An individual who:
* Oversees the operation of a network.
* Is responsible for installing programs on a network and configuring them for distribution to workstations.
* May also update security settings on workstations.
A subcategory of a security policy that pertains to computer viruses.
Bits per second (bps):
A measure of the speed at which a device, such as a modem, can transfer bits of data.
A programming error in a software program that can have unwanted side effects. Some examples include Various web browser security problems and Y2K software problems.
A security feature that lets a host disconnect a remote caller after a successful connection and then recall the remote computer, either for security verification or financial responsibility.
The discrimination between lowercase and uppercase characters.
Cryptographic systems use this file as proof of identity. It contains a user's name and public key.
Communications port (COM port):
Also called a serial port. The COM port is a location for sending and receiving serial data transmissions. The ports are referred to as COM1, COM2, COM3, and COM4.
To convert a high-level script into a low-level set of commands that can be executed or run. Syntax errors are discovered when a script is being compiled.
The successful establishment of a communications link.
The movement of information from one location to another. The transfer speed is called the data rate or data transfer rate.
A group of computers or devices that shares a common directory database and is administered as a unit. On the Internet, domains organize network addresses into hierarchical subsets. For example, the .com domain identifies host systems used for commercial business.
To transfer data from one computer to another, usually over a modem or network. Download usually refers to the act of transferring a file from the Internet, a Bulletin Board System (BBS), or an online service to an individual's computer.
A program that interprets commands for transferring to and from peripheral devices and the CPU.
A method of scrambling or encoding data to prevent unauthorized users from reading or tampering with the data. Only individuals with access to a password or key can decrypt and use the data. The data can include messages, files, folders, or disks.
A program or technique that takes advantage of a vulnerability in software and that can be used for breaking security, or otherwise attacking a host over the network.
eXtensible Markup Language (XML):
The common language of the Web used to exchange information.
File Allocation Table (FAT):
File Allocation Table. FAT can refer to three different types of partitions: FAT12, FAT16, and FAT16b. FAT16b is the most common type, and is used for partitions that are larger than 32 MB. FAT12 and FAT16 partitions were used with MS-DOS 5.0, and are still used with Windows 98 (depending on the partition size). The FAT file system format is used and recognized by DOS, Windows 3.x, Windows 95, Windows NT, OS/2, and nearly all other operating systems.
32-bit File Allocation Table. File system format recognized by Windows 95 B (or later versions) and Windows NT 5(or later versions).
The process of using communications to send a file from one computer to another. In communications, a protocol must be agreed upon by sending and receiving computers before a file transfer can occur.
Internet Protocol (IP) address:
Identifies a workstation on a TCP/IP network and specifies routing information. Each workstation on a network must be assigned a unique IP address, which consists of the network ID, plus a unique host ID assigned by the network administrator. This address is usually represented in dot-decimal notation, with the decimal values separated by a period (for example 22.214.171.124).
Programs that alter or interrupt the normal behavior of your computer, creating a general distraction or nuisance. Joke programs generally do not themselves engage in the practice of gathering or distributing information from the user's computer.
Local Area Network (LAN):
A group of computers and other devices in a relatively limited area (such as a single building) that are connected by a communications link, which enables any device to interact with any other device on the network.
A group of computers and associated devices connected by communications facilities (both hardware and software) to share information and peripheral devices, such as printers and modems. Also see LAN.
A unique string of characters that a user types as an identification code to restrict access to computers and sensitive files. The system compares the code against a stored list of authorized passwords and users. If the code is legitimate, the system allows access at the security level approved for the owner of the password.
A basic Internet program that lets you verify that a particular Internet address exists and can accept requests. The act of using the ping utility or command. Pinging is diagnostically used to ensure that a host computer, which you are trying to reach, actually operates.
A hardware location for passing data in and out of a computing device. Personal computers have various types of ports, including internal ports for connecting disk drives, monitors, and keyboards, as well as external ports, for connecting modems, printers, mouse devices, and other peripheral devices.
In TCP/IP and UDP networks, port is the name given to an endpoint of a logical connection. Port numbers identify types of ports. For example, both TCP and UDP use port 80 for transporting HTTP data. A threat may attempt to use a particular TCP/IP port.
A set of rules enabling computers or devices to exchange data with one another with as little error as possible. The rules govern issues, such as error checking and data compression methods. Also see communications protocol.
A software agent, often a firewall mechanism, which performs a function or operation on behalf of another application or system while hiding the details involved.
Programs that allow one computer to access another computer (or facilitate such access) without explicit authorization when an access attempt is made. Once access is gained, usually over the Internet or by direct dial access, the remote access program can attack or alter the other computer. It may also have the ability to gather personal information, or infect or delete files. They may also create the risk that third party programs can exploit its presence to obtain access. Such remote access programs generally:
* Attempt to remain unnoticed, either by actively hiding or simply not making their presence on a system known to the user, and/or
* Attempt to hide any evidence of their being accessed remotely over a network or Internet
Means by which these programs provide access may include notifying a remote host of the machine by sending its address or location, or employing functionality that wholly or partially automates access to the computer on which the program is installed.
Also known as a communications port or COM port. The serial port is a location for sending and receiving serial data transmissions. DOS references these ports by the names COM1, COM2, COM3, and COM4.
Programs that have the ability to scan systems or monitor activity and relay information to other computers or locations in cyber-space. Among the information that may be actively or passively gathered and disseminated by Spyware: passwords, log-in details, account numbers, personal information, individual files or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage or other computing habits.
Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. Spyware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger spyware by accepting an End User License Agreement from a software program linked to the spyware or from visiting a website that downloads the spyware with or without an End User License Agreement.
Programs that track system activity, gather system information, or track user habits and relay this information to third-party organizations. The information gathered by such programs is neither personally identifiable nor confidential.
Trackware programs are installed with the user's consent and may also be packaged as part of other software installed by the user.
Transmission Control Protocol/Internet Protocol (TCP/IP):
A common set of protocols used on the Internet to link dissimilar computers across many kinds of networks.
To send a file from one computer to another via modem, network, or serial cable. With a modem-based communications link, the process generally involves the requesting computer instructing the remote computer to prepare to receive the file on its disk and wait for the transmission to begin. Also see download.
Viruses, Worms and Trojan Horses:
A virus is a program or code that replicates itself onto other files with which it comes in contact; that is, a virus can infect another program, boot sector, partition sector, or a document that supports macros, by inserting itself or attaching itself to that medium. Most viruses only replicate, though many can do damage to a computer system or a user's data as well.
A worm is a program that makes and facilitates the distribution of copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected e-mail.
A Trojan Horse portrays itself as something other than what it is at the point of execution. While it may advertise its activity after launching, this information is not apparent to the user beforehand. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user, including data destruction or compromising a system by providing a means for another computer to gain access, thus bypassing normal access controls.
A (universal) vulnerability is a state in a computing system (or set of systems) which either:
* Allows an attacker to execute commands as another user
* Allows an attacker to access data that is contrary to the specified access restrictions for that data
* Allows an attacker to pose as another entity
* Allows an attacker to conduct a denial of service
A symbol that enables multiple matching values to be returned based on a shared feature. The script language has two wildcards:
1. The question mark (?) stands for any single character.
2. The asterisk (*) stands for any character string of any length.
For example, the file specification *.* would return all the files, regardless of their file names.
The file specification *.sc? would return all the file names with a three-character extension beginning with sc (such as compusrv.scr, compusrv.scx, and so on).
Sorry have to put this in bold: (Important)
1. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary.
2. One who programs enthusiastically, or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value (q.v.).
4. A person who is good at programming quickly. Not everything a hacker produces is a hack.
5. An expert at a particular program, or one who frequently does work using it or on it.
A programmer who "cracks'' (gains unauthorized access to) computers, typically to do malicious things; "crackers are often mistakenly called hackers"
Hackers find Vulnerabilities in programs or in websites and exploit them to the maker of the site or program. Cracker will find Vulnerabilities and use it for their own personal use.
I hope this has helped you to understand terms more clearly. Enjoy....
Edited by spike_hacker_inc, 12 March 2006 - 12:25 PM.