Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Security IT Terms

    Written by

    eweekdev
    Published August 19, 2010
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Access Control List

      Authentication

      Multifactor authentication

      Biometrics

      NAC Network Access Control

      Active Content

      Data leak

      Egress Scanning

      Botnet

      DDOS Distributed Denial of Service

      Honeypot

      Unified Threat Mangement

      Endpoint security

      Patch management

      Virus

      Penetration testing

      White Hat hacker

      Social Engineering

      Spoofing

      Proxy

      Layered security

      Access Control List

      An Access Control List (ACL) is a mechanism to limit the use of sensitive computers, data, networks, applications or other resources based on a user’s identity and membership in specific groups.

      ACL is a general term, rather than a specific product. Many types of software provide access control for different resources, at different levels. A desktop operating system, for example, lets a user log in, or not, depending on the rights that had already been given to that user within the computer’s access control list. In that case, the ACL could amount to the definitions within the user profiles listing who could only read data, who could read or write to a file, and which users are allowed to run a program on the PC.

      Applications, both enterprise-class and those aimed at individuals or workgroups, have their own security mechanisms, as do computer servers, storage, networking equipment and so on. In each case there is a separate ACL attached to that unit’s security mechanism.

      ACLs and unified security procedures are created using networked directories or security applications that allow a user to sign on once to “the network,” after which the directory or other mechanism takes over the task of access control for applications, servers and other resources.

      Related terms:

      Access rights

      IT security

      Filtering

      Penetration testing

      Data leak prevention

      Related links:

      Primer: Network Access Control

      Network Access Control in the Channel

      How To Adopt a 5-Layer Security Strategy

      2 Screws, 1 Plastic Cover, How Many Airports Infiltrated?

      Authentication

      In computer security, authentication is the process of confirming the identity of a person, application or device in order to grant or prevent access to an information technology resource.

      Authentication is most often done using the combination of a user name and password, although techniques using biometric data, such as fingerprints, are becoming more common for end users. Devices and applications typically use pre-shared unique identifying numbers they encrypt before using to prove their identity.

      Once a user has been authenticated, or satisfied the security system that they are who they say they are, that identity data then goes to the software that manages access control so users can be granted the appropriate level of access to the network or systems.

      Related terms:

      Access control

      Network access control

      Audit control

      Password

      Related Links:

      What Is Multifactor Authentication?

      Whats New in Authentication Technologies for Online Transactions?

      Two-Factor Authentication Still Strong

      Multifactor authentication

      In computer security, multifactor authentication is the process of using more than one type of evidence to confirm the identity of a person, application or device in order to grant or prevent access to an information technology resource.

      Automatic teller machine cards are examples of multifactor authentication because they rely on a physical token with specific account information, but also require a password before a user can be authenticated.

      Often described as “something you have and something you know,” multifactor authentication typically relies on a physical device or a pre-distributed electronic code, for initial identification; the second factor is a password that a user would know rather than carry. This method minimizes the chance of a thief gaining access to a bank account or other system simply by stealing a key card.

      PC-based software, often a long, encrypted number that acts as a key in the authentication process, is usually considered to be part of a multifactor authentication process, but because there is no physical object present, some security experts dispute this.

      Related terms:

      Password

      Voice identification

      Authentication

      Access control

      Biometric security

      Biometrics

      Biometrics is the process of using human physical attributes to prove a user’s identity and give him or her access to an application, device or network. Using the unique patterns of blood vessel in the eyes has been a staple of science fiction movies and thrillers for years, but only recently have mainstream IT systems begun to use elements such as fingerprints for authentication. Some laptops ship with fingerprint readers as standard equipment, and they’re beginning to pop up on other mobile devices as well.

      Biometrics work in the same way as passwords; once the user-provided information is entered, the information is compared against information on file, the security system verifies whether the user has permission to use that system and, if so, grants access. Fingerprints and other biometric targets are stored as image files and compared to image files that already exist in the system. Other biometric targets include voice, signature, face, iris, retina, vein patterns and voice. Of those, iris scanning has the lowest error rate, but fingerprint scanning has become popular due to its superior cost/benefit result.

      Related terms:

      Identity

      False encryption rate

      False acceptance rate

      Equal error rate

      Enrollment

      Authentication

      Access control

      Network Access Control (NAC)

      Network Access Control (NAC) is the process of securing a network to prevent unauthorized devices from connecting, and to ensure that devices with permission to connect can only do so after demonstrating they have not become a security risk.

      Often used synonymously with Endpoint Security, NAC systems are concerned with devices and users that have legitimate rights on a network or system, but who operate disconnected and then return.

      Laptops, PDAs, smartphones and other portable devices, which can be scanned, authenticated and configured to use network resources securely, can be infected or otherwise compromised while being used away from a secure network. Rather than allow a device infected with a computer virus or other security exploit, NAC software can allow a device limited access to resources on the network, until it has been scanned and certified as still secure.

      Endpoint security makes the assumption that network or security managers will not be able to control the types of devices their users employ to get to computing resources and therefore have to find ways to secure the IT infrastructure against threats from relatively uncontrolled access devices.

      Related terms:

      Access control

      Edge security

      Authentication

      Related links:

      Primer: Network Access Control

      NAC Attack: Todays Products Will Fail, Report Says

      NAC Will Fill a Big IT Security Gap

      Smaller Players Filling NAC Void

      Active Content

      Active content is any kind of programming code embedded in a Web page. Java, ActiveX and AJAX are all code-development mechanisms commonly embedded in Web pages to add scrolling images or text, present maps, games or other content.

      When a Web browser makes a request to view the page, the program code downloads automatically and executes on the end-user’s machine. Because the intentions of the programmer and the functions of the active content aren’t obvious, active content is a frequent security risk.

      Related terms:

      Java

      Active X

      AJAX

      Sandbox

      Trojan Horse

      Related links:

      Microsoft Licenses Its Audio Watermarking Tools to Activated Content

      Microsoft Still Suffers Insecurity Complex

      Data leak

      A data leak is the involuntary release of data from an organization or individual due to flaws in security procedures or the participation of those with legitimate access to the data. The term was derived from data leak prevention (DLP), a marketing term that became popular in 2006 to describe a variety of security mechanisms or products. Data leak has since come to mean any copying or access that leaves data a copy of the data in unauthorized hands.

      Unlike access control, which focuses on preventing the illicit use of systems or data, DLP focuses on the data itself and ways to keep it from being misused. Intrusion detection systems, encryption, network access control, access control and other techniques are often included in the category DLP. The goal of all of them, as well as access control limitations that prevent data from being copied from its source to any but a few authorized destinations, is to keep data from making it through an organization’s egress points, Internet gateways, portable storage devices and any other way data can be removed from a company’s premises.

      DLP products are also marketed as ways to prevent employees from copying sensitive data to laptops, thumb drives, MP3 players and other devices with substantial data storage capacity that might not otherwise attract the attention of security.

      Related terms

      Intrusion detection system (IDS)

      Egress scanning

      Egress content scanning

      Access control

      Endpoint security

      Related links:

      Security Vendor Brings Data Leak Prevention to IPv6

      HIV Data Leak Spurs Security Restructuring at Drugmaker

      New Report Chronicles the Cost of Data Leaks

      Waiting for a Breach to Deploy Data Loss Prevention Can Prove Costly

      Egress scanning

      Egress scanning is the process of monitoring the datagoing through an organization’s Internet gateway in order to determine whether the company’s computers have become inadvertent participants in attacks on other Internet sites. Most of the focus in IT security is in preventing hackers and malware from entering a company’s networks or systems, but the volume and variety of malware is so great that few organizations are able to filter it all out.

      Many categories of malware, a category that includes viruses, Trojan Horses and other small programs that are installed on a computer without the owner’s knowledge or consent, are designed to scan the victim’s machine for valuable data and send it over the Internet to the malware writer. Others are designed to take over a computer and allow it to be controlled from outside, usually to allow the perpetrator to use the machine to launch attacks on other machines.

      Called ‘bots, computers that have been taken over by malware writers become part of an unauthorized network of sometimes thousands of computers that can launch massive attacks against other sites without the attack being traced back to the perpetrator.

      Egress scanners monitor a company’s Internet gateway for outbound traffic that could indicate that computers inside the company had been compromised and were being remote-controlled into attacks that could leave their owners legally liable.

      Related terms:

      Access control

      Data leak prevention

      Botnet

      Distributed Denial of Service (DDOS) attack

      Related links:

      PathControl Maps Best Egress Route

      Remediation Software Automatically Detects Malware

      Botnet

      Botnet is a slang term referring to a network of computers that have been compromised by a virus, Trojan Horse or other malware, allowing the malware distributor to control the machines to launch attacks against other organizations.

      Viruses or other malware arriving via email or direct transfer of infected files, copy themselves onto a user’s hard drive, grant themselves large amounts of control, and try to propagate themselves onto additional machines. Malware processes remain invisible to the process-monitoring tools typically available to users, so users may not even realize their computer has been infected.

      Botnet malware uses the compromised computer’s Internet access to monitor; communication channels chosen by the perpetrator, usually specific Internet Relay Chat addresses or channels. The perpetrator can send commands to the botnet software, which could be installed on thousands or tens of thousands of computers, so they can act in concert to launch Distributed Denial of Service (DDOS) attacks, brute force password attacks or other exploits.

      After the attack, botnets that have not been discovered remain dormant until the next set of commands is sent. Because it’s very difficult to track commands through IRC, and the malware itself is distributed indirectly, it’s extremely hard to track an attack back to the people responsible.

      Originally used to launch exploits for bragging rights or personally motivated acts of online vandalism, botnets and botnet organizers are now often part of criminal networks that threaten attacks to extort money from victims, or take money from one organization to attack or harass another.

      Related terms:

      Distributed Denial of Service (DDOS)

      Syn flood

      Malware

      Egress scanner

      Anti-malware

      Related links:

      Video: Botnet Basics

      MS06-040 Botnet Attack Reloaded

      Keeping an Eye on Botnets

      Police Raid Home of Suspected Botnet Ringleader

      Hunt Intensifies for Botnet Command & Controls

      Distributed Denial of Service (DDoS)

      A distributed denial of service attack is a sudden flood of requests delivered to one computer or Web site, delivered by hundreds or thousands of computers connected to the Internet in different locations, with the intent of overloading the target computer and forcing it to shut down.

      DDOS attacks are often delivered by botnets, unauthorized networks of hundreds or thousands of computers infected with malware that forces them to obey commands of the malware’s owner, delivered by covert means.

      By using thousands of machines to attack without their owners’ knowledge, a malware writer is able to launch floods of requests so heavy that even the most powerful Web sites can be overwhelmed and have to shut down temporarily. Even when the site doesn’t have to shut down, traffic from a DDoS attack can blanket the victim so heavily that legitimate requests can’t get through.

      Originally used to launch exploits for bragging rights or personally motivated acts of online vandalism, DDoS attacks from botnets and their organizers are now often part of criminal networks that threaten attacks to extort money from victims, or for competitive reasons.

      Related terms:

      Botnet

      Malware

      Virus

      Organized crime

      Firewall

      Related links:

      Anti-Spam Orgs Under DDoS Siege

      DDoS Attack Knocks Out DoubleClick Ads

      Spyware Critic Knocked Offline by DDoS Attack

      DDoS Attacks for the Common Man

      DDoS Attackers Raising the Bar

      Hackers, Extortion Threats Shut Down Game Site

      Worldwide Phishing Attacks May Stem from Few Sources

      Honeypot

      In computer security, a honeypot is a computer system or network deliberately exposed to attacks from hackers or other online sources in order to identify attacks and attackers without exposing a company’s critical data or systems.

      Honeypots act as traps for attackers who believe they have broken into a sensitive system, allowing security managers to watch and record their techniques as the hackers try to take over control of the honey pot and use it to launch attacks against higher-priority targets.

      Honeypots can also enhance security simply by diverting attacks away from critical servers and onto expendable machines, or by appearing to be the best target for spam attacks, diverting spam from legitimate email servers. Honey pots are configured as much as possible to look like real corporate servers, and to keep a cracking attempt contained within the honeypot system for as long as possible.

      Honeypots can be individual servers, specific applications, unused IP addresses or network segments or other functional part of the IT infrastructure.

      Related terms:

      Malware

      Hacker/Cracker

      Intrusion detection system

      Botnet

      Related links:

      Malware Honeypot Projects Merge

      Honeypot Project: Unpatched Linux Systems Last Longer than Windows

      Honeypot + Honeypot = Honeynet

      HP Writes ‘Good Worm’?

      MS Researchers Tackle Automated Malware Classification

      Unified Threat Management

      Unified threat management (UTM) describes a category of firewall that includes a series of other functions as well as simple access control, including spam filters, intrusion detection, web content filtering and other functions.

      By combining several major security functions that operate at the Internet gateway, UTM products reduce the number of products security managers have to keep updated and maintained. The term was invented by analysts at IDC in 2004.

      Related terms:

      Anti-spam

      Firewall

      Web filter

      Network Address Translation (NAT)

      Related links:

      Wave of New Security Products Arrives at Interop

      Firewalls Gain Strength as Main Line of Network Defense

      Endpoint security

      Endpoint security is the practice of installing security software on laptops, smartphones, PDAs and other mobile devices but keeping security policies and security management centralized.

      Endpoint security approaches grew up out of the tendency of end users in an organization to use unsecured mobile devices to attach to protected corporate systems and applications, bypassing established security procedures. Endpoint security software provides anti-virus and other security functions on the mobile device itself. It also allows security managers to create a two-stage authentication process that lets users log in and get access to their data, but keeps any security risks isolated until the mobile device can be scanned and approved for full access.

      Related links:

      Network Access Control

      Access control

      Anti-virus

      Related links:

      TNC Endpoint Security Gains Traction

      Security Seal for A/V-Network Interoperability

      The 2008 Security Checklist

      Smaller Players Filling NAC Void

      Patch Management

      Patch management is the process of downloading, installing, testing and verifying the efficacy of software updates designed to repair errors and plug security holes in software that has already been installed.

      As security risks have increased, vendors have increased the pace with which they issue patches to counter new risks. Corporate IT departments often establish special teams within IT departments to gather and test patches before distributing them, and to gather inventory data showing what applications they run, in what divisions, and what patches have been, or need to be applied.

      Virus

      A computer virus is a small piece of self-installing, self-replicating software that is installed clandestinely on a victim’s computer for malicious purposes. The virus either carries with a malicious “payload” or downloads it after installation in order to corrupt data or applications, or allow a third party to control the infected machine covertly.

      Viruses are so widespread on the Internet that everything from e-mail to applications to images to graphics files must be scanned for possible infections. Some viruses are created purely for vandalism; others are created for financial gain.

      Related terms

      Anti-virus

      Infection

      Botnet

      Related links:

      Instability and Modern Anti-Virus Software

      Managed Security Plugs Law Firm`s Virus Holes

      New Virus Attack Technique Bypasses Filters

      Spam Trojan Installs Own Anti-Virus Scanner

      Penetration testing

      Penetration testing, or pen testing, is the process of probing or actively attacking a system to verify that the security is effective or to expose previously unidentified weaknesses. Penetration-testing teams use all available documentation on the systems involved as well as the newest hacking techniques or tools.

      Related terms:

      Hack attack

      Hacker

      Security exploit

      Related links:

      Pen Testing in the Palm of Your Hand

      Core Updates Automated Pen Testing

      White Hat hacker

      White hat hackers are members or former members of the hacking community who are not involved in data theft or illicit computer intrusion, but who often work as penetration testers and computer security consultants, using their hacking background and skills to counter the illegal efforts of “black hat” hackers.

      White hat penetration test teams, also known as sneakers, tiger teams or red teams, use all available documentation and hacking tools to try to break into a client’s systems in order to expose security holes so the client can close them.

      Despite avowals of “ethical” hacking only, many mainstream security managers are suspicious of white-hats, even those they hire to improve their own security. Identifying with the hacker community brings with it a cachet outside corporate IT departments and government agencies, but has the opposite effect within them.

      “Gray hat” and “brown hat” are both terms used to describe hackers whose activity falls on both sides of an ethical line.

      Related terms:

      Hacker

      Cracker

      Penetration testing

      Security evaluation

      Cybercrime

      Related links:

      Microsofts Blue Hat Shows Its Serious About Security

      CIOs Learn Very Little From Security Audits

      Putting a Face on Net Neutrality; Black Hat News

      Vista, Rootkits Headline Hacker Confab

      Social engineering

      Social engineering is the term used to describe any technique that uses the carelessness or manipulation of users to get information a hacker needs successfully break into a secured computer system.

      Techniques include pretending to be a legitimate user in a phone call o the targeted company, collecting printouts of potentially sensitive information from the trash, befriending legitimate users or IT specialists and squeezing sensitive information out of them, or even walking into a company pretending to be an employee and plugging a laptop into an unsecured network port.

      Related terms

      Hacking

      Fraud

      Related links

      Spoofing

      Spoofing is any process in which a person or computer system pretends to be another in order to get access to a secured system. Bypassing authentication procedures and displaying the same data a legitimate user or system would display allows hackers to, among other things, spoof an IP address in order to receive traffic that should have gone to the real address, spoof Web sites for the same reason, spoof humans by pretending to be someone else to get access.

      Related Terms

      Access control

      Fraud

      White hat hacker

      Authentication

      Related links:

      Opera Battles Spoofing in Latest Beta Release

      Internet Explorer Spoofing Vulnerability Found

      Another IE Spoofing Hole Found

      Microsoft Patches Spoofing Flaw in ISA Server

      Proxy

      In computer security, a proxy is a firewall security mechanism in which an end user or secure system sends email, data requests and other traffic to another computer, which acts as an intermediary, passing that traffic along to its original destination. The proxy remains exposed to the Internet and any potential risks, concealing the identity and location of end users or systems using it. That smokescreen makes it harder for hackers to target specific users or machines, but it also makes it difficult for Web sites to collect data on end users because the only identity they see is that of the proxy.

      Related terms:

      Firewall

      Network Address Translation

      Firewall

      Identity management

      Related links

      Proxy Architecture Extends Microsoft IM Platforms Reach

      Java Proxy Server Crack Can Let in Superuser Attackers

      Proxy Architecture Extends Microsoft IM Platform’s Reach

      Layered security

      In information technology, layered security is the tactic of using several different approaches to secure the same system so that if one system is bypassed, another can still halt any illicit attempts. Layers could include physical security to keep hackers from entering the building, perimeter security to keep risky traffic from entering the network, content filters that identify risky code once it begins operating inside the network, and an intrusion detection system to identify illicit activities within secured systems.

      Related links

      VOIP Security Requires Layered Approach, Experts Say

      New Security Survival Guide: How to Layer a Solid Defense

      eweekdev
      eweekdev
      https://www.eweek.com

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×