|
Jargon busterAbacus Sentry Public-domain UNIX utility to detect the use of a port scanner in real time. See crash. See computer abuse or breach. The technique of limiting access to sensitive resources, such that only authorised subjects (typically users, systems or programs) can reach them. Includes physical, logical and procedural controls e.g. locked doors, passwords and computer suite visitor procedures. Having gained access to an access-controlled resource, a system may limit the subject's access rights (abilities) by access rules (criteria), typically using an ACL. A router used to connect directly to the Internet or other external network. Generally forms the first layer of network perimeter controls. See username. The concept of a higher authority (normally senior management) demanding that an individual takes ownership of a particular issue or activity. When openly promoted by those in authority, the threat of being 'held accountable' for one's actions can be a powerful deterrent control. Implies the ability to trace and link actions uniquely to individuals, generally through the use of audit trails (recording what happened) coupled with access controls and user authentication (specifically identifying the perpetrator). Term is used more loosely in the wider sense of management responsibilities e.g. to implement appropriate governance controls. In most operating systems, an object (e.g. a network port, service, file, directory, memory location or device) may have a set of access control rules attached to it. When a subject (normally a process acting on behalf of a user) attempts to access the object, security functions within the system's kernel check down the access list until the subject's ID is matched, in which case the rule is executed. There may also be a default or implicit rule (e.g. "allow full access" or "disallow all access") in case there is no explicit matching entry. Microsoft software technology for downloading and running signed COM (Component Object Model) code, Win32 programs etc. ("controls") embedded within web pages. The author of each ActiveX control can optionally mark it "safe for scripting", thereby allowing it unrestricted access to the client operating system. If a user inadvertently accepts and executes a malicious or bug-ridden ActiveX control downloaded directly from a hacked web page, or indirectly via a hyperlink to another website, security of the user's client machine and LAN may be severely compromised. See also Java. [System/network] Administration, management In an information security context, administration of computer systems and networks involves the use of privileged system facilities and utilities to configure, monitor and maintain them securely. Deliberate, misguided, incompetent or accidental misuse of these facilities and utilities can completely compromise confidentiality, integrity and/or availability controls. The people who perform these roles should therefore be completely trustworthy, diligent and competent, and they should ideally use standard operating procedures to reduce the risks. The default username of the main system management account on Windows NT systems, broadly equivalent to ROOT for UNIX. System managers or hackers who gain access to this privileged account can bypass practically any automated controls on the system. A law court will only accept evidence which is relevant to the case and reliable. This can create problems in hacking cases where computers have clearly been compromised during the attacks and are therefore not necessarily reliable. Inexperienced investigators can inadvertently compromise computer evidence by seemingly innocuous acts such as running the 'directory' command, whilst if operating system files have been hacked, the output of such commands will also be questionable. Computer forensics investigators take special precautions to avoid such situations. AES (Advanced Encryption Standard) An encryption algorithm (Rijndael) chosen in 2001 by NIST to replace DES (if not triple-DES) as a new Federal Information Processing Standard (FIPS). By aggregating (combining and relating) data from various sources, it is usually possible for a hacker to build up a better picture of a target than by relying on one or a few sources. Similarly, in military situations, data aggregation techniques (such as traffic analysis and data mining) can provide additional clues about an adversary's position. Consider this next time your organisation publishes explicit details of its latest computer systems purchases in a press release! In IPSEC, security mechanisms and key management are independent, separated by an interface called the security association (SA). AH is one of two IP-layer security mechanisms alongside ESP. AH provides message authentication and integrity. AIDE (Advanced Intrusion Detection Environment) Public-domain UNIX utility, similar to Tripwire, used to detect changes in important files (which may indicate they have been hacked or virus infected). Version of Snort for sniffing wireless LANs etc. When a detective control is triggered by some event condition (e.g. someone tries to login with an invalid username/password combination), it generally causes the system to send an alarm message to alert the operator and/or store the message in a security log file, in addition perhaps to taking direct action (e.g. halting the login process). Good systems allow these alarm/alert messages to be prioritised and presented appropriately to the operators in near-real-time. By convention, books and articles about encryption usually use these names to refer to the counterparties exchanging encrypted messages. There is no special significance to the names (except perhaps for their initials) but the convention helps familiarise readers in this complex field. Form of cryptanalysis in which the analyst exploits mathematical weaknesses in the encryption algorithm or process to break the code. Derogatory term for a young/immature hacker who simply uses automated hacking scripts and programs written by others, but probably aspires to become a hacker. See also script kiddie. Annualised Loss Expectancy (ALE) Insurance industry term for the financial value of losses (impacts) typically expected in an 'average' year under particular circumstances. Crudely put, an expected loss of say $30k once every three years equates to an ALE of $10k. Insurers take into account controls that reduce the probability or extent of loss (e.g. in the case of hacking insurance, the chances of a company being hacked should be reduced by the use of professionally-managed information security services) and conversely situations which increase the probability or extent of loss (e.g. a high-profile media campaign against a company), in determining the appropriate level of premium. They also list specific exclusions and terms of cover in the policy small-print (caveat emptor!). Extraordinary activity. Hacks or bugs may be identified as a result of someone noticing something unusual in a system's behaviour (e.g. unexpected entries in a system log file). In his infamous book "The Cuckoo's Egg", Cliff Stoll recounts a chance discovery of a discrepancy between two accounting systems of just a few cents that led eventually to the unravelling of a hack. Many detective controls (e.g. intrusion detection systems) in fact rely on identifying anomalies. Automated 'anomaly detection systems' typically employ knowledge-based intelligent processing to identify exceptional patterns of system activity. A UNIX-based public-domain read-only anonymous FTP server. Anonymous FTP, anonymous login FTP may be configured to allow "anonymous" access to certain "public" directories, i.e. the FTP system does not demand a valid username and password but uses a default account. Most systems may be configured not to request login IDs and/or passwords. The consequences of allowing unauthenticated user access are pretty self-evident, especially if the system's access control settings are so weak as to allow unrestricted access to areas outside the designated public area. However, such security vulnerabilities may not be recognised by system administrators, or may be deliberately ignored due to the 'convenience' of generic file transfers etc. Special security software and procedures designed to detect and prevent the introduction and spread of computer viruses and similar malware into (and sometimes out of) an organisation. In the UK, a copyright holder with reliable information that another party is infringing their copyright may approach the courts for a so-called Anton Pillar order giving the right to search the other party's premises without prior notice in order to obtain further evidence. Application, application program, applet Computer program/s in software or firmware performing one or more useful data processing functions for users of a system. Applications generally rely on calls to underlying operating system software to operate and access physical devices such as disks. Applets are small applications, usually written in Java, embedded in webpages. Well-designed applications incorporate appropriate technical security controls (e.g. automated data-entry validation) and are operated according to defined procedures incorporating appropriate manual controls (e.g. management review), as well as employing appropriate security functions in the operating system (e.g. user authentication and security event logging services). Application-level firewall or gateway Type of firewall that maintains the complete TCP connection state and sequencing but performs security processing according to the data content at the application layer of the TCP/IP stack (e.g. automatic network address translation to hide internal IP addresses from the outside world). Normally also configured as a proxy firewall. Generally means "acceptable to the organisation". Many organisations have corporate policies for 'appropriate use of the Internet' for example, which define legitimate business uses and/or illegitimate activities (e.g. "Do nothing on the Internet which, if disclosed publicly, would cause you or the organisation embarrassment or might lead to prosecution"). Security advisories from CERT and similar organisations often refer to the ability to exploit a bug or other vulnerability to 'execute arbitrary programs' on the compromised system. In effect, this seemingly innocuous term means successful attackers would be able to gain full administrative privileges and command the system. Using a ROOT kit, for example, hackers may edit or delete the system security logs, create back-door entry points and/or use the system as a platform to attack other connected systems (see leapfrog). If the system holds sensitive data, they may take copies or modify them. Until such time as someone notices the breach and takes the system off-line, the hackers have free reign. Beware the term 'arbitrary'! Archived data are not expected to be required in the near-term and are removed from on-line system storage (e.g. hard disk) to off-line storage (e.g. magnetic tape) in order that they may still be accessed subsequently ("retrieved"). Data that are important enough to be archived should generally be copied to duplicate archive media prior to deletion from on-line media, and should be stored securely (typically in physically-separate fire safes or vaults) in case the primary copy is lost (e.g. if the tape is accidentally overwritten or damaged during retrieval). A UNIX-based public-domain IP network monitoring tool. Provides facilities to compare network activities against information security policies etc. ARP (Address Resolution Protocol) Simple TCP/IP protocol for dynamically relating IP addresses of devices broadcasting on an Ethernet segment on a LAN to their corresponding MAC addresses (or, with "Reverse ARP" [RARP], vice versa). Most network devices store addresses received by ARP in local caches to speed look-ups: attacks that damage integrity of the stored data are known as "ARP cache poisoning attacks". Defined in STD 37, ARPANET Name of a network of networks established in the late 1960's by the US Defence Advanced Research Projects Agency (DARPA) that standardised the TCP/IP protocols subsequently evolved into the Internet. Despite its military origins, information security was not a primary design goal for ARPANET as threats such as cracking were practically nonexistent at the time. ARPANET and the Internet were designed to share information openly rather than restrict it. A UNIX-based public-domain utility to track ARP messages and cross-reference IP addresses against Ethernet addresses on a LAN e.g. for signs of spoofing. Microsoft software (built-in to IIS) that allows web pages to be generated dynamically by the server. As with other similar systems, ASP security vulnerabilities have been abused by hackers to gain unauthorised access to server- or client-side resources. See also CGI. A measure of confidence that the information security and control features, functions and architecture of a computer system (collectively or individually) satisfy (i.e. mediate and enforce) the security requirements, policies etc. Assurance is rarely absolute. Asymetric cryptography Form of Cryptography that uses pairs of complementary (or asymmetric) keys to encrypt and decrypt a message. For more information, see public-key cryptography. A deliberate attempt by a perpetrator to breach security controls on a computer. The attack may actually alter, release, delete or deny access to data and/or systems, or the perpetrator may simply gain unauthorised access to systems and/or data. There may or may not be any direct material impact as a result. The success of a particular attack depends on the vulnerability of the computer system i.e. the effectiveness of existing controls at the time. The independent examination of a sample of records, activities and/or systems to assess the state of governance, to ensure compliance with necessary controls, policies and procedures, and to recommend control improvements where judged necessary to reduce risks. Role performed by Internal and External Auditors and, for computer systems, Computer Auditors. A discrete action detected by the system that may or may not generate an record in the audit log. Depending on audit rules (parameters) governed by the logical security policy, the system determines whether or not to record each specific audit event. Chronological record of audit events, generally linked to the corresponding user or system IDs. Strictly speaking, an audit log is a set of physical/electronic data records whereas an audit trail is the intangible information derived by analysing the log/s to reconstruct the original sequence of events. May also include (or be cross-related to) other logs and records e.g. system security logs, change logs, error logs etc. Chronological record of audit events, generally linked to the corresponding user or system IDs, used to reconstruct/verify an historical sequence of actions. Authenticate, authentication, authenticity The process positively to establish (beyond all reasonable doubt) the validity of a user, program, device or other object's claimed identity, often as a prerequisite to allowing access to controlled resources in a system. Normally involves verifying a distinctive digital signature, password, fingerprint or other biometric etc. and/or the possession of a token, that would be practically impossible for anyone else to forge. Note the terms 'reasonable doubt' and 'practically impossible': authentication can be performed to various degrees of assurance according to the requirements by applying appropriate methods and rigour. Weak network node authentication systems based on IP addresses, for example, contrast markedly with those based on Kerberos. Microsoft protocol that allows developers to digitally-sign their programs so any later program modifications (e.g. Trojans or viruses) should be detectable. Authorisation, authorise, authority The granting of permission by a resource owner to an authenticated individual to access the resource for a specific purpose. Access which is not covered by an explicit authorisation rule may be covered by an all-encompassing default (e.g. "all access is deemed unauthorised unless specifically authorised by management") - this kind of catch-all condition is commonly used in ACLs including access rules for firewalls. Automated or technical controls Security controls enforced and enacted automatically by a computer/network system e.g. the login process. Supplements procedural and physical controls. Automatic system processes that continuously or periodically confirm the correct operation of security controls e.g. by scanning intrusion logs for intruder alerts, re-calculating and comparing against stored hash values for critical files etc. The assurance that data/information, data processing functions and communications services will in fact be ready for use by authorised users when and where expected or required, without unacceptable delay. Part of the CIA triad. Some situations may require the use of fault-tolerance techniques to ensure systems and networks remain on-line 'round-the-clock' (also called '24x7' or '24x365'). See also threat, vulnerability, impact and risk. Backdoor A hole in the system access controls deliberately installed by designers, maintainers or hackers. Hidden software or hardware mechanism used to circumvent access controls and allow unauthorised access e.g. the "Back Orifice" Trojan. Some backdoors, originally installed for legitimate purposes (e.g. for support access to a database), are now being exploited illicitly by hackers. See also trapdoor. The process of making one or more duplicate copies of data and/or systems for safe storage (normally in a firesafe, often off-site), such that if the original data or systems are lost or otherwise unavailable, the backups may be retrieved and reloaded, possibly at a secondary (recovery) site. The ability to restore data and data structures from backups (onto a test system, NOT overwiriting the original data!) should be tested occasionally to ensure their effectiveness despite any configuration changes on the systems. See also hot site and warm site. A hardened server, specifically designed to resist hacker attack and located on the network in a position likely to come under attack (e.g. in the DMZ or outside on the public Internet). Widely-implemented formal model of computer security describing a set of object access controls based on the combination of information sensitivity (indicated by classification labels) and subject authorisation. BIND (Berkeley Internet Name Daemon), Bindview Widespread UNIX networking program that implements DNS services. Has been the target of numerous security exploits and patches. Use of a person's physical bodily characteristics (e.g.nbsp;fingerprint, retina pattern, facial features, voice) to determine their identity. Potentially more reliable than password systems if properly designed and implemented, but may be vulnerable to false positives and false negatives, and (with inadequate encryption) to simple replay attacks. BIOS (Basic Input/Output System) When a computer or network system starts up, it initially loads and runs the BIOS, a miniature operating system, normally from firmware (e.g. EEPROM chip). The purpose of the BIOS is to run 'Power On Self Test' (POST) hardware checks and mount certain system devices (such as the boot partition on a PC's C: drive and the console terminal) then load and run the main operating system. On a modern PC, the BIOS may apply some security controls (e.g. to prevent a hacker loading an unauthorised operating system from floppy disk) but this requires that the BIOS settings are themselves secured against modification by the hacker: difficult to do if the hacker has physical or logical access to the BIOS firmware. Cryptanalytical technique relating to the counter-intuitive statistical fact that there is a 50:50 chance that two people in a random group of just 23 celebrate their birthdays on the same day, although it is much less likely that one particular person will share the same birthday with anyone else in the group. Commonly used to attack weak hashing functions such as those used by some operating systems to store user passwords. Figurative term for 'the bad guys' - fraudsters, crackers or hackers with malicious intent towards a target network or system (cf. 'white hats' and 'grey hats'). A type of encryption function that encodes plaintext in fixed-bit blocks using a key whose length is also fixed in length (cf. stream cipher). A 64-bit block cipher having key lengths of 32 to 448 bits. Some 30 years ago, phreakers discovered that they could manipulate certain public telephone systems by sending unauthorised network control signals (audio tones) from handsets, initially using flutes (such as the infamous penny-whistle gift in Cap'n Crunch serial packets) and then more sophisticated electronic devices (one legendary version of which was a box painted, er, blue, hence the name). Wireless LAN specification that includes both link layer and application layer definitions. Operates on microwave radio using 79 frequencies at 1 MHz intervals across the 2.4 GHz band, using spread spectrum frequency hopping at up to 1,600 hops/sec (giving a "high degree of immunity" to noise or deliberate 'jamming' interference) and full-duplex signals (giving a maximum data rate below 1 Mbps). Mostly intended for networking small portable devices. As with other wLANs (e.g. Wireless Ethernet, HomeRF, Infra Red), several information security vulnerabilities exist and, according to Bomb, crash, Blue Screen of Death, bugcheck, crashdump, mail bombA gross software, firmware or operating system failure that completely stops execution of the function, program or entire system, i.e. it reduces system availability. 'Blue Screen of Death' (BSoD) refers to the typical colour of an exception (system failure) message reporting a complete failure of a computer operating system (also known as a bugcheck or crashdump). 'Mail bombing' refers to hackers sending large volumes of unsolicited EMAILs to a target in an attempt to overload and crash the mailserver. Boot, bootstrap, master boot record, boot sector When computers initially start-up from cold (typically when the power is switched on), they normally go through a standard boot (short for bootstrap - as in pulling oneself up by one's bootstraps) sequence during which they do a Power-On Self Test (POST) to confirm that the system devices are working normally, then load the BIOS from firmware or other boot media, then load the full operating system from disk. This latter step involves loading the partition table from the disk's master boot record (normally its first logical sector) and then system files from another special reserved area called the boot sector. Because the master boot record and boot sector files are the first readily-accessible files loaded by a system and they are loaded with full system access rights, they are targeted by so-called boot-sector viruses. Breach, compromise, incident, violation The materialisation of a risk i.e. the defeat of defensive security controls which actually does result in unauthorised penetration of the system, a loss of system/data integrity, loss of availability etc. A violation of the defensive controls in a particular information system such that information assets or system components are unduly exposed. An intrusion into a computer system where unauthorised disclosure, modification or destruction of sensitive information has or may have occurred. Can include probes, physical events (vandalism, computer room floods/fires, power outages etc.), virus infections, worms etc. See also exploit and intrusion. A network device interconnecting two or more networks that passively transfers data packets between them at the data link or network layers. In contrast to a brouter or router, a bridge has very limited data processing functionality except for the decoding of packet addresses and basic packet integrity checking. It generally does not filter traffic. Broadcast cryptanalysis (also known as Chinese Lottery) Theoretical idea originally published in Applied Cryptography that the Government could distribute specialised key-cracking chips built-in to all new TVs and radios, then broadcast keys over the airwaves to all of these devices for them to attack. The state might run it like a lottery with comparatively small prizes so that lots of people would tune in and receive keys, and would call up with the 'winning' code. Given correct deployment and good luck, it has been calculated that the population of China could crack 56-bit keys efficiently. See halfbakery website for more information. Networks can be swamped by devices that generate huge numbers of packets, whether deliberately (as in Denial of Service attacks caused by so-called Kamikaze, Christmas Tree or Chernobyl packets) or through network faults (including accidental mis-configuration or hardware problems). Nodes which rebroadcast multiple duplicate copies of packets to all nodes can be particularly entertaining or disruptive, depending on your point of view. A network device interconnecting two or more networks which passively transfers certain types or classes of data between the networks but actively filters, blocks or modifies others - a combination of bridge and router. Someone who casually looks around a computer system's files and parameters, looking for 'interesting' files or security vulnerabilities. Often precedes a hacking attempt. Describes a direct frontal method of attacking a target head-on e.g. trying all possible combinations of characters to guess encryption keys or passwords (e.g. see Crack), or 'ram-raiding' (thieves who use cars to smash through windows or walls). British Standard Code of Practice for Information Security Management. First published by the UK Department of Trade and Industry as a Code of Practice, then formalised as BS 7799 in February 1995 by the British Standards Institute. The standard was updated in May 1999 and split into two parts: Part 1 defines a controls framework and processes for establishing and maintaining an adequate level of information security. Part 1 became ISO 17799 in December 2000. Part 2, currently being revised, formally describes an information security management system in the form of a compliance checklist against the control objectives and controls listed in Part 1. BS 7799 certification involves being assessed against part 2. This happens when more data is put into a buffer (a holding area in memory) than it can handle, normally due to a mismatch in processing rates or data length between the data-producing and consuming processes. Buffer overflows can simply cause system crashes (e.g. in Denial of Service attacks) or may be deliberately exploited by skilled hackers to modify (overwrite) program code or data in normally inaccessible areas of memory with arbitrary code and thereby penetrate security defences (e.g. to gain privileged access). An unintended property of a software program or piece of hardware, especially one that obviously causes a gross malfunction (overt bug) but also one that causes an unrecognised or seemingly trivial problem (cryptic bug). It has been estimated that less than 10% of the bugs in commercial software known by developers are ever noticed and reported by users. Bugs in commercial software that expose security vulnerabilities are frequently reported through Internet security news groups etc., followed later by patches from the software vendors concerned. Caesar cipher Very weak encryption algorithm involving simple character substitution, used by the infamous Roman soldier Julius Caesar. Each character in the plaintext message is substituted with that obtained by rotating a certain number of positions (the key) through the character set to generate the equivalent ciphertext. Decryption simply involves reversing the direction of rotation. Cryptanalysis is straightforward as underlying linguistic patterns (such as character frequencies) are not obscured, there are relatively few keys to check (one per member of the character set, less one), and each character in the plaintext always translates to the same ciphertext character for a given key ('monoalphabetic'). Relatively simple control used by certain so-called secure telephone modems, whereby remote callers authenticate themselves to the modem, the modem drops the connections and then dials the callers back (generally on pre-defined phone numbers) before proceeding. May be vulnerable to attacks on the authentication mechanism, dial-back database, telephone systems etc. Early 1990's U.S. "Capstone Project" to develop the Clipper chip, resulted in many of the government crypto standards including Skipjack, DSA and SHA.. The Escrowed Encryption Standard (EES) specified a Law Enforcement Access Field (LEAF) that would allow messages to be decrypted by the Government - public outcry at this facility led to the demise of the project, presumably due to distrust of the Government's motives or competence. Name of sniffer system deployed by U.S. FBI under Court Order to intercept and record EMAIL messages to or from a specific IP address or individual user, for the purposes of collecting evidence to support a prosecution. Compact Disk - Read Only Memory data storage device. Useful to store a known good copy of operating system and application program files on a hardened server, as the CD-ROM itself cannot be modified or replaced without physical access to the drive (although it may potentially be bypassed or modified in software if the system is insecurely configured). See digital certificate. [information security] Certification Process by which an independent accredited certification body assesses the information security controls in a computer/network system or organisation against formal criteria (e.g. ISO 17799 or TCSEC) in order to decide whether to award a certificate of compliance. Certificate or Certification Authority (CA) The trusted top-level function/s in a PKI that actually creates valid digital certificates, issues them to authenticated users through Registration Authorities, and revokes them when necessary using the Certificate Revocation List, according to the Certification Practice Statement. Usually generates the users' public and private key pairs directly, although this function may be delegated to local Registration Authorities. Given that one of the main purposes of digital certificates is to authenticate their holders, users place a high degree of trust in the CA's ability to perform this authentication properly, and to maintain confidentiality of its own private key (preventing others from forging certificates). Certificate or Certification Practice Statement (CPS) Formal document describing the structure and operating rules of a PKI. Defines the extent of legal liabilities on the Certification Authority, for instance, and the encryption algorithms and related parameters to be used. CGI (Common Gateway Interface) scripts Server-side programs used to generate dynamic/interactive HTML web pages according to the content of data obtained from the web server. A common source of website vulnerabilities, such as buffer overflows. See also ASP. Challenge-response, negotiation Refers to the sequential process commonly followed to authenticate a user or system to another, whereby: (a) one party issues a challenge, expecting a particular response, (b) the other party duly responds, (c) the first party validates the response to confirm the other's identity. Typical examples are the conventional login process and the establishment of an encrypted network session e.g. using SSL. Log of changes made to a system. Usually entries are created manually but some systems automatically generate change records (which often require manual annotation to provide a complete record). Well-managed systems normally incorporate or are supported by controls to prevent and/or detect unauthorised changes such as the introduction of untested software or viruses. CHAP (Challenge Handshake Authentication Protocol) Challenge-response TCP/IP protocol used to authenticate systems using PPP (Point-to-Point Protocol), as defined in RFC1994. Error-control (data validation) technique that typically uses a hashing function to identify a loss of message or file integrity (i.e. if the data content has been altered in transit or storage). The simplest form is a parity check - a single bit which is set if the number of other set bits in the byte is even, or is reset if there are an odd number of other set bits: although this would not necessarily identify message truncation or other multiple bit changes, it is used for example to detect errors in memory cells. 'Cryptographic checksums' are more reliable but slower to compute. Another simple data validation technique, comparing a key parameter (such as the total number of data items) before and after another function. Separately calculating and comparing column- and row-wise grand totals is a common control in spreadsheet systems, for example. Chosen or known plaintext attack Cryptanalysis technique in which the cryptanalyst possesses both the section of plaintext and the corresponding ciphertext. The known plaintext forms a crib. CIA (Confidentiality, Integrity, Availability) triad By common consensus, effective information security delivers this trio of desirable data/system characteristics: confidentiality (secrecy), integrity (completeness, accuracy, relevance) and availability (access as and when required). Other functional benefits of information security controls (such as non-repudiation) can generally be categorised within CIA (non-repudiation could be considered an important factor determining the integrity of a communications process). The encrypted and unintelligible output version of a plaintext input having been fed through an encryption algorithm. Provided a 'strong' encryption algorithm is used (i.e. one that is highly resistant to cryptanalysis), it should be virtually impossible to reconstruct the plaintext from the ciphertext without knowledge of the secret encryption key/s. Simple type of proxy firewall which validates and sets up the connections, thereafter passing packets between the networks with minimal processing or filtering. CISA (Certified Information Systems Auditor) Internationally-recognised qualification for computer auditors, awarded by ISACA. CISSP (Certified Information Systems Security Professional) Increasingly widely-recognised qualification for information security practitioners (see (ISC)2 website for more information, also GIAC and CISA). CLAS (CESG Listed Advisor Scheme) Scheme run by UK CESG (Communications and Electronics Security Group)to assess and certify advisors for sensitive government information security work etc. See plaintext. CLEF (Certified Licence Evaluation Facility) Name of an agency accredited by the UK Government to evaluate and certify information security products according to the ITSEC criteria. Type of cable used for radio transmission and data networks, consisting of an inner conductor surrounded by a dielectric insulating layer and metallic shield, with an outer plastics sheath. Low quality coax does not have a complete shield and therefore radiates some signal and is more susceptible to external interference. See also UTP and fibre-optic cables. The straightforward conversion of a message or other data to or from a defined format, generally by a published and freely-available simple algorithm or method (cf. encryption, decryption). The term 'computer coding' usually refers to software programming since 'computer code' usually means software. Cold site Location to which computer operations may be moved under a Disaster Contingency Plan in the event of a major physical disaster at the primary site. To save costs, a cold-site may be fitted with air-conditioning and mains power but not normally computer or networking equipment, therefore it can easily take a week or more to fit-out and bring a cold-site into effect (cf. warm-site, hot-site or dual-live setups). Name of the world's first computer built at "Station X" (the Government Code and cipher School at Bletchley Park, England) to decrypt Lorenz messages during the second World War. For the full story, see The Bletchley Park Trust website. International version of information security evaluation schemes such as TCSEC and ITSEC run by the US and UK governments respectively. Aims to establish ISO standards for information security and globally-acceptable evaluation and certification processes. Where redundant parts of an information system/network share certain characteristics, they may both be simultaneously vulnerable to the same common threat (e.g. the year 2000 problem simultaneously threatened billions of systems worldwide). Competitive Intelligence (CI), Business Intelligence (BI) More-or-less legitimate use of an organisation's general staff and resources to maintain vigilance on competitors and market developments, channel the disparate information sources to analysts, and distribute the results to those with a need to know. The breadth of inputs to a CI system is hard to match by directed information gathering, but combining sources and assessing the information quality in near-real-time are serious challenges even for modern artificial intelligence systems. See also industrial espionage. State of conformance with requirements laid down in strategies, policies, procedures, guidelines, standards etc. A compliance audit, then, seeks to verify that the subject has not 'broken the rules' (at least not without good reason). See breach. Wilful or negligent unauthorised activity that affects the confidentiality, integrity and/or availability of computer resources, including fraud, embezzlement, theft, malicious/accidental damage, unauthorised use, denial of service, misappropriation, data modification, disclosure or destruction. Specialised branch of auditing concerned with examining and advising on the information security controls environment (technical and procedural controls) within and surrounding computer systems and networks. Typically includes reviewing, testing and advising on information security control frameworks, system security architectures/designs, logical controls, software development projects, operational systems, end-user and system administrator procedures, computer room facilities, computer security incidents etc. Crime involving deliberate misrepresentation, alteration and/or disclosure of computer data in order to obtain unauthorised access to valuable assets (e.g. logging on to a bank system through another person's user ID or sending a forged EMAIL to authorise an illegitimate money transfer). See also extortion. Technical and managerial/operational procedures applied to computer and network systems to ensure the confidentiality, integrity and availability of data and data processing systems. Assurance that sensitive information will be kept secret, with access limited to appropriate authorised persons, program functions etc. using access controls such as limited logical access rights and restrictive clauses in employment contracts limiting disclosure of trade secrets etc. Part of the CIA triad. Configuration management, change control Few controls operate fully and automatically when systems or networks are initially installed, leaving them vulnerable until such time as they are properly set-up. Furthermore, even after a system/network has been securely configured, the accumulation of miscellaneous changes tends to reduce the level of security gradually over time. Effective configuration management or change control is therefore itself an important part of a strong information security framework, typically used in conjunction with security testing/penetration testing and computer auditing. The preparation of emergency action plans in the event of some disaster or crisis, such as a major fire, disk failure or fraud (usually comprising DCP/DRP and/or BCP). Contingency arrangements can vary from little more than mobilising a rapid reaction team to deal with the immediate situation (crisis plan) to long-term commercial arrangements for restoration of operations, IT systems and data at alternative locations. See also dual-live, hot-site, warm-site and cold-site. Action, device, procedure, technique or other measure that reduces the vulnerability of a computer system or network to one or more threats, or reduces those threats (preventive controls), or reduces the impact should breaches occur. (See also detective and/or corrective controls). Some website servers are configured to send cookies - small text files typically containing simple information to identify the user, date and time - to users' client systems via the browser software. At a later time (in the same or subsequent sessions), the cookies may be sent back to those webservers for further processing. Insecurely-configured websites have been known to store confidential data in cookies, even though these plain text files may easily be read or modified on the client PC and, in some cases, may even be accessed by different websites to those which issued them. Most modern browsers incorporate functions to manage cookies. COPS (Computer Oracle and Password System) Public-domain program that identifies certain security risks on a UNIX system, such as null (non-existent) passwords, world-writeable files, mis-configured Anonymous FTP and many others. See also SATAN. Software written in most countries is automatically protected under copyright law as a "literary work" to discourage unauthorised copying or use, unless these rights are explicitly waived by the owner/originator (see public-domain software or freeware). Someone who purchases a commercial software package rarely owns the software as such, but merely buys certain limited rights to copy and use it according to in the licence conditions. See also Anton-Pillar and patents. A class of information security controls designed to reduce the impact of certain breaches by restoring the system more-or-less to the unbreached condition e.g. restoring from backups (cf. preventive and detective controls). Please see control. A public-domain UNIX-based utility that attempts to identify the use of SATAN. Named as in "Caught any [hackers]?" Illicit mechanism for secretly sending information out of a system or organisation to a remote recipient, or vice-versa, often involving a process not intended for [that form of] data communications e.g. timing or performance differences, out-of-band signalling or disk areas beyond end-of-file markers. Some Internet-enabled software applications use the Internet as a covert channel to send certain data to the software vendor. Semi-legitimate purposes might include the communication of information to monitor compliance with software copyright licence terms. However, essentially the same mechanism could potentially be used for unauthorised dissemination of confidential information, including personal data. Even the simple fact that the mechanism is covert will often create distrust. Hacker program that tries to 'guess' passwords by brute-force attack i.e. it sequentially hashes words from a dictionary (which may include usernames in various combinations) or formed from random characters, and compares the result with the values stored in a password file (usually stolen). On a fast system, Crack can guess hundreds/thousands of passwords per second and is highly effective. More generally, the term 'cracking' implies brute-force attacks on encryption keys including those used to enforce copyright protection. Some people refer to malevolent hackers with malicious intent as 'crackers' to distinguish them from those who merely seek the intellectual challenge and pleasure, or ethical hackers who are authorised and usually paid by the client to attack their systems. In practice, it can be very difficult to tell them apart. Both types represent information security threats but crackers are more likely to break things deliberately and wilfully. CRAMM (CCTA Risk Analysis and Management Method Structured, formal risk assessment method, developed for UK Government use and these days available as a Windows PC package. CRAMM is thorough, requiring a large amount of user input. It mechanistically recommends what it regards as appropriate controls from a large database of potential controls, in order to address the identified risks. CRAMM is currently being extended to incorporate ISO 17799, although this appears to be a separate module not fully integrated within the main process. Sudden termination of data processing by a computer or network, typically caused by a bug, power glitch or hacking attack. 'Crash' refers to the dramatic end. 'Abend' (IBM mainframe term) stands for 'abnormal end'. A system which 'hangs' has typically got stuck in an infinite processing loop and may have to be shutdown and re-booted to resume normal processing. All ofthese events, of course, impact system availability. Simple error-correction scheme to increase data integrity. A section of plaintext that is already known or readily guessed (also known as chosen plaintext) becomes a clue to aide the cryptanalyst. The extensive use of standardised words, terms and phrases means modern-day EMAIL messages etc. are replete with potential cribs. Similarly, wartime cryptographers at Bletchley Park arranged for naval mines to be dropped by the Allied Forces at specified map grid positions, knowing that the Axis Forces would report those same positions accurately in encrypted messages. Critical, essential, crucial, vital, irreplaceable Certain assets are so important to an organisation that their loss, damage and/or unauthorised disclosure would be devastating, extremely expensive, severely disrupt operations and/or impact safety. IT assets that fall into this category include computer suites and major systems, networks and servers (especially those running or controlling core operations or involved in maintaining safety); most shared databases and data (e.g. customer lists, financial records, engineering designs, personal data); many computer disks, key system files and bespoke applications; encryption keys; experienced IT staff; and many many more. Such assets should be ideally identified and classified through an explicit, comprehensive and formal/structured risk assessment process and suitably protected through appropriate information security confidentiality, availability - in practice, most organisations follow an informal process if any, sometimes leaving serious gaps in their defences that are (hopefully) never exploited except perhaps during a major disaster (hence the need for effective disaster contingency planning). CRL (Certificate Revocation List) List maintained within a PKI of digital certificates that are no longer valid. After a given certificate is presented but prior to being accepted, the recipient is supposed to check against the CRL in case it has been revoked (withdrawn or invalidated). In a biometric user authentication system, the CER is the error rate at which false-acceptances happen as often as false-rejections. The mathematical/statistical and linguistic analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data such as keys and plaintext. Operations performed in converting encrypted messages (ciphertext) to plaintext without initial knowledge of the encryption algorithm and/or key employed in the encryption, e.g. chosen plaintext attack. Specification and/or embodiment of the process and algorithms for encrypting and decrypting data. The mathematical science concerning the principles, means and methods for concealing the meaning of messages, if not their existence, rendering plaintext unintelligible by a defined algorithm and for converting ciphertext back into intelligible form. Includes the study of encryption strength and theoretical proofs. See also steganography. CSS (Content Scrambling System) Encryption system used to copy-protect Digital Versatile Disks (DVDs) that was famously cracked by the DeCSS and Speed Ripper hacker tools. A club of certain individuals, organisations or systems that are invited to join together for common interest, excluding others (may be connected by a VPN or similar mechanism). CVE (Common Vulnerabilities and Exposures) On-line dictionary or list maintained by The MITRE organisation to standardise references to computer vulnerabilities, bugs, exploits and other information security exposures. CVE-compliant information security products (e.g. most anti-virus packages) indicate the unique CVE numbers for exposures they recognise, facilitating cross-referencing. Certain terrorist and activist groups have recognised the ease with which they can threaten and disrupt targets using the Internet, through hacking techniques such as Denial of Service attacks, extortion and adverse publicity, leading to the term cyberterrorism. Daemon The name of a background (memory-resident, normally-running) system program, process or service that continually monitors for certain events (e.g. the arrival of network traffic) and then acts on them (e.g. passes the data to the appropriate destination service). A typical system security daemon monitors all logical access attempts and deals appropriately with those which are unauthorised e.g. creating a security log entry and denying access. The electronic, symbolic representation of information (descriptions, values, pictures, commands etc.) as a sequential series of discrete digital bits or arbitrary analogue values within a certain range, grouped together in bytes, words, files, packets, messages etc. To fellow pedants: 'data' is the plural form of 'datum'. The formal name for a packet. According to RFC1594, a datagram is 'a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network'. Type of hack that injects malicious code into target systems through seemingly-innocuous data streams that in fact gets interpreted by the target system as executable code or commands. May be used to bypass firewalls. Debugging a program involves modifying the source code to eliminate bugs revealed by testing. Programmers sometimes insert special functions into their programs in order to activate extended error reporting, jump directly to suspect parts of the code, bypass security checks etc.: if these 'debug modes' remain available after the program is released, they may be used illegitimately by hackers to gain unauthorised access. Separate debugger utilities may be used to examine and modify the code, system buffers etc. as a program is executed: these can also provide useful information to hackers intent on revealing how built-in security features (e.g. copy protection schemes) operate. The logical inverse of encryption i.e. the process of recovering plaintext from ciphertext. DeCSS (De-Content-Scrambling-System) Application/software tool to crack the CSS copy-protection system used on Digital Versatile Disks (DVDs). The existence and spread of DeCSS demonstrates the veracity of Bruce Schneier's frequent assertions that the use of encryption is not of itself sufficient to guarantee confidentiality. The publication of potentially libellous or slanderous comments against an individual or organisation. Staff in most organisations may potentially distribute defamatory comments (for example by EMAIL or publication on corporate or private websites), rendering them and/or their employers legally liable to being sued. Defamation is, but is not widely recognised as, a widespread threat due to the ubiquity of EMAIL+ and lack of appropriate controls (such as EMAIL usage policies) in many organisations. Most software applications are initially configured using a single installation username or ID, pre-loaded by the software vendors into their products, along with the corresponding default password, prior to distribution. This rudimentary key distribution mechanism results in the default ID and password combination becoming widely known. To make matters worse, software installation necessarily requires privileged access to the system. Users who fail to disable the default ID/password after installation therefore render themselves liable to being hacked. Name of an infamous annual hackers' conference in America, named from a contraction of the military term 'defense condition'. DefCons are well known for their tongue-in-cheek 'spot the Fed' competitions, as well as the hacking of hotel security and telephone systems etc. and other unruly exploits by attendees. See war dial. Denial of Service (DoS) attack An attack which prevents any part of a computer or network system from functioning in accordance with its intended purpose by denying or delaying access to the service, its inputs or outputs i.e. it reduces availability, one of the three core elements of information security. DoS attacks are fairly commonplace on Internet webservers, partly because of inherent vulnerabilities in the TCP/IP protocols. DES (Data Encryption Standard), DEA (Data Encryption Algorithm) A symmetric cryptographic algorithm, a block cipher, popular in the finance industry. DES with a single 56-bit key (plus 8 parity check bits) survived public scrutiny since the 1970s and was therefore widely trusted until it was demonstrably cracked by brute-force attacks in the late 1990's. It is still widely used in triple-DES (3DES, or TDEA [Triple Data Encryption Algorithm]) form, a more secure, albeit slower, algorithm that repeats the DES encryption three separate times with different keys (most purportedly triple-DES implementations, however, in fact use only two keys: key A for the first round of encryption, key B for the second, and key A again for the third). Being replaced by the new Advanced Encryption Standard defined by NIST. Establishment of the occurrence of an information security incident. A class of information security controls such as Tripwire, designed to identify particular security breaches after they have occurred (cf. preventive or corrective controls). A sub-class of preventive controls that are designed to prevent breaches by deterring potential perpetrators e.g. pre-logon banners that warn of the intent to prosecute hackers (see also detective controls and corrective controls ). DHCP (Dynamic Hosct Control Protocol) Protocol used to issue IP addresses to workstations dynamically on a LAN, or to high-speed dial-up users. See call-back. Form of cryptographic attack in which plaintext words from a dictionary are sequentially encrypted and compared with a section of ciphertext, looking for a match. A classic example is the Crack program which uses a dictionary comprised of usernames and common/well-known/default passwords (amongst other words) in an attempt to break weak passwords. Public-key encryption algorithm used mostly for exchanging symmetric session keys, published by Whitfield Diffie and Martin Hellman in 1976. Its strength rests, apparently, on the difficulty of computing discrete logarithms in a finite field generated by a large prime number. Although Diffie and Hellman were the first to publish the idea of public-key cryptography, the same concept is understood to have already been invented by the UK Communications Electronic Security Group but remained secret. Electronic representation of an identification certificate or passport, issued by a certification authority to a bona fide PKI user, stating identification information, validity period, the holder's public key, the identity and digital signature of the issuer, and the purpose/s for which it was issued (e.g. encryption, signature etc.). Certificates are digitally-signed by the issuer to guarantee their authenticity. A person or system presenting a valid digital certificate is inherently trusted by a recipient who assumes the invulnerability of the associated system of cryptographic and other controls. Data that allows the source of an information asset to be verified, for example the particular nature, sequence and timing of a hacker's activities recorded in the system security logs may reveal the hacker's tools, or copyright information may be hidden within a computer image (steganography). Digital Millennium Copyright Act (DMCA) 1998 American law defining copyright protection for digital publications such as DVDs. Data including a hashword encrypted with the issuer's private key and appended to a file or digital certificate, that can be verified by decrypting with the issuer's public key to prove the integrity and source (i.e. authenticate the user, rather like a traditional written signature) Steganographic technique for storing copyright/ownership information unobtrusively in a program or data file e.g. using small changes to pixel luminance data in a digital image. The goal of image watermarking techniques is to survive image manipulations (e.g. format conversion, printing-and-scanning) without requiring visible changes to the image. DISA (Direct Inward System Access) Feature of many PABXes that allows exernal callers to access internal telephone extensions directly, without the need for separate external phone lines for each phone. Disaster Contingency Plan (DCP), incident plan Plan describing the initial responses (at least) to a physical or logical disaster scenario affecting valuable or sensitive resources and services. Generally links to other emergency plans (e.g. crisis plans, emergency services call-outs) to stabilise and assess the immediate post-disaster situation, before calling on specific disaster recovery plans for long term restitution. Plan should be proactively maintained and regularly tested to ensure continued effectiveness. Disaster recovery, Disaster Recovery Plan (DRP) Process leading to plan describing the steps required to recover critical resources and services to a usable state in the aftermath of a more-or-less specific disaster (e.g. by retrieving data from backups, installing replacement LAN equipment etc.) to minimise the impacts. Disaster situations commonly considered are physical site disasters (fires, floods, explosions), major data losses (e.g. disk failures), major frauds, virus infections, unauthorised systems accesses (hacks) etc. Plan should be proactively maintained and regularly tested to ensure continued effectiveness. The revealing of sensitive information. Unauthorised disclosure of company secrets represents a loss of confidentiality. See also full disclosure. Discretionary Access Controls (DAC) Access control rules that may be modified and/or bypassed by users with the appropriate system rights or privileges (cf. mandatory access controls). Distributed Denial of Service (DDoS) attack A form of Denial of Service attack using hundreds or thousands of 'slave' machines simultaneously targeting the system/s under attack, all initiated and/or co‑ordinated in concert by one or more 'master' systems. Control concept. Certain roles (e.g. writing and signing company cheques) are defined as being mutually exclusive, therefore an individual person should not be permitted to perform both roles. May involve procedural and/or automated controls. Section of network between outer (Internet-facing) and inner (LAN-facing) firewalls, in which hardened web servers, DNS servers etc. are generally located. The outer firewall provides a degree of perimeter access control but permits certain TCP/IP traffic to reach the DMZ servers. The inner firewall provides additional isolation for the LAN. DNS (Domain Name System or Service) General purpose, distributed, replicated, data query service used to lookup IP addresses based on of host names. DNS servers, typically running Bindview, communicate over the Internet to cross-reference numeric IP addresses with their corresponding human-friendly alphanumeric URLs such as http://www.didge.com. The DNS protocols (defined in STD 13 and RFCs 1034 and 1035) have inherent vulnerabilities (e.g. see web spoofing), whilst poor network configuration leaves many websites dependent on single DNS servers and hence vulnerable to server outages, Denial of Service attacks or other availability problems, and DNS hijacks. By manipulating DNS records, hackers have been able to hijack or redirect http traffic intended for certain websites to different websites under their control. Various hacking methods have been tried, including direct technical reconfiguration of network devices and social engineering (fraudulently persuading system/network administrators to alter the DNS routing tables). See also TCP hijack. Logical grouping of related objects. Windows NT uses domains to group systems and users sharing the same information security policies (primarily system access rights). Hardware device used to enforce software licences and/or supply encryption functions. Typically consists of a physically-robust plastic or metal case on a datacommunications plug, containing custom integrated circuits etc. which may be tamper-resistant. Dongled applications usually will not run unless the corresponding dongle is plugged-in to a computer port. DSA (Digital Signature Algorithm) and DSS (Digital Signature Standard) Crypotographic algorithm used to generate a hash of a message using the signer's private key. Standard proposed by NIST in 1991. See also Capstone. A control step in a process requiring the co-operation of (at least) two trusted people or systems to authorise the next step e.g. 'management authorisation' of transactions initiated by staff. If responsibilities are taken seriously and both parties are competent and diligent, dual-control reduces the probability of data errors, information theft or fraud unless there is collaboration between the individuals. Server with two (or more) network interfaces connected to different networks, acting as a firewall/router between those networks and generally implementing security controls (e.g. packet filtering). Systems/network architecture involving simultaneous duplicate data processing by two separate computer sites, such that either one can continue working normally, taking the full load, if the other suddenly becomes unavailable e.g. as the result of a disaster situation. See also hot-site, warm-site and - you guessed it - cold-site. Dumpster diving The practice of searching for sensitive information (such as user IDs and passwords) by rummaging around in insecure rubbish bins ("dumpsters"). Users who fail to dispose properly of printouts, system manuals, diskettes, corporate phone directories etc. may inadvertently provide hackers with the hints they need to break in, or may directly disclose secrets to spies. A user being threatened or forced to use a system incorporating a duress function may surreptitiously enter a secret code (e.g. a special password or key sequence) to trigger a silent alarm, alerting security staff, whilst appearing to use the system normally. EAP (Extensible Authentication Protocol) Protocol which supports multiple authentication mechanisms. Typically runs directly over the link layer without requiring IP and therefore includes its own support for in-order delivery and re-transmission. While EAP was originally developed for PPP, it is also now used with IEEE 802. For more information, see RFC 2284. Hidden, whimsical function embedded in software by bored programmers. Easter eggs contribute to 'bloat' i.e. excessive size and complexity of modern programs and may even impact system security (they can hardly enhance it!). Their presence in publicly-available commercial packages possibly indicates insufficient code coverage by system testers. See www.eEggs.com for over 2,000 examples, including a crude pinball game in Word97, activated by a specific key sequence. U.S. Government's worldwide system of electronic communications monitoring stations. Given the resources available, poses a threat to information security for (non U.S.) government, military, commercial and personal communications. EDI (Electronic Data Interchange) Early business-to-business communications protocol, pre-dating modern Internet eCommerce standards such as XML. EFF (Electronic Frontier Foundation) Infamous hacker and civil-liberties group founded in 1990 in San Francisco. Particularly concerned with freedom of speech, privacy and related issues, including encryption and privacy. Refer to the EFF website for more information. Feature of the Windows NT File System in Windows 2000 that transparently encrypts and decrypts disk files on-the-fly using an "enhanced version of DES". The idea is that even if a hacker obtains direct physical access to an NTFS disk volume (e.g. a stolen laptop computer), he/she will find it difficult to decrypt the data protected by EFS without the user's private key. The initial implementation is relatively limited in functionality and security and is incompletely integrated with the host operating system but is likely to be enhanced by Microsoft in future releases (e.g. private keys may be stored on smartcards not just on disk). For more detailed technical information on EFS, see this article on the 'Network Windows and .Net magazine' website (not a Microsoft source). EFT (Electronic Funds Transfer) Generic term for on-line payments. Prior to Antivirus software vendors include a standard recognition sequence in their software for users to test the detection and reporting mechanisms, without using an actual virus. A plain text file containing the sequence, but named with a .COM extension, is executable and will display the message EICAR-STANDARD-ANTIVIRUS-TEST-FILE! The sequence is: X5O!P%@AP[4\PZX54(p^) 7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* Family of 'zero-knowledge' methods/protocols for securely exchanging cryptographic keys over an insecure link, developed and patented by Steve Bellovin and Michael Merritt of Bell Labs. See also SPEKE. Mathematical technique for speeding up public key cryptography and selecting stronger keys. Click here for more information. System originally used for sending plain text messages between users via networks, now used to exchange all manner of plain or formatted text, audio and graphical files, executable programs, encrypted data etc. The speed, convenience and low cost of EMAIL has led to it becoming an integral part of modern life to the extent that Denial of Service attacks on EMAIL servers or networks (such as those caused by viruses and worms) can cause widespread disruption and aggravation. Illicit use of another's resources entrusted to one's use or safekeeping for selfish gain. In an information security context, a typical example is someone who runs his own private software development business using his employer's computers, compilers etc. See also fraud and extortion. Emergency Repair (or Recovery) Disk (ERD) Windows introduced this name for a boot disk containing certain essential operating system files and utilities designed to help a knowledgeable user recover a crashed Windows PC system manually, a process not for the feint-hearted. As a last resort, it can be useful when the system is rendered unbootable from C: (e.g. damage to system files caused by a virus or accidentally). Don't forget to write-protect the disk! Encrypt, encryption, decrypt, decryption The mathematical process of converting a plaintext input string into ciphertext output string using a cryptographic function (e.g. DES) and one or more encryption keys. Cryptographic functions or their implementations may have vulnerabilities e.g. the hashing algorithm MD4 was originally believed to be strong but has since been shown to be insecure. See also PKI. Encryption key, key pair, cryptovariable A string of symbols, characters or bits used to determine the way the encryption function converts the plaintext to the ciphertext or vice versa, or to set the encryption algorithm to a known starting state (seed value). The length of the key (which determines the maximum number of possible keys - the keyspace), coupled with the particular algorithm used, determines the theoretical strength of the encryption function since small keys may be guessed much more readily by brute-force attacks, and weak encryption algorithms may be attacked directly by cryptanalysis. Note: public-key encryption uses matched complementary public and private key pairs, whereas symmetric cryptography uses the same secret key for both operations. Ingenious symmetrical encryption/decryption device using coded wheels and a patchboard, used by the Axis forces during the second World War and for some commercial communications beforehand. Physically resembles a typewriter with a keyboard but with lamps instead of printing heads. For more information, see The Bletchley Park Trust website. Natural physical process whereby a system 'tends towards disorder' unless energy is applied to keep it straight. Entropy typically causes control systems to decay gradually, becoming less effective over time unless system/network administrators and others make the effort actively to enforce and maintain the controls. The term is sometimes used in cryptography to mean 'degree of randomness'. Collection of hacking techniques used to solicit information about a network system and/or its users through the network. Typically used to determine the operating system type and version in order to know whether it would be worthwhile trying exploits that attack known vulnerabilities. Safety feature in many computer suites usually consisting of a wall-mounted bright red shrouded button that, when pushed, triggers the circuit breakers to cut off the mains and UPS electrical power. Intended to be used by operators in the event of a computer room fire, electrical problem etc. However, should be supported by appropriate operator procedures, clear warning signs, and should be tested regularly (e.g. annually). Accidentally pressing the EPO button is a fairly common but avoidable cause of computer outages. By far the commonest threat to information security consists of simple errors, mistakes and accidents by humans, ranging from data-entry errors (typos etc.) to accidentally deleting key files and misconfiguration of systems. Although such events are generally minor and often pass unnoticed, they contribute to the gradual decay of controls through entropy. Well-designed computer systems are relatively (although not completely) immune to accidents etc. as a result of careful and specialist attention to the human-computer interface in particular. Additional control techniques include error logs, error-traps and error-correction. Corrective control whereby a system reverses certain fault conditions. The process may be fully automated (Checksumming is a simple and common example), fully manual (e.g. peer review of computer code to identify bugs), or something in between (e.g. the system highlights errors to human operators). Chronological record of errors detected by a system. See also audit log, application log and system log. Fully or partially automated validation routine to identify and (usually) quarantine erroneous data (e.g. out-of-range data) or conditions (e.g. buffer overflows). Control against accidental or deliberate loss or destruction of a vital piece of data (e.g. proprietary source code or encryption key) by maintaining one or more copies in secure locations, often provided and maintained by a trusted third party such as a commercial escrow agent, lawyer etc. ESP (Encapsulated Security Payload) In IPSEC, ESP conveys the encrypted data part of the packet. ESP can be used in tunnel mode (an entire IP datagram is encrypted and then encapsulated with a cleartext IP header) or transport mode (an upper-layer protocol is simply encapsulated). Provides data confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality for an IPsec VPN. May be used alone or in combination with Authentication Header. The ESP header is inserted between the IP header and upper-layer protocol header (transport mode), or before the encapsulated IP header (tunnel mode). Name of a common hackers' sniffing tool that captures and decodes Ethernet packets. The most popular LAN protocol, initially developed by Xerox and later refined by Digital, Intel and Xerox. IEEE standard 802.3. Runs at 10 Mb/s or 100 Mb/s (fast Ethernet). Specific devices are identified by unique Ethernet addresses, generally hard-coded into their firmware, making it relatively difficult to spoof Ethernet devices (although the BIOS in some Ethernet cards allow higher level software to override and change the card's Ethernet address, and even firmware may be modified by suitably skilled hackers). However, as all data packets normally pass all connected nodes in a given Ethernet LAN segment, a sniffer in promiscuous mode can readily read them even if they are en route somewhere else. See also wireless Ethernet. A form of hacking (generally penetration testing) performed with the explicit permission of the target organisation. True ethical hackers meet the three criteria identified by Harvard professor Samuel P. Huntington to define military professionalism: (1) they have expertise - specialised computer skills and deep technical knowledge; (2) they exercise responsibility - acting in the best interests of their clients not [solely] for personal gain; and (3) they display 'corporateness' - a collective sense of unity and a openness to supervision and control. However, unethical hackers may claim to be ethical in order to get privileged access to information, and even ethical hackers may make mistakes, disrupting use of the target systems - in other words, clients place a high degree of trust in the integrity and competence of people doing the hacking, whatever their title. Description of a security vulnerability and the corresponding attack method and/or hacking tools that will lead to a compromise. Exploits are shared amongst hackers to encourage further systems abuse, and may be published by information security experts to encourage vendors to fix the vulnerabilities. The use of fear, force or authority to obtain something of value illegally from another person. In an information security context, cyber-extortionists have 'held companies to ransom' by demanding money in return for not disrupting their computer systems and networks (e.g. by threatening to trigger logic-bombs, unleash viruses or disclose confidential data typically obtained by hacking or social engineering). See also fraud and exploit. Usually means an extension of an internal TCP/IP-based private LAN to a wider external community of authenticated users over the Internet, using VPN technology to ensure security despite the untrusted nature of the public networks. Factoring Security of public-key algorithms revolves around it being much easier to calculate a very large product from two large prime numbers (used to generate cryptographic key-pairs) than it is to find the pair of prime numbers ('factors') that generates that same product (used to crack the keys). Until such time as number theory advances dramatically, cryptographic attacks typically use relatively crude brute-force methods to test vast numbers of potential private keys: this is a slow process with little probability of success in a useful timeframe if long-enough keys and strong algorithms are used, even on special-purpose ultra-fast key-cracking computers (usually distributed Internet-connected machines, sometimes super-computers and/or parallel processors). Some systems for which availability is a serious concern are designed around cross-connected redundant pairs in such a way that failure of either device should not interfere with processing by the other. Ideally, users or processes on the failed device should not even notice the transition to the other. However, there remains a risk of common-mode failures that simultaneously affect both devices, unless specific steps are taken (e.g. using different hardware and/or software on each member of the pair). See also fault tolerance. Design concept, especially in safety-critical systems, whereby one or more system/control failures will not result in the system entering an unsafe condition, for example through the use of safety interlocks and other overlapping technical and/or procedural controls. Similar concept applies to critical systems processing sensitive data i.e. information security controls ensure that, as far as possible, the CIA triad is maintained even if individual controls fail, typically through the use of security-in-depth. Form of preventive control. False acceptance rate (FAR), false rejection rate (FRR) All authentication systems, including biometric and simple username/password systems, have practical limits that sometimes result in them falsely authenticating impostors or falsely rejecting legitimate subjects. The statistical probabilities of these two events (known as FAR and FRR) are important parameters for such systems and their users. See also Crossover Error Rate. All detective controls suffer some probability of falsely generating alarms, for example by wrongly identifying a login failure as a hacking attempt when it is merely the result of the legitimate user forgetting his password. Minimising such false alarms is an important part of the controls design process, as they can mask true breaches (as in 'the boy who cried wolf'). In the on-line as well as physical worlds, attackers may even deliberately trigger a series of false alarms to conceal a real attack, perhaps hoping that busy security officers will disable the alarm systems to stop the annoying alarms! Fault tolerance, fail-over, fail-safe, redundancy The ability of a system or component to continue or recommence more-or-less normal operation despite experiencing hardware or software faults or other breaches/control failures, generally by transferring operations to an alternate device or location. Fault tolerance may be fully automated (e.g. packets are re-routed around a failed network link) or partly manual (e.g. someone has to select an alternate network connection). Fault tolerance techniques include RAID disks, 'voting' systems and other multiple/redundant system arrangements, but may remain vulnerable to common-mode failures. A type of corrective control. Type of data cabling comprising of precision-formed glass fibres inside an overall protective sheath. Data (encoded as pulses of light of various wavelengths) are injected into one end of the fibre and emerge from the other having refracted along inside with very little loss. In contrast to wire cables (e.g. UTP and coaxial), fibre-optics are virtually immune to external interference and are difficult to tap serruptitiously (at least not without introducing detectable losses and reflections). Set of functions within an operating system to manage files, directories etc. e.g. NTFS is the file system for systems based on Windows NT. File systems differ markedly in the security functionality they provide. The old pre-Windows Microsoft Disk Operating System (MS-DOS), for example, had virtually no access controls to limit file access to authorised individuals, whereas in Windows 2000 and XP, NTFS now includes the Encrypting File System. Simple internet protocol that responds to an incoming TCP/IP Finger request with standardised information about a user on the system, typically including whether or not they are currently logged-in. This may be a convenience but can be abused by hackers to find out about potential targets and should generally be disabled (typically by blocking Finger requests at the Internet firewall). FIPS (Federal Information Processing Standards) IT standards defined by NIST for U.S. federal government use. The set includes some well-known information security> standards (such as DES). Secure storage container used to protect valuables such as magnetic tapes containing data backups and archives against physical threats such as fire and theft. Theft protection is important because collections of magtapes are attractive to thieves, hackers or spies intent on accessing the high-density stored data. Fire protection increases the probability that important data can be retrieved following a major building fire. A specialised router (or equivalent functionality within a dual-homed gateway or network host) that enforces a controlled gateway (security boundary) for data packets passing between networks according to security policies enshrined in its operating system and ACL parameters, e.g. "only pass packets to certain destination addresses", "disallow access to particular IP services or ports". Firewall programs can be run on multi-purpose machines but are far more likely to work effectively and securely on dedicated hardened servers. Hardware device, such as a Read Only Memory chip, containing low level software, typically a device controller and/or operating system loader or BIOS). Potentially vulnerable to attack by a hacker with physical access to the system, hence the need for physical access controls to protect sensitive systems from compromise. a) Ingress of water into computer or telecomms rooms etc. Burst water pipes, including chilled-water supplies for air conditioners, are a serious threat to many IT facilities. b) Generic name for many DoS and DDoS attacks in which the victim's servers are inundated by spurious network traffic. See also spam. The painstaking capture and scientific examination of scene-of-crime evidence in cases such as computer-related frauds and hacks. Concept in Windows 2000, equivalent to domains in Windows NT, whereby a group of systems are linked through mutual and one-way trust relationships that facilitate the sharing of resources and administrative tasks. The unauthorised generation of authentic-looking copies of negotiable instruments (cash, company cheques, share certificates etc.) and similar items, including electronic versions (electronic money transactions, digital certificates etc.). Forged EMAILs, for example, may be used as part of a fraud by purporting to authorise illegitimate money transfers. Some insecure eCommerce websites use simple HTML forms to accept confidential data in plaintext, without necessarily using SSL (i.e. even though the SSL padlock symbol may be shown to users, their credit card details need not actually be encrypted). This example demonstrates the need for consumers to trust eCommerce website developers/operators to have competently designed and deployed adequate security measures. The overarching information security system i.e. the set of laws, objectives, rules, strategies, policies, standards, guidelines, practices, communications flows and working relationships that regulate how the organisation as a whole creates, manages, protects and distributes sensitive information and other valuable IT assets. See for example ISO 17799. An illegal act involving deliberate misrepresentation. For frauds involving the use of computers, see computer fraud. A person who commits a fraud. According to statistics, a fraudster is often a trusted long-serving senior member of staff, but sometimes an outsider. Software that has been released under a copyright licence agreement that explicitly specifies no charge for copying or using it. This is not the same as shareware or public-domain software. Part of the TCP/IP suite of protocols, defined in STD 9, RFC 959, used to transfer files between systems over a network. In its standard format, FTP incorporates minimal security e.g. message contents, plus usernames and passwords used for access control, are transferred in plaintext. An argument which frequently appears in the information security press concerns the practical and ethical problems caused by full/public disclosure of the details behind system vulnerabilities. In a nutshell, one camp believes full disclosure forces manufacturers etc. to resolve the reported issues more quickly, whereas the other believes it simply incites hackers to exploit them. Microsoft, for example, has tried to persuade those with information concerning security flaws in their products to disclose them only to Microsoft. It is generally accepted, however, that previous public disclosure of security flaws in Microsoft products has caused the company severe embarrassment which, it is believed, has led to security patches and statements being released more quickly than might otherwise have been the case. GASSP (Generally Accepted Systems Security Principles) Information security standards being developed by a committee of the International Information Security Foundation (I2SF). General Protection Fault (GPF) Like most operating systems, the Microsoft Windows kernel enforces controls over access to memory locations to try to prevent programs interfering with or overwriting each other's code and data held in RAM. GPF errors are normally triggered when Windows detects a program writing to an area of memory that should be inaccessible to it. The errant process is normally terminated by Windows, but if it had already damaged critical code, the operating system itself is sometimes rendered inoperable, therefore the machine crashes. An organisation's total system (corporate governance) or information security controls framework (information security governance) or other process of controlling operations to limit risks and prevent adverse impacts. Term used to describe characters falling somewhere between 'black hats' and 'white hats', such as acknowledged hackers who 'turn legitimate'. Such people tend to have reasonably or very well-developed technical skills but may have dubious ethics or, at least, may be somewhat untrustworthy. Hacking term for brute-force password attack involving the entry of potential passwords directly into the target system. 'Cracking', in contrast, can be done on another system entirely using a copy of the target system's password file. Hack, hacker, hacking Term coined in the early 1960s by the Massachusetts Institute of Technology 'Tech Model Railroad Club' for enthusiastic computer and amateur radio hobbyists fascinated by microcomputing and communications. Broadly speaking, hacking is understood as the intellectual challenge of exploring computers and networks, stretching their capabilities, trying to discover information etc. Sub-category of nerd, anorak, geek or technophile. Hacking is increasingly used to refer to attacking a computer or telecommunications system with malicious intent to break (circumvent or bypass) the controls (also known as cracking). Media exposure leads the public to believe that most information security violations are the results of teenage hackers or other outsiders, however many unauthorised activities, including malicious acts, are carried out by disgruntled employees or other insiders. See also: black hats, grey hats, white hats, ethical hacker, phreak, phrack and wHack. Typically, a simple form of challenge-response process. See crash. Harassment, defamation, discrimination, slander, libel Individuals who abuse corporate EMAIL, bulletin boards, telephones or other systems to communicate offensive, defamatory or discriminatory remarks may be personally liable in law and may even cause legal liabilities for their employers. Corporate information security policies, employment contracts etc. should therefore specify appropriate rules in order to limit the employer's exposure and clarify users' responsibilities. A server that has been specifically configured to maximise security e.g. by removing all non-essential applications, running a secure operating system with a broad range of security monitors and alarms etc. Computer equipment and peripherals. Vulnerable to physical damage (vandalism, fire, flood), interference and theft, hence the need for physical access controls to protect sensitive hardware such as shared servers, encryption devices containing stored keys, communications lines, automated teller machines etc. Hash, hashing, hashword, message digest A mathematical function that generates a particular small value (the hashword or message digest) from a larger data unit by a form of 'one-way encryption'. A given hashword is extremely unlikely to be generated from any other input string, making as characteristic as a fingerprint. Even a tiny change in the input string creates a radically different hashword, disclosing that an unspecified change has occurred. Changes to the data in storage or in transit can be detected by recalculating the hashword on retrieval or receipt and comparing it to the original (generally included within the packet), provided the hashword is itself protected against compromise. This virtually guarantees message integrity. See also Message Authentication Code. The portion of a network packet preceding the actual data, containing source and destination addresses, error checking and other fields. Alternatively, part of an EMAIL message preceding the message body that contains the originator, date and time etc. See also Authentication Header. Logical end-of-file marker on disk. Bytes 'above' the highwater mark, up to the edge of the disk sector, are ignored by most applications but can be accessed by disk sector editors, viruses and utilities that make low-level calls to the disk subsystem. Apart from systems that use secure erasure techniques, if the additional space was previously used by a large file that was subsequently 'deleted' or 'moved', perhaps by the operating system, remnants of the data may still be accessible, creating confidentiality issues. Without additional controls, it is sometimes possible for a hacker to intercept and take control of network traffic passing between two nodes (network servers or server and client machines). Under some circumstances, the hacker may even be able to maintain two-way contacts with both parties to the connection, acting as a middleman (see man-in-the-middle attack), but has control over the data being communicated. See also DNS hijack and TCP hijack. A malicious attempt to persuade someone that a fictitious threat is real. Hoax EMAILs concerning fictional viruses tend to spread through the Internet in similar fashion to worms, albeit without a destructive payload (although they do result in wasted time and resources, and may mask true threat warnings - see false alarm). Another Wireless LAN standard. See also Bluetooth, Wireless Ethernet and infra-red for more information. A network host deliberately configured to entice hackers into attacking it in order to learn about their techniques and delay them or divert their attention from other potential targets. A form of proactive defence. A single computer server or workstation system, generally connected to a network. Host-based security consists of operating system software configurations etc. designed to secure a single system from attack. Disaster contingency control. Backup data centre continuously receives data at virtually the same instant as the main operational/live site, and can take over processing with negligible delay or user impact in the event of a major disaster at the main site or in the datacomms networks. Hot sites are expensive to run but may be required to satisfy extreme system availability requirements, such as systems running on-line airline reservations, defence or banking applications. See also dual-live, warm-site and Cold-site. ICMP (Internet Control Message Protocol) An extension to IP (defined in STD 5, RFC 792) that allows for the generation of error messages, test packets and informational messages related to IP. ICMP messages typically report low-level networking problems such as errors in the transfer or processing of network packets. Although IP is not designed to be absolutely reliable, higher level protocols such as TCP normally implement additional routines to improve link reliability, using information from ICMP messages as appropriate (e.g. a series of ICMP "ping" messages can be used to check that a route is still active). ID (identifier or identity), user ID, username, account Within a computer system, processes owned by users and other objects are identified by ID codes. Access rights are assigned to user IDs to determine which assets a user may access, and what type of access they are granted (RWEDC). Users are generally authenticated at logon time to ensure they are in fact as indicated by their IDs. IDEA (International Data Encryption Algorithm) A symmetric cryptographic algorithm with 128-bit keys, used in PGP. Generally acknowledged to be a reasonably strong algorithm for "all except the best-funded attacks". Part of the IPsec VPN protocol that facilitates secure exchange and management of cryptographic keys. The adverse outcome (direct and indirect costs, normally expressed in business/commercial/financial terms) on the resource owner of a compromise to the security controls i.e. the loss of confidentiality, integrity or availability. This may include direct financial losses (e.g. thefts of valuable data or systems), consequential damages, recovery/restitution costs, loss of credibility and reputation, loss of business, liability to prosecution etc. A risk assessment will normally involve considering the likely and/or worst-case impacts of events. An actual or attempted breach. Use of legitimate and sometimes underhand methods to gather sensitive information about a competitor's business, products, staff, systems etc. Most companies are relatively open with certain fairly sensitive information (publishing elements of their marketing strategies on their public websites, for instance) but are far more reticent to disclose other internal information. 'Industrial spies' aim to infiltrate the target's organisation and/or systems. Such attacks are more likely in highly-competitive markets and at certain times (e.g. in relation to a merger or takeover). The techniques may be similar to those used in military espionage or Information Warfare, albeit probably less well funded, and extend the concept of competitive intelligence to immorality. Information security (infosec) The result of implementing appropriate policies, standards and procedures for identifying, controlling and protecting from unauthorised disclosure, disruption or loss, information and other assets requiring such protection. Term encompasses the totality of the information controls environment. By analogy with conventional warfare, methods used to gain control over an adversary's critical information resources (offensive) or to prevent an adversary gaining control over one's own critical information resources (defensive). Given the pervasive nature of computing, successful attacks on critical computer systems may be virtually as effective as explosives in disabling an opponent's infrastructure and hence allowing the attacker to take full control. These are serious considerations at both national and international levels, and (on a much more limited scale) for individual organisations (see Competitive Intelligence and industrial espionage). Wireless network devices sometimes use modulated infra red light to communicate over relatively short distances (a few metres). IR is much less prone than microwave radio (e.g. Bluetooth, Wireless Ethernet) to interception outside the immediate local area as it does not pass through office walls etc., but by the same token, it is more vulnerable to accidental interruption e.g. if the IR transceivers are mis-aligned or something opaque (like the user) gets in the way. In short, IR is insecure and is therefore normally only used for convenience sake on data links up to a metre or so (e.g.nbsp;linking PDAs to printers and mobile phones). Mechanism whereby certain of a parent object's characteristics (e.g. ACLs on a directory)are passed automatically to any daughter objects (sub-directories or files created or stored in the aforementioned directory). Someone who works within an organisation, either a permanent member of staff/management, temporary staff, contractors, consultants etc. Most security breaches and frauds (in terms of number of incidents if not their severity) are caused by insiders in positions of trust (cf. outsiders). A person or system with integrity is trustworthy and can be relied upon. Characteristic of data/systems that are complete, accurate and relevant. Part of the CIA triad. Integrity controls typically prevent the unauthorised or accidental modification or deletion of data (data integrity), computer systems and networks (network/systems integrity), data processing functions/operations (systems/database integrity) and/or the information controls environment (information security integrity). A form of passive attack in which an attacker with physical or logical access to a network data stream (e.g. a datacommunications line, optical fibre, microwave beam, router or host) may selectively or indiscriminately read data packets from the stream, record/copy them to off-line storage, and may even divert/re-route them or replace them with bogus packets. Such attacks are extremely difficult to detect or prevent using conventional access controls (i.e. without using encryption) since, by their very nature, network connections often span long distances through inherently insecure environments. Internal Audit, External Audit Function within (Internal Audit) or without (External Audit) an organisation concerned with the independent examination of records and systems of control, and advising management on how to reduce risks to the organisation. Modern Audit functions include information security control specialists, generally known as computer auditors. The Internet (with a capital I), home of the World Wide Web, is a global public TCP/IP network interconnecting billions of users with millions of hosts and their information resources. Originating with ARPANET and academic networks (like JANET), the Internet was founded on the principle of open access to resources, so access control was not a design goal. It is also operated by a community largely without formal central control, leading to a degree of diversity. However, it has proven extremely resilient with very few widespread failures (e.g. when someone accidentally deleted the entire .COM master Domain Name Server database by mistake ...). An attempt to compromise the confidentiality, integrity or availability of a protected or sensitive resource (network, system, data etc.) by accessing it without proper authority. A successful unauthorised access (penetration) into a computer or network. See also breach. Intrusion Detection System (IDS) Techniques and systems to detect attempted intrusion into hosts and/or networks by logging and responding to suspicious (potentially unauthorised) activities. Generally involve the generation of security alarms/alerts and sometimes the initiation of active countermeasures. Hackers are believed to be actively working on ways to bypass or disable IDS e.g. overloading the IDS with dummy messages to mask the 'real' attack. The opposite of valid. IP (Internetworking Protocol - increasingly, but incorrectly, known as Internet Protocol) A datacommunications protocol for interconnecting networks, provides the network layer for the TCP/IP protocol suite. It is a connectionless, "best-effort" packet switching protocol which means that the protocol does not guarantee delivery of packets - higher-level applications therefore need to supply this functionality if required. As defined in STD 5, RFC 791, a 32-bit internet or IP address uniquely identifies a node on an internet. IP traffic uses IP addresses (normally represented in human-readable form as dotted decimals e.g. 10.0.0.1, or referenced indirectly using website names corresponding to specific IP addresses using DNS) to identify source and destination systems. A secure public-key encrypted version of IP, used for VPNs. Actually comprises a set of open standards that provides data confidentiality, integrity and authentication between participating peers at the IP layer. Uses IKE to negotiate protocols and algorithms based on local policy, and to exchange the encryption and authentication keys. IPSec can be used to protect one or more data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. See also SSL, PPTP and L2TP. An attack whereby an active, established IP session is intercepted and co-opted. Splicing attacks typically occur during or after an authorised user has been authenticated, permitting the attacker to assume the legitimate user's identity and hence his/her role and access rights. Also known as TCP hijacking. A spoofing attack whereby a system attempts illicitly to impersonate another system using its IP network address. Typically achieved by compromising a DNS server. ISACA (IS Audit And Control Association) and ISACF (IS Audit And Control Foundation) US-based international organisation for computer auditors and information security practitioners. ISACA issues the CISA qualification. ISACF does research on IT audit and information security topics. The TCP specification includes a mechanism to authenticate connections using a random 32-bit number, the ISN. However, exploits have been published to hijack TCP connections by calculating or guessing the ISN due to vulnerabilities in the pseudo random number generators often used. ISO 17799 (full name ISO/IEC 17799:2000) IT Code of Practice for Information Security Management, published by the International Standards Organisation in December 2000. Defines a control framework and process for establishing and maintaining an adequate level of information security. Was formerly published as Part 1 of BS 7799. ISS (Internet Security Scanner) Program that checks hosts within a specified range of IP addresses for various security vulnerabilities in sendmail, anonymous FTP, NFS etc. See also COPS and SATAN. ITSEC (Information Technology Security Evaluation Criteria) Scheme run by the UK government to test and certify information security products against defined control criteria. Comparable to the American TCSEC scheme. Operates through CLEFs. Assigns 'evaluated security levels' between E0 (inadequate assurance) and E6 (highly secure). Java, JavaScript, JScript, Java Beans, Java applet Java, an interpreted programming language developed by Sun Microsystems, provides a 'virtual machine' i.e. a standardised computer operating system environment that runs within various other host operating systems. Java programs (including applets, tiny Java applications that may be embedded into a web page) are thus highly portable. Unfortunately, there are certain weaknesses in the Java security model that may be exploited by malware to attack the host system, breaking out of the sandbox. Java Beans, JavaScript, JScript etc. are similar but different languages that may also be used to generate programs embedded in web pages, and have broadly similar security considerations to Java. See also ActiveX. Kerberos An authentication system, first developed at MIT, using encryption and digital certificates. Windows 2000 uses Kerberos v5 to authenticate users at login time. As with nuts, the kernel os the 'inner' part of an operating system containing core functions and commands which govern all use of the CPU, memory etc. In many operating systems, a specially-controlled part of the kernel is dedicated to information security functions and commands, using built-in system integrity controls to prevent unauthorised changes. 'Outer' layers of the operating system provide a 'hard shell' which controls access to the kernel. A practical problem with encryption keys is how to distribute them securely amongst the select group of people or systems that need to know them. A range of solutions exist: for high security applications, tamper-resistant electronic key distribution devices are used, including smart cards; bank card PIN-codes are mailed to customers in sealed PIN-mailers, sometimes in two pieces; users who forget their passwords are often told their new passwords over the phone by PC support staff; default configuration usernames and passwords are usually written in product installation instructions; public encryption keys are published on digital certificates; Kerberos uses certificates called tokens. Encryption of keys can help, but of course the distributed passwords are no more secure than the encryption mechanisms and keys used to encrypt them. The escrow system of giving pieces of an encryption key to each of a certain number of trustees such that the whole key can only be recovered with the collaboration of all the trustees (a form of dual-control. The generation, storage, distribution, deletion, archival and use of encryption keys. Secure administration of keys is a serious problem, especially for physically dispersed systems, requiring the use of key distribution systems. Software tool that monitors and records use of a PC keyboard. Whilst support staff use such utilities for legitimate purposes, hackers sometimes monitor keystrokes to capture user IDs, passwords, credit card numbers etc. in plaintext directly as they are entered, in effect obtaining sensitive information 'behind enemy lines'. Hackers' keystroke monitoring programs may be installed surreptitiously on compromised machines as Trojans or virus payloads (see the book "Hackers and Lies" by Bruce Schneier). The U.S. Government has even proposed that keystroke monitors should be installed by default in operating systems so that they may monitor user activities but this naturally raises severe civil liberties concerns over privacy and trust. This is a UNIX daemon that is used to identify the use of port scanners like ISS and SATAN. L2TP (Layer 2 Tunneling Protocol) IP protocol for secure VPNs. Combines the best features of Microsoft's PPTP and Cisco's L2F protocols. L2TP systems negotiate use of IPsec encryption, if available at both ends, for the VPN but otherwise may resort to a much less secure protocol called PPP (Point-to-Point Protocol). See also SSL and IPsec. A communications network linking computers in one location (typically a single building) using high-speed connections (e.g. Ethernet running at 10 or 100 megabits per second). Cf. WAN. See security-in-depth and multi-level security. Illicit use of a user account on one system to attack another through the network. Common hacking technique, used in an attempt to obfuscate the audit trail back to the hacker since tracing the attack may involve obtaining usage information from all the intervening networks and systems which are typically in different countries and jurisdictions. EMAIL containing malicious code, intended to disrupt or otherwise compromise the recipient's system. The rights to use copyright software are normally embodied in some form of legal agreement or licence and then imposed on users by the copyright owner. Copy protection is sometimes employed to reinforce the licence terms, including the use of licence management and dongles. Some software licences are enforced through automated system controls, whether incorporated into the application programs and sometimes special hardware (dongles), or supplied through shared functions incorporated into the operating system kernel. Logical or automated security control Security control in software operating on data, as opposed to procedural/manual and physical controls. Anti-virus software, user access rights, data backups, encryption and data entry validation routines are typical examples. Computer program (or function within another program) which, when executed, checks for a particular condition or state of the system (or else may be remotely triggered over a network connection) and performs an unauthorised act causing an impact. See also payload. The process whereby a user identifies his/herself to the system and is authenticated, generally by a password and/or security token. Hackers often try to subvert the login process e.g. by bypassing the login process, brute-force attack (guessing passwords), exploiting weak or missing passwords and backdoors, or modifying/replacing the login programs. Once logged-in, the system grants access to resources according to the access rights assigned to the user ID, generally without further authentication. Many modern application programs (e.g. MS Word) contain built-in interpreters or compilers for their own macro languages which are intended for writing, storing and executing additional program functions (typically by stringing-together a set of standard instructions in an often-repeated sequence). Abuse of powerful functions accessed via the virus's macro commands (e.g. Visual Basic within MS Word) can compromise user data and may even impact system security outside of the infected application and associated data. Type of virus" embedded within macro code. Macro viruses typically spread via infected data files, EMAILs, document/spreadsheet templates etc. Sending of huge amounts of EMAIL to a target's mailbox in an attempt to overload, crash or otherwise compromise their system/s. Cf. letterbomb. Malicious code (malware), hostile code Hardware, software or [potentially] firmware that is intentionally included in or introduced into a system for an unauthorised purpose e.g. logic bomb, Trojan horse, virus. Typically refers to software that combines the properties of a virus and a worm i.e. instead of being a standalone executable program that replicates, it is a piece of software that uses a popular host like JavaScript, VBS (Visual Basic Script) or some application macro language to do its work, and replicates via the network connections. Melissa, Kournikova and the ILOVEYOU variants are examples. Man-in-the-middle or piggy-in-the-middle attack Classical strategy to attack a bi-party communications link (Target A <--> Target B) is for a hacker to attempt to intersperse him/herself logically between the two targets, setting up two new links (A <--> Hacker <--> B) and transferring messages more-or-less transparently between them. This generally involves masquerading as each of the targets in turn to the other. If the messages are unencrypted (or if he/she can break the encryption) and user authentication is absent or weak, the hacker may be able to read, alter, delete or add messages to the communications flow, potentially affecting confidentiality, integrity and/or availability. Mandatory Access Controls (MAC) Access control rules that are automatically enforced by the system and cannot normally be circumvented by users (cf. discretionary access controls (DAC)). See also Message Authentication Code and MAC address. See procedural controls. A person or system that deliberately assumes a false identity (see also spoof and fraud). A message digest function, the forerunner to MD5. Used in 'reduced' form by Linux (a UNIX variant) to generate TCP session authentication parameters. Message digest function developed in 1991 which hashes a file of arbitrary length into a 128-bit value. Used by PGP. Medium Access Control address (MAC address) The lower portion of the datalink layer, which differs for various physical networking media. All Ethernet devices, for instance, have unique hard-coded 48-bit MAC addresses to avoid conflicts between devices. The addresses are normally set in firmware within address ranges pre-assigned to each manufacturer. Address Resolution Protocol maintains a dynamic list cross-referencing MAC and IP addresses for locally-accessible devices. Message Authentication Code (MAC) Data field used as a kind of fingerprint to verify the authenticity of a message (i.e. its integrity and origin) using public-key encryption and/or hashing. See also MAC address and . See hash. Contraction of 'modulator-demodulator'. Interfaces a digital computer to an analogue communications link. Whilst they can provide convenient points of access (e.g. for remote systems monitoring or configuration), improperly -installed, insecurely-configured and/or unauthorised modems cause significant security vulnerabilities in many large organisations, as they can create insecure bridges between networks (bypassing firewalls) or permit direct systems access by hackers. See also war dial and phreak. Morris Worm (also known as 'The Internet Worm') Infamous worm which spread widely causing chaos on ARPANET (precursor to the Internet) in 1988, written and released by Robert T. Morris Junior at MIT. Exploited vulnerabilities in the UNIX Sendmail program. Resulted in about 10% of the U.S. systems connected to ARPANET being shutdown, which in turn disrupted the communications necessary to co-ordinate a response to the worm and hence led to the establishment of the CERT Coordination Centre and 'out-of-band' communications systems. Multi-Level/Multi-Layer Security/System (MLS) A computer system incorporating rules determining the permissible access rights for data/messages according to their classification. A practical implementation of the concept of security-in-depth. If anything can go wrong, it will. Reinforces the need for software testing and disaster contingency planning. See: Murphy's law variants Nak attack hacker system/network penetration technique that capitalises on an operating system vulnerability concerning improper handling of asynchronous interrupts, leaving the system in an unprotected state during such interrupts. Nak is the TCP/IP 'Negative AcKnowledgement' message. Need to know, need to withhold Confidential information may be restricted to those with a legitimate need to know it (on a 'need to know' basis), meaning that those who hold such information may be held accountable for ensuring that it does not fall into the wrong hands. Conversely, in organisations that enforce the 'need to withhold' rule, anyone who restricts information from others may be required to justify this action. A firewall in which traffic is examined and controlled at the network protocol (packet) level, primarily on the basis of source and destination IP addresses and possibly services or ports requested (cf. proxy firewall). Protection of networks, data in transit, network servers and the network services from information security risks such as unauthorised modification, destruction, disclosure or disruption. Gives assurance that the network performs its critical functions correctly with no harmful side-effects, and provides an adequate level of data integrity. NIST (National Institute of Science and Technology) U.S. body well-known for defining popular encryption standards (such as DES and AES and the FIPS set). Formerly called the National Bureau of Standards. Method by which the sender of data is provided with proof of delivery and the recipient is assured of both the sender's identity and message integrity, so that neither can later deny having exchanged the data. Generally provided through a reciprocal system of public-key cryptography involving digital signatures. NTFS ([Windows] NT File System) File system used by Microsoft Windows NT, 2000 and XP. Although substantially better than its predecessor (MS-DOS), NTFS remains insecure unless carefully configured by knowledgeable and diligent network/system administrators. In particular, UNIX utilities are available to mount NTFS volumes and access the files without regard to the NTFS file access restrictions, unless the data are encrypted (e.g. with EFS). One time pad Theoretically unbreakable symmetric encryption scheme that uses a key of random characters as long as the message which are used to transform the message characters (e.g. by applying a bitwise logical AND). Each key character is only used once then discarded, hence the name. In practice, this scheme does not scale well due to the difficulties of securely generating, distributing, storing and disposing of truly random key strings amongst pairs of communicators. May be appropriate for exchanging low volume but extremely confidential messages. Operating procedures, system/network management procedures Processes by which system/network operators, managers and other staff operate, manage, maintain, update, monitor and secure computer systems and networks. Normally documented (to some degree) in formal standards, operations manuals, training guides etc. Incorporate procedural controls. A suite of software and firmware programs linking the application programs to the computer hardware, networks and peripheral devices. Provides a wide range of services and functions, including many logical security controls. Common name for one of the books in the Rainbow Series comprising the US TCSEC. The Orange Book defines system classifications such as C2. Windows 2000 construct designed to map an organisation's computer systems (defined as a series of domains) to its hierarchical business structure. By default, security policies flow 'down' the organisation tree from the point at which they are defined, facilitating easier security administration. Period during which a service, data, system or network is unavailable. May either be pre-planned and authorised (e.g. for routine database maintenance), or represent a control failure (e.g. the unplanned but accidental result of a bug, configuration error, power glitch, flood or lightning strike, or due to the system being deliberately compromised by an attacker). Someone who does not work within an organisation - a member of the general public. Outsiders such as hackers, spies or undercover agents from another organisation may represent a realistic information security threat to an organisation but often need insider assistance (whether as an active accomplice or an inadvertent victim of social engineering) to complete an effective attack. PABX, PBX (Private [Automatic] Branch eXchange) Private telephone system, normally attached to the public system. Whilst the public phone companies have substantially improved security controls in the past decade to counter the threat of phreaking, private companies have generally not been so diligent and many PABXes remain vulnerable. Typical vulnerabilities include weak administrator passwords, no blocks on unauthorised modem use and little if any system security logging or auditing. A block of data sent over a network, containing the identities (network addresses) of the sending and receiving stations, error-control information (e.g. checksum, message length), and some message content or payload. Packet is used generically to describe a unit of data at all levels of the protocol stack, but it is most correctly used to describe application data units. A feature incorporated into routers, brouters and bridges to limit the flow of information based on pre-determined communications parameters, generally in the packet headers, such as source or destination IP address or type of service being provided by the network. A packet filter is one of the least secure types of firewall, being generally vulnerable to IP spoofing attacks etc. An attack that does not result in an unauthorised state change, such as the interception of data on a network (cf. an active attack which alters data, triggers security alarms etc.). The traditioÑ®al means of authenticating someone is to challenge them (e.g. "Halt! Who goes there?") to reveal a known word or phrase that the person is otherwise meant to keep secret. If the pass word/phrase is correct, the person is assumed authentic and is permitted access. However, if the pass word/phrase has been disclosed to, or guessed by, an unauthorised person, an impostor using it may gain entry unless further information is used to confirm the person's identity (e.g. something physical they possess - a token or key - or some distinctive bodily characteristic - see biometrics). A hacking utility to capture passwords as they are entered by users and store them for later retrieval, or else send them through a network to the hackers. In many countries, patents are only granted to 'devices or inventions' which generally excludes computer software or business processes. Software is protected (to a degree) under copyright law but novel business processes only receive limited protection against copying or modification by others. Modification to a program or operating system, normally to correct a bug without necessarily re-releasing the entire program. Software vendors usually release 'mandatory' patches to correct serious bugs such as those with information security implications (security patches). All related patches for a given system, released before an arbitrary cut-off date, may be grouped together in a Service Pack, making deployment easier. The 'business end' of a virus, Trojan horse or logic bomb: the program code delivered by the malware that generally causes some unauthorised activity on the recipients' systems, ranging from nothing detectable to extreme data loss, disk corruption etc. Alternatively, the data content of a message. An IETF Internet standard for secure (encrypted) EMAIL. See also S/MIME. Device which records telephone numbers dialled from a target phone and/or the numbers of callers to the phone. Name derives from the days when telephone systems used electromagnetic pulses for signalling and switching, and mechanical chart recorders were used for monitoring - these days superseded by computer logs. Successful unauthorised access to a computer system or network. See also breach, penetration signature and penetration test. A situation or set of conditions in which a penetration could occur, or system events that in conjunction can indicate the occurrence of a penetration in progress or after the event (e.g. access log file entries). Intrusion detection systems typically monitor network traffic for patterns matching known attacks, or other suspicious activities that may indicate a new mode of attack. A form of security testing in which 'white hat' evaluators (the tiger team) attempt to circumvent the security controls (primarily the perimeter access controls) to gain access to one or more networked systems. The testers may be given information such as system documentation (source code listings, network diagrams etc.) but normally work under the same constraints as ordinary users or members of the public. Technique of securing a network by controlling access to all entry and exit points of the network, normally using firewalls, or more broadly limiting physical access to sensitive resources (computer systems etc.) by installing walls, doors, door-locks, intrusion detection systems etc. Contributes to the concept of defence in depth by supplementing internal technical/logical and manual/procedural controls. The insider or outsider that originates or causes a deliberate information security attack, typically a hacker, browser or fraudster. Any information (not necessarily sensitive or private) relating to an identifiable individual person. Public-key encryption scheme, used widely for secure Internet EMAIL. Originally published by Phil Zimmerman, an advocate of the public's right to strong encryption. Now sold commercially but available free for non-commercial use (albeit with limited key lengths outside the US). Uses IDEA and MD5 algorithms, and a distributed trust model (there is no overall top-level certification authority). See also S/MIME and PEM. The title of an underground (but widely circulated) phracking/hacking magazine similar to 2600. An individual who combines phone phreaking with computer hacking, typically using phreaking techniques to conceal his original point of entry into a network prior to launching a hacking attack. An individual fascinated by the telephone system, just as hackers and crackers are fascinated by (breaking into) computer systems. Commonly, an individual who uses his knowledge of the telephone system, telephone exchanges etc. in conjunction with network control equipment (such as 'blue boxes') to make unauthorised phone calls at the expense of legitimate phone users, redirect calls, alter network services etc. See also phracker and wHack. Physical control measures (e.g. door locks and strong walls to prevent theft of or damage to systems, air conditioning and fire protection to prevent overheating damage and consequent loss of service) used to protect computer hardware etc. against deliberate and accidental threats. Includes physical perimeter controls. Supplements automated and procedural controls. The gaining of unauthorised access to a system by intercepting and taking control of another user's legitimate network connection. See also spoofing. PIN (Personal Identification Number) code Generally, a numeric password technique first popularised by the banks for use with automated teller machines. Due to their extreme simplicity (typically just 4 decimal digits), PIN codes are often vulnerable to guessing or brute-force attacks, although most such systems now at least limit the number of invalid PIN attempts allowed before logging an intrusion event and preventing access. Attack in which the IP 'PING' (Packet INternet Gopher) service (which is meant to be used to test whether a remote device is responding) on a target system is deliberately sent over-sized packets, causing a buffer overflow and Denial of Service on some old (and unpatched) systems. Pirated software (also known as warez) is any software that is copied and/or used illegally (i.e. outside the licence agreement terms). Pirates range from clueless individuals to those who copy, distribute and sell commercial software packages on a massive international scale. PKCS (Public Key Cryptography Standards) Public key cryptography specifications produced by RSA Laboratories since 1991. PKCS documents have been incorporated into other standards, including ANSI X9, PKIX, SET, S/MIME and SSL. For more information, see the RSA Security website. PKI (Public Key Infrastructure) The total system (protocols, encryption algorithms, procedures/processes, systems etc.) described by a Certification Practice Statement through which public-key cryptography is established and used by one or more organisations. Generally includes a certification authority that issues key pairs to authenticated users using digital certificates, a mechanism for checking the validity of certificates and digitally-signed messages etc. Unencrypted data (generally plain language) cf. ciphertext that must first be decrypted to be intelligible. [Information security] Policies, standards, guidelines A sound information security controls framework (such as that specified by ISO 17799) includes a comprehensive set of documentation describing the controls, both automated/logical and procedural/manual, that have been reviewed, approved and authorised by management to satisfy the organisation's governance requirements. TCP/IP network devices and applications communicate through numbered logical connections called ports. If a certain port is 'opened' by a network application, then messages for the corresponding port number (as defined in the packet headers) will normally be passed to the application. By convention, certain ports numbers are reserved for well-known applications, therefore if the port is available the corresponding application is probably running (although it may not respond). Term also refers to a physical plug or socket used for datacommunications. See probe. A program that performs a port scan i.e. probes network services by attempting to communicate through various TCP/IP ports. SATAN and ISS are well-known examples. See also Klaxon. Power glitch, power interruption, power cut, brownout, spike Most computer systems rely on continuous supplies of clean mains power. Sporadic problems with the mains system (e.g. low or high voltage, frequency disturbances, powerline noise) can cause unpredictable impacts ranging from minor data changes (which may even be detected and corrected automatically) to program failures, system crashes, disk crashes or even fires. Most organisations concerned about such problems utilise UPS systems or mains filters, especially on major systems and network servers, whilst some go further with fault-tolerant or redundant computer systems and networks. Point-to-Point Tunnelling Protocol Original Microsoft protocol for VPNs over TCP/IP, now largely superceded by SSL, IPsec and L2TP. A class of information security controls designed to reduce the probability of certain breaches e.g. logical or physical access restrictions (cf. corrective and detective controls). The right of individuals or organisations to control or influence the collection, use and disclosure of their personal or otherwise sensitive information. The member of a pair of Public_key_ encryption keys which is kept confidential to the owner, in contrast to the other member of the pair, the public key (which can be published widely). Also differs from the secret key in a symmetric encryption process (which has to be shared between sender and intended recipient of the message). On most operating systems, certain 'privileged' users or processes are permitted to override security controls (such as file access controls). Typical examples are Administrator, ROOT and SYSTEM users. Privileged access is often required for administering and configuring a system but should be limited as far as practicable to trusted users to maintain system security, i.e. the 'principle of least privilege'. An effort to gather information about a machine, network or its users with the likely intention of hacking the system later. Normally uses network/system browsing, port scanning and/or social engineering techniques. Controls embedded in operations, configuration, network/system management procedures etc. and enacted by humans e.g. keeping passwords secret. Supplements automated and physical controls. An Ethernet interface in promiscuous mode decodes all data packets on the network segment to which it is attached, not just those bearing its own network address. Network sniffers operate in this mode. Agreed-upon method of communication used by networked computers or linked organisations e.g. TCP. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as formatting data for transmission or encryption. A firewall mechanism that replaces the actual IP address of hosts on the internal (protected) network with synthetic addresses, whilst maintaining session integrity for all traffic passing through it. May also use higher-level processing in the communications stack to control access to network services etc., perhaps using additional authentication or other filtering criteria (hence the actual service requested is replaced with a substitute incorporating additional security controls). Specific legal term meaning software which has been explicitly released from all licence restrictions by the copyright owner or originator. Users are free to do whatever they want with public-domain software without reference or payment to the originator, whereas all other forms of software have mandatory licence conditions. The member of a matched pair of encryption keys used for public-key encryption which is generally published on digital certificates and readily available to others (cf. private key and secret key). Public-key (asymmetric) cryptography The most important advance in cryptography in hundreds or thousands of years was invented originally in the UK by James Ellis, Clifford Cocks and Malcolm Williamson (but kept secret by British Intelligence at the Communications Electronic Security Group) and was subsequently discovered independently in the US by Ralph Merkle, plus Whitfield Diffie and Martin Hellman (who commercialised and patented the process). Public-key cryptography involves matched and complementary public and private key pairs. The defining feature of public-key encryption is that plaintext messages encrypted with either key can only be decrypted with the other. RSA is a famous example of an asymmetric algorithm, commonly used by PKI systems, whilst SSL and IPsec are also asymmetric schemes (cf. private key (symmetric) cryptography). Queue overflow In a messaging system, the message buffers are often called queues. If, under heavy loads, the rate of input of messages exceeds the rate of processing and output of the messages, the queues will gradually increase, eventually reaching a maximum limit. What happens next is system-dependent - most systems send a 'halt' instruction to the preceding step, so that its queues start to fill up in turn. Some systems fail spectacularly, especially when the queues are held in RAM areas and buffers overflow. In between are those which appear to be working normally but are not - in some cases, system security may be compromised whilst the system is busy processing the overflow condition. 'r' (remote) commands: rlogin, rsh, rcp etc. The 'r' series UNIX programs were originally written to allow access into a system by remote users e.g. to share local resources over the network amongst a trusted community. Hackers soon discovered however that they could abuse the 'r' commands very easily to gain unauthorised access to other UNIX systems having successfully hacked one or more systems in the community, or could exploit vulnerabilities in the 'r' commands directly (the user/system authentication is very weak). The function within a PKI that authenticates and registers users using the CA. Dial-up users calling an Internet Service Provider (ISP) are normally allocated a free IP address from a limited pool of addresses reserved by the ISP rather than having their own permanent addresses. RADIUS is the protocol used to issue IP addresses to users. See also DHCP. RAID (Redundant Array of Inexpensive Disks), disk mirroring, disk striping Physical and logical architecture designed to increase data availability and/or integrity (depending on the exact type of RAID or mirroring used) by dispersing data over multiple redundant disks. Using error-correction techniques, data lost through failure of a single disk may be recreated automatically from information stored on the remainder. Some RAID configurations (called 'levels') are designed primarily to improve disk performance rather than to ensure data availability and/or integrity. Books in the US TCSEC had differently coloured covers and were sometimes known as the Rainbow Series. The most widely known example is the Orange Book. An encryption algorithm. A stream cipher that adds the output of a pseudorandom number generator bit by bit to the sequential bits of the digitized plaintext. Simple binary type of access control. Files, directories or other devices may be configured as read-only to prevent updates (also known as operating system or application, setting read-only access does not usually prevent users re-setting it if they have 'control' or 'owner' access rights. On some systems, read and execute access are separate attributes, whilst there are several variations of the meaning of read-only access for directories, and on the way access rights are Redundancy Risk reduction or fail-over technique whereby key parts of an information system/network architecture are duplicated such that failure of one item may hopefully be mitigated by automatically or manually transferring processing to the other e.g. RAID. Note however that redundant systems may still be vulnerable to common-mode failures. Microsoft Windows itself, as well as most Windows programs, store configuration data in this system database. Unless the system is configured to restrict registry access to authorised users, others may potentially modify parameters in the registry and impact system security. Manually modifying the registry using REGEDIT.EXE is a quick way to render your system unavailable or unusable so make sure you have an Emergency Recovery Disk or boot disk and backup the registry before you hack it! Simple user/session authentication systems may be vulnerable to simply capturing and re-playing the authentication exchange. Most real-world systems, however, incorporate additional controls (normally using encryption) to reduce the likelihood of this kind of attack succeeding. The concepts of responsibility and accountability are similar but complementary: someone may be 'held accountable' for something (implying that someone else wishes them to take ownership of the issue) or may 'take responsibility' for it (i.e. they take ownership themselves). For instance, organisations generally ask all their staff to take responsibility for information security in relation to their own work but demand that certain individuals ("Information Security Managers") are accountable for setting and implementing the appropriate policies, standards and guidelines across the whole organisation. Rijndael (pronounced Rhine-daal) Encryption algorithm adopted by the US National Institute of Standards and Technology as the new public Advanced Encryption Standard to replace DES. Uses keys of 128, 192 or 256 bits. RIP (Routing Information Protocol) Routing protocol that uses hop count to measure routes within a network. The latest enhancement, "RIP 2", allows more information to be included in RIP packets and provides a simple authentication mechanism (the original RIP is vulnerable to spoofing attacks). The chance combination of a threat acting on a vulnerability to cause an impact. Incorporates the concepts of probability and coincidence i.e. certain threats are more likely to occur, certain vulnerabilities are more likely to exist, and certain impacts are larger, therefore certain risks are of greater concern or severity than others. Risk assessment, risk analysis The study of threats, vulnerabilities and impacts to assess the likelihood and gravity of their occurrence. Usually used to specify, define and/or establish the theoretical effectiveness of actual or proposed security controls (also called information security architecture or design), and to prioritise their implementation. The total management process to identify, control and minimise the probability and/or impact of uncertain adverse events. Roles, role-based access control Many modern systems determine users' access rights according to the users' job roles and responsibilities in the organisation. This scheme simplifies the specification and allocation of appropriate rights by grouping together similar types of users (such as those responsible for entering but not approving data) and distinguishing different types (such as those responsible for reviewing and approving data entered by others). Automated controls to enforce Divisions of responsibility often involve the use of mutually exclusive roles. As the ROOT account on a UNIX system is fully privileged and owns many of the key system resources, anyone who gains ROOT access can thus bypass practically any technical information security controls. This makes ROOT access a primary target for most UNIX hackers. See also SYSTEM and Administrator. Hackers who compromise a system's access controls may introduce hacking utilities (such as password grabbers, network sniffers, backdoors, Trojans or trapdoors) enabling them to gain privileges and return to the system more easily in future. This set of utilities is known as a ROOT kit. Finding such utilities on your system is therefore a strong indication that it has been hacked (although skilled hackers would normally attempt to conceal them e.g. by installing hacked versions of those operating system programs used to display directory listings). A network interconnection device similar to a bridge but with higher level processing serving packets or frames containing certain protocols. Routers link LANs at the network layer. Also known as gateways when interconnecting dissimilar networks, or (if used to enforce access controls) firewalls. One way of implementing the client-server model of distributed computing over TCP/IP. In general, an RPC request is sent to a remote system to execute a designated procedure using arguments supplied, and the result is returned to the caller. Although originally developed by Sun Microsystems, there have been many variations resulting in incompatible RPC implementations. Various vulnerabilities in the RPC authentication process have been exploited by hackers. One of the most commonly used public-key algorithms. Named after its creators from IBM: Ronald Rivest, Adi Shamir and Leonard Adleman. Its security derives from the mathematical difficulty of factoring very large numbers (i.e. calculating their prime factors) compared to the ease of generating such numbers. A key length of at least 1024 bits is generally thought secure enough against brute-force attacks but RSA may still be vulnerable to chosen or known plaintext attacks. Refers to types of access rights given to users and other objects in the system i.e. usually Read (read-only), Write (modify data, add new data), Execute (run programs), Delete or Control (take ownership of, change access rights to) [the C sometimes stands for Create (insert new records in a database)]. Logical systems environment or enclosure (security perimeter) within which users and processes are permitted greater access than they are allowed elsewhere on the system e.g. a testing environment, or a virtual machine environment such as Javascript. SATAN (Security Administrator Tool for Analyzing Networks) A powerful freeware program for remotely probing and identifying the vulnerabilities of systems on IP networks. SATAN was released by Dan Farmer and Wietse Venema ostensibly for honourable reasons (as a tool for busy network administrators to check out security on their own systems) but was quickly exploited by hackers to find weaknesses in public Internet hosts. SATAN can flood a network with probes, hence the need for defences against SATAN, such as Klaxon. Derogatory term for an immature hacker whose technical skills barely exceed the ability to run generic hacking scripts, tools and utilities written by others. See also ankle biter. The key to a symmetric encryption algorithm has to be shared between the sender and intended recipient of a message, but has to remain hidden from others, hence 'secret'. See also private key. By default, most operating systems do not actually erase a file's data contents from disk when it is deleted, but merely update the directory entry in the File Allocation Table to save time. 'Unerase' programs (e.g. the 'retrieve from wastebasket' function in MS Windows) can therefore retrieve supposedly deleted data simply by resetting the directory entry. Using special hardware, it may even be possible using residual magnetism effects to retrieve underlying data after the disk data area has been overwritten, although this seems unlikely and unreliable. For the most paranoid, secure erasure involves overwriting the disk several times with random bits to delete all traces of the original data, and/or physically destroying the disk by crushing and incineration. Smartcard incorporating various tamper-resistant features and used to perform encryption and other sensitive functions such as user authentication and storage of private encryption keys, electronic money etc. Security-in-depth, defence-in-depth, layered security Having multiple overlapping layers of protection, such that an attacker would have to compromise several successive security controls to reach a target. In mediaeval castles, this involved a readily defended hill-top location, a moat, a strong and tall perimeter wall, battlements with skilled archers, an inner keep and so forth. In network security, it means using firewalls, hardened servers, intrusion detection systems etc. The result of specifying, establishing and maintaining appropriate protective measures (controls) to reduce the information security risks to an acceptable degree. [Information] Security architecture, design A detailed description of all aspects of the system that relate to information security, along with a set of principles to guide the design. The 'information security technical architecture' or 'system security design' describe how the system is (to be) assembled to satisfy the information security and control requirements, including those defined in the organisation's overall security framework. An independent examination by competent persons (generally computer auditors or information security consultants) of the controls within a computer/network system and/or the supporting audit logs, procedures etc. for information security risks, failure to comply with authorised policies, evidence of breaches etc. Leads to the recommendation of improvements to the controls, policies, procedures etc. to reduce risks, improve efficiency etc. [Information] Security countermeasures Controls that are aimed at one or more specific information security threats and vulnerabilities. May involve active defensive techniques (e.g. silent alarms), and measures to ensure integrity and availability as well as activities traditionally perceived as information security (i.e. achieving confidentiality through access control). The sets of objects that a subject has the ability to access, which are within a logically- and/or physically-defined security perimeter, or are subject to the same information security policies, procedures etc. See also forest. [Information] Security features, security functions The security-relevant mechanisms and characteristics of computer hardware and software systems. [Information] Security incident An actual or potential breach in security i.e. an act or circumstance involving compromise, possible compromise, inadvertent disclosure or other deviation from the security requirements or policies. [Information system] Security log Most computer systems can be configured to record details of security-relevant events, such as failed logins, failed file accesses etc. in one or more log files. If properly configured and secured, these can provide a valuable audit trail recording what actually happened during an incident, with reliable time stamps providing evidence of the sequence of events. After software vendors have supposedly solved security vulnerabilities in their products, they typically release the fixes as patches i.e. utilities which replace or modify parts of the defective programs. These are generally released quite quickly to reduce the 'window of opportunity' for hackers, but unfortunately, many patches are not so quickly installed and some even introduce further vulnerabilities. Security perimeter, boundary, domain The physical and/or logical boundary or limits within which security controls are in effect to protect assets. For example, a collection of networked hosts sharing an encryption system. [Information] Security requirements Functional and/or technical specification of the controls necessary to protect (as far as practicable) computer equipment, data, information, applications and facilities against information security threats. Weak security concept reliant on withholding information about the system's operational mechanisms as a primary control. Vulnerable to inherent bugs and 'reverse engineering' or other information gathering/guessing attacks. 'Open' security systems (such as DES, AES and other popular encryption algorithms), in contrast, do not depend on concealing their entire mechanisms, merely the keys - such open systems have established credibility by surviving widespread public scrutiny. A well-known UNIX EMAIL application program that has been the target of numerous security exploits and patches over the years. Describes information or other assets requiring protection against unauthorised disclosure, modification/damage or non-availability. The definition of sensitivity or value is context-dependent: financial data relating to a company's annual accounts, for example, are highly confidential prior to filing of the accounts whereas afterwards they are effectively in the public domain. A computer system that provides one or more network services such as disk storage and file transfer, or a program that provides such services. Alternatively, a kind of daemon that performs a remote service for a requester or client normally running on another computer. See also host and hardened server. Some software vendors produce so many patches that they occasionally roll-up all recent patches into a major release, known as a Service Pack. Those including security patches should theoretically be applied as soon as practicable to avoid the (now) well-known vulnerabilities being exploited, but in practice this level of currency is extremely difficult to achieve in complex computing environments, especially those running mission-critical applications (patches should always be tested off-line before being applied to avoid unplanned service outages). Name of a secret key generated, securely exchanged (generally using public-key encryption) and used once for a single symmetric encryption session. SET (Secure Electronic Transaction) Encryption protocol for secure use of payment cards via the Internet, developed by Visa and Mastercard. Uses digital certificates. A commonly-used hash function published by NIST in 1995, which hashes a file into a 160-bit value. See also Capstone. Windows systems may be configured to 'share' disk and other resources with other systems in the network, a classic example being shared drives on network servers. Authentication of users accessing such resources can be critically important, especially in situations where shares may be abused to gain privileged access to the originating system. One of the oldest forms of personal authentication, signing documents long been used to demonstrate contractual agreement etc. Biometric user authentication systems use the same term to refer to the data produced when someone has their retina, iris or fingerprint scanned. These days, it is even possible for users to authenticate electronically by signing with a stylus on a pressure-sensitive data-entry tablet (in which case the system can use pressure and speed of writing as well as the form of the signature to identify individuals with greater accuracy) or to use applied cryptography through a digital signature. When a system is attacked by hackers or crackers, the attack pattern can also form a characteristic penetration signature that may be recognised by Intrusion Detection Systems. A security alarm (e.g. triggered by an intrusion detection system or duress condition) need not necessarily alert the perpetrator when triggered, lulling them into a false sense of security. Meanwhile, security staff may be quickly despatched to intercept them, or other security countermeasures may be triggered (e.g. additional audit logging, transfer of a network session to a honeypot, taking their photograph etc.). System that allows a user, having first been authenticated by one system, to logon automatically to a number of other systems or services without manually re-entering the username and password. The Kerberos system, for instance, uses cryptographic authentication tokens to establish a logged-on user's status on the network. (NB Despite their widespread use, crude single sign on systems that identically synchronise a user's password on several systems make all those systems vulnerable if the password is cracked, guessed or disclosed on any one). Hardware device containing an embedded microprocessor (or other programmable unit), memory and input/output connector, capable of being programmed and storing user data. Typically housed in a credit-card-sized or smaller plastic card (a familiar example is the Subscriber Identification Module [SIM] in a digital mobile phone). Normally used for user authentication etc. in the form of a tamper-resistant secure smartcard. S/MIME (Secure Multipurpose Internet Mail Extensions) "Secure" EMAIL protocol originally developed by RSA Data Security, based on the PKCS #7 message format (itself based on ASN.1 DER), and X.509 v3 digital certificates. Similar in purpose but not interoperable with PGP. S/MIME v2 keys are only 40 bits long, rendering them fairly vulnerable to brute-force attacks. See also PEM. SMTP (Simple Mail Transfer Protocol) Simple server-to-server EMAIL protocol widely used on the Internet and defined in STD 10, RFC 821. Many information security vulnerabilities have been reported in SMTP server software over the years, and users are well advised to install the latest versions and security patches as soon as practicable after their release. A Denial of Service attack in which an attacker spoofs the source address of an echo-request ICMP ping packet to the broadcast address for a network, causing the machines in the network to respond en masse to the victim, thereby clogging its network. [Packet/Network] Sniffer, network analyser A device or program that monitors or audits the data packets on a network. Snort and Ethereal are typical examples, as are tcpdump (libpcap), Windump, SnifferPro, NetXray, snoop, Shomiti Surveyor, iptrace, Network Monitor, LANalyzer, WAN/LAN Analyzer, nettl, ISDN4BSD, Cisco Secure IDS iplog, pppd log, and Etherpeek. Used legitimately by network operations/support staff to monitor the state of a network e.g. for network collisions and overloads, or illegitimately by hackers to capture data (a passive attack). Depending on its sophistication, a packet sniffer may simply save data to disk or send a copy to another network device, or it may selectively filter and decode packets according to rules listing source or destination addresses and/or data content (e.g. "save all packets from 129.223.31.33 containing the text 'Password' or 'Credit card number'"). SNMP (Simple Network Management Protocol) Internet standard Protocol defined in STD 15, RFC 1157, used for remote management of network devices. Has numerous information security vulnerabilities, some of which are addressed in an updated version of SNMP called SNMP2 which, unfortunately, has not been widely implemented. Occasionally translated as "Security? Not My Problem"! Hacker program for sniffing LANs. See also Airsnort. The use of techniques such as subterfuge, deception, coercion, fraud and/or concealment by an attacker to trick or persuade users, system/network administrators etc. to reveal supposedly secret passwords, grant unauthorised systems access etc. This method of attack plays directly on what is often the weakest or most unreliable point of any system of information security controls - the human/procedural element. Computer program/s. Vulnerable to unauthorised access and manipulation, theft, bugs, viruses, worms, inaccurate/incomplete or fraudulent data input, accidental deletion or modification etc., hence the need for controls such as logical access restrictions, testing, validation, copyright protection, embedded error-trapping, escrow and computer auditing etc. Nondescript pink-coloured processed meat product (its trademark name is a contraction of 'spiced ham'), the subject of a famous Monty Python sketch about blandness. Term is used to refer to non-specific marketing broadcasts sent as EMAILs (also known as junk EMAILs), often written using pseudonyms or disposable EMAIL accounts to prevent retribution against the senders. Spam is usually just an annoyance but can cause more serious incidents, for example overloading systems/networks and thereby affecting availability, or causing users to miss important messages in the noise. Application/software tool released by the "Drink Or Die" (DoD) hacker group in 1999 to crack the CSS copy-protection system for Digital Versatile Disks (DVDs). Speed Ripper copies all the DVD streams in parallel. Its release was closely followed by that of DeCSS. SPEKE (Simple Password-authenticated Exponential Key Exchange) Protocol for securely exchanging private cryprographic keys over an insecure link. Derivative of EKE. Pretending to be someone or something else. The deliberate inducement of a user or system to take an incorrect action (permit unauthorised access etc.) by masquerading as or impersonating or mimicking an authorised user, system etc. See also IP spoof, web spoof and smurf. SQL (Structured Query Language Popular programming language used to manipulate (query, update and control/manage) databases. SQL commands can become very complex, and user/programming errors can cause unwelcome side-effects (e.g. a simple 'select *' command can logically mark the entire contents of a database for subsequent actions: on a large database, this can seriously impact system availabilityas the database engine laboriously works through every data record). SSH (Secure Shell) and OpenSSH Commercial and open-source replacements for telnet and related programs (rlogin, rsh, rcp, ftp) with additional access control and user authentication services. Although it was soon corrected, UNIX SSH v3.0.0 was found to be vulnerable to a simple ROOT compromise through user accounts with very short passwords - a rather embarrassing situation for a vendor of security products. As IEEE 802.11 wireless LANs use a limited number of microwave frequencies, each user community uses an SSID to logically link the corresponding network devices and thereby differentiate between adjacent communities sharing the same channels. SSIDs are broadcast and can easily be sniffed with wLAN equipment, for example by a war-driving wHacker. Public-key encryption protocol that provides authentication and confidentiality (but not nonrepudiation) to applications at the IP communications session layer using the RSA algorithm. Recently updated to SSL version 3 (prior versions are no longer considered secure). When SSL is enabled, a client system negotiates and establishes an SSL-encrypted session with the host through a challenge-response process involving the mutual exchange and authentication of digital certificates. See also IPsec. System for surreptitiously concealing data within another object or data stream, for instance copyright information may be hidden as a digital watermark within a computer image file without noticeably affecting image quality for human observers. The concealed data are usually also encrypted in case they are discovered, and in fact the randomness this adds makes chance discovery less likely. A type of encryption function that encodes a continuous stream of plaintext sequentially without segmenting it into blocks (see block cipher). Typically used to encrypt network traffic. Encryption process in which each character (or, possibly, a block of characters or a word) in the plaintext is simply swapped with another from a separate character set, according to a predefined process (e.g. Caesar cipher), forming the ciphertext. See also transposition. Surreptitious attack on a system, generally involving fraud and concealment, to undermine the security controls and obtain unauthorised access e.g. when an intruder interferes with the operation of an intrusion detector or infiltrates an organisation through social engineering. Under UNIX, programs configured as SUID run with 'system' (full) privileges, even if invoked by non-privileged users, thus avoiding the need to grant excessive privileges to users. Corresponds to the most powerful user ID/s on a system, such as Administrator, SYSTEM or ROOT (or others that have been allocated the equivalent privileges). Someone with legitimate or illegitimate access to a super-user account can normally bypass, disable or remove (virtually) all logical controls on the system, modify security logs and audit trails etc. Therefore, in order to maintain system security, it is crucially important to restrict access to the super-user accounts to those who are authorised and competent to use them. See also system/network administration. Symmetric (secret key) cryptography An encryption methodology in which encryption and decryption use exactly the same key, that must therefore be kept secret to the parties involved (cf. public-key cryptography). DES and RC4 are common symmetric algorithms. In terms of resistance to brute-force cryptanalysis, a good 128-bit symmetric encryption algorithm is about as strong as 2043-bit public-key algorithm. Realistically, though, the public key should be even longer because the same public and private key pair is used to protect all messages to the same recipient. Crude TCP/IP Denial of Service attack in which the SYN (synchronise communications) queue is flooded by hackers with spurious SYN calls, such that no new legitimate connections can be opened. The default username of the main system management account on VAX VMS systems, the equivalent to ROOT, Sysadmin and Administrator. System managers or hackers who have or obtain access to this fully-privileged account can bypass practically any technical security control on the system. Short for System administrator or operator (the person or their user ID) Tamper, tampering Unauthorised modification of data, system parameters etc., or unauthorised interference with/damage to/disclosure of system hardware, internal operations, peripherals, networking equipment etc. Systems that have been specifically designed to reduce their vulnerability to tampering are said to be tamper-resistant e.g. secure smartcards and hardware encryption devices generally incorporate physically-strengthened enclosures that trigger the embedded chip to self-destruct if exposed to light. Theoretical state of invulnerability to tampering - unattainable in practice (even well-designed secure smartcards are being compromised in practice by determined hackers using electron microscopes etc. to reveal their inner workings). The object of attack by hackers etc. Normally a network system, service, database, password file, credit-card data or similar data resource, sometimes a person (as in social engineering). TCP (Transmission Control Protocol The datacommunications protocol that defines basic data packet structures and procedures e.g. the format of packet headers. Part of TCP/IP, defined in STD 7 RFC 793. It is connection- and stream-oriented, as opposed to UDP. Originally a precise technical term, this has gradually become a generic name encompassing the complete suite of datacommunications protocols and conventions on which the Internet is based (including, of course, TCP and IP, plus numerous others such as ICMP, SMTP, HTTP, URLs, RIP etc. etc.). Type of attack in which a hacker takes control of, or interferes with, a legitimate user's active session, typically by using a logged-in but unattended TCP session or by spoofing the user's IP address and injecting spurious/malicious packets (also known as IP splicing). As the original user has already been authenticated and the session is in progress when the hacker takes over, the hacker effectively takes on the user's identity. See also DNS hijack. TCSEC (Trusted Computer System Evaluation Criteria) Scheme run by the US government Department of Defense to test and certify computer systems (hardware and software) against information security criteria defined in the 'Rainbow Series', and assign classifications ranging from D (minimal security) to A1 (highly-secure with formal proofs). More-or-less equivalent to the British ITSEC scheme. Technical or technological controls See automated controls. Protocol for logging-on to a remote system via a TCP/IP network such as the Internet. It is defined in STD 8, RFC 854 and extended by many others. In its simplest and least secure form, telnet sends the user's ID and password in plaintext, making it vulnerable to interception, modification and replay attacks. All electronic computers, terminals, network cables and devices etc. emanate weak so-called 'van Eck' electromagnetic radiation when in use that may allow suitably-equipped hackers within range of the equipment to reconstruct the information being processed/communicated. TEMPEST-certified devices are specially constructed and shielded to reduce this radiation to negligible levels. Despite its appearance, TEMPEST is a name not an acronym. One of the most important computer controls, testing offers the opportunity for an organisation to gain assurance that a system (including its automated and procedural controls) will operate as intended or at least (in a narrower quality-assurance style definition) as specified. Dr Paul Dorsey says that "Putting a system into production without adequate testing is like diving into a swimming pool without checking to see if there is water in it". Well-organised and structured testing regimes ensure reasonably comprehensive coverage in an isolated test environment, separate from development and production environments to avoid compromise, and involve competent testers (including information security experts and/or computer auditors) familiar with topical exploits who test using a risk-based approach (e.g. penetration testing). Completely insecure form of FTP that lacks even the basic username and password access control. Protocol intended for downloading operating system files from a server to diskless workstations at boot time, using a tiny network operating system small enough to fit on a boot ROM. Uses UDP to simplify the datacommunications code. A person, system, event or circumstance outside/external to the system under consideration, whose action, if it occurred and acted on a vulnerability, would result in an impact (see also risk). Group of information security experts who test and/or attempt to break the defences of a computer system in an effort to uncover and demonstrate exploitation of vulnerabilities (see also penetration test). Most time-relevant events (e.g. entries in security and audit logs) are automatically date-and-time-stamped by the systems. However, these need to be treated with caution as system clocks may be manipulated by privileged users (or hackers who have gained sufficient privilege), unless linked to a secure time source. In a PKI, a trusted master clock may be designated to generate and digitally sign time stamps using public-key encryption. TLS (Transport Layer Security) IP encryption protocol very similar to SSL v3. A portable security device used to authenticate the bearer to another system, typically a smartcard, key or digital certificate. Generally performs a challenge-response function using encryption. Some also incorporate the ability to identify the human bearer (e.g. demanding a PIN-code or checking a physical fingerprint) prior to authenticating them. Information security, system/network managers, computer auditors and hackers rely on numerous utility commands, programs and devices to interrogate, monitor, audit, evaluate and/or (re-)configured system/network security parameters. Typical tools-of-the-trade range from simple directory commands (such as MS Explorer, DIR or ls) to complete software suites or toolboxes (such as SATAN or ROOT kits) and specialised hardware (such as network sniffers or blue boxes). The process of examining statistics and other characteristics relating to data traffic flows to/from the subject's organisation or locations to glean information about their nature or contents etc. For example, the systematic use of encryption implies that the subject has something to hide, whilst identifying communications counterparties can indicate accomplices. Trust is said to be transitive if it can span intermediate relationships e.g. if A trusts X, and X trusts B, then A may transact business with B via X, even if it is reluctant or unable to deal directly with B, because X provides mutual guarantees. Most trust relationships in Windows 2000 networks are transitive, whereas those in Windows NT are mostly one-way. Encryption process in which each character (or, possibly, a block of characters or a word) in the plaintext is simply swapped with that at another position in the same message, according to a predefined process or transposition map (e.g. DES uses 16 cycles of transposition and substitution at each round), forming the ciphertext. See also substitution. Hidden software or hardware mechanism that, when triggered by a particular circumstance or signal, circumvents certain security controls. See also backdoor and Trojan horse. A commercial UNIX software auditing tool that generates a database of the byte counts or hash values of files. If the byte counts or hash words have changed between program runs, tripwire will record the change event in a log file and may alert the system security manager. A detective control. See also AIDE. An apparently useful and/or innocent program containing additional hidden code that subverts the security controls, allowing unauthorised access to data and/or systems. Trojans such as SubSeven are used by hackers to take full control of infected machines. Even if the compromised machines are not intrinsically interesting, they are often used as stepping-stones for further hacking attacks (e.g. DoS attacks), helping to conceal the hacker's true identity and location. See also trapdoor and backdoor. Implicit or explicit belief that someone or something will perform as expected at all times, acting in your best interests. A trusted system, for instance, is treated as if it does not present a security risk, generally because it has been hardened and is operated by trustworthy staff. Trust can be established by reputation i.e. a period during which it successfully survives challenge (this led, for example, to the widespread use of DES despite numerous failed cryptographic attacks, at least until the mid-1990's). Applies to the situation where an independent organisation (X - typically a bank, government body or similar middleman) has trust relationships with two or more organisations (A, B) that may not directly trust each other to the same degree. Trust is partially transitive i.e. if A trusts X, and X trusts B, then A may transact certain types of business with B via X, even if it is reluctant to deal directly with B, because X provides mutual guarantees. Describes the way a VPN creates a secure data channel between two systems using encryption. Data are encrypted whilst in transit in the VPN tunnel, rendering them meaningless to any system that routes or intercepts the ciphertext flow. VPN encryption schemes also provide data/link integrity controls. Reputedly a very strong encryption algorithm, one of the final five candidates short-listed for AES but rejected in favour of Rijndael. Über hacker Highly skilled hacker. Part of the TCP/IP suite, this transport-layer protocol defined in STD 6, RFC 768, adds a level of multiplexing to IP. UDP allows for fast 'connectionless' communications - essentially data broadcasts. As there is no handshaking to confirm receipt of each packet, connections are fast but are also unreliable i.e. may drop packets as they are not retransmitted. Typically used for Voice-Over-IP, and streaming audio and video where receipt of every single packet is relatively less important than timeliness of delivery. Not authorised i.e. not officially permitted according to the policy, rules or accepted practice. Popular, highly portable, computer operating system that originated in academia as 'open source' i.e. source code for (most of) the programs that comprise UNIX is publicly available, allowing programmers to modify and extend the system relatively easily. UNIX therefore comprises a suite of programs of various origins, to various quality standards, with various inconsistencies. Information security was not high on the list of priorities when UNIX was created and even today there are an enormous number of vulnerabilities (mind you, Windows was supposedly designed to be secure but also has its share of vulnerabilities!). UPS (Uninterruptible Power Supply) Important system availability control, designed to prevent power cuts, brownouts, surges or spikes interrupting system processing by smoothing, filtering and maintaining mains power. Modern computers generally incorporate reservoir capacitors and sometimes backup batteries in their internal power supplies but these are seldom sufficient for more than a few tens of milliseconds of mains power outage at most. External UPS units, especially the computer-grade no-break permanently-on-line types with battery and generator backups, provide power to cover much longer mains outages (up to several days, until the fuel runs out). UPS units have to be maintained and tested regularly to ensure that the batteries remain in good condition and up to full capacity, but these very tests paradoxically increase the risk of power failures (although UPS tests can normally be done out of working hours). URL (Universal Resource Locator) Protocol for uniquely naming information resources on the Internet, based on a hierarchical schema. Wiring type commonly used for Ethernet LANs and telephones, consisting of pairs of wires simply twisted together and laid in a common sheath. Despite the simplicity and lack of shielding, UTP wiring is fairly immune to interference and unwanted signal radiation but (unlike coaxial and fibre-optic cabling) is probably not up to TEMPEST standards. Valid, validate, validation, invalid ... Valid items pass some test of authentication, truth, completeness, appropriateness, trustworthiness, timeliness etc. whereas invalid items do not. May apply, for instance, to data within a certain range of values and types (e.g. digital certificates are only acceptable between defined start and end dates). Given the human propensity for making typing mistakes, data-entry validation is an extremely important control, normally involving a combination of procedural/manual and logical/automated controls (e.g. 'Check the form before clicking save' appears, then the system confirms all mandatory fields are complete). Weak encryption algorithm invented by French cryptographer, Blaise de Vigenere, in the sixteenth century. Vigenere used a substitution method, similar to the Caesar cipher but with the added complication that the number of steps to rotate through the character set is varied in successive cycles using a key sequence. This process disguises simple linguistic patterns as a given character in the plaintext does not always translate to the same character in the ciphertext (also known as a 'polyalphabetic' cipher). A program that can "infect" other programs by modifying them to include or distribute a copy of itself. A virus may consume significant system resources and may include a payload. Some viruses are cryptic i.e. they use encryption techniques, self-modifying code, variable sequences, normally inaccessible areas of the disk etc. in an attempt to evade anti-virus controls. See also malware, worm and Trojan. Describes the use of encryption to provide a secure datacommunications route between parties over an insecure or public network, such as the Internet. After initially contacting each other over ordinary TCP/IP, the systems at either end of the VPN transparently negotiate and agree encryption parameters in such a way that an interceptor cannot determine the secret keys etc. Protocols commonly used for VPNs include: SSL, IPsec", PPTP and L2TP. Commonly used to secure sensitive Internet transactions e.g. submitting credit card details to an eCommerce site. Hardware, firmware, software, process, control or other flaw (an inherent weakness) that leaves a system open for potential exploitation by a threat, causing an impact on the organisation. (See also risk). WAN (Wide Area Network) A computer network between locations, typically using links over a public telephone or telecommunications network (cf. LAN). Public networks are generally regarded as more vulnerable than private networks to various security threats such as interception and redirection of traffic, unplanned service outages etc., although this assumption is not always true. Phreaking program that automatically dials telephone numbers within a certain range and logs any which are answered by data modems that may be vulnerable to subsequent attack. Users who connect insecure modems to LANs, PABXes or other systems may inadvertently create access points that bypass corporate firewalls. As a result of the cat-and-mouse games played by phreakers and telephone companies over the years, sophisticated war dialler software uses techniques such as non-sequential number selection and random delays in an attempt to evade detection. Hacking technique whereby a hacker simply drives through a commercial or urban district with a wLAN-enabled portable PC running a sniffer program such as Airsnort, in an attempt to discover details of unprotected wLANs (e.g. those without any encryption enabled). Slang Internet name for pirated software, typically served on hosts that have been breached by hackers. Backup data centre maintained in a state of partial readiness to take over operations at relatively short notice (typically within hours or days or a disaster affecting the main site). Generally has conventional IT facilities and services but not normally processing live data - may, for instance, be used for software testing or application development unless a disaster situation is declared under a Disaster Contingency Plan. Most commercial disaster-recovery facilities fall into this category. See also hot-site, cold-site and dual-live. Exploits involving technical security vulnerabilities in common web browsers that can be duped by hackers into loading and executing malicious code (e.g. by calling privileged functions within web-integrated office products and databases). In addition, the users themselves may be misled into weakening their browser settings etc. by social engineering techniques. Using vulnerabilities in the DNS protocols and procedures for registering and controlling domain names, hackers have been able to re-direct traffic from legitimate websites to fakes under their control, allowing them to masquerade as the real sites, substitute false pages, capture confidential information from users etc. WEP (Wired Equivalent Privacy) Link-layer (i.e. network-device to network-device, not end-to-end) Encryption system used by IEEE 802.11 wireless Ethernet LANs to provide authentication and confidentiality. Weaknesses in WEP implementations (e.g. short keys) create serious vulnerabilities in typical wireless LANs, such that they should really be limited to public systems on the 'outside' of corporate firewalls. Due to be replaced some time in 2002 or 2003. Person or human brain. Term derives from the fact that adult humans consist of about 60% water by weight. Humans form an extremely important part of all information security systems, primarily through the processes they perform. See also hardware, software and firmware (but not Tupperware or nightware). New term for wireless hacking i.e. hacking wireless LANs built with insecure protocols and/or flawed implementations (typically incorrect configuration). Successful wHackers in range of a wLAN are able to intercept, copy, decrypt and read data packets passively whilst remaining undetectable, and may be able actively to inject bogus or spoofed packets. Someone who discloses an illegal activity (such as a fraud) to management, Internal or External Auditors, regulators or even 'the media'. May be protected against retribution by the accused party through confidentiality arrangements, depending on the organisation concerned, and/or relevant legislation. Figurative term for 'the good guys' - information security professionals who have been explicitly authorised to examine a system's security, often by attempting logical access via public networks (penetration testing) (cf. black hats and grey hats, see also ethical hackers). TCP/IP application that interrogates the DNS to identify the registered owner of a domain name and other such information. These days, memorable and distinctive domain names are valuable intangible assets. Enterprising hackers have been known to compromise the DNS system to hijack other organisations' domain names, sending browsers to their own websites, often by defrauding those who manage the DNS through social engineering. Process or device used to intercept datacommunications unobtrusively. See also pen register. Most wireless LANs currently use the insecure IEEE 802.11 wireless Ethernet standards, complete with the flawed WEP encryption protocol and several other information security vulnerabilities. Other standards co-exist (e.g. Bluetooth and infra-red). Wireless Local Area Network (wLAN) LAN that uses low-power microwave radio instead of wires or fibre-optic cables to connect devices at normal Ethernet speeds. Intended for ad-hoc networking of small portable computer devices. Excessive transmitter power, inappropriate antenna types, locational problems etc. can easily result in wLAN signals extending well outside the intended local area (normally a single office room or building), making them vulnerable to wHackers and war-drivers. W.O.R.M. (Write Once Read Many) drive Data storage device that has been built and configured such that once data have been written to the device, they cannot be overwritten, modified or deleted. Can be useful for storing tamper-resistant audit trails and system security logs, if properly configured and physically and logically secured to prevent their subsequent destruction, removal or alteration. Independent program that replicates itself from machine to machine across network connections, often clogging networks and systems as it spreads. Term originally coined in 1975 by John Brunner in his book 'The Shockwave Rider'. Worms typically exploit technical vulnerabilities in the TCP/IP networking protocols and programs (e.g. Morris and "I Love You" worms). See also malware, virus and broadcast storm. Simple binary type of access control. Files or directories may be write-protected by setting an attribute bit, and write-enabled by resetting it. Diskettes are write-protected by moving a tab to expose a hole through the disk case, or write-enabled by closing the hole. See also read-only. X windows 'Universal' graphical interface, common on UNIX systems. Security vulnerabilities in the X windows environment have been exploited by hackers to gain unauthorised access to systems. Zero-knowledge attack Penetration testing scenario in which the testers are given no prior knowledge of the target environment but have to establish the facts during their tests as if they were members of the general public. Zero-knowledge password scheme Protocol for verifying that a counterparty actually possesses a ,a href="#Password">secret password without openly disclosing that password in cleartext (which would render it vulnerable to interception). 2600 magazine - The Hacker Quarterly Title of a popular hacking magazine, originally an underground/specialist publication that has gradually become more mainstream. 2600's articles on the DeCSS system to crack DVD copy protection led to a very public Federal court battle between its publisher and the Motion Picture of America Association (MPAA) and its eventual conviction under the US Digital Millennium Copyright Act. |
To Top
