Get started

Bring yourself up to speed with our introductory content.

Data Security and Cloud Computing

  • network behavior analysis (NBA)

    Network behavior analysis (NBA) is a method of enhancing the security of a proprietary network by monitoring traffic and noting unusual actions or departures from normal operation... (Continued) Continue Reading

  • Exploring authentication methods: How to develop secure systems

    Use this guide to discover authentication options and learn how to implement, maintain and secure several methods of authentication, such as biometrics, single sign-on (SSO) and smart cards to avoid security breaches and protect sensitive corporate ... Continue Reading

  • hybrid virus/worm

    A hybrid virus/worm is malicious code that combines characteristics of both those types of malware, typically featuring the virus' ability to alter program code with the worm's ability to reside in live memory and to propagate without any action on ... Continue Reading

  • HIDS/NIDS (host intrusion detection systems and network intrusion detection systems)

    Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS) are methods of security management for computers and networks... (Continued) Continue Reading

  • data encryption/decryption IC

    A data encryption/decryption IC is a specialized integrated circuit (IC) that can encrypt outgoing data and decrypt incoming data... Continue Reading

  • Open System Authentication (OSA)

    Open System Authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. With OSA, a computer equipped with a wireless modem can access any WEP network and receive...Continue Reading

  • Class C2

    Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests.Continue Reading

  • nonrepudiation

    Nonrepudiation is the assurance that someone cannot deny something, such as the receipt of a message or the authenticity of a statement or contract... (Continued)Continue Reading

  • honey monkey

    A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet. The expression, coined by Microsoft, is based on the term honey pot, which refers to a computer system ...Continue Reading

  • LEAP (Lightweight Extensible Authentication Protocol)

    LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. LEAP is designed to provide more secure authentication for 802.11 ...Continue Reading

  • PEAP (Protected Extensible Authentication Protocol)

    PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local ...Continue Reading

  • phlashing

    Phlashing is a permanent denial of service (PDoS) attack that exploits a vulnerability in network-based firmware updates. Such an attack is currently theoretical but if carried out could render the target device inoperable... (Continued)Continue Reading

  • CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)

    Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard for wireless local area networks (WLANs), particularly those using WiMax technology... (Continued)Continue Reading

  • password hardening

    Password hardening is any one of a variety of measures taken to make it more difficult for an intruder to circumvent the authentication process.Continue Reading

  • keystroke dynamics

    Keystroke dynamics are the patterns of rhythm and timing created when a person types...(Continued)Continue Reading

  • biometric verification

    Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits... (Continued)Continue Reading

  • anti-money laundering software (AML)

    Anti-laundering software is a type of computer program used by financial institutions to analyze customer data and detect suspicious transactions... (Continued)Continue Reading

  • DNS rebinding attack

    DNS rebinding is an exploit in which the attacker uses JavaScript in a malicious Web page to gain control of the victim's router. The attack works on widely-used routers such as D-Link and Linksys and could, in fact, target any device that uses a...Continue Reading

  • Kraken

    Kraken is the name given to a family of malware that's currently being used to create what the security firm Damballa has called "the world's largest botnet." Single bots infected with Kraken malware have been recorded sending up to 500,000 spam ...Continue Reading

  • Open Source Hardening Project

    The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code. Because the infrastructure of the Internet, financial institutions and many other critcal...Continue Reading

  • finger vein ID

    Finger vein ID is a biometric authentication system that matches the vascular pattern in an individual's finger to previously obtained data...(continued)Continue Reading

  • extrusion prevention

    Extrusion prevention, also called exfiltration prevention, is the practice of stopping data leaks by filtering outbound network traffic and preventing unauthorized packets from moving outside the network. In contrast, extrusion detection simply ...Continue Reading

  • password cracker

    A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resources.Continue Reading

  • role mining

    Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise... (Continued)Continue Reading

  • screened subnet (triple-homed firewall)

    A screened subnet (also known as a 'triple-homed firewall') is a network architecture that uses a single firewall with three network interfaces... (Continued)Continue Reading

  • talking Trojan

    A talking Trojan is a Trojan horse program that mocks the user of an infected PC with a repeating audio message while it deletes the entire contents of a hard drive. The first outbreak of the talking Trojan was called "BotVoice.A Trojan" and was ...Continue Reading

  • zombie computer (zombie bot)

    A zombie (also known as a bot) is a computer that a remote attacker has accessed and set up to forward transmissions (including spam and viruses) to other computers on the Internet. (Continued)Continue Reading

  • Securities and Exchange Commission (SEC)

    The Securities and Exchange Commission (SEC) is a U.S. government agency that oversees securities transactions, activities of financial professionals and mutual fund trading to prevent fraud and intentional deception... (Continued)Continue Reading

  • Secure Electronic Transaction (SET)

    Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet.Continue Reading

  • mutual authentication

    Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other... (Continued)Continue Reading

  • PAN truncation (primary account number)

    PAN (primary account number) truncation is a technology that prevents most of the digits in a credit card, debit card or bank account number from appearing on printed receipts issued to customers... (Continued)Continue Reading

  • PCI DSS Requirement 10: Track and monitor network access

    Many organizations have disparate networks and must manually track each system's log files in order to comply with PCI DSS. Individually sifting through system logs can be a major drain on IT, especially when the cause of a compromise needs to be ...Continue Reading

  • PCI DSS Requirement 1: Install and maintain a firewall configuration

    Simply installing a firewall on the network perimeter won't necessarily get you past PCI DSS Requirement 1. In this guide, Craig Norris explains the extra work that needs to be done.Continue Reading

  • PCI DSS Requirement 8: Assign unique user IDs to those with access

    To pass a PCI compliance audit, organizations need to be capable of verifying who is attempting access to an asset. They also must control what employees are permitted to see or modify, and do so based on their organizational role. In this PCI ...Continue Reading

  • PCI DSS Requirement 3: Protecting stored data

    One of the biggest problems with PCI DSS requirement 3 is that merchants must accurately know where credit card data flows from its inception, where it traverses the network and resides, and what its "state" is along the way. Craig Norris explains ...Continue Reading

  • PCI DSS Requirement 11: Regularly test security systems and processes

    Craig Norris explains why internal and external network scans are necessary to complete Requirement 11 of the PCI Data Security Standard, one that frequently baffles security professionals.Continue Reading

  • Rock Phish

    Rock Phish is both a phishing toolkit and the entity that publishes the kit, either a hacker, or, more likely, a sophisticated group of hackers. While the authors of the kit remain anonymous, Rock Phish has become the most popular phishing kit ...Continue Reading

  • authentication server

    An authentication server is an application that facilitates authentication of an entity that attempts to access a network...(Continued)Continue Reading

  • sheepdip (sheep dipping or a footbath)

    In computers, a sheepdip (or, variously, sheep dipping or a footbath) is the checking of media, usually diskettes or CD-ROMs, for viruses before they are used in a computer or network.Continue Reading

  • JavaScript hijacking

    JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML)... (Continued)Continue Reading

  • defense in depth

    Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise... (Continued)Continue Reading

  • Corporate Mergers and Acquisitions Security Learning Guide

    Mergers and acquisitions are common occurrences in today's information security market. In this SearchSecurity.com Learning Guide, a panel of experts breaks down M&A security priorities and explains the best ways to manage disparate security staffs,...Continue Reading

  • Malware: Glossary

    This is a glossary of terms related to malware.Continue Reading

  • Malicious Computer Code: Glossary

    This is a glossary of terms related to malicious computer code.Continue Reading

  • snooping

    Snooping, in a security context, is unauthorized access to another person's or company's data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping can include casual ...Continue Reading

  • snoop server

    A snoop server is a server that uses a packet sniffer program to capture network traffic for analysis.Continue Reading

  • war dialer

    A war dialer is a computer program used to identify the phone numbers that can successfully make a connection with a computer modem.Continue Reading

  • smurfing

    A smurf attack is an exploitation of the Internet Protocol (IP) broadcast addressing to create a denial of service.Continue Reading

  • phreak

    A phreak is someone who breaks into the telephone network illegally, typically to make free long-distance phone calls or to tap phone lines.Continue Reading

  • pharming

    Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent.Continue Reading

  • hijacking

    Hijacking is a type of network security attack in which the attacker takes control of a communication - just as an airplane hijacker takes control of a flight - between two entities and masquerades as one of them.Continue Reading

  • packet monkey

    On the Internet, a packet monkey is someone (see cracker, hacker, and script kiddy) who intentionally inundates a Web site or network with data packets, resulting in a denial-of-service situation for users of the attacked site or network.Continue Reading

  • Google hacking (Google scanning or Engine hacking)

    Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet...Continue Reading

  • gray hat (or grey hat)

    Gray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners.Continue Reading

  • Echelon

    Echelon is an officially unacknowledged U.S.-led global spy network that operates an automated system for the interception and relay of electronic communications.Continue Reading

  • cookie poisoning

    On the Web, cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft.Continue Reading

  • cypherpunk

    Cypherpunk, a term that appeared in Eric Hughes' "A Cypherpunk's Manifesto" in 1993, combines the ideas of cyberpunk, the spirit of individualism in cyberspace, with the use of strong encryption (ciphertext is encrypted text) to preserve privacy.Continue Reading

  • cyberstalking

    Cyberstalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail or instant messaging (IM), or messages posted to a Web site or a discussion group.Continue Reading

  • user profile

    In a Windows environment, a user profile is a record of user-specific data that define the user's working environment.Continue Reading

  • spoof

    Spoof was a game involving trickery and nonsense that was invented by an English comedian, Arthur Roberts, prior to 1884, when it is recorded as having been "revived.Continue Reading

  • spam trap

    A spam trap is the inclusion of an option in an online form that is preselected by default with the expectation that the user will fail to notice the option.Continue Reading

  • TACACS (Terminal Access Controller Access Control System)

    TACACS (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can ...Continue Reading

  • salt

    In password protection, salt is a random string of data used to modify a password hash.Continue Reading

  • public key certificate

    A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.Continue Reading

  • spam cocktail (or anti-spam cocktail)

    A spam cocktail (or anti-spam cocktail) is the use of several different technologies in combination to successfully identify and minimize spam. The use of multiple mechanisms increases the accuracy of spam identification and reduces the number of ...Continue Reading

  • promiscuous mode

    In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop server that captures and saves all packets for analysis (for...Continue Reading

  • shadow password file

    In the Linux operating system, a shadow password file is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system.Continue Reading

  • RADIUS (Remote Authentication Dial-In User Service)

    Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or ...Continue Reading

  • NCSA

    NCSA at the University of Illinois in Urbana, Illinois is the home of the first Web browser that had a graphical user interface.Continue Reading

  • script kiddy (or script kiddie)

    Script kiddy (sometimes spelled kiddie) is a derogative term, originated by the more sophisticated crackers of computer security systems, for the more immature, but unfortunately often just as dangerous exploiter of security lapses on the Internet.Continue Reading

  • session replay

    Session replay is a scheme a cracker uses to masquerade as an authorized user on an interactive Web site... (Continued)Continue Reading

  • masquerade

    In general, a masquerade is a disguise.Continue Reading

  • Joe job

    A Joe job is an e-mail spoofing exploit in which someone sends out huge volumes of spam that appear to be from someone other than the actual source.Continue Reading

  • mail bomb

    A mail bomb is the sending of a massive amount of e-mail to a specific person or system.Continue Reading

  • munging

    Munging is the deliberate alteration of an e-mail address on a Web page to hide the address from spambot programs that scour the Internet for e-mail addresses.Continue Reading

  • live capture

    Live capture is the act or method of gathering biometric data from an individual while the individual is physically present.Continue Reading

  • logon (or login)

    In general computer usage, logon is the procedure used to get access to an operating system or application, usually in a remote computer.Continue Reading

  • HDCP (High-bandwidth Digital Content Protection)

    HDCP (High-bandwidth Digital Content Protection) is a specified method from Intel for protecting copyrighted digital entertainment content that uses the Digital Video Interface (DVI) by encrypting its transmission between the video source and the ...Continue Reading

  • footprinting

    In the study of DNA, footprinting is the method used to identify the nucleic acid sequence that binds with proteins.Continue Reading

  • graphical password or graphical user authentication (GUA)

    A graphical password is an authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI).Continue Reading

  • identity chaos (password chaos)

    Identity chaos (sometimes called password chaos) is a situation in which users have multiple identities and passwords across a variety of networks, applications, computers and/or computing devices.Continue Reading

  • cipher block chaining (CBC)

    Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block).Continue Reading

  • cut-and-paste attack

    A cut-and-paste attack is an assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but is not the same as) the one removed.Continue Reading

  • Cyber Storm

    Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) February 6-10, 2006 to evaluate whether or not the country could withstand a real attack of similar magnitude...Continue Reading

  • cache cramming

    Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run.Continue Reading

  • cracker

    A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.Continue Reading

  • Automated Fingerprint Identification System (AFIS)

    The Automated Fingerprint Identification System (AFIS) is a biometric identification (ID) methodology that uses digital imaging technology to obtain, store, and analyze fingerprint data.Continue Reading

  • BioAPI Consortium

    The BioAPI Consortium is a group of over 90 organizations whose goal is to encourage and promote the growth of biometric technology by developing an industry-wide application programming interface (API.) The consortium's API defines how a software ...Continue Reading

  • AAA server (authentication, authorization, and accounting)

    An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.Continue Reading

  • bifurcation

    In the biometric process of fingerscanning, a bifurcation is a point in a finger image at which two ridges meet.Continue Reading

  • Public-Key Cryptography Standards (PKCS)

    The Public-Key Cryptography Standards (PKCS) are a set of intervendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI).Continue Reading

  • security policy

    In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets.Continue Reading

  • snake oil

    In cryptographic and other computer products, snake oil is a negative term used to describe exaggerated claims made by vendors who are overly optimistic or purposely seeking to take advantage of consumers who do not have the expertise to judge a ...Continue Reading

  • Sender Policy Framework (SPF)

    Sender Policy Framework (SPF) is an anti-spam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disguise the origin of their e-mail, a practice known as ...Continue Reading

  • network encryption (network layer or network level encryption)

    Network encryption (sometimes called network layer, or network level encryption) is a network security process that applies crypto services at the network transfer layer - above the data link level, but below the application level.Continue Reading

  • OCSP (Online Certificate Status Protocol)

    OCSP (Online Certificate Status Protocol) is one of two common schemes for maintaining the security of a server and other network resources.Continue Reading

  • plaintext

    In cryptography, plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted.Continue Reading

  • integrated threat management

    Integrated threat management is a comprehensive approach to network security that addresses multiple types of malware, as well as blended threats and spam, and protects from intrusion at both the gateway and the endpoint levels... (Continued)Continue Reading

  • Escrowed Encryption Standard (EES)

    The Escrowed Encryption Standard (EES) is a standard for encrypted communications that was approved by the U.S. Department of Commerce in 1994 and is better known by the name of an implementation called the Clipper chip.Continue Reading

  • greynet (or graynet)

    Greynet is a term for the use of unauthorized applications on a corporate network. A greynet application is a network-based program that corporate network users download and install without permission from their company's IT department.Continue Reading

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close