null Definitions

Search Definitions
  • S

    soft token

    A soft token is a software-based security token that generates a single-use login PIN. Traditionally, a security token has been a hardware device that produces a new, secure and individual PIN for each use and displays it on a built-in LCD display.

  • spam filter

    A spam filter is a program that is used to detect unsolicited and unwanted email and prevent those messages from getting to a user's inbox.

  • spam trap

    A spam trap is an email address that is used to identify and monitor spam email.

  • spear phishing

    Spear phishing is an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.

  • spyware

    Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.

  • SSL (Secure Sockets Layer)

    Secure Sockets Layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet.

  • SSL certificate (Secure Sockets Layer certificate)

    A Secure Sockets Layer certificate, known commonly as an SSL certificate, is a small data file installed on a Web server that allows for a secure connection between a Web server and a Web browser.

  • SSL checker (secure socket layer checker)

    An SSL checker (Secure Sockets Layer checker) is a tool that helps an organization verify proper installation of an SSL certificate on a Web server to ensure it is valid, trusted and will work properly for its users.

  • SSL VPN (Secure Sockets Layer virtual private network)

    An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote-access VPN capability.

  • stealth virus

    In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.

  • steganography

    Steganography (pronounced STEHG-uh-NAH-gruhf-ee, from Greek steganos, or "covered," and graphie, or "writing") is the hiding of a secret message within an ordinary message and the extraction of it at its destination.

  • STIX (Structured Threat Information eXpression)

    STIX (Structured Threat Information eXpression) is an XML programming language that allows cybersecurity threat data to be shared.

  • stream cipher

    A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time.

  • strong cryptography

    Strong cryptography is used by most governments around the world to protect communications. It involves secreted and encrypted communication that is not amenable to cryptographic analysis.

  • Stuxnet

    The Stuxnet worm is a rootkit exploit that targets supervisory control and data acquisition (SCADA) systems.

  • sudo (superuser do)

    Sudo (superuser do) is a utility for UNIX- and Linux-based systems that provides an efficient way to give specific users permission to use specific system commands at the root (most powerful) level of the system. Sudo also logs all commands and arguments.

  • supercookie

    A supercookie is a type of tracking cookie inserted into an HTTP header by an internet service provider to collect data about a user's internet browsing history and habits.

  • supply chain attack

    A supply chain attack is a type of cyber attack that targets organizations by focusing on weaker links in an organization's supply chain.

  • SYN flood (half open attack)

    SYN flooding is a method that the user of a hostile client program can use to conduct a denial-of-service (DoS) attack on a computer server.

  • What is SecOps? Everything you need to know

    SecOps, formed from a combination of security and IT operations staff, is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets, often operating from a security operations center, or SOC.

  • T

    TAN (transaction authentication number)

    A transaction authentication number (TAN) is a type of single-use password used for an online banking transaction in conjunction with a standard ID and password. TANs are often in a list made by a financial institution and sent to the owner of the account.

  • TDL-4 (TDSS or Alureon)

    TDL-4 is sophisticated malware that facilitates the creation and maintenance of a botnet.  The program is the fourth generation of the TDL malware, which was itself based on an earlier malicious program known as TDSS or Alureon.

  • threat modeling

    Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system.

  • three-factor authentication (3FA)

    Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors – typically, the knowledge, possession and inherence categories.

  • Tilded platform

    The Tilded platform is a malicious software communicator specifically designed as a vessel for transmitting malware undetected.

  • time-based one-time password (TOTP)

    A time-based one-time password (TOTP) is a temporary code, generated by an algorithm, for use in authenticating access to computer systems.

  • timing attack

    A timing attack looks at how long it takes a system to do something and allows the attacker, through statistical analysis, to learn enough about the system to find the decryption key needed to gain access to it.

  • tokenization

    Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.

  • Transport Layer Security (TLS)

    Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications.

  • TrickBot malware

    A TrickBot is malware designed to steal banking information.

  • Trojan horse (computing)

    In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.

  • TrueCrypt

    TrueCrypt is a cross-platform open source program for file and full disk encryption (FDE).

  • trusted computing

    Trusted computing is a broad term that refers to technologies and proposals for resolving computer security problems through hardware enhancements and associated software modifications... (Continued)

  • trusted computing base (TCB)

    The trusted computing base (TCB) is everything in a computing system that provides a secure environment.

  • two-factor authentication (2FA)

    Two-factor authentication (2FA) is a verification process in which the user provides two different authentication factors to prove their identity. Credentials can be based on knowledge, possession, inherence, location or time.

  • two-step verification

    Two-step verification requires the sequential use of two authentication methods to verify that someone or something is who or what they are declared to be. In contrast with two-factor authentication processes, the methods in two-step verification can belong to the same category of authentication factors.

  • Twofish

    Twofish is an encryption algorithm based on an earlier algorithm, Blowfish, and was a finalist for a NIST Advanced Encryption Standard (AES) algorithm to replace the DES algorithm.

  • U

    unified threat management (UTM)

    Unified threat management (UTM) describes an information security (infosec) system that provides a single point of protection against threats, including viruses, worms, spyware and other malware, and network attacks.

  • United States Secret Service (USSS)

    The United States Secret Service (USSS) is a federal law enforcement agency mandated by Congress to carry out two sets of primary objectives: provide protection for designated sites and events as well as national and visiting leaders, and preserve the integrity of the U.S. economy by safeguarding the nation's financial infrastructure and payment systems.

  • user account provisioning

    User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and provisioning of access to software and data is is consistent and simple to administer.

  • user authentication

    User authentication verifies the identity of a user attempting to gain access to a network or computing resource by authorizing a human-to-machine transfer of credentials during interactions on a network to confirm a user's authenticity.

  • user behavior analytics (UBA)

    User behavior analytics (UBA) is a process in which security teams use monitoring tools to track, collect and assess the network activities of all individuals accessing those system to detect potentially malicious activity.

  • USGCB (United States Government Configuration Baseline)

    The United States Government Configuration Baseline, or USGCB, is a government-wide initiative that provides guidance on information security configuration best practices for IT products leveraged by federal agencies.

  • V

    vandal

    A vandal is an executable file, usually an applet or an ActiveX control, associated with a Web page that is designed to be harmful, malicious, or at the very least inconvenient to the user.

  • Verizon Data Breach Investigations Report (DBIR)

    The Verizon Data Breach Investigations Report (DBIR) is an annual publication that provides data from and analysis of information security incidents, with a specific focus on data breaches.

  • Verizon VERIS (Vocabulary for Event Recording and Incident Sharing) Framework

    The VERIS (Vocabulary for Event Recording and Incident Sharing) Framework is a taxonomy that standardizes how security incidents are described and categorized.

  • virus (computer virus)

    A computer virus is malicious code that replicates by copying itself to another program, computer boot sector or document and changes how a computer works.

  • virus hoax

    A virus hoax is a false warning about a computer virus.

  • VLAN hopping (virtual local area network hopping)

    VLAN hopping (virtual local area network hopping) is a method of attacking a network by sending packets to a port at a network end point that is not normally accessible to the sender.

  • voice squatting (skill squatting)

    Voice squatting is an attack vector for voice user interfaces (VUIs) that exploits homonyms (words that sound the same but are spelled differently) and input errors (words that are mispronounced).

  • voluntary botnet

    A voluntary botnet is a distributed network of computers whose processing power is harnessed to carry out a political or socially-motivated denial of service (DoS) attack.

  • vulnerability assessment (vulnerability analysis)

    A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures.

  • vulnerability disclosure

    Vulnerability disclosure is the practice of publishing information about a computer security problem, and a type of policy that stipulates guidelines for doing so.

  • W

    walled garden

    On the Internet, a walled garden is an environment that controls the user's access to Web content and services.

  • WannaCry ransomware

    The WannaCry ransomware is a worm that spreads by exploiting vulnerabilities in the Windows operating system.

  • WAPI (WLAN Authentication and Privacy Infrastructure)

    WAPI (WLAN Authentication and Privacy Infrastructure) is the wireless local area network (WLAN) standard officially supported by the Chinese state government.

  • watering hole attack

    A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.

  • Web application firewall (WAF)

    A web application firewall (WAF) is a firewall that monitors, filters and blocks data packets as they travel to and from a website or web application.

  • web server security

    Web server security is the protection of information assets that can be accessed from a Web server.

  • WebAuthn API

    The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web applications authenticate users without storing their passwords on servers.

  • whaling attack (whaling phishing)

    A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company.

  • white hat

    A white hat hacker is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.

  • Wi-Fi Pineapple

    A Wi-Fi Pineapple is a wireless auditing platform from Hak5 that allows network security administrators to conduct penetration tests.

  • Wi-Fi Sense

    Windows Wi-Fi Sense allows Windows 10 users to get Internet access from public hotspots and private wireless local area networks (WLANs) that have been shared by friends. Although Wi-Fi Sense is enabled by default in all editions of Windows 10, the feature can be turned off by users and access can be disabled by wireless network administrators.

  • wildcard certificate

    A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains.

  • Windows Defender Exploit Guard

    Windows Defender Exploit Guard (EG) is an anti-malware software developed by Microsoft that provides intrusion protection for users with the Windows 10 operating system (OS).

  • Wired Equivalent Privacy (WEP)

    Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN. A wired local area network (LAN) is generally protected by physical security mechanisms (controlled access to a building, for example) that are effective for a controlled physical environment, but may be ineffective for WLANs because radio waves are not necessarily bound by the walls containing the network.

  • WPA3

    WPA3 is a security certification program developed by the Wi-Fi Alliance to ensure Wi-Fi related products meet a common standard.

  • X

    X.509 certificate

    An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.

  • Y

    YubiKey

    YubiKey is an authentication device that allows users to securely log into their email, online services, computers and applications using one-time passwords, static passwords or FIDO-based public and private key pairs.

  • Z

    What is zero trust? Ultimate guide to the network security model

    Zero trust is a security strategy that assumes all users, devices and transactions are already compromised. The zero trust model requires strict identity and device verification, regardless of the user’s location in relation to the network perimeter.

  • zero-day (computer)

    Zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw.

  • zero-day exploit

    A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.

  • Zeus Trojan (Zbot)

    Zeus, also known as Zbot, is a malware toolkit that allows a cybercriminal to build his own Trojan Horse. A Trojan Horse is programming that appears to be legitimate but actually hides an attack.

  • Zoombombing

    Zoombombing is a type of cyber-harassment in which an individual or a group of unwanted and uninvited users interrupt online meetings over the Zoom video conference app.

SearchCloudSecurity
SearchNetworking
SearchCIO
SearchEnterpriseDesktop
SearchCloudComputing
ComputerWeekly.com
Close