This article lists some Computer Security Terms and Computer Security Terminology. For anyone reading any of the computer security terms below for the first time, I highly recommend that you Google these keywords and learn more about them.
Adware: The difference between Adware and Spyware is very subtle. Both Adware and Spyware is installed without the user’s permission on a machine. An Adware’s main purpose is to display targetted ads based on the user behaviour it is tracking.
It is not uncommon for people to confuse “adware” with “spyware” and “malware”, especially since these concepts overlap. For example, if one user installs “adware” on a computer, and consents to a tracking feature, the “adware” becomes “spyware” when another user visits that computer, and interacts with and is tracked by the “adware” without their consent.
BackDoor: A backdoor is a program designed to give access to the attacked host at a later point of time. These backdoors use well known ports such as 80 or 445. However the most common port used by Backdoor programs is 6667 or the port used by Internet Relay Chat(IRC) which is a camping ground these days for Botnet farmers. These backdoors are used by attackers when lauching DDoS attacks
Black Box Penetration Testing: In this model, there is no interaction between the company and the tester. This means no interviews, no network layouts…nothing. This is the better form of testing as this does not warn the employees who might behave more vigilantly than they might otherwise have been. This form of testing allows a company to see how it might respond to an attack as well as get a better assessment of its security policies as the employees are not forewarned.
Buffer Overflow: A buffer overflow occurs when a program writes more data in memory than it was initally alloted(bufffer space). In the example shown below, a buffer overflow is caused if a user enters a string of more than 20 characters. 19 or less does not cause an overflow
/* overflow.c – demonstrates a buffer overflow from Wikipedia*/
int main(int argc, char *argv)
if (argc < 2)
fprintf(stderr, “USAGE: %s string\n”, argv);
Computer Virus: A Virus is a computer program which attaches itself to an executable file or an application. A computer virus is not standalone and needs a host file or program to work or replicate.
Cracker: A person who break into computer systems with the intent of doing harm or destroying data.
Denial-of-service attack: A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet.
Distributed Denial-of-service attack(DDoS): A distributed denial of service attack (DDoS) occurs when multiple compromised systems flood the bandwidth or resources of a targeted system, usually a web server(s). Script kiddies use them to deny the availability of well known websites to legitimate users. More sophisticated attackers use DDoS tools for the purposes of extortion — even against their business rivals
Hacker: Originally used to describe a computer enthusiast who pushed a system to its highest performance through clever programming, the term hacker through media portrayal has evolved and often confused with “cracker” as someone who tries to access a computer or a network without prior approval of the systems owner
Hacking: The U.S. Dept. of Justice defines Hacking as “All illegal access to a computer or a network”.
Malware: Malware is any malicious software designed to disrupt the working of a network. Virus, worms and Trojans fall under the category of Malware.
Personally Identifiable Information (PII): Information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc
Ping-of-Death attack: A ping of death (abbreviated “POD”) is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A ping is normally 64 bytes in size; many computer systems cannot handle a ping larger than the maximum IP packet size, which is 65,535 bytes. Sending a ping of this size often crashes the target computer.
Traditionally, this bug has been relatively easy to exploit. Generally, sending a 65,536 byte ping packet is illegal according to networking protocol, but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash. For more information on this attack read RFC 791
Penetration Test: In a Penetration test, you the tester are trying to break into a network and gain access to their systems, trying to understand and find its weakest link.
Ports: A port is a logical component of the TCP connection. Learning more about ports will help you better defend your network by closing off ports and services which are not required. You can read more about ports particularly the well known ports at Internet Assigned Numbers Authority(IANA). Remember, if a port is open, even something like port 80 which you use to access the internet, if you can get out, then a Hacker can get in.
RootKit: A root kit is a collection of programs that intruders often install after they have compromised the root account of a system. RootKits are the deadliest of the Trojan horses as they are almost impossible to detect because of their ability to hide and integrate within the OS. Read this article on How to detect and clean a rootkit on your machine.
Spyware: Spyware is a program or software that resides on an infected computer and collects various information about the users without their informed consent. This personal information is secretly recorded with a variety of techniques, including logging keystrokes, recording Internet web browsing history, and scanning documents on the computer’s hard disk. Purposes range from overtly criminal (theft of passwords and financial details) to the merely annoying (recording Internet search history for targeted advertising, while consuming computer resources)
Security Test: In a security test, you perform a penetration test of a network and then offer solutions to the company and help them tweak their security policies and procedures besides helping them patch up any vulnerabilities and help them secure their network.
The difference from a Penetration tester is that as a Penetration tester, you just turn in your findings and then it is up to the company management to eliminate the security risks that you have discovered.
TCP three-way handshake: TCP is a connection oriented protocol where the sender doesn’t send any data until the destination acknowledges back to the sender. This whole process is called a three-way handshake where the Sender first sends the receiver a SYN packet. The receiver then acknowledges that it is listening to the sender by sending back a SYN-ACK packet. Finally, the sender sends an ACK packet, thus initiating data transfer.
Trojan: A Trojan is basically a program that disguises itself as a valid or useful computer application or program. These Trojan horses then install a backdoor or a rootkit designed to give entry to the hacker at a later point of time.
White box Penetration Testing: In this model of Penetration Testing, the pen tester has an idea what the network layout/topology looks like along with any applications, switches, routers and OS’s running the company’s servers. You are also given the opportunity to talk to the company’s security analysts and other regular employees.
Worm: A Worm is a computer program that can replicate and propagate itself without the need for a host
Tips and Suggestions
1. We talked about ports being the logical and not the physical component of a TCP connection earlier. If you wish to view the number of open ports on your machine, type in the windows command netstat at the command prompt
2. Some of you might have noticed that if you ping some sites, a prominent example being Microsoft by typing in ping www.microsoft.com , you will see a message saying “destination net unreachable”. What is happening here is that Microsoft has their edge routers configured to block ICMP type code 8 where code 8 stands for Echo. This allows Microsoft to prevent its IP address from being pinged. Similarly, if you wish to block someone from using Traceroute to your IP address, the ICMP type code is 30. To learn more about the ICMP error codes, see RFC 792
3. As someone in the field of Security, you need to be aware of the latest computer viruses and keep track of the latest vulnerabilities which you can use later on while performing your penetration tests of your target network besides patching up the vulnerable systems. The need to find associated vulnerabilites in applications or OS’s which can compromise your client’s network is huge.
Some of the best and most popular sources for finding such information on the web are:
a. Mitre Corporation’s Common Vulnerabilities and Exposures site
d. New Order Computer Security and Networking Portal