This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."

Download it now to read this article plus other related content.

Lost in Translation

There's a lot of jargon in security that can turn off business executives. Here are some common terms translated into plain English.

A group of compromised computers used without their owners' knowledge by Internet criminals to send spam, viruses, or launch DDoS attacks.

Distributed Denial of Service. Online attackers use multiple compromised computers to send a flood of messages to a target system such as an e-commerce site, forcing it to shut down, preventing legitimate users from accessing the site.

Demilitarized zone. A subnetwork between a company's private network and the outside public network, where organizations often place their Web servers.

An attack on a computer system that takes advantage of a vulnerability on the system.

Host Intrusion Detection Systems/Network Intrusion Detection Systems. HIDS are installed on individual computers to detect attacks. NIDS monitor network traffic for potential attacks.

Penetration test
Testing the security of a system or network by trying to break its controls and gain access.

Port scan
An attacker sends a series of messages to a computer to figure out which network services it has in order

    Requires Free Membership to View

to probe those services for vulnerabilities. Each service is associated with a port number.

A collection of programs that provides administrator-level access to a computer. An attacker that breaks through the user-access controls of a computer can install a rootkit, which can hide the intrusion and provide privileged access.

Script kiddie
Less skilled hacker; typically uses existing programs and scripts to launch attacks.

Spear phishing
Fraudulent email that targets a specific organization and aims to fool the recipient into divulging confidential data. Generally, the message will appear to come from someone within the recipient's company, such as an IT administrator.

Trojan horse
A computer program that appears harmless but contains malicious code.

Zero-day exploit
An exploit that takes advantage of a vulnerability that isn't generally known until the exploit surfaces; consequently no patch is available.

This was first published in July 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: