Glossary
|
|
Chapter 10
|
|
802.11i
| Sometimes called WPA2, a network standard developed by IEEE with enhanced security for wireless communications.
|
access control
| Security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer.
|
adware
| Program that displays an online advertisement in a banner or pop-up window on Web pages, e-mail, or other Internet services.
|
anti-spam program
| Program that attempts to remove spam before it reaches a user’s inbox.
|
antivirus program
| Program that protects a computer against viruses by identifying and removing any computer viruses found in memory, on storage media, or on incoming files.
|
audit trail
| Computer file that records both successful and unsuccessful access attempts.
|
back door
| Program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network.
|
backup
| Duplicate or copy of a file, program, or disk that can be used if the original is lost, damaged, or destroyed.
|
biometric device
| Device that authenticates a person’s identity by translating a personal characteristic, such as a fingerprint, into a digital code that then is compared with a digital code stored in a computer verifying a physical or behavioral characteristic.
|
biometric payment
| Payment method where the customer's fingerprint is read by a fingerprint scanner that is linked to a payment method such as a checking account or credit card.
|
botnet
| Group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks, usually for nefarious purposes. See also zombie army.
|
CAPTCHA
| Completely Automated Public Turing test to tell Computers and Humans Apart; program used by some Web sites to provide further protection for a user's password by verifying that user input is not computer generated.
|
certificate authority [CA]
| Authorized person or company that issues and verifies digital certificates.
|
clickjacking
| Scam in which an object that can be clicked on a Web site, such as a button, image, or link, contains a malicious program.
|
computer addiction
| Growing health problem that occurs when the computer consumes someone’s entire social life.
|
computer crime
| Any illegal act involving a computer.
|
computer ethics
| Moral guidelines that govern the use of computers and information systems.
|
computer security risk
| Any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
|
computer vision syndrome
| Eyestrain due to prolonged computer usage.
|
content filtering
| Process of restricting access to certain material on the Web.
|
cookie
| Small text file that a Web server stores on a computer.
|
copyright
| Exclusive rights given to authors and artists to duplicate, publish, and sell their materials.
|
cracker
| Someone who accesses a computer or network illegally with the intent of destroying data, stealing information, or other malicious action.
|
cybercrime
| Online or Internet-based illegal acts.
|
cyberextortionist
| Someone who uses e-mail as a vehicle for extortion.
|
cyberterrorist
| Someone who uses the Internet or network to destroy or damage computers for political reasons.
|
decrypt
| Process of deciphering encrypted data into a readable form.
|
denial of service attack
| Assault on a computer or network whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. See also DoS attack.
|
digital certificate
| A notice that guarantees a user or a Web site is legitimate.
|
digital forensics
| The discovery, collection, and analysis of evidence found on computers and networks. See also computer forensics, cyberforensics, or network forensics.
|
digital rights management [DRM]
| Strategy designed to prevent illegal distribution of movies, music, and other digital content.
|
digital signature
| Encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender.
|
DoS attack
| Assault on a computer or network whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. See also denial of service attack.
|
e-mail filtering
| Service that blocks e-mail messages from designated sources.
|
employee monitoring
| The use of computers to observe, record, and review an employee’s use of a computer, including communications such as e-mail messages, keyboard activity [used to measure productivity], and Web sites visited.
|
encryption
| Process of converting readable data into unreadable characters to prevent unauthorized access.
|
encryption algorithm
| Set of steps that can convert readable plaintext into unreadable ciphertext. See also cypher.
|
encryption key
| Set of characters that the originator of the encrypted data uses to encrypt the plaintext and the recipient of the data uses to decrypt the ciphertext.
|
ENERGY STAR program
| Program developed by the United States Department of Energy [DOE] and the United States Environmental Protection Agency [EPA] to help reduce the amount of electricity used by computers and related devices.
|
firewall
| Hardware and/or software that protects a network’s resources from intrusion by users on another network such as the Internet.
|
green computing
| Computer usage that reduces the electricity and environmental waste involved in using a computer.
|
hacker
| Someone who accesses a computer or network illegally.
|
hardware theft
| The act of stealing computer equipment.
|
hardware vandalism
| The act of defacing or destroying computer equipment.
|
information privacy
| Right of individuals and companies to deny or restrict the collection and use of information about them.
|
information theft
| Computer security risk that occurs when someone steals personal or confidential information.
|
intellectual property rights
| Rights to which creators are entitled for their work.
|
intrusion detection software
| Program that automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized intrusions, and notifies network administrators of suspicious behavior patterns or system breaches.
|
license agreement
| An agreement issued by a software manufacturer that gives the user the right to use the software.
|
malware
| Short for malicious software; programs that act without a user’s knowledge and deliberately alter a computer’s operations.
|
password
| Private combination of characters associated with a user name that allows access to certain computer resources.
|
payload
| Destructive event or prank a malicious-logic program is intended to deliver.
|
personal firewall
| Utility program that detects and protects a personal computer and its data from unauthorized intrusions.
|
personal identification number [PIN]
| Numeric password, either assigned by a company or selected by a user.
|
pharming
| Scam, similar to phishing, where a perpetrator attempts to obtain your personal and financial information, except they do so via spoofing.
|
phishing
| Scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal and financial information.
|
phishing filter
| Program that warns or blocks you from potentially fraudulent or suspicious Web sites.
|
piracy
| Unauthorized and illegal duplication of copyrighted material.
|
possessed object
| Any item that a user must carry to gain access to a computer or computer facility.
|
product activation
| Process that attempts to prevent software piracy by requiring users to provide a software product’s 25-character identification number in order to receive an installation identification number.
|
quarantine
| Separate area of a hard disk that holds the infected file until a virus can be removed.
|
real time location system [RTLS]
| Safeguard used by some businesses to track and identify the location of high-risk or high-value items.
|
repetitive strain injury [RSI]
| Injury or disorder of the muscles, nerves, tendons, ligaments, and joints.
|
restore
| To copy backed up files by copying them to their original location on the computer.
|
rootkit
| Program that hides in a computer and allows someone from a remote location to take full control of the computer.
|
script kiddie
| Someone who accesses a computer or network illegally with the intent of destroying data, stealing information, or other malicious action but does not have the technical skills and knowledge.
|
secure site
| Web site that uses encryption techniques to secure its data.
|
social engineering
| Gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others.
|
software theft
| Computer security risk that occurs when someone [1] steals software media, [2] intentionally erases programs, [3] illegally copies a program, or [4] illegally registers and/or activates a program.
|
spam
| Unsolicited e-mail message or newsgroups posting sent to many recipients or newsgroups at once.
|
spoofing
| Technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network.
|
spyware
| Program placed on a computer without the user’s knowledge that secretly collects information about the user.
|
surge protector
| Device that uses special electrical components to smooth out minor noise, provide a stable current flow, and keep an overvoltage from reaching the computer and other electronic equipment. See also surge suppressor.
|
system failure
| Prolonged malfunction of a computer.
|
Trojan horse
| Program named after the Greek myth that hides within or looks like a legitimate program.
|
trusted source
| Company or person a user believes will not send a virus-infected file knowingly.
|
unauthorized access
| Use of a computer or network without permission.
|
unauthorized use
| Use of a computer or its data for unapproved or possibly illegal activities.
|
uninterruptible power supply [UPS]
| Device that contains surge protection circuits and one or more batteries that can provide power during a temporary or permanent loss of power.
|
user name
| Unique combination of characters, such as letters of the alphabet and/or numbers, that identifies a specific user.
|
virus
| Potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission.
|
virus definition
| Known specific pattern of virus code. See also virus signature.
|
virus hoax
| E-mail message that warns users of a nonexistent virus or other malware.
|
virus signature
| Known specific pattern of virus code. See also virus definition.
|
war driving
| Intrusion technique in which an individual attempts to detect wireless networks via their notebook computer while driving a vehicle through areas they suspect have a wireless network. See also access point mapping.
|
Web filtering software
| Program that restricts access to certain material on the Web.
|
Wi-Fi Protected Access [WPA]
| Security standard that improves on older security standards by authenticating network users and providing more advanced encryption techniques.
|
worm
| Program that copies itself repeatedly, using up system resources and possibly shutting down the system.
|
zombie
| A compromised computer whose owner is unaware the computer is being controlled remotely by an outsider.
|