Security dictionary

° Brute force – Automated method of cracking a password by trying every possible combination until the correct one is discovered.

° Buffer overflow – Classic attack requiring intimate knowledge of the targeted application, exploiting a common programming error. By sending more data to a field than the programmer has allowed for, and including malicious code in that data, it ‘overflows' into related program areas, and the malicious code executes.

° Data driven attack – Bypasses standard security measures by inserting data in web forms that can form the basis of a malicious attack on the back-end system or database.

° Deperimeterisation – Security philosophy advocating removal of firewalls, replacing them with data-level security to enable closer, secure collaboration of separate organisations.

° Distributed denial of service – A simple attack that floods a router, network or web server with more traffic than it can handle, often leveraging a ‘zombie army' of broadband-connected PCs infected with Trojan horses.

° DMZ – Demilitarised zone: a buffer zone between a company network and the Internet.

° DRM – Digital rights management: software controlling where, when and by whom files can be opened or used.

° Email hygiene – Service protecting against messaging threats such as spam and viruses.

° Exploit – A tool that automates a hack, typically taking advantage of a vulnerability in the targeted system.

° False positive – Alert from an intrusion detection or email hygiene system when it mistakenly identifies a legitimate event as malicious.

° Keystroke logger – An application that, on entering a host, unobtrusively logs all the user's keyboard presses. See spyware and trojan.

° Logic bomb – Malicious code left behind in an application that ‘goes off' at a set time, for example, by deleting valuable files.

° Malware – Generic term for malicious software, such as viruses, worms and Trojan horses.

° Open relay – Misconfigured mail server that enables anyone, but normally spammers, to anonymously route email.

° Phishing – Fraudulent emails purporting to be from a commerce or banking website seeking to trick users into giving away passwords.

° Port scan – An automated scan to find open ports on a network-connected PC or server.

° PKI – Public key infrastructure: encryption key and digital certificate system to check the validity of online exchanges and transactions.

° Script-kiddie – An unsophisticated hacker who uses others' ready-made attack tools.

° Sniffer – An application running in the background that analyses network traffic.

° Social engineering – Persuading naive users to part with crucial information, such as passwords, by non-technical means. See phishing.

° Spyware – Software installed from a website without the user's knowledge and designed to capture personal details. Also known as adware.

° SPIM/SPIT – Spam (unwanted mail) sent via instant messaging (IM) and IP telephony.

° SQL injection attack – Attack that involves inputting SQL code into website log in and password fields, tricking it into granting access.

° SSL – Secure sockets layer: a cryptographic protocol for providing clientless security for Internet communications.

° Trojan horse – An application nefariously loaded on a target system with the intent of executing malicious code or to gain access.

° Virus – A malicious program that attaches itself to legitimate applications, normally with harmful side effects.

° WEP/WPA – Wireless security standards. ‘Wired equivalent privacy' provides only basic security, so ‘WiFi protected access', which uses 128-bit encryption, has mostly replaced it.

° Worm – A self-replicating virus that automatically duplicates and sends copies of itself either to email addresses or IP addresses.

° Zero-day attack – Exploits a newly discovered flaw before vendors are able to patch it.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics