Glossary of Internet Security Terms

Advanced Encryption Standard (AES)

A method of encryption that uses strong keys, commonly used by WPA2 wireless networks. AES is the most popular method of encryption worldwide and is approved by the NSA for use with Top Secret material.

Alert

A warning indicating a potential problem with your system or network.

Attack

An active attempt to breach the security of a system.

Authentication

A method of establishing the identity of a person or user. Usernames and passwords, PINs, security tokens, and signatures are all forms of authentication.

Bot

Short for "robot". A software application that runs simple or repetitive automated tasks over the Internet. Bots can be used for commercial or malicious purposes. Malicious bots can be used to harvest email addresses for spam, propagate viruses and worms, or attack systems. If a computer has become a bot without its owner being aware, it is called a Zombie.

Botnet

A group of bots working together to complete repetitive tasks or objectives. Malicious botnets are often used to perform Distributed Denial of Service (DDoS) attacks.

Breach (Compromise)

A successful attack, usually through a operating system or application vulnerability, used to compromise a system.

Brute Force

An attack where all possibilities are tried in a procedural way. For example if brute forcing a 4 number code the process would be similar to the following:

• 0000
• 0001
• 0002

…and so on. These methods can take quite some time. The length of time depends on the number of characters in the password and complexity of the password.

Crack

A modification to an application that may alter its intended function. Cracks are typically used to bypass security, and are often a hive for viruses and malware.

Compromised System

A system that is compromised and is no longer trustworthy, having been infiltrated by a malicious user or program.

Denial of Service

An attack that is intended to disrupt or deny access to a system or resource (such as a website) by overloading its capacity. Distributed Denial of Service (DDOS) attacks occur when multiple machines attack a single target.

Data Encryption Standard (DES)

A popular method of encryption, but not as secure or as transparent in design as AES.

Encryption

The process of transforming information in such a way that it cannot be understood without the relevant key to decipher (unlock) it.

Firewall

Helps prevent your computer from being compromised by an attacker, by inspecting all traffic passing through and assessing whether it is legitimate. Many home broadband routers have inbuilt firewalls.

Keylogger

A piece of software that records all key inputs within a computer. Keyloggers can be used in both malicious and legitimate purposes. Keyloggers are generally considered an invasion of privacy; malicious uses involve the collection of credit card details, passwords, and account details.

Malware

Software or code written with malicious intent. Malware includes viruses, spyware, Trojans, worms, and other malicious software.

Local Area Network (LAN)

Typically a group of computers in a local area (such as the same building) that share a single outward connection or gateway to the Internet.

Passphrase

Similar to a password but usually significantly longer and containing multiple words.

Password

A word or combination of letters, numbers, and symbols that is used either by itself or in combination with a username to gain access to a secured website, computer, or other device.

Peer to Peer (P2P)

Networking protocols and software that share between end users rather then the traditional client-server connection. A common use for peer to peer protocols is sharing files between users, legally or illegally.

Phishing

Emails or websites that attempt to imitate a legitimate site or email to trick people into giving up their personal information.

Pop-up

Advertisements that ‘pop up’ in their own window to advertise a product in an attention grabbing way. Most browsers have in-built defences against pop-ups.

Port

Ports are used so traffic does not get misdirected to the wrong application on your computer. Each software application has a pre-assigned or "on the spot" negotiated port.

Ransomware

A type of malware that restricts access to an infected computer system and demands a ransom for the restriction to be removed. Ransomware may encrypt your data - and demand a ransom for the key to unlock it - or simply lock down the computer system.

Root kit

Software intended to hide that a system has been compromised by other software. Commonly used as a conduit for malicious software to gain greater access to a system - allowing them to do far more damage.

Script Kiddies

A derisive term for people who attack computer systems using other people's attack software without understanding how it works.

Spam

Unsolicited email, typically advertising dubious products. It is believed that a large percentage of email is spam - perhaps more than 80%.

Spyware

Software that monitors your activities online, either to send you advertisements, or steal information. Spyware is often poorly written and can slow down your computer.

Social Engineering

Manipulating people into giving away confidential information or performing other actions. Phishing is an example of social engineering - used to fraudulently gain banking or other private information.

Secure Socket Layer (SSL)

An encrypted layer used for temporary connections to ensure they cannot be viewed without permission. Often used to secure web browsing.

Temporal Key Integrity Protocol (TKIP)

A rotating time-based encryption protocol that makes sure a key is not repeated for some time. This prevents keys from being used multiple times in succession. TKIP is typically used with WEP and WPA security on wireless networks. While it can be used with WPA2 wireless, it is not advisable.

Trojan

A piece of software that allows unauthorised remote control of a computer without the user's knowledge. Typically gains access to a system under the guise of a legitimate piece of software. The name is derived from the story of the Trojan Horse from Greek mythology.

Update/Patch/Service Pack

Software that updates the existing software to fix bugs, resolve security problems, or add new features. These are typically provided free by the developer and should be applied promptly.

Username

The identifier name for an account within a system, typically combined with a password to gain access.

Virus

A self-replicating computer program that installs itself without user consent. Most viruses perform some kind of harmful activity on infected hosts.

Virus Scanner

An application that finds and prevents virus infections. They often include active scanners that scan all file activity for malicious code signatures. If they find malicious code, they can remove the offending file, move it to a safe location (quarantine), or try to repair the file.

Virtual Private Network (VPN)

A method of connecting machines or networks on the Internet into a private network, usually with encryption and authentication. This is most commonly used by people connecting to work networks from their home Internet connection. Once authenticated, the machine is virtually connected to the work network as if they were at the work location.

War Driving/War Walking

The act of finding unsecured wireless networks and using the connection for personal or malicious uses. Some people who find a connection may mark the location with chalk so others can find the network. This can be prevented by use of well-secured wireless networks.

Wide Area Network (WAN)

A network that is of an extended size - typically over multiple campuses or buildings. The Internet is the largest form of WAN.

Wired Equivalent Privacy (WEP)

A form of wireless encryption used in securing a wireless connection that has serious flaws, and is no longer seen as a reliable method to secure a wireless connection.

Worm

A form of self-replicating malware that delivers itself through network connections, spreading and infesting a network. Like viruses, they perform some kind of harmful activity, and cause congestion and slowness within network links.

WiFi Protected Access (WPA)

A form of wireless encryption used in wireless routers to secure a connection between the router and device (laptop etc). The successor to WEP, WPA2 is the improved variant.

Zero-Day Exploit

An operating system and application security vulnerability that has an already known exploit, but does not yet have a patch released for it.

Zombie

An Internet-connected computer that has been turned into a malicious bot without its owner being aware. May be used to send email spam or attack other systems.