|
Internet security glossary
By
Paul Glen,
paul [at] relevantsitecontent com
http://finjan.com/Content.aspx?id=499
Become a member of TranslationDirectory.com at just
$12 per month (paid per year)
Advertisements:
Use the search bar to look for terms in all glossaries, dictionaries, articles and other resources simultaneously
A |
Active Content
This term is used to describe any code that is delivered
and executed on a desktop host during network access. Users may
not be aware of the Active Content activity. Active Content is typically
driven by (but not limited to) HTML documents. It can be delivered
by various tools (e.g., browser, email, office application) and
protocols (e.g., HTTP, FTP, and SMTP). Finjan’s Vital Security™
products provide proactive protection against potentially harmful
Active Content such as ActiveX, Java, executables, JavaScript, VBScript,
Screen Savers, and plug-ins, delivered via HTTP, FTP over HTTP,
and Native FTP.
Active Content Object
A generic name for a specific Active Content unit. This
may refer to Java Applets, ActiveX Controls, JavaScript scripts,
VBScripts, plug-in modules, etc. Active Content objects may also
be referred to as "downloadables", or simply as “objects".
Adware
Programs that facilitate delivery of advertising content to the
user through their own window, or by utilizing another program's
interface. In some cases, these programs may gather information
from the user's computer, including information related to Internet
browser usage or other computing habits, and relay this information
back to a remote computer or other location in cyber-space.
Adware can be downloaded from websites (typically in shareware
or freeware), email messages, and instant messengers. Additionally,
a user may unknowingly receive and/or trigger Adware by accepting
an End User License Agreement from a software program linked to
the Adware or from visiting a website that downloads the Adware
with or without an End User License Agreement.
Applet
A program written in the Java programming language and implemented
as a Java Applet.
A browser that supports Java may download and run the applet automatically.
Any miniature application transported over the Internet, especially
as an enhancement to a Web page. Authors often embed applets within
the HTML page as a foreign program type.
ActiveX
A native-code program that conforms to the ActiveX Control specifications.
A browser that supports ActiveX may download and run it automatically.
ActiveX controls are software modules based on Microsoft's Component
Object Model (COM) architecture. They add functionality to software
applications by seamlessly incorporating pre-made modules with the
basic software package. Modules can be interchanged but still appear
as parts of the original software. On the Internet, ActiveX controls
can be linked to Web pages and downloaded by an ActiveX-compliant
browser. ActiveX controls turn Web pages into software pages that
perform like any other program launched from a server. ActiveX controls
can have full system access. In most instances this access is legitimate,
but one should be cautious of malicious ActiveX applications.
Anti-Virus
Detects and blocks known viruses attempting to enter the network
via the web.
Attack
An attempt to subvert or bypass a system's security. Attacks
may be passive or active. Active attacks attempt to alter or destroy
data. Passive attacks try to intercept or read data without changing
it.
|
Back to top |
B |
Behavior Based
Proactively protects networks against web threats by monitoring
actual code behavior and blocking any action that violates corporate
security policies. It is the only technology on the market that
can stop both known and unknown threats at the gateway, before they
enter your network.
Behavior Profile
All the operations that an Active Content object has the potential
to invoke on the resources of the client computer.
Blended Threat
Blended threats combine the characteristics of viruses, worms, Trojan
Horses, and malicious code with server and Internet vulnerabilities
to initiate, transmit, and spread an attack. By using multiple methods
and techniques, blended threats can rapidly spread and cause widespread
damage. Characteristics of blended threats include:
- Causes harm: Launches a Denial of Service (DoS) attack at a
target IP address, defaces Web servers, or plants Trojan Horse
programs for later execution.
- Propagates by multiple methods: Scans for vulnerabilities to
compromise a system, such as embedding code in HTML files on a
server, infecting visitors to a compromised Web site, or sending
unauthorized email from compromised servers with a worm attachment.
- Attacks from multiple points: Injects malicious code into the
.exe files on a system, raises the privilege level of the guest
account, creates world read and writeable network shares, makes
numerous registry changes, and adds script code into HTML files.
- Spreads without human intervention: Continuously scans the Internet
for vulnerable servers to attack.
- Exploits vulnerabilities: Takes advantage of known vulnerabilities,
such as buffer overflows, HTTP input validation vulnerabilities,
and known default passwords to gain unauthorized administrative
access.
Effective protection from blended threats requires a comprehensive
security solution that contains multiple layers of defense and response
mechanisms.
|
Back to top |
C |
Cluster Virus
Cluster viruses modify the directory table entries so the
virus starts before any other program. The virus code only exists
in one location, but running any program runs the virus as well.
Because they modify the directory, cluster viruses may appear to
infect every program on a disk.
Compromise security settings
This payload may attempt to gain access to passwords or other system-level
security settings. It may also search for openings in the Internet-processing
components of the computer to install a program on that particular
system, which an individual could remotely control over the Internet.
Content Filtering
A subcategory of a security policy that pertains to the semantic
meaning of words in text. It can also include URL filtering.
Cookie
Cookies are blocks of text placed in a file on your computer's hard
disk. Web sites use cookies to identify users who revisit the site.
Cookies might contain login or registration information, "shopping
cart" information or user preferences. When a server receives a
browser request that includes a cookie, the server can use the information
stored in the cookie to customize the Web site for the user. Cookies
can be used to gather more information about a user than would be
possible without them.
|
Back to top |
D |
Damage potential
A malware's damage potential rating may be high, medium, or low
based on its inherent capacity to cause both direct and indirect
damage to systems or networks. Certain malware are designed specifically
to delete or corrupt files, causing direct damage. Denial of service
(DoS) malware may also cause direct and intended damage by flooding
specific targets. Mass-mailers and network worms usually cause indirect
damage when they clog mail servers and network bandwidth, respectively.
Distributed Denial of Service (DDoS)
Attempts to bring down large sites through DoS attacks
are often not feasible for a single attacking machine due to the
large amount of resources available to the attacked site. Thus,
hackers have developed the distributed denial of service approach,
whereby a number of machines are simultaneously commanded to attack
a target system. Each of these DDoS 'agents' contributes part of
the total 'load' that eventually brings down the attacked service
or server, or, alternatively, each agent machine contributes part
of the bandwidth necessary to clog the network connections to the
attacked server.
Dialer
Software that dials a phone number. Some dialers connect
to local Internet Service Providers, while others connect to toll
numbers without user awareness or permission. Dialers are used by
Spyware to silently dial one of several ISPs to download a hostile
executable or to dial highly charged international phone numbers
often associated with pay porn sites.
Disinfection
Most anti-virus software carries out disinfection after reporting
the presence of a virus to the user. During disinfection, the virus
may be removed from the system and, whenever possible, any affected
data is recovered.
|
Back to top |
E |
Encryption
A change made to data, code, or a file such that it can no longer
be read or accessed without processing (or un-encrypting). Viruses
may use encryption in order to hinder detection by hiding their
viral code.
Encryption Virus
An encrypted virus' code begins with a decryption algorithm and
continues with scrambled or encrypted code for the remainder of
the virus. Each time it infects, it automatically encodes itself
differently, so its code is never the same. Through this method,
the virus tries to avoid detection by anti-virus software.
Exploit
An exploit is code that takes advantage of a software vulnerability
or security hole. Exploits are often incorporated into malware,
which are consequently able to propagate into and run intricate
routines on vulnerable computers.
Exploit ShellCode
A piece of software which is used inside exploits to execute code
on the victim.
Exposure
An exposure is a state in a computing system (or set of systems)
which is not a universal vulnerability, but either:
- Allows an attacker to conduct information gathering activities
- Allows an attacker to hide activities
- Includes a capability that behaves as expected, but can be easily
compromised
- Is a primary point of entry that an attacker may attempt to
use to gain access to the system or data
- Is considered a problem according to some reasonable security
policy
|
Back to top |
F |
False Positive, False Negative
From a security perspective, false positives refer to identification
of a virus or malicious piece of content when in fact the content
is clean. Conversely, if a virus or piece of malicious code passes
through the security scanner (e.g., is not detected as being malicious),
a false negative error has been made. False negatives probably seem
more serious than false positives, but both are undesirable. False
positives can cause a great deal of down-time and lost productivity.
With good security scanners, false positives are rare. False negatives
are a more common problem with virus scanners because known-virus
scanners tend to miss completely new or heavily modified viruses.
False positives have, historically, been quite a problem for scanners
that make heavy use of heuristic detection mechanisms.
FTP File Transfer Protocol
|
H |
Hacking
The operation of gaining access without the proper permission to
a secure system or performing actions in a system without sufficient
security privileges
HTML HyperText Markup Language
HTTP HyperText Transfer Protocol
HTTPS Secure HTTP
|
Back to top |
I |
“In the Wild”
A virus is "in the wild" if it is verified as having caused
an infection outside a laboratory situation. Most viruses are in the
wild and differ only in prevalence.
|
J |
JVM Java Virtual Machine |
L |
Load Balancing
A group of two or more servers linked together to balance variable
workloads or provide continued operation in the event that one server
fails.
|
Back to top |
M |
Malicious Code
A piece of code designed to damage a system or the data
it contains, or to prevent the system from being used in its normal
manner.
Malware
Malware is a program that performs unexpected or unauthorized, but
always malicious, actions. It is a general term used to refer to both
viruses and Trojans, which respectively include replicating and non-replicating
malicious code. |
Back to top |
P |
Packer
A utility which compresses and encrypts a file, in order
to avoid detection by anti-virus software. Packers add a header
that upon execution automatically expands the file in memory, and
then transfers control to that file. Some packers can also unpack
without starting the packed file. Packers are often used by writers
of Trojan horses to foil anti-virus products.
Payload
Payload refers to what the virus does (dialer, keylogger, hijacker)
in terms of damage, rather than how it spreads. Similar to military
jargon, the virus is seen as the delivery vehicle' (e.g., the missile)
and the damage routine is the payload (also known as warhead).
Phishing
Phishing attacks use both social engineering and technical subterfuge
to steal consumers' personal identity data and financial account credentials.
Social-engineering schemes use 'spoofed' e-mails to lead consumers
to counterfeit websites designed to trick recipients into divulging
financial and personal data such as credit card numbers, account usernames,
passwords, social security numbers, mother's Maiden name, and Driver's
License number. Phishing attacks can arrive as an email message where
the attacker has forged, or spoofed, the sender's address to make
the message look authentic. These spoofed messages usually redirect
the user to a fraudulent websites or proxy servers to enter personal
information, which is then used by the phisher for criminal purposes.
Proof of Concept
The first implementation of an idea that had previously only been
discussed as a theoretical possibility or concept. In the anti-virus
context, Proof of Concept describes a virus that is the first to
infect a given platform or implement a given infection technique.
Proof of Concept is sometime used to described a virus that is very
simplistic or bug-ridden (or both), and thus unlikely to pose a
real-world threat itself.
|
Back to top |
R |
Real-time Scanner
An anti-virus software application that operates as a background
task, allowing the computer to continue working at normal speed,
with no perceptible slowing.
Remote
Code Execution
Programs that allow one computer to access another computer
(or facilitate such access) without explicit authorization when an
access attempt is made. Once access is gained, usually over the Internet
or by direct dial access, the remote access program can attack or
alter the other computer. It may also have the ability to gather personal
information, or infect or delete files. They may also create the risk
that third party programs can exploit its presence to obtain access.
Such remote access programs generally:
- Attempt to remain unnoticed, either by actively hiding or simply
not making their presence on a system known to the user, and/or
- Attempt to hide any evidence of their being accessed remotely
over a network or Internet Means by which these programs provide
access may include notifying a remote host of the machine by sending
its address or location, or employing functionality that wholly
or partially automates access to the computer on which the program
is installed.
|
Back to top |
S |
Security Policy
The set of operations that is allowed to be performed on the resources
of desktop computers. A security policy may be defined for each
user or group within an organization.
Signature
A search pattern, often a simple string of characters or bytes,
expected to be found in every instance of a particular virus. Usually,
different viruses have different signatures. Anti-virus scanners
use signatures to locate specific viruses.
SMTP Simple Mail Transfer Protocol
SSL (Secure Sockets Layer)
A program layer created by Netscape for managing the security
of message transmissions in a network. The programming for keeping
messages confidential is contained in a program layer between the
application layer (such as Web browser or HTTP) and the Internet's
TCP/IP layers. The "sockets" part of the term refers to the sockets
method of passing data back and forth between a client and a server
program in a network or between program layers in the same computer.
Spyware
Spyware is any technology that aids in gathering information about
a person or organization without their knowledge. Spyware frequently
attempts to remain unnoticed, either by actively hiding or by simply
not making its presence on a system known to the user. Spyware can
be downloaded from Web sites (typically in shareware or freeware),
email messages, and instant messengers. Additionally, a user may unknowingly
receive and/or trigger spyware by accepting an End User License Agreement
from a software program linked to the spyware or from visiting a website
that downloads the spyware with or without an End User License Agreement.
|
Back to top |
T |
Trojan
A Trojan horse program is a malicious program that pretends to be
a benign application; a Trojan horse program purposefully does something
the user does not expect. Trojans are not viruses since they do
not replicate, but Trojan horse programs can be just as destructive.
Many people use the term to refer only to non-replicating malicious
programs, thus making a distinction between Trojans and viruses.
|
Back to top |
U |
URL Universal Resource Locator
URL Filtering
These products filter Web traffic based on content category, specific
URL and time of day in order to give organizations full control
over the web browsing activities of their employees. Unmanaged access
to inappropriate or distracting Web content involves legal risks,
compromises network security and reduces employee productivity.
|
Back to top |
V |
Virus
A computer program file capable of attaching to disks or other files
and replicating itself repeatedly, typically without user knowledge
or permission. Some viruses attach to files so when the infected
file executes, the virus also executes. Other viruses sit in a computer's
memory and infect files as the computer opens, modifies or creates
the files. Some viruses display symptoms, and some viruses damage
files and computer systems, but neither symptoms nor damage is essential
in the definition of a virus; a non-damaging virus is still a virus.
Vulnerability
A vulnerability is a software flaw in a computing system that could
be exploited by malicious code to gain unauthorized access to information
or process. The presence of known vulnerabilities in programs and
operating systems can leave these systems very much open to malware
and hacker attack. This is because programs that take advantage of
known vulnerabilities, commonly referred to as exploits, are often
publicly available as source code, which can be customized to create
a malware or a hacking tool. Software vendors typically provide fixes
or patches for vulnerabilities found on their products.
Vulnerability Anti.dote™
Identifies and blocks content that tries to exploit known software
vulnerabilities
|
Back to top |
W |
Window-of-Vulnerability™
The time span between when either a new vulnerability is published
or when an Internet attack is launched until a signature update
or patch to combat that virus is delivered. During the Window-of-Vulnerability,
computers exposed and vulnerable for hours, and sometimes days,
to new attacks.
Worm
A piece of self-replicating malicious code that spreads throughout
a network without human interaction. Worms are parasitic computer
programs that replicate, but unlike viruses, do not infect other
computer program files. Worms can create copies on the same computer,
or can send the copies to other computers via a network. Worms often
spread via IRC (Internet Relay Chat).
|
Back to top |
Z |
Zero-Day Detection
To be able to detect and prevent an item of malware or
other undesired attack at first strike. To close the Window-of-Vulnerability
by identifying and providing protection from viruses before they
are known and before signatures are published.
Zoo
A collection of viruses used for testing by researchers.
See also: In the Wild
|
Published - August 2009
Find free glossaries at TranslationDirectory.com
Find free dictionaries at TranslationDirectory.com
Subscribe to free TranslationDirectory.com newsletter
Need more translation jobs from translation agencies? Click here!
Translation agencies are welcome to register here - Free!
Freelance translators are welcome to register here - Free!
Submit your glossary or dictionary for publishing at TranslationDirectory.com
|
|
|
Free
Newsletter |
|
|
|
|