Glossary of Security Terms

Access control

A set of procedures performed by hardware, software and administrators to monitor access, identify users requesting access, record access attempts, and grant or deny access

ActiveX

A Microsoft technology that extends the capabilities of a web browser.

Applet

A small application. Usually refers to Java applets, an application program that uses the client's web browser to provide a user interface.

Application balancing

Products that allow organisations to control and optimise the performance and handling of their business-critical network traffic by equalise traffic from web and non-web-based business applications. As a result, service providers and enterprises can better guarantee that their mission-critical transactions, such as E-Commerce, ERP, and CRM applications, as well as those that use streaming video and audio content, will work at the highest possible efficiency.

Attachment

A document, spreadsheet, graphic, program or any other kind of file attached to an e-mail message.

Authentication

The process of establishing the legitimacy of a node or user before allowing access to requested information. During the process, the user enters a name or account number (identification) and password (authentication).

Back door

An entry point to a program or a system that is hidden or disguised, it may be created by the software's author for maintenance. A certain sequence of control characters permits access to the system manager account. If the back door becomes known, unauthorised users (or malicious software) can gain entry and cause damage. See Backdoor Trojan.

Backdoor Trojan

A Trojan Horse program that gives a remote user unauthorised access to and control over a computer.

Biometric authentication

A means of controlling access through unique human measurements, such as fingerprint, voice pattern recognition or iris recognition.

Boot sector virus

A type of virus that subverts the booting process.

BS7799

The most widely recognised security standard in the world. BS7799 is comprehensive in its coverage of security issues and contains the management framework, objectives, and control requirements for information security management systems.

CGI

Common Gateway Interface. A mechanism that allows a web server to run programs or scripts and send the output to a user's web browser.

CLAS consultant

A named consultant appearing on CESG's Listed Adviser Scheme. CESG is the UK Government's National Technical Authority for Information Assurance, responsible for enabling secure and trusted knowledge sharing.

Code of connection

Usually mandated for third parties seeking connection to a secure network. Effectively a contract between those responsible for safeguarding information security and the individual units or third parties connecting to the network. The Code of Connection sets out the minimum requirements for connection that must be achieved and maintained by the connecting organisation.

Companion virus

A virus that exploits the fact that when there are two programs with the same name, the operating system uses the file extension to decide which one to run. For example, DOS computers will run a .com file in preference to an .exe file. The virus creates a .com file containing the virus code and gives it the same name as an existing .exe. file.

Content filtering

Products allow organisations to enforce Internet access policies that prevent users and employees from accessing inappropriate or unproductive content on the network.

Cookie

A small packet of data that stores information on a user's computer. Cookies are usually used to enable a website to track visits and remember visitor's details.

Data encryption

Secure communication between users and systems (either internal or external); over Virtual Private Networks (VPNs) where files or programs are scrambled, changing one character string to another through an algorithm.

Denial of service attack (DoS)

The prevention of authorised access to a system resource or the delaying of system operations and functions.

Digital signature

A means of ensuring that a message has not been tampered with and that it originates from the claimed sender.

DOS boot sector

The boot sector that loads DOS into PC RAM. Common point of attack by boot sector viruses.

e-Gif

The e-Government Interoperability Framework (e-Gif) sets out the government's technical policies and specifications for achieving interoperability and information systems coherence across the public sector. In essence, e-Gif defines the essentials for achieving joined-up and web enabled government.

Encryption key

A sequence of characters used to encode and decode a file.

Firewall

A security device in place between the Internet and an organisation's network, or within a network, and only passes authorised traffic. A logical or physical discontinuity in a network to prevent unauthorized access to data or resources.

Hacker

A computer user who attempts to gain unauthorised access to other users' computer systems.

Heuristic scanner

A program that detects viruses by using general rules about what viruses are like or how they behave.

Hoax

A report about a non-existent virus.

Honeypot

Programs that simulate one or more network services that you designate on your computer's ports. An attacker assumes you're running vulnerable services that can be used to break into the machine. A honeypot can be used to log access attempts to those ports including the attacker's keystrokes. This could give you advanced warning of a more concerted attack.

Intrusion Detection System (IDS)

An unobtrusive and continuous surveillance service that intercepts and responds to security intrusions and abuse. The IDS gathers and analyses information from various areas within a system or a network to identify possible security breaches, which include both intrusions (attacks from outside the organisation) and abuse (attacks from within the organisation).

Layered security

A holistic approach to securing an organisation's information. Layered security consists of an architecture with facilities for Perimeter Security, Internal Security and Remote Security.

Link virus

A virus that subverts directory entries so that they point to the virus code, allowing it to run.

Macro

Sets of instructions inside data files that can carry out program commands automatically, e.g. opening and closing files.

Macro virus

A virus that uses macros in a data file to become active and attach itself to other data files.

Mail screening

A content security facility for SMTP gateways that allows organisations to implement policies for Internet e-mail.

Managed security service

Remotely managed security service providing comprehensive layered security. Hytec's service is hosted 24 x 7 and integrates 'best of breed' products and services to provide firewall security, proxy server, intrusion detection, user authentication, data encryption, web access control, content filtering and screening against web-born malicious code.

Multipartite virus

A virus that infects both boot sectors and programme files.

Network worm

A program or command file that uses a computer network as a means for adversely affecting a system's integrity, reliability or availability, A network worm may attack from one system to another by establishing a network connection. It is usually a self-contained program that does not need to attach itself to a host file to infiltrate network after network.

NHSnet

NHSnet, also known as the NHS Intranet, is the largest Virtual Private Network in Europe.

Parasitic virus

A computer virus that attaches itself to another computer program, and is activated when that program is run.

Password

Sequence of characters that gives access to a system.

Penetration testing

Penetration testing is used to test the external perimeter security of a network or facility.

Perimeter security

Securing a network by controlling access to all entry and exit points of the network.

Polymorphic virus

Self-modifying virus. By changing its code, the virus tries to make itself harder to detect.

Port

A logical connection place for network applications to talk to each other. Ports help applications know what traffic is destined for them rather than other applications on the same host. Certain applications communicate at certain ports. For example a typical e-mail client sends mail to the server on port 25, and checks for new mail on port 110. Your web browser requested this web page on port 80. There are 65,536 ports for the TCP protocol, and 65,536 for the UDP protocol.

Port scan

A method an attacker uses to enumerate what services are running on your network. An attacker sends requests on different ports and takes note of which ports respond in certain way. This is how an attacker knows what attacks will work on which of your systems. Ports map to applications and applications map to attacks. Hytec performs port scans during a Vulnerability Assessment to get the same view of your network that an attacker has, and to find evidence of an attackers presence.

Proxy server

A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. The Proxy Server sits between the organisation and the Internet and makes requests to the Internet on behalf of another computer.

RTF

Rich text Format. A document format that does not support macros, so that it cannot support macro viruses.

Security policy

A set of rules and practices that specify or regulate how a system or organisation provides security services to protect sensitive and critical system resources.

SMTP

Simple Mail Transport Protocol. The delivery system for Internet e-mail.

Spam

Unsolicited e-mail

Spoofing

Pretending to be someone or something else (e.g. by forging the sender's address in e-mail).

SSL / VPN

An SSL / VPN is a remote access security solution that extends the reach of enterprise applications to mobile workers, partners and customers. By using secure sockets layer (SSL) as the underlying security protocol, they provide remote access to a broad range of web and legacy applications.

Stealth virus

A virus that hides its presence from the computer user and anti-virus programs, usually by trapping interrupt services.

Strong authentication

Two-factor protection against unauthorised access to a network is based on something a user knows (factor one) plus something the user has (factor two). Usually provided by password or PIN, and a hardware authenticator or biometric recognition device.

TCP/IP

Transmission Control Protocol / Internet Protocol. The collective name for the standard Internet protocols.

Trojan Horse

A computer program with (usually undesirable) effects, not described in its specification. Usually a program designed to do things that the user did not intend and disguises its harmful intent. Program often installs itself while the user is making an authorised entry, and is then used to break-in and exploit the system.

URL screening

Internet content filtering using a database of sites (updated daily) for which user access is denied.

Virus

A program which can spread across computers and networks by attaching itself to another program and making copies of itself.

Virus dentity

A description of virus characteristics used for virus recognition.

Virus scanner

A program that detects viruses. Most scanners are virus-specific i.e. they identify viruses that are already known. See also Heuristic Scanner.

Vulnerability

An exploitable capability or an exploitable security weakness at an infrastructure, organisation or location. A vulnerability exists when there is a circumstance, capability, action, or event that could breach security and cause harm.

Vulnerability assessment

The identification and assessment of the security weak points of an infrastructure, organisation or location.

Worm

A program that distributes multiple copies of itself. Unlike a virus, a worm does not need a 'host' program.