Vulnerability: A facet that can be utilized to gain an inappropriate level of access or privileges with an information resource.
Threat: That which if unchecked will cause a tangible or intangible loss to the organization.
Virus: A program that replicates itself by embedding a copy of itself in other programs.
Hacker: A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is "cracker".
Cracker: One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker. An earlier attempt to establish `worm' in this sense around 1981-82 on Usenet was largely a failure.
Policy: A written definition of a security standard.
Authentication: The process of verifying the identity of a user.
Cookie: A message given to a Web browser by a Web server to store in a text file called cookie.txt. The message is then sent back to the server each time the browser requests a page from the server that identifies users and possibly prepare customized Web pages for them.
Attack: Attempt to penetrate a computer system's security controls.
Java: A high-level programming language developed by Sun Microsystems to take advantage of the burgeoning World Wide Web. Java is an object-oriented language similar to C++, but simplified to eliminate language features that cause common programming errors.
ActiveX: A loosely defined set of technologies developed by Microsoft. ActiveX is an outgrowth of two other Microsoft technologies called OLE (Object Linking and Embedding) and COM (Component Object Model). As a moniker, ActiveX can be very confusing because it applies to a whole set of COM-based technologies. Most people, however, think only of ActiveX controls, which represent a specific way of implementing ActiveX technologies.
SMTP: Short for Simple Mail Transfer Protocol, a protocol for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client using either POP or IMAP. In addition, SMTP is generally used to send messages from a mail client to a mail server. This is why you need to specify both the POP or IMAP server and the SMTP server when you configure your e-mail application.
Attachment: A file attached to an e-mail message. Many e-mail systems only support sending text files as e-mail. If the attachment is a binary file or formatted text file (such as an MS-Word document), it must be encoded before it is sent and decoded once it is received. There are a number of encoding schemes, the two most prevalent being Uuencode and MIME.
VPN: Short for virtual private network, a network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
FTP: Abbreviation of File Transfer Protocol, the protocol used on the Internet for sending files.
IP: An identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination.
LAN: A computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves. A system of LANs connected in this way is called a wide-area network (WAN).
SSL: Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.
Trojan Horse: A destructive program that masquerades as a benign application. Unlike a viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
WAN: A computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs).
Quarantine: To move an infected file, such as a virus, into an area where it cannot cause more harm. Antivirus softwares come with quarantine options so that the user also can keep track of virus activity.
PKI: Short for public key infrastructure, a system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction. PKIs are currently evolving and there is no single PKI nor even a single agreed-upon standard for setting up a PKI. However, nearly everyone agrees that reliable PKIs are necessary before electronic commerce can become widespread.
Digital Certificate: An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information.
Back door: Also called a trapdoor. An undocumented way of gaining access to a program, online service or an entire computer system. The backdoor is written by the programmer who creates the code for the program. It is often only known by the programmer. A backdoor is a potential security risk.
Firewall: A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
