 |
|
access - establish a connection to a process, file or data in transit, or to read from or write to a file AFIWC - the Air Force Information Warfare Center at Kelly Air Force Base, San Antonio, TX ANOVA - analysis of variance ARPA - the Advanced Research Projects Agency - the Defense Department's research agency that funded, through their Information Processing Techniques Office (IPTO), the development of the original Internet (at one time also known as DARPA) ARPAnet - the name of the original Internet funded by ARPA attack - a single unauthorized access attempt, or unauthorized use attempt, regardless of success authenticity - the principle that ensures that a message is received in exactly the same form in which it is sent autonomous agents - a program or program fragment which operates independently from the user to exploit vulnerabilities availability - the computers, networks and files are all working and available for use back door - an element in a system that allows access by bypassing access controls backup theft - theft of the backup copy of data stored on a computer bribes - paying for unauthorized access to information call forwarding fakery - use of call forwarding to defeat systems using dial back for security CERT®/CC - CERT® Coordination Center, formerly known as the Computer Emergency Response Team Coordination Center CIA - Central Intelligence Agency CMU - Carnegie Mellon University combined attacks - combining multiple attack methods together computer security - preventing attackers from achieving objectives through unauthorized access or unauthorized use of computers and networks computer virus - see "virus" below confidentiality - (secrecy) the principle that keeps information from being disclosed to anyone not authorized to access it corporate raiders - employees of one company who break into computers of competitors for financial gain CA - corrective action - a field in the CERT®/CC data for this incident which was used to record keywords as to the corrective actions taken in the incident corruption of information - any unauthorized alteration of files stored on a host computer or data in transit across a network covert channel - a communications channel that allows two cooperating processes to transfer information in a manner that violates the system's security policy crack - a common password cracking program cyberspace - a popular term for the "world" of computers and networks including the Internet DARPA - see "ARPA" data aggregation - combining seemingly innocuous data to get confidential information database - a large collection of data organized for rapid search and retrieval data diddling - altering of data in an unauthorized manner before, during, or after input into a computer system data in transit - packets of data that are being transmitted across a network data tap - a device external to a network that can "listen" to the traffic on that network degradation of service - see "denial-of-service" denial-of-service - the intentional degradation or blocking of computer or network resources DIA - Defense Intelligence Agency DISA - Defense Information Systems Agency disclosure of information -the dissemination of information to anyone who is not authorized to access that information distributed tool - tools that are distributed to multiple hosts, which are then coordinated to perform an attack on a target host simultaneously after some delay DNS - Domain Name System - Internet system which relates domain names and IP addresses domain - a name associated with an organization, or part of an organization, to help identify systems uniquely; also a sub-tree under a location in a domain name tree (DNS) domain name - a group of labels (words or letters), separated by dots (periods) that identify a host computer on the Internet DSB - Defense Science Board dumpster diving - searching for access codes or other sensitive information in the trash eavesdropping on emanations - listening to electromagnetic signals surrounding computer and network equipment (see "Van Eck radiation") e-mail - electronic mail e-mail overflow - use of e-mail to flood computers with information to deny service e-mail spoofing - sending e-mail with false information, such as the "from" block excess privileges - obtaining capability on a system beyond that authorized false update disks - sending a user or systems administrator a fake software update disk fictitious people - taking on false identities file - a collection of records or data designated by name and considered as a unit by the user FIRST - The Forum of Incident Response and Security Teams FTP - file transfer protocol - a program to transfer files between computers on a network GAO - Government Accounting Office get a job - defeating security by obtaining a job allowing access to privileged information or systems hacker - an individual who breaks into computers primarily for the challenge and status of obtaining access hang-up hooking - taking advantage of a modem that does not automatically hang up harassment - using computer methods to slander or bother someone host - a computer that communicates across the Internet human engineering - see "social engineering" illegal value insertion - using values out of limits to take advantage of software vulnerabilities incident - a group of attacks that can be distinguished from other incidents because of the distinctiveness of the attackers, and the degree of similarity of sites, techniques, and timing induced stress failures - stressing a system to the point is begins to make errors infrastructure interference - sending false signals to a satellite or microwave system infrastructure observation - listening to traffic on a microwave link input overflow - taking advantage of software errors that do not properly check input bounds integrity - protection against forgery or tampering Internet - the world's largest collection of networks that reaches universities, government agencies, commercial enterprises, and military installations; It generally uses the TCP/IP protocol suite internetwork - a network of networks which has established methods of communication invalid values on calls - unanticipated requests for service resulting in violations of protection IP address - Internet Protocol address - a 32 bit number which serves as an address for a host on the Internet IP spoofing - a method of attack in which an attacker forges the addresses on data packets sent over the Internet so they appear to be coming from inside a network within which computers trust each other IPTO - Information Processing Techniques Office of the ARPA which funded the initial development of the Internet LAN - local area network - a network connecting computers within a localized area such as a single building, department or site leakage - when information ends up where it should not be listserver - an e-mail "exploder" that sends a copy of incoming e-mail to each user on a list logic bombs - a program, or portion of a program that triggers when a certain logical event occurs login spoofing - simulation of a login program in order obtain passwords mail spam - unauthorized or repetitive mailings that cause denial-of-service masquerading - when one person uses the identity of another to gain access to a computer MO - method of operation - a field in the CERT®/CC data for this incident which was used to record keywords as to the severity of an incident, and tools, and vulnerabilities used for attack NCS - National Communications System network services attacks - attacks against insecure network services NSA - National Security Agency on-line - connected to the computer network, commonly the Internet open microphone listening - listening to a microphone that is open on the network packet insertion - inserting a forged packet that appears from a different source; see "IP spoofing" password sniffing - the use of a sniffer to "listen" for a password being sent across a network unencrypted packet watching - see "sniffer" password guessing - trying different guesses of passwords to defeat access controls PBX bugging - exploiting flaws in a telephone system in order to listen to conversations when the phone is hung up process - a program operating on a computer; an execution of a command on a Unix system process bypassing - bypassing the normal controls on a business process, such as inventory control professional criminals - individuals who break into computers for personal financial gain protection limit poking - checking system protections for flaws root - the name of the superuser on a Unix system; also, the ancestor of all files on a Unix system rootkit - an Internet toolkit containing a sniffer and Trojan horse programs to hide activity and provide backdoors for later use salami technique - the process of secretly and repetitively slicing away tiny amounts of money in a way that is unlikely to be noticed scanning - running a program that tries a set of sequentially changing numbers script - a series of commands entered into a file which can be executed by an operating system shell, such as a Unix shell SEI - Software Engineering Institute at CMU (where the CERT®/CC is located) semaphore - a switch in an operating system program sendmail - the Unix program implementing the Internet standard for e-mail, the Simple Mail Transfer Protocol (SMTP) session hijacking - taking over an authorized user's terminal session shell - a command interpreter in a system such as Unix shoulder surfing - watching someone enter a password or identification number site - the organizational level used to track incidents for this research, and where the CERT®/CC could expect to be working with the site administrator or other authority with responsibility for the computers and networks at that site site name - the domain name for the organization involved in an incident (a site) sniffer - a program to monitor all data sent over a network and silently record some data social engineering - the process of gaining privileged information by skillful lying, usually over a telephone software piracy - unauthorized copying of copyrighted software spies - individuals who break into computers primarily for information which can be used for political gain superuser - a privileged user who has access to anything any other user has access to, plus all system files and processes sympathetic vibration - the use of packet feedback mechanisms in network protocols to cause a network overload taxonomy - agreed upon terminologies and principles of classification in a field of inquiry TCP/IP - Transmission Control Protocol/Internet Protocol - the suite of protocols establishing the principle method of communication on the Internet telnet - a program to connect to and remotely operate a computer over a network terrorist - an individual who breaks into computers primarily to cause fear which will aid in achieving political gain TFTP - trivial file transfer protocol - a program for transferring files between computers on a network theft of service - the unauthorized use of computer or network services without degrading the service to other users time bomb - a logic bomb who's condition is based on time timing attacks - attacks that take advantage of the timing of computer processes and operations toll fraud networks - networks of people shoulder surfing for information that is quickly distributed toolkit - a software package contains scripts, programs, or autonomous agents that exploit vulnerabilities traffic analysis - collection and analysis of information, particularly through the analysis of message characteristics trap door - see "back doors" Trojan horse - a program that performs like a real program a user may wish to run, but also performs unauthorized actions tunneling - use of one data transfer method to carry data for another method Unix - an operating system developed by Ken Thompson and Dennis Ritchie in 1969; it is the predominant operating system for high-performance microprocessors use or condition bombs - see "logic bomb" vandals - individuals who break into computers primarily to cause damage Van Eck radiation - electronic emanations surrounding a computer, particularly the monitor video viewing - monitoring video signals on a network virus - a segment of computer code that will copy its code into one or more larger "host" programs when it is activated; it also may perform other unauthorized actions at that time vulnerability - a flaw in a computer or network allowing unauthorized use or unauthorized access Web site - a set of files on a host computer that can be linked to over the Internet using special client software known as a Web browser wiretapping - physically picking up data flowing across a network from outside the network worm - an independent program that can travel from host to host across a network
ZONE - Zealot of Name Edification - a program for recording
domain names and IP addresses on the Internet  ;
|
