National Webcast Initiative

Cyber Security: The Three Things You Should Have Done Yesterday
and the Three Things You Should Do Today

June 22, 2004

Definitions of Security Terms

The following definitions are provided as a resource to help familiarize you with some common security terms and phrases that you will hear during the broadcast of the June 22, 2004 webcast. The information provided below is by no means an exhaustive list, however, it can be utilized as a foundation from which you can build your knowledge of cyber security terms and further pursue these topics on your own.

Backdoor  (also called a trapdoor):
An undocumented way of gaining access to a program, online service or an entire computer system. The backdoor is written by the programmer who creates the code for the program.

CIA:

Confidentiality

  • ensuring that only authorized users can access the services and information
  • ensuring that authorized users can access only the services for which they are authorized

Integrity

  • ensuring that you can recognize and recover from breaches of integrity

Availability

  • ensuring that services are uninterrupted even when there are hardware or software failures or during routine system maintenance
  • ensuring that you can recognize and recover from security incidents in a timely manner

DoS: 
Short for denial-of-service attack, a type of attack on a network(New Window) that is designed to bring the network to its knees by flooding it with useless traffic(New Window) . For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks.

Hash:
Producing hash values for accessing data(New Window) or for security(New Window) . A hash value (or simply hash), also called a message digest, is a number generated from a string(New Window) of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.

Hashing is also a common method of accessing data records(New Window) .

To create an index(New Window) , called a hash table, for these records, you would apply a formula to each name to produce a unique numeric value.

P2P - Peer-to-Peer Infrastructure:  Often referred to simply as peer-to-peer, or abbreviated P2P, a type of network(New Window) in which each workstation(New Window) has equivalent capabilities and responsibilities. This differs from client/server architectures(New Window) , in which some computers are dedicated(New Window) to serving the others. Peer-to-peer networks are generally simpler, but they usually do not offer the same performance under heavy loads(New Window) .

Password Cracker:  
A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resources.  It can also be used to help a person obtain unauthorized access to a resource.

Password entropy
Stated in bits, the measure of randomness in a password.

Rainbow Tables:
A set of tools and techniques used for cracking MS Windows passwords.

Rootkits:
  • User-Level RootKits—Programs that 'infect' program files that are executed by the user and run under the user account's privileges (for example, the Explorer.exe or Word.exe program)
  • Kernel-Level RootKits—Programs that 'infect' functions belonging to the Operating System kernel (i.e. the core Windows operating system) and are used by hundreds of applications (including the Windows API). Kernel-Mode RootKits will modify (i.e. hijack) internal operating system functions that return lists of files, processes, and open ports (use the 'DependencyWalker' program to see Kernel functions on the 'NTDLL.dll', 'Kerner32.dll', and 'NTOSKRNEL.exe' files)

Social engineering
An attack which is used to trick people into revealing passwords or other information that can compromise security.  These types of attack are low-tech and can be done just by talking to someone in the organization (phone call, email or a visit).  For example, a person could call a busy receptionist and tell her that they are a company salesperson who is stranded at a customer's site.  They are trying to do a demo, but can't get their password to work, and ask her for her password so they can get the demo going and not lose the account.

Spyware:
Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Also known as "adware."

Trojan Horse
A destructive program(New Window) that masquerades as a benign application. Unlike viruses(New Window) , Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

Vector
Also known as "attack vector" - routes or methods used to get into computer systems, usually for nefarious purposes. They take advantage of known weak spots to gain entry. Many attack vectors take advantage of the human element in the system, because that's often the weakest link.

Virus
A program or piece of code(New Window) that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer(New Window) viruses are manmade.

Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

Warez
Pronounced wayrz or wayrss. Commercial software that has been pirated(New Window) and made available to the public via an electronic Bulletin Board System ( BBS(New Window) ) or the Internet(New Window) . Typically, the pirate has figured out a way to de-activate the copy-protection(New Window) or registration(New Window) scheme used by the software. Note that the use and distribution of warez software is illegal. In contrast, shareware(New Window) and freeware(New Window) may be freely copied and distributed.

Web Defacement:
Also referred to as defacement or Web site defacement, a form of malicious hacking(New Window) in which a Web site is “vandalized.” Often the malicious hacker will replace the site’s normal content with a specific political or social message or will erase the content from the site entirely, relying on known security vulnerabilities for access to the site’s content.

Worm:
A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down.  Worms are self contained and do not need a host application to be transported.