| A97M.Family.Variant | Access 97 Macro Virus (virus which infects Access 97 databases) |
| Abuse | Computer abuse, which might involve the user in 'an abuse of privilege', is the active and intentional misuse of the system's facilities (such as unauthorized access to, or alteration of data). However, the term can also be used to describe the proper use of a system for an improper purpose, such as fraud, denial of service, embezzlement, etcetera. |
| Access Control | The prevention of unauthorized access to the resources of an IT product, programs, processes, systems, or other IT products.
Some suppliers consider preventing unauthorized users from logging on to the system to be access control. In reality, access control should also stop logged on users accessing objects (files, devices, etc) for which they have no authorization.
The 'strength' of access control is often described in terms of 'factors'. The greater the number of factors, the stronger the control.
one-factor = password
two-factor = password + token
three-factor = password + token + biometric
four-factor = password + token + biometric + geography
five-factor = password + token + biometric + geography + user profiling
Only the first three are in common usage, but we can expect user profiling to play a greater part in the future. |
| Access Token | A security device that normally attaches to a COM port on a system which, when used in conjunction with appropriate software or hardware, allows authorized access to that system. Examples include smart cards and smart card readers, and touch memory devices such as those produced by Dallas Semiconductor.
Tokens are often described as the second factor in two-factor access control: something you own. |
| ActiveX | “ActiveX is code which defines Microsoft's interaction between Web servers, clients, add-ins and Microsoft Office applications. Basically, be afraid. Be very afraid. ActiveX applications can have full access to your system. In most instances this access will be quite legitimate, but a malicious ActiveX application is extremely worrying. The danger in malicious ActiveX code is when it has the capability to access and siphon data from your hard drive. A graphic illustration of this was given by the Chaos Club in Germany who demonstrated live on television a transfer of money from one bank account to another using an Internet-installed add-in - without the knowledge of the bank or the account holders.”
from Content Technologies' Guide to Content Security |
| Administrator (account) | Administrator is the default account name for the main system management account in the NT family of operating systems - similar to the ROOT account in Unix systems. Attaining Administrator permissions is the target of NT crackers just as obtaining ROOT is the target for Unix crackers. |
| Administrator (System) | A person or persons with responsibility for managing the system(s) in use. |
| ADSL | Asymmetric Digital Subscriber Line; one of a group of high speed digital subscriber telephone lines ideal for use with the Internet. Together, they are known as xDSL. A primary advantage is that they can use existing copper wire (that is, the existing telephone infrastructure).
ADSL is 'asymmetric' because it offers different upload and download speeds (between 1.5Mbps and 8.5Mbps downstream; and 16 to 640kbps upstream). The primary performance limiter is the distance between the subscriber and the Central Office (telephone Exchange). For example, if the distance is less than 9000 feet, the download speed could be in excess of 8Mbps; but if the distance is 18,000 feet, then the download speed can only achieve 1.54Mbps.
A feature of ADSL is that it is 'always on'. That is, dial-up Internet users will not need to go through a separate process of dialling into the Internet for each session. Similarly, incoming e-mails will come straight to the user's computer without having to wait to be collected from the ISP's mailbox.
But 'always on' introduces new security threats to the dial up user: just as the Internet is always available to the PC, so the PC is always available to the Internet (and the threats it contains). It is important, therefore, that ADSL users install adequate security software: encryption to protect sensitive files; solid anti-virus tools to avoid virus infection and aid recovery if necessary; and a personal firewall to help keep hackers and crackers at bay. |
| Adware | Adware is software that carries advertising. The software is usually free provided that the user agrees to accept the receipt of advertisements (either in the form of a banner within the application, or as separate pop-up Windows). There is nothing wrong with this arrangement provided everything is openly and clearly agreed between all parties concerned.
Adware becomes a concern when it starts to incorporate elements of spyware; that is, it starts to send information about the user (such as the user's Internet browsing habits) back to the originator (supposedly so that more relevant advertisements can be directed to the user). While this is definitely a privacy issue, it can also be a security issue (if, for example, the information gleaned could be used to blackmail the user).
Other concerns about adware are that it consumes CPU power and corporate bandwidth, and often uses the user's own hard drive to store the advertisements that will continually pop-up.
Just as there are specialist products to tackle the threat of viruses, so there are specialist products to tackle the threat of adware. If everything that the adware does is open and agreed, it is perfectly legitimate. If any aspect of what it does is hidden or disguised, then it is effectively a Trojan Horse. |
| Alarm/Alert | The terms 'alarm' and 'alert' are similar, but tend to be used in slightly different circumstances. Within information security, there is a tendency to use 'alarm' as a noun, and 'alert' as a verb.
Alarms are raised automatically by systems that detect an anomalous situation. Thus, an intrusion detection system (IDS) that detects a possible attack situation would raise an alarm.
Alerts are warnings sent by users to other users. Thus the discoverer of a vulnerability might issue an alert to warn other users. However, you could say that in raising an alarm, the IDS will alert the operator. |
| Algorithm | A set of instructions, especially ones that can be implemented on a computer, for a procedure that can manipulate data. Cryptographic algorithms are used to encrypt sensitive data files, to encrypt and decrypt messages, and to digitally sign documents.
Received opinion demands that a cryptographic algorithm should be made available for peer review. Proprietary algorithms that remain secret cannot be trusted. |
| Alias / Handle | An alternative name used by people (or bestowed upon objects) to hide their true identity. Many Internet users have a genuine and valid reason to disguise their identity. Others, including hackers, crackers and script kiddies, simply prefer to avoid recognition and detection. In both cases they are likely to use an alias.
The hacker/cracker fraternity tend to use the term 'handle' (adopted from Citizen's Band Radio usage) rather than 'alias'. Here it has the added intention of being a 'nom de guerre'. Script kiddies may well choose a particular handle in an attempt to engender fear in the minds of the average law abiding Internet user... |
| AmiPro.Family.Variant | AmiPro Script Virus (virus designed for AmiPro) |
| Anti-Spyware | Anti-Spyware products are designed to locate and remove spyware from your computer.
Since 'spyware' itself is a fairly loose term, anti-spyware products are often also effective against Trojans and worms. They are not generally very effective against viruses. Good PC security thus requires both anti-spyware and anti-virus defences. |
| ASCII | American Standard Code for Information Interchange
ASCII is the 7-bit computer code that specifies the characters of the alphabet and the basic punctuation we see on the screen. Generally speaking, ASCII files are considered to be relatively safe, but...
“Basic ASCII allows only 7 bits per character (128 characters), and the first 32 characters are “unprintable (they issue commands such as Line Feed, Form Feed and Bell). Generally, ASCII files are text files. However, with a little effort, it is possible to write programs that consist only of printable characters (see EICAR). Also, Windows batch (BAT) files and Visual Basic Script (see VBS) files are typically pure text, and yet are programs. So, it is possible for ASCII files to contain program code, and thus to contain viruses.
When sending out emails, especially those intended for a wide audience, using simple ASCII text to get your message across is the best choice. A pure-text email lets you control both content and layout exactly, and ensures that your mail will be legible by users of even the most old-fashioned email programs. |
| Attack | An attempt to subvert or bypass a system's security, which may or may not be successful. Attacks always involve an action driven by intelligence.
Attacks may be active or passive. An active attack attempts to alter or destroy data. A passive attack attempts to intercept and read data without altering it. They may also be 'insider attacks' (that is, insigated by somebody who may legitimately be able to access the system), or 'outsider attacks' (that is, instigated by somebody from outside of the system who has no legitimate right to access it).
By far the majority of security incidents stem from insider activity. However, increasing use of the Internet and increasing hacker activity is beginning to change this equation.
Attempts to break encryption (that is, unauthorized attempts to decipher encrypted data) are also known as 'attacks'. |
Powered by