Monday, December 31, 2012

Common Security Terms - More terms

In the past, I have written about some important system security terms here. Below is the enhanced list which you may find useful. See my video, Cyber Security Basic Terms and Concepts or read on...

1. Allowed IP address list
It is a list of specific external IP addresses that are allowed to connect to and use the system. Generally speaking, the use of this list is more restrictive than allowing users from only specific time zones or only specific geographic locations.

2. Anti-spyware software
It is the software that searches and destroys spyware. Spyware is software that collects information from a system and transmits it to its server(s). Spyware  generally works silently without harming the resources of the host system. Anti-spyware software needs the latest engine and anti-spyware definitions to provide up-to-date protection to the system.

3. Anti-virus software
It is the software that detects and removes virus. Viruses are software that restrict, harm or render the host system resources unusable. Anti-virus software needs the latest engine and virus definitions to provide up-to-date protection to the system.

4. Authentication
It is the process of confirming the genuineness of an entity or data. For example, when a user logs into a website, the website tries to confirm if the user is genuine. That is, he is using the correct login name and password which are active in the site database. There can be other user data involved in authentication e.g. security token, Personal Identification Number (PIN) or finger prints/ retina print.

5. Authorization
It is the grant of permissions to do certain actions. For example on a website, a general user may view their transactions and modify their profile. But, if the general user is inactive, he may only activate his account and not even view his own profile. An admin user may view and modify the settings of the website, but may not view any user's data.

6. Cryptography
It is the use of techniques to assure secure communication. Such techniques include using encryption algorithms and digital signatures. For example, a website may require encrypted data sent from the server to the client browser. This data is decrypted in the client and then rendered to the user.

7. Environmental security
It is the provision of an optimum working environment to the system. Examples of environmental security include providing to the system the correct temperature range, a stable working platform and a dust-free and dehumidified environment.

8. Exploit
An exploit can be a wide range of items e.g. a set of commands, a set of data or even a particular system. It is possible to use an exploit against an insecure information system with the purpose of generating undesirable behavior in the system. Exploits always target a vulnerability (see below) in the system. For example, an attacker places exploit code on a trusted website. A user accesses the site from an insecure client machine which results in the user's browser executing the exploit code. The attacker then runs some attack using the user's machine with user credentials.

9. Firewall
A firewall is a software-based or hardware-based device that can be configured to allow genuine network traffic to go through and stop malicious traffic. For example, a firewall may intercept all network packets sent to an application, such as a browser. If the traffic originates from a known dangerous source, it may drop all the packets preventing harm to the client machine.

10. Identity
It is the set of data that is unique to a person. The digital identity of a person is the identity that is used on-line. For example, the identity of an employee may comprise of attributes such as Employee number, Date of joining, First name and Last name. The employee is then required to use this identity within the organization throughout their stay.

11. Internet security suite
It is the collection of various system security products (like anti-virus, anti-spyware, email spam protector, firewall and backup) all from the same software vendor.

12. Login name
This is the name by which the system identifies a user internally. It may or may not be the same as the user name which is the name displayed by the system and communicated to other users. For example, isingh followed by 30 is my Gmail login name but my user name is Inder P Singh which is displayed in my inbox and in my emails to others.

13. Penetration test
It is a test to check the security of a network while pretending to be an external attacker. It is also called a pentest. The goal of a pentest is to gain access and some level of control over a device within the network. Valuable information is discovered by a pentest e.g. vulnerabilities present in the network and the effectiveness of automatic network scanning software.

14. Physical security
It is the presence of physical barriers to information resources of an organization. Examples include gated access manned by security guards, access card swipes required to enter the premises and logged access to restricted areas within the premises. Physical security works in conjunction with operational security. For example, gated access needs dutiful logging by someone of the persons entering the restricted area.

15. (Web) Proxy server
It is a server through which a user may connect to a web site. The web site gets the user information (e.g. IP address, geographic location, operating system, browser) of the proxy server and not of the user system. Therefore, a proxy server makes the user anonymous to the web site. But, the proxy server may or may not itself log the user system information.

16. Site advisor
It is the software that works within the browser to ensure that the user visits only safe web sites. It warms the user whenever the user clicks on a link pointing to a suspect website (that may contain viruses, malware or spyware).

17. Threat
It is a danger to the information resources of an organization. It can be intentional e.g. an external attacker or accidental e.g. an earthquake. There are usually numerous threats to the information resources e.g. natural catastrophes, power outages, hardware/ software failures and malicious individuals/ organizations. Information resources of different organizations may face the same threats.

18. Updates
These are the new program versions, engine versions, definitions, databases and bug fixes etc. released by software vendors from time to time. Updates are available for software like operating systems, applications, anti-virus software and anti-spyware software. In order to keep a system secure, it is important to keep all software updated.

19. User name
This is the name which is displayed to the user and communicated to other users. See the example in Login name above.

20. Vulnerability
It is a weakness within the information system of an organization. For example, software vulnerability arising from insufficient testing, hardware vulnerability arising from its insecure storage and physical site vulnerability arising from its location within a natural disaster prone area.