Computer security risk
any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
someone who accesses a computer or network illegally
(has advanced computer and network skills)
someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action (has advanced computer and network skills)
has the same intent as a cracker but does not have the technical skills and knowledge. Script kiddies often use pre-written hacking and cracking programs to break into computer.
someone who uses e-mail as a vehicle for extortion. these perpetrators send organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization's network- if they are not paid a sum of money.
someone who uses the internet or network to destroy or damage computers for political reasons.
an attack whose goal ranges from disabling a government's computer network to crippling a country. (usually require a team of highly skilled individuals, millions of dollars, and several years of planning)
Online security service
website that evaluates your computer to check for internet and e-mail vulnerabilities. (Service then provides recommendations of how to address the vulnerabilities)
Computer Emergency Response Team Coordination Center
(A federally funded internet security research and development center)
A potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user's knowledge or permission. Once the virus infects the computer, it can spread throughout and may damage files and system software, including the operating system.
a program that hides within or looks like a legitimate program. A certain condition or action usually triggers the trojan horse. trojan horse does not replicate itself to other computers.
a program that hides in a computer and allows someone from a remote location to take full control or the computer. Once the rootkit is installed, the rootkit author can execute programs, change settings, monitor activity, and access files on the remote computer. Although rootkits can have legitimate uses, such as in law enforcement, their use in nefarious and illegal activities is growing rapidly.
(short for malicious software) programs that act without a user's knowledge and deliberately alter the computer's operations. other classes of malware include back doors and spyware.
protects a computer against viruses by identifying and removing any computer viruses found in memory, on storage media or on incoming files.
(to inoculate a program file) the antivirus program records information such as the file size and file creation date in a separate inoculation file. The antivirus program then uses this information to detect if a virus tampers with the data describing the inoculated program file.
A separate area of a hard disk that hods the infected file until the infection can be removed. This step ensures other files will not become infected.
an e-mail message that warns user of a nonexistent virus or other malware. These hoaxes are in the form of a chain letter that requests the user to send a copy of the e-mail message to as many people as possible.
group of compromised computers connected to a network such as the internet that are used as part of a network that attacks other networks usually for nefarious purposes.
A program that performs a repetitive task on a network. Cybercriminals install malicous bots on unprotected computers to create a botnet.
(also called denial of service attack) An assault whose purpose is to disrupt computer access to an internet service such as the web or e-mail.
(distributed Dos) attack, A zombie army is used to attack computers or computer networks.
(A more devastating type of DoS attack)
A program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network.
A technique intruders use to make their network or internet transmission appear legitimate to a victim computer or netorks.
The sender's address or other other componets of the e-mail header are altered so that it appears the e-mail originated from a different sender.
An intruder computer fools a network into believing its IP address is associated with a trusted source. Perpetrators of IP spoofing trick their victims into interacting with the phony web site.
Hardware and/or software that protects a networks resources from intrusion by users on another network such as the internet.
A server outside the organization's network that controls which communications pass into the organization's network.
A utility program that detects and protects a personal computer and its data from unauthorized intrusions.
Intrusion detection software
Automattically analyzes all network traffic, assesses system bulnerabilities, identifies any unauthorized intrusions, and notifies network administrators of suspicious behavior patterns or system breaches.
Any item that you must carry to gain access to a computer or computer facility. (examples : badges, cards, smart cards, and keys.
Personal identification number, a numeric password, either assigned by a company or selected by a user.
authenticates a person's identity by translating a personal characteristic, such as a fingerprint, into a digital code that is compared with a digital code stored in the computer verifying a physical or behavioral characteristic.
(computer forensics, network forensics, or cyberforensics)
the discovery, collection, and analysis of evidence found on computers and networks. involves the examination of computer media, programs, data and log files on computers, servers, and networks.
process of converting readable data into unreadable characters to prevent unauthorized access
Authorized person or company that issues and verifies digital certificates.
(Transport Layer Security)
Successor to Secure Sockets Layer (SSL), a security technique that provides encryption of all data that passes between a client and an Internet server.
(Secure Sockets Layer)
Security technique that provides encryption of all data that passes between a client and an Internet server.