A Glossary of Computer Security Terms

0-9

AES: AES stands for the Advanced Encryption Standard which is a symmetric block cipher used to protect classified information. The original name of AES was Rijndael, developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. AES has been adopted by the U.S. government. AES is based on a design principle known as a substitution–permutation network, and is efficient in both software and hardware.

Antivirus Software: Software or applications that scan and find viruses on devices like computers, tablets, or smartphones. When active, the software also protects the device from being infected. Typically, such applications run in the background and scan files as they are being downloaded from the Internet. Same happens with attachments received in emails, or when files get modified by other applications that run on the system.

Black Hat: Black hat is an euphemism for a malicious hacker. It refers to a type of a hacker that breaks into computers and systems with a malicious intent. This includes releasing and using malware to get a control over devices and files, steal passwords and credit card info. They can also hold computers a hostage by using ransomware malware. Black hat hackers participate in underground communities, and anything that belongs to cybercrime.

Buffer Overflow: A condition resulting from adding more information to a buffer than it was designed to contain. In other words, the amount of data in the buffer exceeds its storage capacity. Buffer overflows can affect all types of software. Buffer overflow attack is when attackers exploit buffer overflow issues by overwriting the memory of an application.

Code Red: A computer worm that caused web servers and routers to crash across the Internet. At first, it targeted Microsoft Internet Information Services for Windows Server (IIS). The worm spread itself using a common type of vulnerability known as a buffer overflow. Even though the damage was not big in the beginning, after several days, the worm infected over 350,000 servers. This caused routers, switches, and printers to crash when infected IIS servers tried to send copies of the worm.

DoS: DoS stand for Denial of Service, a type of attack that tries to prevent legitimate users from accessing network services like websites. The way DoS attack works is that an attacker tries to flood the network with traffic requests so the network becomes overwhelmed. Typically, requests come from multiple sources, flooding the bandwidth and resources of the target. Often, the source are thousands of hosts infected by some malware.

Eavesdropping: This refers to secretly listening to a traffic on a network. This can also be done on telephone conversations which is called wiretapping. Eavesdropping on IP (Internet Protocol) networks works by attaching a “sniffer” to the network to capture the traffic traveling on the network segment. Malicious hackers use this technique to capture passwords or credit card information. Traffic encryption prevents eavesdropping. The encryption should be of a military grade which is 256-bit.

Firewall: A firewall is a device or application that protects networks or hosts like computers or servers against unwanted or hostile network traffic. Firewalls monitor and control the traffic between two networks or a host and its network.

Gray Hat: Gray Hat is an euphemism for a hacker motivated by curiosity rather than some malicious intent. The example of gray hat hackers are those that explore and hack networks and applications searching for vulnerabilities, and then they inform the owners of those. They can also post those vulnerabilities in public, like security forums.

Hacker: Mostly considered from a negative perspective, someone who engages in the malicious activity of illegally obtaining access to computer programs, systems, or networks. However, a hacker is not necessarily a person with negative intentions. Some hackers do not do harm, but inform the public about flows and vulnerabilities, so they can get fixed.

IPSec: IPSec stands for Internet Protocol Security. IPSec is a suite of network-layer protocols that extends IP by providing mechanisms for authentication, confidentiality, and integrity in IP communications. IPSec is often used in VPNs.

John the Ripper: A password-cracking tool available for many operating systems like Windows, DOS, macOS, UNIX, Linux, BeOS, OpenVMS. John the Ripper is free and Open Source software, distributed primarily in source code form. There is also a commercial version of this product, called John the Ripper Pro, available for Linux and macOS.

Keystroke Logger: This can be software or hardware designed to capture user’s keystrokes which are then stored or transmitted so they can be analyzed and used for information collection. Typical use of keystroke loggers would be for getting people’s pins and passwords.

LAN: When about computers and networks, LAN stands for Local Area Network. LAN is a group of connected computers (a computer network) in one physical location, like a building, office, or home. Devices that belong to LAN usually share a centralized Internet connection. When you look into the configuration of your home router, you can see LAN and WAN. LAN is your own local network, while WAN is Wide Area Network which is on the “other” side of your router. From your perspective, WAN is basically the Internet.

Macro Virus: In computer security, a macro virus is a virus written in the same code as macro language used for Microsoft Word or Excel. In fact, any Microsoft products that use macro language are prone to macro viruses. The virus code is injected into a macro which then is used to further spread the virus. Since Office 2000, Microsoft has disabled macros by default. Examples of macro viruses are Concept and Mellisa viruses.

Magic Lantern: While not exclusive to it, in the computer security world, this name refers to keystroke logging software. This Trojan Horse keystroke logger is believed to be a special FBI surveillance program that can be installed remotely via an email attachment or exploitation of an OS vulnerability. While not everything is known about this malware, here is some user data that it collects:

– IP address
– MAC address of ethernet cards
– A list of open TCP and UDP ports
– A list of running programs
– The operating system type, version and serial number
– The default internet browser and version
– The registered user of the operating system, and registered company name, if any
– The current logged-in user name
– The last visited URL

NAT: In computer technology, NAT stands for Network Address Translation which is a mechanism for translating Internet Protocol (IP) addresses between two networks. NAT is used to securely connect corporate networks to the Internet. Typically, private IP addresses are used on the internal networks, which is connected to the NAT enabled router.

OpenSSL: A free open source version of SSL (Secure Sockets Layer) protocol.

Password: A string of characters used to verify the identity of a user logging into a system like operating system, an application, or network.

Queso: A tool that can be used to determine the operating system of the remote host. Queso does it by fingerprinting a target system. Queso is a Hispanic shortcut to “Que Sistema Operativo”, with translates into “Which Operating System”.

Ransomware: A type of malware that locks or corrupts a device or data on it, demanding a payment so they are returned to a usable state.

SSH: SSH, known as Secure Shell or Secure Socket Shell, is a popular remote login protocol. Secure Shell provides strong password authentication and public key authentication, as well as encrypted data communications between two computers connecting over an open network, such as the internet. The most basic use of SSH is to connect to a remote host for a terminal session.

SSL: SSL stands for Secure Sockets Layer, a protocol for secure communications over the Internet. However, SSL is an older technology that contains some security flaws. Transport Layer Security (TLS) is the upgraded version of SSL that fixes existing SSL vulnerabilities.

TSL: TSL stands for Transport Layer Security, a secure communication protocol that enables encryption and authentication. TLS is a more recent version of SSL that fixes some security vulnerabilities in the earlier SSL protocols.

Trojan: Type of malware that masquerades as a legitimate program. Some examples of different kinds of Trojans are banking Trojans, fake antivirus, password stealers, keystroke loggers, remote administration tools, and zombies.

Two-factor Authentication: A type of authentication uses two separate items or tasks to verify a user’s identity. The example is online banking that asks for a password, and then it sends an SMS message to a mobile phone, containing a numeric code to be entered after a password.

User Agent: A user agent, or a UA, is the software that retrieves and presents Web content for end users. The end user can be a client used by a person, like a computer with a web browser, or it can be a server used by automated processes like bots that scan the web.

VPN: VPN stands for Virtual Private Network. This refers to a method of establishing secure remote access connections over the Internet. Such connections can be made to a network, a web server, or similar Internet entity or service. Essentially, a VPN creates an encrypted tunnel between your device and an Internet destination you are connecting to. All the traffic is encrypted, and therefore protected as VPN hides your data from snoopers. In order to use VPN, you have to connect to a server that does all the traffic encryption and rerouting for you.

WAN: In computer and networking world, WAN stands for Wide Area Network. This is opposite to LAN, as WAN is not tied to a single location. WAN is any network that extends over a large geographic area, usually connecting multiple LANs.

White Hat: An euphemism for a security professional who performs hacking activities for legitimate purposes. In other words a hacker that does not do harm, but finds flows and problems to fix them before they become exploited.

Worm: A type of malware (malicious program) capable to act independently and self-replicate. It usually does it through network connections. It causes damage like deleting files, sending itself or other files via email, taking up bandwidth, or even distributing other malware around.

XAuth: This stands for Extended Authentication which increases security by requiring additional user authentication information in a separate exchange during the authentication process, like remote connections, including VPNs.

XML Encryption: XML encryption is the process of encrypting and decrypting digital XML content, using certain syntax and algorithms. Any kind of information can be encrypted this way, including whole XML documents, an element within XML document, or the content of that element.

XSS: Stands for Cross-site Scripting, a security flow found in some Web applications that enables unauthorized parties to cause client-side scripts to be executed by other users of the Web application.

Y2K: An abbreviation for the potential year 2000 software problem. The core of the problem was that, in many programs, years were represented with the last two digits. Therefore, no difference could be made between years 1900s and 2000s. Also known as the millennium bug, the Y2K problem turned not to cause major issues in the computer world. As businesses and organizations corrected the bug in advance, only a few experienced trouble in the year 2000.

Zero Day: In computing, a Zero Day phrase refers to an attack or exploit of a flaw, or software/hardware vulnerability, when attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability.