Topics > Glossary

IT Security










Glossary (from

Any material used or cited from any source on these web pages constitutes fair use for educational purposes, and is not intended as a copyright or trademark infringement.



Entrance granted to a specific user such that they have the ability to get the information they want or need.

Access Control
The administrative control used to selectively restrict access to specific resources, including files, directories, networks, servers, printers, and other devices.

Access Control Mechanism
A variety of components which act separately and collectively, in order to detect and avert unauthorized access and grant authorized access in an automated system.

Acceptance Inspection
The deciding examination for determining if a facility or system meets the specified technical, performance, or security standards.

Access Level
A security measure used to check the sensitivity of data and then to permit or authorize a user.

Access List
A list of users, programs, and/or processes and the level of access allowed to each. See also ACL.

Access Period
The amount of time allowed for access privileges.

Access Type
The specific degree of access privileges given to a user with regard to a particular device, program, or file.

Access Control List - A table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file.

Active Attack
A network attack that results in an unauthorized state change, such as the manipulation of files, or the adding of unauthorized files - as opposed to a passive attack, which does not change state, but rather monitors activity or logs information.

Active Hub
An active or filtering hub is a type of hub that does hardware address authentication.

ActiveX Controls
Powerful programs used to increase interactivity and functionality on Internet web pages.

Add-on Security
The application of protection features, both hardware and software.

A name or piece of data used to describe some location or identitity, be that a hardware device or a position in computer memory. See also, IP Address.

In technical terms, someone who manages security and user access, usually for larger computer systems, such as universities and corporations, but technically on any scale.

Administrative Tools
A software tool for managing processes or information, especially remotely.

Administrative Security
The management level constraints and controls established independently of physical security, which define and ensure an acceptable level of protection for information resources.

Analog Display Services Interface - The standard protocol that enables alternate voice and data services. For example, a visual display on a phone, using the analog telephone network.

Automated information system - an interconnected system used in the automatic acquisition, storage, manipulation, control, display, transmission, or reception of data, by means of software, firmware, and hardware.

A closed source UNIX operating system developed by IBM.

A message formulated for the purpose of describing a circumstance relevant to network security.

A formula or set of steps for solving a particular problem. Every step of an algorithm must be clearly defined. Algorithms are universal to all languages, including programming languages.

Alternate or assumed name. Common in the antivirus industry, where vendors name malware independently from one another. May also be used to conceal one's identity.

A person who aspires to be a malicious hacker but has very limited knowledge or skills. Usually associated with young teens who collect and use simple malicious programs obtained from the Internet. See Script Kiddy.

Anomaly Detection Model
A security response method where intrusions are detected by looking for activity that is different from the user's or system's normal behavior.

Anonymous Login
Access to a system without a login name or password. Protection of the system is limited to tight file restrictions.

American National Standards Institute- The key organization for cultivating technology standards in the US. Resulting standards, such as ASCII and SCSI, are now established and well known.

Distributed under an open source license, this Web server is extremely popular on UNIX-based operating systems.

A small Java program that can be embedded into a Web page, which is run from inside a Web browser. "Application" is to "applet" as "book" is to "booklet".

Application Level Gateway
A firewall system in which network activity is managed by processes that govern TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.

Application Log
A Windows NT log file for the storage of auditing information, which includes information produced by application activity.

A tool (software) for finding files stored on anonymous FTP sites.

Armoured Virus
A virus that is written to avoid detection and disassembly analysis.

Address Resolution Protocol - A protocol for mapping an IP address to each individual machine address on a local network.

ARP Table
A table utilized by the Address Resolution Protocol that stores information for mapping IP addresses to individual machine addresses on a network.

Advanced Research Projects Agency Network - a project sponsered by DARPA in the late 60's, later evolving into the Internet.

A UNIX utility that assists system administrators with processing and examining data sustained in log files.

American Standard Code for Information Interchange- Text on computers and the Internet usually conforms to this standard. Every alphabetic, numeric, or special character is signified by a 7-bit binary number (a string of seven 0s or 1s). There are 128 ASCII defined characters, numbered 0 through 127.

Automated Security Incident Measurement - A process that monitors network traffic and collects information on targeted networks by detecting unauthorized network activity.

A very low level programming language, or the program that compiles the language code into machine language. Unlike most high level languages, assembler (or assembly) language is very nearly an instruction by instruction translation from machine language into english.

Assessment Survey and Inspection
An analysis of the vulnerabilities of an information system, coupled with an information acquisition and review process designed to assist a customer in determining how best to use their resources.

The affirmation of security features and architecture that an automated information system carefully mediates and enforces through security policy.

No recognizable pattern or proportion. In public key cryptography, an assymetric set of keys leaves no sensible way of associating them.

The independent examination of records and activities to ensure compliance with established controls, policy, and operational procedures, followed by the recommendation of changes.

Audit Trail
A chronological record of system resource usage. This includes user login, file access, and other activities, as well as whether any actual or attempted security violations occurred, either legitimate or unauthorized.

Auditing Utilities
Utilities that aid administrators in tracking users on systems and help to gain a sense of what kinds of activities are taking place on them. Two helpful UNIX auditing utilities are ps, and netstat.

To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system.

Authentication Header (AH)
A field that immediately follows the IP header in an IP datagram and provides authentication and integrity checking for the datagram.

The process of granting or denying access rights to network resources, programs, or processes.

Automated Security Monitoring
Using automated methods to guarantee that security controls are not bypassed.

Abbreviation for Anti-Virus.

Abbreviation for Anti-Virus Professional.

A programming language that includes user-defined functions, multiple input streams, and computed regular expressions. The name AWK comes from the initials of its designers - Alfred V. Aho, Peter J. Weinberger, and Brian W. Kernighan.


Back Door
A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls.

Bang Addressing
Bang is depicted by the exclamation (!) symbol. In domain name addressing, the mailbox name, organization name, and the name of the network are separated by ! and read from right to left. For example, mynetwork!myorg!mybox.

Baud Rate
Baud was the prevalent measure for data transmission speed until replaced by a more accurate term, bps (bits per second). One baud is one electronic state change per second. Since a single state change can involve more than a single bit of data, the bps unit of measurement has replaced it as a better expression of data transmission rate.

Bulletin Board System - A computerized meeting and announcement system that allows people to carry on discussions, upload and download files, and make announcements. Most BBS's are very small, running on a single PC with 1 or 2 modems.

A UNIX shell daemon program that executes every 30 seconds, flushing disk buffers, and serving to update the file system.

Bell-La Padula Security Model
A formal transition model of computer security policy that describes a formal set of access controls based on information sensitivity and subject authorizations.

Benign Environment
A safe data environment, usually protected from external malicious elements by security precautions.

Software by Jetico Inc., that creates and supports encrypted virtual disks, visible as regular disks with typical drive letters. The data stored on a BestCrypt disk is stored in a container file, and encrypted using DES. <>

Between-the-lines Entry
Unsanctioned access obtained by taking advantage of the temporarily inactive terminal of an authorized user.

Biba Integrity Model
A formal security model for the integrity of subjects and objects in a system.

To make an association between two or more objects, programming objects or networking components, for example.

Basic Input/Output System - Provides the basic instructions for controlling system hardware. BIOS is coded into the ROM of some computers.

Binary Digit - The smallest unit of data used in computing. Its value is either zero or one.

Blue bomb
An exploit that causes a Windows operating system to crash or suddenly terminate. Blue bomb derived it's name from the blue screen it sometimes display as the operating system is being terminated.

Bayonet Neil-Concelman - a type of connector used to join a coaxial cable with a 10BASE-2 Ethernet network.

Basic Networking Utilities - one of several updated versions of UUCP Version 2.

A general synonym for crash, normally pertaining to software failure.

To start up a computer, which involves loading the operating system and other basic software.

Boot Disk
A special disk containing startup files, capable of starting up a computer. Boot disks are an important resource to have on file in case of emergency or infection of malware.

Bootstrap Protocol - A protocol that is used to automatically configure a network machine and boot or initiate the operating system without user involvement.

Boot Sector
First logical sector of a disk.

Boot Sector Infector (BSI)
A virus that infects the boot sector on a floppy disk from which a computer boots up. Boot sector infections occur when an attempt is made to boot the computer from an infected floppy disk.

The successful penetration of security controls. A violation of controls of a particular information system such that information assets or system components are exposed.

A bridge connects a network to another network that uses the same protocol. In bridging networks, messages are sent to every address on the network but accepted only by the intended destination node.

Broadcast Command
A command that simultaneously sends data to multiple recipients.

Broadcast Storm
When a network is weighed down with continuous broadcast or multicast traffic. A broadcast storm may result in a total loss of network service as packets multiply.

An Internet application used to survey World Wide Web content.

Berkeley Software Distribution/Design - a popular version of UNIX developed at University of California, Berkeley.

A predefined space in memory or on disk, used to hold data while a computer system catches up. A buffer is like a queue, or a holding pen.

Buffer Overflow
When more data goes into a buffer (data holding area) than goes out. This is often due to a mismatch in processing rates between the producing and consuming processes. It can result in system crashes or the creation of an unexpected avenue to illegal system access.

An unwanted and unintended attribute of a program or piece of hardware, especially one that causes it to malfunction.

A full-disclosure moderated mailing list for the discussion and announcement of computer security vulnerabilities. <>.

8 bits.


An object-oriented programming language, C++ has been acclaimed as the best language for making large-scale application programs. C++ is a superset of the C language.

Call Back
See Dial-back Authentication.

Identification of an object that specifies the access privileges given to the accessor possessing the ability.

Cavity Virus
A virus that attempts to infect a file without increasing the length of the file, overwriting select portions of code in the host file while attempting to preserve functionality.

Certificate Authority
An issuer of Digital Certificates, such as those used in SSL conversations.

A thorough evaluation of security features as well as the verification that the designs and implementations of those features adhere to a set of security requirements protocols.

Computer Emergency Response Team - Ofically called the CERT Coordination Center, CERT is the Internet's official emergency team formed by the Defense Advanced Research Projects Agency (DARPA), following the Internet worm incident.

Chat Script
A script made up of pairs of strings and used in a number of applications, but especially dialing out on modems or logging in to remote systems. A program waits to see the first chat script string, called the "expect" string, and then transmits the second string, the "send" string.

To guarantee no entries were deleted, this UNIX utility examines the lastlog and WTMP files. Also, chkwtmp.

See chklastlog.

An abbreviation for Changes Root Directory - A UNIX command that forces the root directory to become something other than its default for the duration of the current task.

Common Gateway Interface - the method that Web servers use to allow interaction between server programs and Web users. Enables the creation of dynamic and interactive Web pages. Can easily become the most vulnerable part of a Web server.

Chernobyl Packet
Also called Kamikaze Packets. A network packet that induces a broadcast storm and network meltdown. Typically an IP Ethernet datagram that passes through a gateway with both source and destination Ethernet and IP address set as the respective broadcast addresses for the subnetworks being gated between.

Circuit Level Gateway
A firewall that validates TCP and UDP sessions before opening a connection. After handshake , it passes everything through until the session is ended.

Complex Instruction Set Computer - Most PC's use a CISC architecture in which the CPU supports as many as two hundred instructions.

C Language
A procedural programming language used widely for both operating systems and applications. A number of UNIX-based operating systems are written in C. C is incorporated into the Portable Operating System Interface (POSIX).

Unencrypted data. Also, Plaintext.

A software program or computer that is served data or resources from a server software program or computer.

Clipper Chip
A tamper-resistant VLSI chip designed by the NSA for encrypting voice communications. It conforms to the Escrow Encryption Standard (EES) and implements the Skipjack encryption algorithm.

Closed Security Environment
An environment where configuration controls ensure sufficient access to protect applications and equipment from implementation of malicious logic.

Closed Source
A software program, the source code of which is proprietary, and thus closed to public inspection. The opposite of closed source is open source.

A type of RAM memory used to store important configuration settings. When an internal battery is replaced on a computer, CMOS settings for items such as the date and time may need to be reset.

Computer Operations, Audit, and Security Technology - a multiple project, multiple investigator laboratory of computer security research at the Computer Sciences Department of Purdue University. COAST colaborates with corporations regarding real-world information security issues.

See Source Code.

Cold Boot
When a computer is not on prior to booting. When attempting to remove viruses, a cold boot is recommended to avoid problems with viruses that may be running in memory.

Companion Virus
A virus that uses a similar name and rules of program precedence as a certain program, in order to associate itself with that program.

Computer Anti-Virus Research Organization (CARO)
An elite group of antivirus researchers, many of which represent antivirus vendors, that exchange viruses for research purposes.

An intrusion of security policy, which has the potential of disclosing private system information to an unauthorized user.

Compromising Emanations
Unintentionally transmitted signals, which divulge information.

Computer Abuse
Intentional misuse, alteration, and damage of data processing resources.

Computer Fraud
Intended misrepresentation, alteration or disclosure of data in order to perform an operation which may illicitly gain the user an item of perceived value.

Computer Security Subsystem
A device or system that offers limited computer security functionality to a larger system environment.

Communications Security- Measures taken to deny unauthorized persons access to classified information derived from telecommunications belonging to the U.S. Government, and to ensure the authenticity of such telecommunications.

Concealment System
A system for keeping the confidentiality of sensitive information concealed by embedding it in irrelevant data. See also Steganography.

Configuration Control
The management of changes to a system's hardware, firmware, software, and documentation, ensuring that a system is safe from improper alterations before, during, and after system implementation.

Configuration Management
See Configuration Control.

The isolation of sensitive data in order to avoid the risk of disclosure.

Lower-level data is contaminated by the intermixing of higher-level data, resulting in altered security specifications, which are based on the unique requirements of differing levels of data.

Contingency Plan
An emergency response plan that involves taking action to make sure a program's security will guarantee the availability of crucial resources in an emergency situation.

Controlled Sharing
The access control that is applied to all users and components of a shared system.

A piece of information sent by a Web Server to a Web Browser that the Browser software is expected to save and to send back to the Server whenever the browser makes additional requests for a certain page.

Cost-risk Analysis
Assessment of the cost of adding data protection features to a system versus the cost of losing or compromising the data.

Any action, device, procedure, technique, or other measure that minimizes the security weaknesses of a system.

Covert Channel
An avenue of communications that enables two processes to send information in a manner that defies the host system's security policy.

Central Processing Unit - Often called the processor, this is the most important element of a computer system because it is where most calculations occur.

A popular type hacking tool used to defy the copyright protection measures of a program, or to decode encrypted passwords. System administrators also use cracks to assess weak passwords chosen by novice users, in order to enhance the security of an information system.

One who breaks into an information system.

The act of breaking into a computer system.

A sudden, usually drastic failure of a computer system.

A UNIX command used to schedule jobs to be executed at predetermined times.

1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data.
2) Operations performed in converting encrypted messages to plaintext without initial knowledge of the crypto-algorithm and/or key employed in the encryption.

Cryptographic Hash Function
A process that computes a value (referred to as a hashword) from a particular data unit in a manner that, when a hashword is protected, manipulation of the data is detectable.

The science concerning the principles, means, and methods for rendering plain text unintelligible, and for converting encrypted messages into intelligible form.

The science which deals with hidden, disguised, or encrypted communications.

Carrier Sense Multiple Access with Collision Avoidance - a method of controlling information transfer on an Ethernet network (used by AppleTalk networks).

Carrier Sense Multiple Access with Collision Detection - the most popular method of controlling information transfer on an Ethernet network.

Computer Security Technical Vulnerability Reporting Program- A program that deals with technical weaknesses in commercially available hardware, firmware and software products.


Data Access Arrangement - The electronic interface and modem within a computer that is required for any device connected to a public telephone line. DAA's are present in fax machines, PBXs, set-top boxes, and alarm systems.

A background process that runs a specified operation at predetermine times or in response to particular events.

Defence Advanced Research Projects Agency - the organization that sponsered ARPANET, the defense network responsible for standardizing the TCP/IP protocols and giving birth to the Internet.

Digital Audio Tape - a digital storage media type, capable of string up to 24 gigabytes of data.

Information that has been translated into a form that is more convenient to move or process. Data is information converted into binary or digital form.

A compilation of data that is organized in such away as to facilitate easy access, management, and access.

According to RFC 1594, "a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network."

Data Driven Attack
A form of attack that is carried out by malliciously encoding a seemingly innocuous piece of data, which is executed by a user or a process to unknowingly cause damage. A data driven attack is a concern for firewalls, since it may get through the firewall in data form and launch an attack against a system behind the firewall.

A special program used to find errors in other programs. It allows a programmer to examine and correct errors.

The process of decoding data that has been encrypted into a secret format. Decryption requires a secret key or password.

Demon Dialer
A program which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS or malicious when used as a denial of service attack. See War Dialer.

Denial of Service
A denial of service occurs when a piece of hardware or a website is inundated with requests. From a client perspective, a denial of service appears as a "page cannot be displayed" error.

Data Encryption Standard - A private key cryptographic algorithm for the protection of data. The DES is intended for public and government use. The DES offers 72 quadrillion possible keys.

Any machine or component that attaches to a computer, i.e. a disk drive, a printer, a mouse, or a modem.

Device File
A file that controls what physical devices are available for carrying UUCP connections and their configuration parameters.

Domain Host Configuration Protocol - a protocol for centrally and automatically managing the assignment of IP addresses in a network.

Dial-back Authentication
A safety measure wherein a hosting modem dials back to a predefined number to resume contact and continue with authentication of a dialin user. An added level of security involves calling back with a dedicated bank of dial-out only modems, an impractical solution for companies with many dialin users.

Text used to designate a dial string, or a file containing that text.

A program containing the commands needed to allow a modem or other device to make a call.

Domain Information Groper - A command-line tool used to gather information from a Domain Name System server.

Digital Liner Tape - an expensive media type that stores up to 70 gigabytes of data; sometimes used to back up large networks.

Domain Name System - The system by which a domain name ( is translated to and from an IP address (

DNS Server
A server which uses the Domain Name System to translates domain names ( into IP addresses (123.456.789.012).

DNS Spoofing
Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.

On the Internet, a name that identifies one or more IP addresses. Here are some examples of some top-level domains:

.gov - government agencies
.edu - educational institutions
.org - organizations (nonprofit)
.mil - military
.com - commercial business
.net - network organizations
.ca - Canada
.th - Thailand

Disk Operating System - The first widely-installed operating system for personal computers. DOS is a non-graphical, line-oriented, command-driven operating system. Versions include MSDOS and PCDOS.

An executable file that drops a virus when executed (run). A dropper creates a virus and infects the user's system when it is executed.

Data/Digital Service Unit - A device used to convert LAN data frames to a format that can be transmitted via connectivity provided by the telecommunications industry (i.e. T-1's), and back again.


Easter Egg
An Easter egg is an unanticipated surprise which is hidden in a Web site or an application program. Easter eggs often appear as messages, images, or sounds.

Electronic Frontier Foundation - The chief organization for preserving civil liberties on the Internet. Founded in 1990, the EFF examines issues such as free speech, encryption, privacy, and intellectual property, and lobbies for them.

Encrypting File System - A feature of the Windows 2000 operating system that allows any file or folder to be stored in encrypted form and decrypted only by an individual user or an authorized recovery agent.

External Gateway Protocol - a protocol used to exchange routing information between the gateway hosts of two autonomous networks, each with its own router.

Electronic Mail - A free, quick and easy way to send messages via a computer network (i.e. the Internet) rather than through the postal service.

Emergency Disk
A disk used for emergency situations. Normally refers to an emergency disk that contains important files, such as a backup of the registry. May also reference boot disks, used to boot a system in an emergency situation.

(1) In programming, the process of combining elements to create a new entity, such as a procedure. (2) In networking, synonymous with tunneling.

A change made to data, code, or a file so it no longer can be read or accessed without processing or decrypting. Roughly synonymous with encoding.

A very common method of networking computers in a LAN. Ethernet will handle about 10,000,000 bits-per-second and can be used with almost any kind of computer.

Ethernet Sniffer
A program, the goal of which is to log all activity over the local ethernet segment, as well as to intercept and view all packets on the network.

Ethernet Sniffing
The practice of listening with software to the Ethernet interface for packets that interest the user. When the software sees a packet that fits certain criteria, it logs it to a file. One such interesting packet might contain words like login or password.

To carry out a task or set of tasks. To execute a program, for example, is to load it into memory and run it. An executable file is a program file. To execute code is to carry out the instructions described by the code.


False Alarm
An incorrect report of a virus sometimes caused by scanners that have detected virus like activity or code on a computer. Sometimes called a false positive.

False Negative
When viruses go undetected by an antivirus program the result is a false negative.

False Positive
Commonly referred to as a false alarm. An incorrect report of a virus sometimes caused by heuristic scanners that have detected virus like activity or code on a computer.

Fast Infector
A virus that attempts to spread quickly throughout a system.

Frequently Asked Questions - Originally designed to cut down on basic technical support, FAQs list and answer the most common questions on a particular subject.

File Allocation Table - Hard disks store and retrieve files using this filing system, which involves a table of file locations on the disk.

Fiber Distributed data Interface - A standard for transmitting data on optical fiber cables at a rate of around 100,000,000 bits-per-second (10 times as fast as Ethernet, about twice as fast as T-3).

A block of labeled data on disk. There are many kinds of files, including data files, text files, program files, and directory files.

File Infector
A virus that attaches itself to, or associates itself with, a file.

File System
Or, File Management System - The set of procedures that an operating system or program uses to organize and keep track of files.

An Internet software tool for locating people on other Internet sites. Finger is also sometimes used to give access to non-personal information, but the most common use is to see if a person has an account at a particular Internet site. Many sites do not allow incoming Finger requests, but many do.

Federal Information Processing Standards - A set of standards that describe document processing and include algorithms for searching, for use within government agencies.

A system or combination of systems that enforces a boundary between two or more networks, or a gateway that limits access between networks in accordance with local security policy. The typical firewall is an inexpensive UNIX based computer kept clean of critical data.

Software that is stored permanently, usually on a ROM chip. Firmware is hard software, or soft hardware, depending on perspective.

To contain, isolate and monitor an unauthorized user within a system in order to gain information about the user.

Fork Bomb
Also known as Logic Bomb - Code that can be written in one line of code on any Unix system; used to recursively spawn copies of itself, "explodes" eventually eating all the process table entries and effectively locks up the system.

Fully-Qualified Domain Name - A complete domain name; not just the top level domain (.com/.net/.edu), or the second level domain (yahoo, securityportal), but the whole thing. "" is an FQDN.

File Transfer Protocol - A simple Internet protocol for transferring files using the TCP/IP protocols.


A piece of hardware or software that translates between dissimilar protocols, or any mechanism providing access to another system. A gateway is used to link dissimilar networks together. An AppleTalk network and a Microsoft network must be linked by a gateway computer. An ISP links its modem users to the Internet via a gateway.

General Protection Fault
A system violation that causes a message informing a user that the application program they are operating is attempting to access data storage or system memory that is not available for their use.

The first generation of a virus. Also called "Garden of Eden Mechanism" or "Generation One Virus."

A UNIX shell daemon that displays a login prompt on terminals and serial devices that are directly joined to the system and the console.

1024 Megabytes.

Goat File
A program used by an antivirus researcher to capture and disassemble malware after a malware infection. Goat files are much less cluttered and easier to disassemble.

A client/server program used to make menus of information available over the Internet. Gopher has been all but replaced by the World Wide Web.

Graphical User Interface - Pronounced "gooey", a computer interface composed of graphical components, designed to allow a user to navigate a program without keyboard commands. Usually a windowing system.


A person who enjoys exploring the details of computers and how to stretch their capabilities. Often construed to mean a malicious or inquisitive meddler who tries to discover information by poking around.

Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network.

Hacking Run
A hack session extended long outside normal working times, especially one longer than 12 hours.

An interchange of information between to remote processes, used to establish communications according to a certain protocol.

Hard Disk
A magnetic disk that can store computer data. Hard disks hold more data and are faster than floppy disks.

Hard Drive
Hard Disk Drive - The drive that reads and writes data to/from a hard disk.

Any physical component.

Hardware Address
Every network interface has a hardware address, unique to itself, and defined by the manufacturer. The software portion of a network relies on hardware addresses to absolutely identify a machine.

Hardware Address Spoofing
Spoofing at the hardware address level in order to violate security without being noticed.

An obsolete NSA computer system used to monitor telegraph traffic.

Honey, Dan, Ber - one of several updated versions of UUCP Version 2, which corrects certain design deficiencies.

Rule of thumb methods used by antivirus software to detect new and undiscovered viruses based upon "virus-like" qualities.

Hexadecimal - "Hex" is a prefix signifying 6 and "decimal" is a suffix signifying 10. Hexadecimal numbers follow a base 16 number system. The base 10, or decimal number system is used by people.

See Hex.

A UNIX shell command that lists the details of the history log in sequential order.

History Log
Stored by the UNIX shell, this log keeps an entry track of recent commands entered by the user.

In virus terms, an email that warns of an invalid viral infection or risk, causing more concern than necessary to the user. See our Malware Hoax database for more information.

A gap in system memory that is unallocated and unused. More casually, a hole is any means by which an intrusion may occur. Also, Security Hole.

HoneyDanBer UUCP
An enhanced version of the UUCP. Named after the programmers last names Peter Honeyman, David A. Nowitz, and Brian E. Redman.

A single computer or workstation, connected to a network. Often refers to a computer which hosts services.

On the Internet, the name used to locate a host's IP-address.

Host Table
Used to look up a hostname, which is translated into a corresponding IP address.

Hostname Command
A command that determines the hostname of a computer, as opposed to only determining an IP address number.

A version of the UNIX operating system developed by Hewlett-Packard.

HyperText Markup Language- Formatting commands that create hypertext documents known as Web pages.

Hypertext Transfer Protocol - the set of rules for transferring files on the World Wide Web. HTTP is an application protocol built on the TCP/IP protocols.


International Business Machines - a leader in the computing industry for decades. View the IBM Web site at

Internet Control Message Protocol - a protocol used between a host server and an Internet gateway that governs message control and error-reporting.

Derived from the phrase, "I Seek You"- A downloadable program that lets a user know when friends and contacts are also online on the Internet. It works by paging a user and enables chatting.

International data Encryption Algorithm - A 128 bit private key block cipher encryption/decryption algorithm. IDEA is a very secure algorithm, and no successful attacks on it have been reported.

Internet Information Server - Microsoft's Web Server, which runs and is only available on Windows NT platforms or later.

Internet Message Access Protocol - A versatile way of managing email messages on a remote server.

In the Wild (ItW)
Viruses that appear on the WildList, considered to be a threat in the field.

Information System
A system of software, firmware, and hardware used to store, manipulate, control, display, transmit, and/or receive data.

Correct processing and information on a computer. Integrity software compares known information on a computer with new information to identify possible compromises of integrity.

Intel Corporation
The largest computer chip manufacturer in the world. A great majority of PC's are based on Intel's x86 architecture.

Connects two separate entities, such as a computer with a user, a program to a program, a device to device, or a program to a device.

A communications network consisting of countless networks and computers across the world.

Internet Worm
A worm program that was unleashed on the Internet in 1988. It was written by Robert T. Morris as an experiment that got out of hand. (See Worm)

An authority that provides a variety of information management services for the Internet, including domain name registration.

A restricted network, usually within a company, that uses HTML and other Internet protocols to communicate over a local area network. An Intranet has Web pages, just like the Internet, but on a reduced scale.

Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource.

Intrusion Detection
Pertaining to techniques which attempt to detect intrusion into a computer or network by observation of actions, security logs, or audit data.

Internet Protocol - the protocol by which data is sent from one computer to another on the Internet.

IP Address
A unique numeric address used to identify a machine on the Internet (i.e. 123.456.789.012). IP Addresses conform to the IP.

Internet Protocol Security - A set of protocols being developed to support secure exchange of packets at the IP layer.

IP Splicing / Hijacking
An action whereby an active, established, session is intercepted and co-opted by the unauthorized user. IP splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user.

IP Spoofing
An attack whereby a system attempts to illicitly impersonate another system by using its IP network address.

Internetwork Packet Exchange - a datagram (packet) protocol established by Novell, and used on its Netware client/server networks.

Internet Relay Chat - Channels, commonly known as chat rooms, which enable multiple users to communicate with everyone in the room.

Industry Standard Architecture - A widely compatible 8-bit and 16-bit bus architecture used in many older PCs (as opposed to PCI).

Internet Server Application Program Interface - A system of MS Windows program calls that facilitates Web server applications that run faster than traditional Common Gateway Interface (CGI) applications.

Integrated Services Digital Network - A method used for high-speed data transfer over standard phone lines. ISDN speeds typically reach 64 Kbps per line.

International Standards Organization - a federation of national standards bodies from over 100 countries, one federation per country. The standards federation in the U.S., for example, is ANSI.

Internet Service Provider - A company that provides Internet access and other related services, usually on a subscription basis.


Java Archive - A format used to store compressed Java applets, developed by Sun Microsystems.

An interpreted (vs. compiled) Internet based programming language, developed by Sun Microsystems. Java is used for adding a higher level of programmable functionality to Web sites.

A language developed by Netscape to increase interactivity and control on Internet web pages.

Java Development Kit - A software development package from Sun Microsystems that implements the basic set of tools needed to write, test and debug Java applications and applets.

Joint Electronic Payments Initiative - An initiative to automate payment transactions between computers. Acts as a general system into which payment mechanisms can be embedded, and in turn, contains minimal payment properties of its own.


Kamikaze Packet
Also called Chernobyl Packets. A network packet that induces a broadcast storm and network meltdown. Typically an IP Ethernet datagram that passes through a gateway with both source and destination Ethernet and IP address set as the respective broadcast addresses for the subnetworks being gated between.

The core of an operating system that provides basic services. The kernel is surrounded by the shell, an interface layer.

A symbol or sequence of symbols used to encrypt or decrypt data.

Key Escrow
The system of giving a piece of a key to each of a certain number of trustees such that the key can be recovered with the collaboration of all the trustees.

Keystroke Monitoring
A specialized form of audit trail software, or a specially designed device, that records every key struck by a user and every character of the response that the computer returns to the user.

A UNIX shell command that prevents program closure or initiation. The command blocks a signal from being sent to a script.

1024 Bytes (2^10).


Local Area Network - A network that is relatively small in scope, commonly found in businesses.

Layer Two Tunneling Protocol - A secure protocol used for connecting Virtual Private Networks over public lines such as the Internet.

Leapfrog Attack
Use of userid and password information obtained illicitly from one host to compromise another host. The act of TELNETing through one or more hosts in order to preclude a trace (a standard cracker procedure).

A piece of email containing live data intended to do malicious things to the recipient's machine or terminal. Under UNIX, a letterbomb can also try to get part of its contents interpreted as a shell command to the mailer.

License Manager
A server application that manages the use of a multi-license client application.

A free or low cost UNIX derived operating system with a reputation for efficiency and fast performance. Linux includes many components usually found in a comprehensive UNIX system. Linux was originally developed by Linus Torvalds at the University of Helsinki in Finland.

Logic Bomb
A resident computer program that when executed, checks for a particular condition or particular state of the system, which, when satisfied, triggers the perpetration of an unauthorized act.

Login Prompt
A request for a user to enter their login name and password in order to access a system or drive on a computer.

This UNIX utility displays the status of a process and determines if it is friendly or malicious software. <>


A saved set of instructions that a user creates or edits to automate tasks within a certain application or system.

Macro Virus
A macro containing virus code that a user may execute unknowingly, which replicates and may cause damage on the affected system. Common within Microsoft Word and Excel, able to replicate on both Macintosh and PC operating systems (cross-platform capabilities).

The mail sent to urge others to send massive amounts of email to a single system or person, with the intent to crash the recipient's system. Mailbombing is widely regarded as a serious offense.

Malicious Code
A set of instructions designed to execute actions of malice on a computer.

MALicious softWARE, including viruses, worms, Trojans, Denial of Service and other such attacks. Sometimes referred to as rogue programs.

A UNIX command that gives access to online manual files.

Metropolitan Area Network - A collection of Local Area Networks, which connects computers in the same geographic area.

Master Boot Record
The first absolute sector on a hard disk, normally containing a partition table. Floppy disks do not have a master boot record. Some viruses infect the MBR rather than the boot sector. Even if a drive is erased, the MBR is not erased, leaving a computer infected by a MBR infecting virus until the MBR is cleaned.

Master Boot Record (MBR) Infector
A virus that infects and controls the MBR on a hard drive.

1024 Kilobytes.

Memory Resident Program
A program that stays in the active RAM of the computer while other programs are running. Also called Terminate and Stay Resident (TSR).

Founded in 1975 by Paul Allen and Bill Gates, Microsoft Corporation is the largest and most influential company in the personal computer industry. Microsoft has a strong presence in almost every area of computer software, from programming tools to end-user applications. <>

Multipurpose Internet Mail Extensions - A standard used to describe the content type of a piece of data being sent across the Internet, either by email or through HTTP (the World Wide Web).

Synonymous with Impersonation, Masquerading or Spoofing.

Misuse Detection Model
A system that detects intrusions by looking for activity that corresponds to a known intrusion technique or system vulnerabilities. Also known as Rules Based Detection.

A computer program or process which mimics the legitimate behavior of a normal system feature (or other apparently useful function) but performs malicious activities once invoked by the user.

An device connected to a computer and a phone line that converts computer data into sound, suited to transmision over phone wires.

Mail Transport Agent - a program responsible for sending and receiving mail, the most common of which (in UNIX systems) is the sendmail daemon.

To send messages to a specific group of recipients. An example of multicasting is sending an e-mail message to a mailing list.

Multihost Based Auditing
Using audit data from multiple hosts to detect intrusions.

The integrated presentation of text, graphics, videos, animation and sound.

A virus that uses two or more methods to infect a computer. Traditionally refers to a virus that infects both files and boot sectors.


Network Access Point - One of many Internet interconnection points that serves to tie Internet access providers together.

Network Address Translation - The translation of an address used within one network to a different IP address known within another network.

National Computer Security Center - Originally named the DoD Computer Security Center, the NCSC is responsible for encouraging the widespread availability of trusted computer systems throughout the Federal Government.

Novell Directory Services - An administrative software product that manages access to computer resources and keeps track of the users on a network.

Network Computer - A concept computer from Oracle and Sun Microsystems that functions more like a terminal than a PC. Software is downloaded to the machine, which has only essential components. Also called a thin client.

A newer, enhanced version of NetBIOS (used by Microsoft Networks).

A program that allows applications on different machines to communicate within a LAN (developed by IBM).

A free, highly portable UNIX-derived operating system available for many platforms, from 64bit alpha servers to handheld devices.

Netlog System Sniffer
A UNIX sniffer program that includes three utilites - TCPLOGGER, UDPLOGGER, and EXTRACT. <>

Used by the TCP/IP protocol to decide how the network is broken up into sub-networks.

A series of software products that build upon Linux.

This UNIX auditing command lists information pertaining to the status of the TCP/IP network traffic transmitting to and from a host computer.

Two or more machines interconnected for the purpose of data transfer.

Network Level Firewall
A firewall in which traffic is examined at the network protocol (IP) packet level.

Network Security
Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. Network security includes providing for data integrity.

Network Weaving
Another name for "Leapfrogging".

Network File System - a software application that permits a client to work with files on a remote server as though they were local.

Network General Corporation - Founded in 1986, NGC offers a collection of products and services designed to provide Total Network Visibility.

Network Interface Card - the hardware card that serves as an interface between a network and a computer.

National Information Infrastructure - The nation-wide interconnection of communications networks, computers, databases, and consumer electronics that make vast amounts of information available to users.

Network Information System - An Information System based on the Client/Server model. Consists of a server, a library of client programs, and some administrative tools.

National Institute of Standards and Technology - Formerly the National Bureau of Standards, the NIST promotes and maintains measurement standards, along with active programs for assisting industry and science to develop and use these standards.

Network News Transfer Protocol - A protocol that specifies the way newsgroups are posted to, queried, and retrieved. NNTP's predecessor was UUCP.

Non-Discretionary Security
The aspect of DOD security policy which restricts access on the basis of security levels.

Network Operating System - a piece of software used to control general network activity.

Novell is the largest network software company in the world. Its main product is Netware, which was at one time the most popular software for building local-area networks.

NT File System - A faster, more secure file system developed by Microsoft, aimed at replacing the MS-DOS FAT system.

An exploit that causes a Windows operating system to crash or suddenly terminate. The "nuke" happens because of an out-of-band network packet that includes information that the operating system cannot process.


An octet is 8 bits. It is equivalent to a byte, as long as the byte is also 8 bits.

Object-Oriented Programming - A type of programming focused on classes - encapsulated structures that contain data variables as well as methods that act upon them. An instance of a class is an object.

OpenBSD is a project that offers a free, multi-platform 4.4BSD-based UNIX-like operating system.

Open Security
Environment that does not provide environment sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system.

Open Source
A program, the source code of which is open to public inspection. Open source software is often distributed freely, in the hope that others will contribute to the program. The opposite of open source is closed source.

OpenSSH is a free version of the SSH suite of network tools. OpenSSH encrypts network traffic.

Open Systems Security
Provision of tools for the secure internetworking of open systems.

Operating System
A program that serves as a file management system as well as an interface, graphical or otherwise, for other programs.

Operational data Security
The protection of data from either accidental or unauthorized, intentional modification, destruction, or disclosure during input, processing, or output operations.

Operating System - See Operating System.

OSI Standard
Open Systems Interconnection Standard - a universal reference model for communication protocols.

To record new data over the top of existing data, effectively erasing original data. Some viruses overwrite data on a drive with new information, corrupting or deleting existing files on a drive.


A block of data sent over the network transmitting the identities of the sending and receiving stations, error-control information, and content.

Packet Filter
Inspects each packet for user defined content, such as an IP address but does not track the state of sessions. This is one of the least secure types of firewall.

Packet Filtering
A feature incorporated into routers and bridges to limit the flow of information based on pre-determined communications such as source, destination, or type of service being provided by the network. Packet filters let the administrator limit protocol specific traffic to one network segment, isolate email domains, and perform many other traffic control functions.

Packet Sniffer
A device or program that monitors the data traveling between computers on a network.

Packet Switching
The process used to identify packets, thus insuring that they meet their destination.

Parasitic Virus
A parasitic virus requires a host to help it spread.

A portion of a hard disk that functions as a unique section, , often assigned values such as "C" and "D."

Partition Table
A table that is used to divide a physical hard disk into logical sections known as a partition.

A package of software controls that allow Internet users to govern what information can be gathered about their surfing habits, as well as how the information can be used.

Passive Attack
An attack which does not result in an unauthorized state change, as does an active attack, but instead only passively monitors and/or records data.

Passive Threat
The threat of unauthorized disclosure of information without changing the state of the system. A type of threat that involves the interception, not the alteration, of information.

A series of characters, usually without spaces, that is unique to a single username. A password is leveraged to determine the authenticity of a user.

Password Encryption
A method used to prevent sniffers from obtaining a password. Because packet sniffers can "see" anything in plaintext, pubic key cryptography is often used to protect passwords while in transit.

The code within a virus that can cause damage, such as corruption or erasure of data. Some payloads are delayed or only activate given a unique set of logical arguments, such as the time of day and day of the month.

(Privacy Enhanced Mail) An IETF standard for secure electronic mail exchange.

The successful unauthorized access to an automated system.

Penetration Signature
The description of a situation or set of conditions in which a penetration could occur or of system events which in conjunction can indicate the occurrence of a penetration in progress.

Penetration Testing
The portion of security testing in which the evaluators attempt to circumvent the security features of a system.

Perimeter Based Security
The technique of securing a network by controlling access to all entry and exit points of the network. Usually associated with firewalls and/or filters.

Practical Extraction and Report Language - A programming language used for writing Web server applications. Perl is a popular and widely used free-licensed language.

An entity in the external environment that performs an attack, i.e. hacker/cracker.

Personnel Security
The procedures established to ensure that all personnel who have access to any classified information have the required authorizations as well as the appropriate clearances.

Pretty Good Privacy - A personal public key cryptography program, primarily for encrypting email messages. It is popular because of its effectiveness and usability.

A program that modifies other programs or databases in unauthorized ways; especially one that propagates a virus or Trojan horse.

A phone book file demonstration program that hackers use to gain access to a computer system and potentially read and capture password files.

PHF Hack
A well-known and vulnerable CGI script which does not filter out special characters (such as a new line) input by a user.

An individual who combines phone phreaking with computer hacking.

Also Phreak - An individual fascinated by the telephone system. Commonly, an individual who uses his knowledge of the telephone system to make calls at the expense of another.

The art and science of cracking the phone network.

Physical Security
The measures used to provide physical protection of resources against deliberate and accidental threats.

Piggy Back
The gaining of unauthorized access to a system via another user's legitimate connection.

Packet Internet Groper - A utility used to determine whether a specific IP address is accessible. It sends a packet to the specified address and waits for a reply.

Ping of Death
The use of Ping with a packet size higher than 65,507. This will cause a denial of service.

Unencrypted data.

A virus that changes its internal structure or encryption methods in an effort to avoid being detected by antivirus software.

Post Office Protocol - A protocol used for accessing electronic mailboxes, the most common of which is POP3. It allows users to receive messages only. The outgoing protocol is called SMTP.

Generally a specific spot that enables a physical connection to another device, usually involving a socket and a plug. Personal computer are usually equipped with serial ports and usually one parallel port. As a network term, port refers to a specific position in device memory that is remotely accessible, and through which network data is routed.

Portable Operating System Interface- A group of standard operating system interfaces based on the UNIX operating system.

Point-to-Point Protocol - Governs the way a modem connection exchanges data packets with an Internet Service Provider.

Point-to-Point Tunneling Protocol - Allows secure transmission of TCP/IP packets.

Print Spooler
When printing files consecutively, the spooler manages the print queue. The first job is sent to the printer while subsequent jobs are held in storage.

Private Key Cryptography
An encryption methodology in which the encryptor and decryptor use the same key, which must be kept secret. This methodology is usually only used by a small group.

Any effort to gather information about a machine or its users for the apparent purpose of gaining unauthorized access to the system at a later date.

A series of planned events used to achieve a specific goal or set of goals. For example, any executing program is a process.

Process Accounting Log
Although not commonly activated, this log aids administrators in finding intruders who may have gotten access to a system. It does so by tracking all commands entered by a user.

Process Table
A process table is used to diagram the life cycle of a process.

A pattern of user activity which can be used to detect changes in normal routines.

A collection of software algorithms designed to accomplish some task.

(1)An individual who writes programs. (2)A device that writes a program onto a PROM chip.

Programmable Read-Only Memory - A memory chip on which data can be written only once. Once written to a PROM, a program will remain there forever.

Promiscuous Mode
Normally an Ethernet interface reads all address information and accepts follow-on packets only destined for itself, but when the interface is in promiscuous mode, it reads all information (sniffer), regardless of its destination.

A company's privately owned and controlled designs and techniques.

Agreed-upon methods of communications used by computers. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data. If they use the same protocols, products from different vendors should be able to communicate on the same network.

A daemon that is run periodically to seek out and erase core files, truncate administrative logfiles, nuke lost+found directories, and otherwise clean up.

A device or program that replaces the IP address of a host on the internal (protected) network with its own IP address for all traffic passing through it.

Public Key Cryptography
Type of cryptography in which the encryption process is publicly available and unprotected, but in which a part of the decryption key is protected so that only a party with knowledge of both parts of the decryption process can decrypt the cipher text.


No terms defined.


Redundant Array of Inexpensive Drives - a fault tolerance system that mirrors important data within an individual system.

Random Access Memory (RAM)
Short term memory used by a computer to run programs temporarily.

Reverse Address Resolution Protocol - the protocol that a machine on a LAN uses to request its IP address from the gateway server's ARP cache (or table).

Read Only Memory (ROM)
Memory that can only be read, such as instructions burned into a chip on a motherboard.

Recursive Scanning
The ability for antivirus software to scan for malware in multiple layers of compressed files, such as a zipped file contained within a zip file.

Reference Monitor
A security control concept in which an abstract machine mediates access to objects by subject. A security kernel is an implementation of a reference monitor.

The Registry, which is used by Microsoft Windows 95 and later, stores user profile information such as wall paper, color schemes, and desktop arrangements, as well as any program information that was stored in .ini files in earlier versions of Windows. The registry serves as a central database for operating system and application program configurations.

Remote Access Tool (RAT)
A tool used to remotely access and/or control a compromised computer. Often associated with Trojan Horse attacks.

Any program that acts to produce copies of itself , such as a worm or a fork bomb.

A retro-virus is a virus that waits to act until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state.

Reverse Engineering
The reconstruction of a design through analysis of a final product. Reverse engineering occurs with and in both hardware and software.

This Unix command is the Sun RPC server for remote program execution. This daemon is started by inetd whenever a remote execution request is made.

Internet Request For Comments - an official Internet document or standard that is drafted and then review by interested parties.

Routing Information Protocol - A common protocol for handling routing within a local area network (LAN) or a collection of such LANs. RIP is an internal gateway protocol (IGP). RIP is slowly being replaced because it periodically exchanges entire tables.

Reduced Instruction Set Computer - A chip that offers less instructions, in an effort to reduce cost of manufacturing and increase speed.

Risk Assessment
A study of vulnerabilities, threats, likelihood, loss or impact, and theoretical effectiveness of security measures.

Risk Management
The total process to identify, control, and minimize the impact of uncertain events.

Read Only Memory - the information stored on a computer's main circuit board, that cannot be changed.

A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more.

An interconnection device that is similar to a bridge but serves packets or frames containing certain protocols. Routers link LANs at the network layer. A router acts like a traffic cop standing in an intersection -- it routes information to where it needs to go. Some routers are more intelligent than others. A good router can even make detours on the fly. Routers are often the targets of DoS attacks.

Routing Control
The application of rules during the process of routing so as to choose or avoid specific networks, links or relays.

RSA Algorithm
RSA stands for Rivest-Shamir-Aldeman. A public-key cryptographic algorithm that hinges on the assumption that the factoring of the product of two large primes is difficult.

Rules Based Detection
An intrusion detection system that detects intrusions by looking for activity that corresponds to known intrusion techniques (signatures) or system vulnerabilities. Also known as Misuse Detection.


A hacker who hires out for cracking jobs, usually legal.

Security Administrator Tool for Analyzing networks - A tool for remotely probing and identifying the vulnerabilities of systems on IP networks. A powerful freeware program which helps to identify system security weaknesses.

A list of commands that can be executed without user interaction. A script is also known as a macro or batch file. Some viruses drop a malware script in the startup directory of a computer, executing instructions upon restart of the computer.

Script Kiddy
A teenager that uses scripts written by others to carry out malicious hacking, instead of relying on personal skills or original programs. Also spelled with an 'ie'. Mafiaboy, the Canadian teenager arrested for some of February 2000's DoS attacks, was a Script Kiddy. See Ankle-Biter.

Small Computer System Interface - Pronounced "skuzzy", this is one type of standard interface used to connect PC components, such as CD-ROM drives and Hard Drives.

A section, segment, or portion of a diskette, hard drive, or other storage medium. Imagine a sector as once shelf in a library, where files are books that can span more than one shelf. The size of a sector varies, depending on the file system used to operate the disk.

Secure Network Server
A device that acts as a gateway between a protected enclave and the outside world.

Secure Shell
A completely encrypted shell connection between two machines protected by a super long pass-phrase.

Protective measures to ensure the absence of intrusion or other damaging activity.

Security Hole
See Hole.

Security Architecture
A detailed description of all aspects of the system that relate to security, along with a set of principles to guide the design. A security architecture describes how the system is put together to satisfy the security requirements.

Security Audit
A search through a computer system for security problems and vulnerabilities.

Security Countermeasures
Countermeasures that are aimed at countering specific threats and vulnerabilities.

Security Domains
The sets of objects that a subject has the ability to access.

Security Features
The security-relevant functions, mechanisms, and characteristics of hardware and software.

Security Incident
Any act or circumstance that involves classified information that deviates from the requirement of the security policy in use. For example, compromise, possible compromise, inadvertent disclosure, and deviation.

Security Kernel
The hardware, firmware, and software elements of an information system that implement security.

Security Label
A USA government label that represents the sensitivity of a subject or object, such as its hierarchical classification (CONFIDENTIAL, SECRET, TOP SECRET).

Security Level
The combination of a hierarchical classification and a set of non-hierarchical categories that represents the sensitivity of information.

The process of breaking long protocol messages into smaller pieces and later reassembling them.

Serial Port
A computer port that uses serial data transfer to transmit and receive data. Serial data transfer involves sending one small piece of information at a time, as opposed to many at a time (as with a parallel port).

Any computer or software program that serves another computer or software program (the client). A server usually provides network services such as disk storage and file transfer.

Secure Electronic Transaction - A system that ensures the security of financial transactions on the Internet.

The UNIX term for a command interpreter, a shell is used to operate an operating system, and often implies some sort of command line interface. The shell is built around the kernel, which contains the basic services of an OS.

A unique pattern of bytes within code that identifies specific malware - digital fingerprint of malware.

Simultaneous Peripheral Operations Online - A verb which means to store a task on a hard disk or another form of storage so that it can be read or processed at another time.

Signaling System 7 - A protocol used by phone companies, which deals with line activity.

Subscriber Identification Module - a smart card for a GSM phone.

An NSA-developed encryption algorithm for the Clipper chip. The details of the algorithm are unpublished.

Serial Line Internet Protocol - a TCP/IP based protocol used to communicate between two machines using a predefined configuration. SLIP lacks error control and the ability to perform both synchronous and asynchronous communication.

Slow Infector
A virus that spreads through a system slowly. Also called a sparse infector.

Smart Card
A card similar in shape to a credit card, capable of storing digital certificates or any other information. Smart cards are particularly useful in e-commerce and other PKI applications.

SMB Protocol
Server Message Block Protocol - A method by which client applications in a can read and write to files, and request services from server programs in a computer network.

A denial of service attack in which an attacker spoofs the source address of an echo-request ICMP (ping) packet to the broadcast address for a network, causing the machines in the network to respond en masse to the victim thereby clogging its network.

To grab a large document or file for the purpose of using it with or without the author's permission.

An individual hired to break into a system in order to test its security; See also Tiger Team.

A program used to capture data across a computer network. Used by hackers to capture user id names and passwords. Is also used legitimately by network operations and maintenance personnel to troubleshoot network problems.

Simple Network Management Protocol - the protocol that covers network management and the monitoring of network devices.

Software sockets enable communication between processes within the same computer. Hardware sockets serve as receptacles for hardware, RAM or CPU's, for example.

Programs or information that are stored electronically.

A Unix-based operating environment developed by Sun Microsystems. Solaris supports multithreading, symmetric multiprocessing, integrated TCP/IP networking, and centralized network administration.

Source Code
Program instructions in their original, readable form. Before a program is compiled into a finished product, the program is source code.

To crash a program by overrunning a fixed-size buffer with excessively large input data. Also, to cause a person or newsgroup to be flooded with irrelevant or inappropriate messages.

Scalable Processor Architecture - A RISC technology developed by Sun Microsystems, which several of Sun's workstations are based on.

Secure Profile Inspector - A network monitoring tool for Unix, developed by the Department of Energy.

Pretending to be someone else. The deliberate inducement of a user or a resource to take an incorrect action. Attempt to gain access to an information system by pretending to be an authorized user. Impersonating, masquerading, and mimicking are forms of spoofing.

Sequenced Packet Exchange - the protocol used to handle packet sequencing in a Novell NetWare network. SPX is usually seen coupled with IPX (IPX/SPX).

Structured Query Language - a series of instructions used to access and work with information in a database. SQL is by far the most widespread database control language.

Server-Side Include - A standard for attaching dynamic additions to Web pages.

Secure Sockets Layer - a program layer developed by the Netscape Corporation for controlling the security of transmissions within a network. The program layer uses public and private key encryption from RSA.

StackGuard is a compiler method for defending programs and systems against "stack smashing" attacks. When a weakness is found, StackGuard detects the attack, begins the alert, and stops the program under attack.

Stealth Virus
A virus that takes measures to avoid detection. It may redirect system pointers and infect a file without actually changing it.

Steganography is a way of hiding encrypted communications. Steganography improves upon cryptography by hiding the encrypted data within an unlikely program or data file.

A SUID program is one that has the privileges of its owner when executed. A GUID program has the privileges of its group when executed.

To replace pages or segments of data in memory. A useful technique that allows a computer to execute programs and manipulate data files larger than main memory.

A network device that chooses a path or circuit to send a unit of data to its next destination. A switch may also offer the functionality of a router.

SYN Flood
When the SYN queue is flooded, no new connection can be opened.

System Operator- A person who runs a server system, usually relating to communications. BBS's and discussion forums have sysops. The word has been largely replaced by other words during recent years, including moderator (in the case of a discussion forum) and administrator (for most other applications).

System Hang
The total failure of an operating system resulting in an error or diagnostic message, or the shutting down of the system.

System Log
A Windows NT log file that includes information on all system-related incidents. It serves as a default storage file for the regularly produced Windows NT auditing information.


Trusted Computing Base - The totality of protection mechanisms within a computer system including hardware, firmware, and software - the combination of which are responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system.

Transmission Control Protocol/Internet Protocol - These protocols in tandem govern how computers communicate over the Internet. The TCP controls how and when the IP sends and receives packets.

A software tool for security which provides additional network logging, and restricts service access to authorized hosts by service.

Trusted Computer System Evaluation Criteria - A criteria that employs hardware and software assurance ratings to evaluate the security of sensitive or classified information.

A command and program used to login to the command shell of a remote host over the Internet. The command/program connects you to the "login:" prompt of another host.

Term Rule-Based Security Policy
A security policy based on global rules imposed for all users. These rules usually rely on a comparison of the sensitivity of the resources being accessed and the possession of corresponding attributes of users, a group of users, or entities acting on behalf of users.

Terminal Hijacking
Allows an attacker, on a certain machine, to control any terminal session that is in progress. An attack hacker can send and receive terminal I/O while a user is on the terminal.

Terminate And Stay Resident
A program that continues to run in memory, even after termination. Also called memory resident.

Threat Agent
A circumstance that is leveraged to exploit a vulnerability in an information system, operation, or facility; natural disaster, for example.

Threat Assessment
The process of formally evaluating the degree of threat to an information system and describing the nature of the threat.

A software tool which scans for system weaknesses.

Tiger Team
Government and industry sponsored teams of computer experts who attempt to break down the defenses of computer systems in an effort to uncover, and eventually patch, security holes.

Tinkerbell Program
A monitoring program used to scan incoming network connections and generate alerts when calls are received from particular sites, or when logins are attempted using certain ID's.

1) A piece of data used on a Token-Ring network to prevent the collision of data between two computers that want to send messages at the same time.
2) A piece of hardware or software (usually hardware) used to authenticate a user to an information system. A token positively identifies the individual seeking access, and eliminates password administration and risks.

The map or plan of a network. The physical topology describes how the wires or cables are laid out, and the logical or electrical topology describes how the information flows.

Trace Packet
In a packet-switching network, a unique packet that causes a report of each stage of its progress to be sent to the network control center from each visited system element.

An operation of sending trace packets for determining information; traces the route of UDP packets for the local host to a remote host. Normally traceroute displays the time and location of the route taken to reach its destination computer.

Transfer Statistics Log
A file located in the syslog, which displays information dealing with file transfer statistics, for example, the byte count of a UUCP transaction, username and site queuing the file, the time and a date of the transaction, and the completion time expectancy.

Trap Door
A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with back door; a hidden software or hardware mechanism used to circumvent security controls.

A security model rule stating that the security level of an active object cannot change during the period of activity.

An event a virus is programmed to watch for, which activates the virus, releasing its payload.

A software tool for security. Basically, it works with a database that maintains information about the byte count of files. If the byte count has changed, it will identify it to the system security manager.

Trojan Horse
An apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data.

TSR Program
Terminate and Stay Resident Program - A program that remains active in memory while other programs are run on the system.

TTY Watcher
A hacker tool that allows hackers with even a small amount of skill to hijack terminals. It has a GUI interface.

A virus that calls original interrupt handlers in DOS and BIOS directly, bypassing monitoring programs that may be running to detect virus activity.


User Datagram Protocol - One of the protocols for data transfer that is part of the TCP/IP suite of protocols. UDP is a "stateless" protocol in that UDP makes no provision for acknowledgement of packets received.

User Identification Module - a smart card.

UltraSPARC is a family of high-end 64-bit microprocessors featuring scalable built-in multiprocessor capacity and the VISTM Instruction Set for true digital multimedia functionality.

An old but powerful operating system that runs on a variety of platforms. UNIX is the mother of Linux, Xenix, Ultrix and BSD, among others.

Uninteruptible Power Supply - a device that functions as high capacity battery for sustaining equipment through a power outage.

Uniform/Universal Resource Locator - Address for any resource on the Internet that is part of the World Wide Web. (i.e.

A world-wide system of discussion groups, with comments passed among hundreds of thousands of machines. Not all USENET machines are on the Internet. USENET is completely decentralized, with over 10,000 discussion areas, called newsgroups.

An individual who uses a computer or computer services. An end user is an individual who runs an application program.

Unshielded Twisted Pair - the most common, although not the oldest, variety of copper telephone wiring. A twisted pair is needed to use DSL service or get maximum potential from a V.90 modem.

A member of the UUCP set of commands, which carries out copying commands and initiates execution of the commands that have been sent. Typically, this program is run at various times of day; meanwhile, the copy (uucp) and command (uux) requests are queued until the uucico program is run. See uuco, uux, and uuxqt.

A member of the UUCP set of commands, which requests the copying of a specific file to another specified system. See uux, uucico, and uuxqt.

UNIX-to-UNIX Copy Protocol - a group of UNIX programs used to copy files between UNIX systems, and to send executable commands between UNIX systems. See uucp, uux, uucico, and uuxqt.

UNIX to UNIX Encoding - A method for converting files from Binary to ASCII (text) so that they can be sent across the Internet via e-mail.

A member of the UUCP set of commands, which sends a command to another UNIX system where it is queued for execution. See uucp, uucico, and uuxqt.

A member of the UUCP set of commands, which executes the commands sent by uux, usually after being started by the uucico program. See uucico, uucp, and uux.


A program that injects itself into an executable program to perform a signature check and warns if there have been any changes.

A modified version of a virus.

VBS Virus
Visual Basic Scripting Virus - A type of scripted virus that spreads using Visual Basic Scripting.

Very Easy Rodent Oriented Net-wide Index to Computerized Archives - Developed at the University of Nevada, Veronica is a constantly updated database of the names of almost every menu item on thousands of gopher servers. The Veronica database can be searched from most major gopher menus.

A program that "infects" host programs by modifying them to include a copy of the virus. There are many types of viruses with various characteristics for avoiding detection, replicating, and carrying out a payload on a computer.

Virtual Network Computing - A remote display system that displays a 'desktop' environment not only on the machine where the program is running, but on any machine on the Internet.

Virtual Private Network - A network in which some of the parts are connected using the public Internet. The data sent across the Internet is encrypted, so the entire VPN is "virtually" private.

Hardware, firmware, or software flaw that leaves an information system open for potential exploitation. A weakness in automated system security procedures, administrative controls, physical layout, internal controls, and so forth, that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing.

Vulnerability Analysis
Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.

Abbreviation for Virus Professionals (those who create viruses in the underground).


World Wide Web Consortium - An organization whose purpose is to develop open standards so the Web evolves with a unified vision rather than being divided by competing factions.

Wide Area Information Service - An Internet service that allows you to search a large number of specially indexed databases.

Wide Area Network - A network connecting Local and Metropolitan Area networks together. A Wide Area Network may span a country or even the globe.

War Dialer
A program that dials a given list or range of numbers and records those which answer with handshake tones, which might be entry points to computer or telecommunications systems. See Demon Dialer.

Warm Boot
A boot that takes place when a computer is already running. Also called a restart.

A sound file that works like a tape recording. System sounds and some audio clips are examples of waveform sounds.

Windows NT
Windows New Technology - A 32-bit Microsoft operating system, which supports preemptive multitasking.

Windows Internet Naming Service - a service offered by the Microsoft Windows NT Server family that governs the association of workstation names and locations with IP addresses.

An independent program (does NOT require a host program) that replicates complete copies of itself from machine to machine across network connections, often clogging networks and information systems as it spreads. A worm typically spreads through networked drives, Microsoft Windows email programs and Internet Relay Chat (IRC).

World Wide Web - Often mistakenly called "The Internet", it is a client/server hypertext system that gathers and retrieves information using the Internet.


A Linux Network Time Protocol server that must run as root since it needs to adjust the system clock.

A GUI shell. Almost all UNIX graphical interfaces are based on X-Window.


No terms defined.


A compressed file type (zipped; .zip).

Viruses used in a controlled laboratory for testing purposes.