was found to be very inadequate and was superseded by WPA, WPA2 and 802.11i. Its authentication method was extremely weak and even helped an attacker decipher the secret encryption key. As a result, WEP authentication was dropped from the Wi-Fi specification.
Windows Firewall - The built-in firewall in Windows XP Service Pack 2. It provides a stateful inspection of packets which accepts only responses to requests originated by the user. This prevents outside requests for data from entering the computer, unless specifically allowed by the user. However, spyware programs are often clandestinely installed in a user's computer which then make seemingly legitimate requests that a stateful firewall will allow responses to. Windows Firewall superseded Internet Connection Firewall (ICF) and is turned on by default.

Wireless - Radio transmission via the airwaves. Wireless is a very generic term that may refer to numerous forms of non-wired transmission, including AM and FM radio, TV, cellphones, portable phones and wireless LANs. Various techniques are used to provide wireless transmission, including infrared line of sight, cellular, microwave, satellite, packet radio and spread spectrum.

Worm - A destructive program that replicates itself throughout disk and memory, using up the computer's resources and eventually taking the system down.

WPA - (Wi-Fi Protected Access) A security protocol for wireless 802.11 networks from the Wi-Fi Alliance that was developed to provide a migration from WEP. The WPA logo certifies that devices are compliant with a subset of the IEEE 802.11i protocol. WPA2 certifies full support for 802.11i.

Zero-day Exploit - An attack that takes place immediately after a security vulnerability is announced. Very often, the vendor publicly releases the vulnerability and patch simultaneously in order to keep zero-day exploits to a minimum.

Zombie - A computer system that has been covertly taken over in order to transmit phony messages that slow down service and disrupt the network. A "pulsing zombie" is when the bogus messages are sent in periodic bursts rather than continuously. A "spam zombie" is a system that has been taken over by a virus that relays spam.