| |
|
|
| A |
|
|
| |
|
|
| |
Adware |
Adware is software that displays advertising banners while the program is
running. A lot of adware is also spyware. |
| |
|
|
| |
Anti-antivirus Virus |
A virus that attacks, disables, or avoids infecting specific anti-virus software.
Also called a retrovirus. |
| |
|
|
| B |
|
|
| |
|
|
| |
Backdoor |
Backdoor is a general term for a malicious program that listens for commands on
a certain network port. Most backdoors consist of a client component and a
server component. The client resides on the intruder's remote computer, and the
server resides on the infected system. When a connection between client and
server is established, the remote intruder has some degree of control over the
infected computer. |
| |
|
|
| |
Botnet |
A botnet is a network of zombie computers under the remote control of a master. |
| |
|
|
| |
Brute Force Attack |
Brute force attack is a technique used to break an encryption or authentication
system by trying all possibilities. |
| |
|
|
| C |
|
|
| |
|
|
| |
Certification authority (CA) |
In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes.
There are many commercial CAs that charge for their services. Institutions and governments may have their own CAs, and there are also CAs which are free of charge. |
| |
|
|
| |
Code Injection Attack |
An attack technique to introduce code into a computer program or system to
form an unexpected action. The attack is usually accomplished by taking
advantage of an un-enforced or loosely implemented input validation process. |
| |
|
|
| |
Companion Virus |
A virus that creates a new program with the same file name as an existing
program, but in a different place or with a different file type, so that typing the
program's name on the command line causes the virus program to be executed
instead of the original program. |
| |
|
|
| D |
|
|
| |
|
|
| |
Data Driven Attack |
A form of attack encoded in innocuous-seeming data which is then executed by a
user or software to enforce the attack. |
| |
|
|
| |
Denial of service |
A prevention of the use of information resources either intentionally or
unintentionally, which affects the availability of the information resources.
Examples of such attacks are SYN flood, Ping O death, packet flooding and Ping
flooding. |
| |
|
|
| |
Dictionary Attack |
Dictionary attack is a technique used to break an encryption or authentication
system by trying words that can be found in a dictionary. |
| |
|
|
| |
DNS spoofing |
Pretend to be the DNS name of another system by compromising the domain
name server for a valid domain. |
| |
|
|
| E |
|
|
| |
|
|
| |
Encryption |
A process to encode the contents of message so as to hide it from outsiders. That
is, it is a process of scrambling and transforming data from an easily readable
and understandable format (plaintext) into an unintelligible format that seems to
be useless and not readily understandable (ciphertext). |
| |
|
|
| F |
|
|
| |
File Infector Virus |
It is a virus that infects executable files. Usually, the virus will get control when
the program is first executed. In most cases, the virus will return control to the
original program after it has completed its own execution. |
| |
|
|
| |
Firewall |
A firewall is a device or set of devices configured to permit, deny, encrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria. |
| |
|
|
| H |
|
|
| |
|
|
| |
Hacker |
In computer security, a hacker is someone with a strong interest in understanding
and manipulating computer systems, and specialises in work with the security
mechanisms for these systems. Nowadays, it is most commonly used by the
mass media to refer to a person who maliciously uses computer knowledge to
gain unauthorised access and cause damage to computers and data. |
| |
|
|
| |
Hoax |
This usually consists of an email message warning recipients about a new and
terribly destructive virus. It ends by suggesting that the reader should warn his or
her friends and colleagues, perhaps by simply forwarding the original message to
everyone in their address book. The result is a rapidly growing proliferation of
pointless emails that can increase to such an extent that they overload systems. |
| |
|
|
| |
Honeypot |
A honeypot is a decoy system put on a network as bait for attackers. The
attackers believe the honeypot is a legitimate system and attack on it, without
being known that their activities are being monitored. |
| |
|
|
| I |
|
|
| |
|
|
| |
Identity certificate |
In cryptography, a identity certificate is an electronic document which incorporates a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users ("endorsements"). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together. |
| |
|
|
| |
Intrusion Detection |
A method or process to detect the break-ins or attempts to attack via the use of
software systems which operate on the network. Intrusion detection systems
often combine the network monitoring with real-time capture and analysis in
order to identify for attacks. |
| |
|
|
| |
IPsec (IP Security) |
IPsec provides interoperable, high quality and cryptographically based security
services for traffic at the IP layer, such as authenticity, integrity, confidentiality
and access control to each IP packet. |
| |
|
|
| K |
|
|
| |
Keylogger |
Keylogger is a device or program that captures activities from an input device.
Malicious people can make use of keyloggers to capture personal information
being input into a computer system. |
| |
|
|
| L |
|
|
| |
Logic Bomb |
A piece of code left within a computing system with the intent of it executing
when some condition occurs. The logic bomb could be triggered by a change in a
file, by a particular input sequence to the program, or at a particular time or date.
Logic bombs get their name from malicious actions that they can take when
triggered. |
| |
|
|
| M |
|
|
| |
|
|
| |
Macro Virus |
Macro virus is a program written in the macro language which is provided with
some software applications (word processors, spreadsheets, etc.) To propagate,
macro viruses exploit the capabilities of the macro languages to transfer
themselves from one infected file (document or spreadsheet) to another. |
| |
|
|
| |
Mail Bomb |
A mail bomb is the sending of a massive amount of email to a specific person or
system. A huge amount of mail may simply fill up the recipient's disk space on
the server or, in some cases, may be too much for a server to handle and may
cause the server to stop functioning. |
| |
|
|
| N |
|
|
| |
|
|
| |
Network-based Scanner |
Network-based scanner is installed on a single machine that scans a number of
other hosts on the network. It helps detect critical vulnerabilities such as
mis-configured firewalls, vulnerable web servers, risks associated with
vendor-supplied software, and risks associated with network and systems
administration. |
| |
|
|
| O |
|
|
| |
|
|
| |
Open System Authentication |
Open System Authentication is the default authentication protocol for 802.11
standard. It consists of a simple authentication request containing the station ID
and an authentication response containing success or failure. On success, both
stations are considered mutually authenticated. |
| |
|
|
| P |
|
|
| |
|
|
| |
Pharming |
An attack redirects users to a bogus website such as fraudulent websites or proxy
servers, typically through DNS server hijacking or poisoning. |
| |
|
|
| |
Phishing |
In computing, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a website. Phishing is an example of social engineering techniques used to fool users.Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. |
| |
|
|
| |
PKI |
PKI stands for Public Key Infrastructure, an architecture to proof the identities of people, web sites, computer programs, etc. on the Internet. In a PKI, Certificate Authority (CA) issues Digital Certificates to applicants. CA also verifies the identity of applicants, and publishes certificates on an on-line repository where people can lookup others' certificates. |
| |
|
|
| R |
|
|
| |
|
|
| |
Relay Attack |
A replay attack is an attack in which the attacker intercepted a communication
session from a legitimate user and then repeated in a later time the captured
session in an attempt to impersonate the legitimate user. |
| |
|
|
| S |
|
|
| |
|
|
| |
Shoulder Attack |
Shoulder attack is an attack in which attacker might be able to observe what one
types and hence steal the password by direct observation by looking over one’s
shoulder, or indirect monitoring by using a camera when one types in his password. |
| |
|
|
| |
Spam |
"Spam" is defined as an unsolicited commercial bulk e-mail. In addition, spam is an e-mail that one did not ask for and do not want. |
| |
|
|
| |
Spyware |
Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent. |
| |
|
|
| |
Stealth Virus |
A virus that actively seeks to conceal itself from discovery or defends itself
against attempts to analyze or remove it. |
| |
|
|
| |
Strong password |
| "strong password" can be set by following the rules below |
| a. |
Set
your passwords with at least eight characters composed of random letters,
digits and symbols; |
| b. |
Use
different sets of password in different
systems, and; |
| c. |
Never
use dictionary words and personal related
information such as name, date, telephone
number, HKID and user ID, etc. |
|
| |
|
|
| V |
|
|
| |
|
|
| |
Vishing |
Vishing is a type of phishing attack that targeted VoIP. It can be used by the
attacker to steal the identities or money of the victim. |
| |
|
|
| |
VMware |
VMware, Inc. (NYSE: VMW) is a software developer and a global leader in the virtualization market. The company was founded in 1998 and is based in Palo Alto, California. The name "VMware" comes from the acronym "VM", meaning "virtual machine", while ware comes from second part of "software".
VMware's desktop software runs on Microsoft Windows, Linux, and Mac OS X. VMware's enterprise software, VMware ESX Server, runs directly on server hardware without requiring an additional underlying operating system. |
| |
|
|
| |
VPN |
A virtual private network (VPN) is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger network (e.g., the Internet) instead of by physical wires. The link-layer protocols of the virtual network are said to be tunneled through the larger network when this is the case. One common application is secure communications through the public Internet, but a VPN need not have explicit security features, such as authentication or content encryption. VPNs, for example, can be used to separate the traffic of different user communities over an underlying network with strong security features. |
| |
|
|
| |
Vulnerablity |
A flaw or weakness in a system that could be exploited by intruders to violate the
security policy. |
| |
|
|
| W |
|
|
| |
|
|
| |
Wi-Fi Protected Access (WPA) |
Wi-Fi Protected Access (WPA) is a wireless security protocol to fix known
security issues of WEP. WPA provides users with a high level of assurance that
their data will remain protected by using Temporal Key Integrity Protocol (TKIP)
for data encryption. |
| |
|
|
| X |
|
|
| |
|
|
| |
XML Encryption |
XML encryption is a specification developed by W3C that provides a process for
encrypting data and representing the result in XML. |
| |
|
|
| Z |
|
|
| |
|
|
| |
Zero-day Attack |
An attack exploiting a newly discovered vulnerability appears before the release
of the corresponding patch by the software vendor. |
| |
|
|
| |
Zombie Computer (or Zombie) |
A computer attached to the Internet that has been compromised by intruder with
computer viruses or Trojan Horses and manipulated without the knowledge of
the computer owner. The computer is usually used to perform malicious attacks
such as denial of service attack under remote control. |
| |
|
|
Campus-wide E-mail (CWEM)
