Addendum 3. Mini-glossary Of Technical Terms
Definitions Related to Security
Attachment
An attachment is a method by which text and images can be sent via e-mail. Any non-text file (which could be a program or a picture or a video) is converted
(“encoded”) into a printable form and inserted into the text message. Specifically, anything stored in your computer is composed of zeros and ones. Encoding, in its simplest form, would send the zeros and ones as printable characters.
Backdoor
A way to bypass the normal login security and gain control of a computer without obtaining the owner’s consent. If a backdoor is installed on a network-attached computer, a person anywhere on the Internet may be able to gain control of your computer without your knowledge or approval.
Backup
The process of copying computer files to some other location either on the computer, or on storage devices that may be separated from the computer. Backups allow you to recover data in the event that the originals are no longer available (for reasons ranging from accidental deletion to physical damage, theft or other loss).
Buffer Overflow
A software bug that occurs when a program moves data into a space in memory, but there is not enough room. The program may discard characters to try to make space for the new data.34
Destroying these characters can cause all sorts of problems, and often can allow things to happen which affect the integrity or security of the program. Buffer overflows can be avoided (if you are programming) by checking that there is sufficient spaced in memory before doing a move.
34 For example, the program might move 100 characters into an area that is only 80 characters long. Assume that the programmer is moving the data into an area starting at location 1001 in memory. The first 80 characters go just where they should – into locations 1001-1080, but the last 20 characters go into locations 1081-1100 – they overlap on top of whatever was there before (since the maximum move was supposed to be just 80 characters).
Cookie
A file that is written to or read from your hard disk at the request of a remote web site. The web site requests that the file be written and reads it later. As a simple example, if you tell a web site what your username is, it can request that this information be written to your disk. When you go back to that web site, it reads the cookie and knows what your username is.
Daemon
A small program that runs all of the time waiting for someone to ask it to do something
– often such requests may be made remotely over the network.
Denial- of-Service
A Denial-of-Service attack is when computers on the Internet are bombarded with
(garbage) messages to such a great extent that they spend all of their time responding to these messages. Real user traffic can no longer get through.
E-mail
The computer-based equivalent of postal mail – e(lectronic)-mail. Properly addressed e-mail can be sent and received by anyone connected to the Internet. From the perspective of the Internet, all e-mail is composed of printable text
(ASCII) messages.
Encryption
Encryption is a way to disguise information so that it cannot be read easily, except by the intended recipient. In the simplest case, there is a “key” in conjunction with a set of rules that is used to disguise that information. It can only be read after being decrypted, and to decrypt it, you would need to know the proper “key” and the appropriate rules.
Firewall
Firewalls can block transmissions between you and the outside world that are unexpected or disallowed. Firewalls have two forms: a firewall may be software program running on your computer or it may be a separate piece of hardware that watches what is being sent and received over a network.
HTML
HTML is short for HyperText Markup Language. A mark-up language allows commands or instructions embedded in the text to be displayed and printed. It is essentially a set of instructions that tells a web browser or mail program how to display text and images. It can also give other instructions to the browser/mail program. An example of a mark-up language is:
This sentence is <<Start Bold>>very<<End Bold>> short.
When the sentence is displayed, the words within the << >> are taken as instructions on what to do. As a result, the sentence would be displayed as: This sentence is very short.
Identity theft
Identity theft occurs when someone gathers enough information about you to convince others (such as banks, stores or governments) that they are you.
Keyboard logger
A program that captures everything that is typed on a keyboard. The data can be written to disk or sent to someone else via the Internet. If a keyboard logger is installed on a computer, everything that is entered on the computer, including usernames and passwords, can be captured, just as if someone was looking over your shoulder while you typed!
Open Source
Programs that are distributed in source format under conditions that allow free modification and distribution. Since the source code is available, people can see how it works and are able to change it. The authors of Open Source programs often encourage other programmers to participate in the further development of the programs. Open Source also includes software that is given away for free and many Open Source programs, both free and for sale, offer functionality that is similar to proprietary programs that may costs a substantial amount of money. Sometimes Open Source programs are incorporated into fee-based programs in special licensing arrangements.
See http://www.opensource.org and http://www.fsf.org for additional information.
Spam
Advertising or other e-mail sent to you without your requesting it.
URL
Universal Resource Locator – a generalized address to locate something in the Internet. Examples are http://www.infodev.org/ and mailto: security-handbook@worldbank.org
Username/ password
A name and a secret password that identifies a user to a computer system or a web site.
Virus
The term
“virus” has a very specific meaning that will be defined and discussed in more detail later. For the present, it will be used to describe a family of programs
(including viruses, worms and Trojans) that can unexpectedly show up in your computer, may spread to other computers, and can do significant harm. This harm includes, but is not limited to, destroying files and data.
|
