ACL - Philadelphia University



ACL

|Short for Access Control List, ACL is a listing that tells a computer operating system or other network device what rights |

|a users has to each item on a computer or network device. |

Authentication

|Authentication and authorize are terms used to describe the process of identifying a person and making sure they are really|

|who they say they are. For example, a password is a very basic method of authorizing someone.  |

Antivirus program

|Also known as Antivirus Software, AVS, or just AV; an antivirus program is a type of software is designed to protect your |

|computer and/or network against computer viruses. If and when a virus is detected, the computer will generally prompt you |

|that a virus has been found, and ask what action should be done such as deleting the virus.  |

Asymmetric Encryption

|A type of encryption where the key to encrypt and decrypt the information is different. This type of encryption gives the |

|encryption even more security by preventing someone from creating a decryption key from the encryption key used to encrypt |

|the data. |

Attack

|An organized attempt on a person or company designed to cause issues or damage. For example, a DOS attack is designed to |

|cause a decrease of performance or completely take down a web site. |

Backdoor

|Also known as a manhole or trapdoor, a backdoor is a term used to describe a back way, hidden method, or other type of |

|method of bypassing normal security in order to obtain access to a secure area. |

Boot sector virus

|Type of computer virus that infects the first or first few sectors of a computer hard drive or diskette drive allowing the |

|virus to activate as the drive or diskette boots. |

Brute-force attack

|A type of password attack that does not attempt to decrypt any information but simply continue to try different passwords. |

|For example, a brute-force attack may have a dictionary of all words and/or a listing of commonly used passwords. To gain |

|access to the account using a brute-force attack, the program would try all the available words it has to gain access to |

|the account. Another type of brute-force attack is a program that runs through all letters and/or letters and numbers until|

|it gets a match. |

|Although a brute-force attack may be able to gain access to an account eventually, these types of attacks can take several |

|hours, days, months, and even years to run. The amount of time it takes to complete these attacks is dependent on how |

|complicated the password is. |

|To help prevent brute-force attacks many systems will only allow a user to make a mistake in entering their username or |

|password three or four times. If the user exceeds these attempts the system will either lock them out of the system or |

|prevent any future attempts for a set amount of time. |

Cipher

|Algorithm of encoding or encrypting data. Text that is ciphered is text that cannot be read unless a special password or |

|key is put in to decode it. |

|Windows command line command. See cipher command page for additional details and examples. |

Confidentiality

|Term used to describe data that is kept from any other users that should not have access to it unless permission is granted|

|by the owner of the data. |

Cracker

|Individual who is able to decipher codes and passwords being able to break security systems for illegal reasons. |

Cryptography

|The process of manipulating data so that is unreadable and also being able to reverse this process. This is usually used |

|for security reasons for important files so that it can be seen only by people that are supposed to see it. |

Cryptology

|The study of cryptography. |

Data theft

|Term used to describe when information is illegally copied or taken from a business or other individual. Commonly, this |

|type of information is user information such as passwords, social security numbers, credit card information, other personal|

|information, and/or other confidential corporate information. Because this information is illegally obtained, when the |

|individual who stole this information is apprehended, it is likely he or she will be prosecuted to the fullest extent of |

|the law. |

DDoS

|Short for Distributed Denial of Service, DDoS is a type of DoS attack that uses several computers to attack one victim. |

|Often a DDoS attack is first done by hacking or infecting dozens, hundreds, or even thousands of other computers with |

|instructions on when to attack and how; when that time arises, all infected computers attack at once. A DDoS is often |

|needed to attack a big site that is capable of handling large ammounts of traffic. |

Decryption

|Process of taking encoded or encrypted text or other data and converting it back into text that you or the computer are |

|able to read and understand. This term could be used to describe a method of un-encrypting the data manually or with |

|un-encrypting the data using the proper codes or keys. |

Default password

|A password (usually "admin", "root", "password", "", "secret", or "access") assigned to a program or hardware device|

|by the developer or manufacturer. Although default passwords may help protect from some users they can be easily entered by|

|users that know what they are doing.  |

Deffie-Hellman

|The first Public Key Cryptography developed by Whitfield Deffie and Martin Hellman in 1976. |

DOS

|Short for Disk Operating System, DOS is an acronym often used to describe MS-DOS. |

|Short for Disk Operating System, DOS refers to any type of operating system that runs from a disk drive. Today all |

|operating systems could be considered disk operating systems. |

|Short for Denial of Service, a DoS attack is a form of attacking another computer or company by sending millions or more |

|requests every second causing the network to slow down, cause errors or shut down. Because it is difficult for a single |

|individual to generate a DoS attack, these forms of attacks are often created from another company or college and/or worms |

|are created to create zombie computers to create a DoS attack. |

DES

|Short for Data Encryption Standard, DES is also sometimes referred to as the Data Encryption Algorithm (DEA) and is a type |

|of encryption standard first approved as a US federal standard in November 1976. Although still sometimes used, DES has |

|been widely replaced by AES. |

Dictionary attack

|A type of password attack that does not attempt to decrypt any information but simply tries each of the words in a |

|dictionary in hopes that the user has used one of the words as his or her password. |

|To help prevent brute-force attacks many systems will only allow a user to make a mistake in entering their username or |

|password three or four times. If the user exceeds these attempts the system will either lock them out of the system or |

|prevent any future attempts for a set amount of time. |

Digital signature

|Method of data encryption used to verify the identity of an individual transmitting information over the Internet. |

|Digital Certificates |

|Digital certificates are electronic documents used to verify the unique identities of principals and entities over networks|

|such as the Internet. A digital certificate securely binds the identity of a user or entity, as verified by a trusted third|

|party known as a certificate authority, to a particular public key. The combination of the public key and the private key |

|provides a unique identity to the owner of the digital certificate. |

DNS hijacking

|Unauthorized and illegal modification of a DNS server that directs users attempting to access a web page to a different web|

|page that looks the same, a competitor page, or a page insulting the company or organization owning the real page. |

E-mail bomb

|Term used to describe a type of attack where a user or group of users send a massive amount of e-mails to interrupt the |

|user or business from receiving e-mail, responding to e-mails in a timely fashion, or causing other e-mail related issues. |

Spoof

|In general the term spoof refers to a type of hacking or deception technique that imitates another person, software |

|program, hardware device, or computer, with the intentions of bypassing security measures. One of the most commonly known |

|types of spoofing is IP spoofing. |

Eavesdropping

|Also known as earwigging, eavesdropping is a term used to describe the process of listening, monitoring, and/or examining |

|someone without their permission and/or knowledge. For example, a user could eavesdrop on someone's e-mail or chat |

|conversation. |

Encrypt

|The process of making data unreadable by other humans and/or computers for the purpose of preventing others from gaining |

|access to its contents. Encrypted data is generated using an encryption program such as PGP, encryption machine, or a |

|simple encryption key and appears as garbage until it is decrypted. In order to read or use the data, it must be decrypted |

|and only those who have the correct password and/or decryption key are able to make the data readable again. |

|A very basic encryption technique known as simple substitution or a substitution cipher shifts the letters of the alphabet |

|over a few characters. For example, as shown below the alphabet has been shifted over four characters. |

|Encrypt key: |

|a=e, b=f, c=g, d=h, e=i, f=j, g=k, h=l, i=m, j=n, k=o, l=p, m=q, n=r, o=s, p=t, q=u, r=v, s=w, t=x, u=y, v=z, w=a, x=b, y=c|

|and z=d. |

|Decrypt key: |

|a=w, b=x, c=y, d=z, e=a, f=b, g=c, h=d, i=e, j=f, k=g, l=h, m=i, n=j, o=k, p=l, q=m, r=n, s=o, t=p, u=q, v=r, w=s, x=t, y=u|

|and z=v |

|Using this technique a user could encrypt the message: "computer hope free help for everyone" to: "gsqtyxiv lsti jvii lipt |

|jsv izivcsri". Below is an example of how this could be done using Perl. |

|$alpha = "abcdefghijklmnopqrstuvwxyz"; |

|$message = "computer hope free help for everyone"; |

| |

|@alpha = split(//, $alpha); |

| |

|$i=1; |

|foreach $alpha (@alpha) { |

|if ($i >= 23) { |

|$i = -3; |

|} |

|$key{$alpha} = $alpha[$i+3]; |

|$i++; |

|} |

| |

|@message = split(//,$message); |

| |

|foreach $message (@message) { |

|if ($message =~/[a-z]/i) { |

|$new .= "$key{$message}"; |

|} |

|else { |

|$new .= "$message"; |

|} |

|} |

| |

|print "Old: $message\nEncrypted: $new\n"; |

| |

Ethical hacking

|A term used to describe a type of hacking that is done to help a company or individual identify potential threats on the |

|computer and/or network. In order for hacking to be deemed ethical the hacker must obey the below rules. |

|You have permission to probe the network and attempt to identify potential security risks. It's recommended that if you are|

|the person performing the tests that you get written consent. |

|You respect the individual's and/or company's privacy and only go looking for security issues. |

|You report all security vulnerabilities you detect to the company, not leaving anything open for you or someone else to |

|come in at a later time. |

|You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software |

|or hardware if not already known by the company. |

|Users who are interested in becoming a Certified Ethical Hacker (CEH) can visit .  |

File protection

|Methods used in protecting valuable data on computers. Generally, file protection is accomplished by password protecting a |

|file or only providing rights to a specific user or group. |

Firewall

|A software utility and/or hardware device that limits outside network access to a computer or local network by blocking or |

|restricting ports. Firewalls are a great step for helping prevent un-authorized access to a company or home network. The |

|image to the right is a 3Com SuperStack 3 Firewall, an example of what a hardware firewall may look like. |

|[pic] |

| |

|A listing of computer firewall programs as well as additional information about preventing unauthorized access to your |

|computer can be found on document CH000464. |

|See document CH000907 for additional information about disabling firewalls. |

|Additional information about computer security can be found on our security question and answer page. |

Root

|Also known as an admin, administrator, and gatekeeper, root is a super user on a computer network. Generally, a root is |

|used to refer to the system administrator on a Unix / Linux network and is an individual who has complete access to a |

|network. |

|The highest level in a directory hierarchy. For example, in MS-DOS, the root of the primary hard disk drive would C:\. |

|See our su or super user command page for additional information on this command and/or visit our Unix / Linux help page |

|for a full listing of commands and help. |

|Additional information and help with MS-DOS can be found on our MS-DOS help page.  |

|Users in the Microsoft recovery console can set the current directory to the system root directory by using the systemroot |

|command. |

Hacker

|1. A term that first started being used in the 1960s and was used to describe a programmer or someone who hacked out |

|computer code, later the term evolved to an individual who had an advanced understanding of computers, networking, |

|programming, and/or hardware but did not have any malicious intents. |

|Today, a hacker is often associated with an individual who illegally breaks into other computer systems to damage and/or |

|steal information. Some users today who consider themselves leet may refer to themselves as haxors or h4x0rs. However, |

|often these types of users are nothing more than script kiddies. |

|Although the media and most people think of hackers as malicious or evil, the majority of hackers are people who are |

|curious about how computer, networks, and/or programs work and are often simply exploring and learning. |

|2. In computer online gaming a hacker is a term often associated with a gamer who is cheating. |

|Additional information about how to hack someone or something can be found on document CH000806. |

|For information about where Computer Hope stands on hackers, please see our underground section. |

Identity theft

|A description of a type of data theft where the person obtaining the information illegally is primarily searching for |

|personal information and/or records. Often the user is looking for such information as full name, maiden name, address, |

|date of birth, social security number, passwords, phone numbers, email, family information, credit card numbers, other |

|credit information, etc. The user then uses this information to gain access to bank accounts or other protected areas, uses|

|your personal information as their own identification, and/or sells your information. |

|Tips on preventing identity theft: |

|When entering any personal information on the Internet make sure you're entering it on a secure page. Additional |

|information about making sure an Internet page is secure can be found on document CH000507. |

|When purchasing something over the Internet unless you plan on buying something from that same company again in the near |

|future do not store your credit card and/or personal information with that site. |

|Make sure to have an active and up-to-date spyware protection program and antivirus protection program. |

|Be aware of fake e-mails / phishing e-mails that claim to be a company such as your bank requesting any personal |

|information or login information. |

|Make sure your computer is secure. Additional information and tips on securing your computer can be found on document |

|CH000464. |

|If you're a victim of a stolen computer make sure to read document CH001011 for additional information and help with |

|dealing with this issue. |

|Additional information and help with identity theft can also be found at: |

IDS

|Short for Intrusion Detection System, IDS is a security measure that helps notify an administrator or company when a device|

|is being opened. For example, some corporate computers are equipped with an IDS system; if the case is removed from the |

|computer an alarm will sound.   |

Spoof

|In general the term spoof refers to a type of hacking or deception technique that imitates another person, software |

|program, hardware device, or computer, with the intentions of bypassing security measures. One of the most commonly known |

|types of spoofing is IP spoofing. |

|IP spoofing |

|A method of bypassing security measures on a network or a method of gaining access to a network by imitating a different IP|

|address. Some security systems have a method of helping to identifying a user by his or her IP address or IP address range.|

|If the attacker spoofs their IP address to match this criteria it may help bypass security measures.  This technique is |

|also used to deceive a web page, poll, or other Internet contest into thinking the user is someone else allowing him or her|

|to get more hits or falsely increase a votes rank. |

|E-mail or address spoofing |

|Process of faking a senders e-mail address. This type of spoofing is used to fool the recipient of the e-mail into thinking|

|someone else actually sent them the message. This is commonly used to bypass spam filters or to trick the user into |

|thinking the e-mail is safe when in reality it contains an attachment that is infected with a virus. |

|Web page spoof |

|A fake web page or spoof on another commonly visited page. For example a malicious user may create a spoof page of |

|Microsoft's, eBay, PayPal or Google's home page that looks identical but is hosted on a different server. These type of |

|pages are commonly used in phishing e-mails to extract information from the user such as usernames and passwords or to send|

|malicious files to them. |

Kerberos

|Developed by MIT, Kerberos is network authentication protocol designed to encrypt and secure data on an insecure network. |

|See the official MIT Kerberos page at:   |

Logic bomb

|An error in the logic of a software program routine that results in the destruction of the data. Unlike a virus, logic |

|bombs do their damage right away, then stop. Also, logic bombs are unintentional and can be the result of a simple corrupt |

|file. |

Login

|To login or logon is the process users must complete to gain control to a computer, network, bulletin board or other |

|service that requires authorization. Most logins require that the user enter his or her username and password. |

|If you're looking for the location to log into the Computer Hope forums it can be found here. |

Macro virus

|A MAC or Macro virus is a type of computer virus that spreads to other computers through software programs that utilize |

|macros. For example, Microsoft Word and Microsoft Excel are two popular and widely used programs that are capable of |

|executing macros. Macro viruses written for these programs can quickly spread by infecting other related documents each |

|time the document is open. Because these types of files are commonly used and sent through e-mail, a computer network can |

|be quickly infected by these viruses. |

Man-in-the-middle attack

|A type of attack where a user gets between the sender and receiver of information and sniffs any information being sent. In|

|some cases, users may be sending unencrypted data, which means the man-in-the-middle can easily obtain any unencrypted |

|information. In other cases, a user may be able to obtain the information from the attack but have to unencrypt the |

|information before it can be read. |

Overwrite

|A term used to describe when new information or data replaces old information or data. |

|One of two typing settings on a keyboard, overwrite mode allows new input to replace existing characters. The Insert |

|keyboard key is commonly used to toggle this mode, enabling or disabling it. |

|When referring to a virus, an overwrite virus is a type of computer virus that overwrites a file with its own code, helping|

|spread the virus to other files and computers. |

Password

|Sometimes abbreviated as PWD (not to be confused with the pwd command), a password is a set of secret characters or words |

|utilized to gain access to a computer, network resource, or data. Passwords help ensure that computers and/or data can only|

|be accessed by those who have been granted the right to view or access them. |

|Strong password - Term used to describe a password that is an effective password that would be difficult to break. Often a |

|strong password has between six and ten characters, numbers and other characters, and upper and lowercase. |

|Weak password - A password that is not an effective password because it's easy to remember. Examples of a weak password are|

|names, birth dates, phone numbers, etc. |

|See Computer Hope document CH000300 for additional information about computer passwords as well as tips for how you should |

|set your computer password to help prevent it from being guessed. |

|See document CH000767 for additional information about changing your username and/or password. |

|See our security questions and answer section for a listing of other password and security related questions.  |

Patch

|Piece of software code that can be applied after the software program has been installed to correct an issue with that |

|program. Most software programs may have several patches released after the initial release and commonly update the version|

|of the program when successfully installed. |

|Software patches can be found through the software developer's web site. If you're looking for a patch for your software |

|program, we suggest you visit our third-party contact page for a comprehensive listing of all computer related companies |

|and their Internet addresses to obtain your patch. |

Payload

|Term used to describe the instructions a virus or worm executes in addition to copying itself when infected on the |

|computer. For example, a payload of a computer virus may be to delete some or all of the files on the computer. |

Permission

|Also known as rights, permissions are characteristics given by users or network administrators on a network that prevent or|

|allow access to files on a computer network. Below are examples of rights that may be available to be assigned or revoked. |

|All - All rights granted. |

|Execute - The right to execute a file or a file within that directory. |

|Read - The right to read a file. |

|Write - The right to write to a file. |

|Often these above rights can be assigned or removed to a single user or a group of users. |

|If you wish to see the attributes in MS-DOS use the attrib command. |

|If you wish to see the ACLs or permissions in MS-DOS use the cacls command. |

|If you wish to see the permissions in Linux / Unix use the chmod command. |

PGP

|Short for Pretty Good Privacy, PGP was freeware released in 1991 by Philip Zimmermann, PGP is a public-key authentication |

|and encryption method based on the IDEA single-key and RSA public-key encryption algorithms. PGP is now a product of PGP |

|Corporation and still widely used encryption tool. |

|Non-commercial United States citizens can also freely obtain PGP from various web sites. MIT has a great page containing |

|PGP for various platforms, see the MIT distribution site for PGP for downloads. |

Phishing

|Pronounced like fishing, phishing is a term used to describe a malicious individual or group of individuals scamming users |

|by sending e-mails or creating web pages that are designed to collect an individual's bank or credit information. Below is |

|an example of what a phishing e-mail may look like. |

|  |

|eBay request: Your Account Has Been Suspended! |

|Dear eBay customer, |

|Your Account has been Suspended. We will ask for your password only once.We will charge your account once per year. However|

|you will receive a confirmation request in about 24 hours after the make complete unsuspend process.You have 24 hours from |

|the time you'll receive the e-mail to complete this eBay Request. |

|Note: Ignoring this message will cause eBay TKO delete your account forever. |

|To make unsuspend process please use this link: |

| |

|eBay will request personal data(password;and so on) in this email. |

|Thank you for using eBay! |

| |

|-------------------------------------------------------------------------------- |

|This eBay notice was sent to you based on your eBay account preferences.If you would like to review your your notification |

|preferences for other types of communications, click here.If you would like to receive this email in text only,click here. |

| |

|To a user who frequently uses eBay or any online service, these e-mails may appear as if they have come from the company |

|described in the e-mail. However, phishing e-mails are designed to deceive the user and trick them into visiting the links |

|in the e-mail that are designed to steal personal information such as usernames, passwords, credit card information, etc. |

|Below are some helpful tips on identifying these types of e-mails and how to handle them. |

|How to identify a phishing e-mail. |

|Company - These types of e-mails are sent out to thousands of different e-mail addresses and often the person sending these|

|e-mails has no idea who you are. If you have no affiliation with the company the e-mail address is supposedly coming from, |

|it's fake. For example, if the e-mail is coming from Wells Fargo bank but you bank at a different bank. |

|Spelling and grammar - Improper spelling and grammar is almost always a dead give away. Look for obvious errors. |

|No mention of account information - If the company really was sending you information regarding errors to your account, |

|they would mention your account or username in the e-mail. In the above example the e-mail just says "eBay customer", if |

|this really was eBay they would mention your username. |

|Deadlines - E-mail requests an immediate response or a specific deadline. For example, in the above example, the |

|requirement to log in and change your account information within 24 hours. |

|Links - Although many phishing e-mails are getting better at hiding the true URL you are visiting, often these e-mails will|

|list a URL that is not related to the company's URL. For example, in our above eBay example: is|

|not an eBay URL, just a URL with a ebay section. If you're unfamiliar with how a URL is structured , see our URL dictionary|

|definition for additional information. |

|What to do if you're not sure if an e-mail is official. |

|Never follow any links in an e-mail you're uncertain about. Instead of following the link in the e-mail, visit the page by |

|manually typing the address of the company. For example, in the above example, instead of visiting the fake ebay URL, you |

|would type: in your web browser and log in through the official web site. |

|Never send any personal information through e-mail. If a company is requesting you send them personal information about |

|your account or are saying your account is invalid, visit the web page and log into the account as you normally would. |

|Finally, if you are still not sure about the status of your account or are concerned about your personal information, |

|contact the company directly, either through an e-mail address provided on their web site or over the phone. |

|Issues phishing e-mails commonly address |

|Below are some of the issues a phishing e-mail may inquire about in order to trick users. |

|Account issues, such as account or password expiring, account being hacked, account out-of-date, or account information |

|needing to be changed. |

|Credit card or other personal information, such as credit card expiring or being stolen, incorrect social security number |

|or other personal information, or duplicate credit card or other personal information |

|Confirming orders, such as request that you log in to confirm recent orders or transactions. |

|Common companies affected by phishing |

|Below is a listing of some of the companies phishers often send e-mails about. |

|Any major bank |

|Popular web sites such as: Amazon, MySpace, PayPal, eBay, Microsoft, Apple, Hotmail, YouTube, etc. |

|Government: FBI, CIA, IRS, etc. |

|Internet service providers such as: AOL, MSN, etc. |

|Casinos and lottery. |

|Online dating or community web sites. |

|See document CH000464 for additional information about protecting your computer from unauthorized access. |

Port scanner

|A software program designed to go through a large listing of interesting ports or all available network ports and probe |

|each port to see if it is available or open and accepting packets. Using a port scanner a user can check for any potential |

|security vulnerabilities and prevent users from accessing a computer or other network device through any open ports. |

|An example of a port scanner is the *nix nmap command. |

Privilege level

|The granted access level that a user has been given on a computer network. The higher the privilege level, the more the |

|user is capable of doing on the computer and/or network. |

Privileges

|The rights, access or other abilities a user or computer has been given to another computer, network, program, and/or |

|hardware device. For example, a person who works for a companies customer service department may have the privileges to |

|view a customers information where other employees who do not need this ability lack the privileges. |

Public Key Cryptography

|A type of cryptography that has a public and private key. The public key can be viewed or used by anyone but the private |

|key is kept secret by the creator and is the only method of decrypting the data encrypted by the public key.   |

Security

|A system or set of steps that helps keep data from prying eyes by utilizing passwords, encryption and hiding data. While |

|security does not guarantee that data cannot be compromised, extra security steps can help in preventing data from being |

|compromised. |

Sniffing

|A packet sniffer is a utility that has been used since the original release of Ethernet. Packet sniffing allows individuals|

|to capture data as it is transmitted over a network. Packet sniffer programs are commonly used by network professionals to |

|help diagnose network issues and are also used by malicious users to capture unencrypted data like passwords and usernames |

|in network traffic. Once this information is captured, the user can then gain access to the system and/or network. |

|If you wish to keep information confidential or are concerned about packet sniffing, it is advised that you work on |

|encrypted protocols and encrypt all sensitive data, such as e-mails, being sent over the Internet and/or network. A great |

|encryption program is PGP, users who are using Telnet should consider using SSH instead. |

Social engineering

|Term used to describe the act of tricking a person by the act of deception. For example, someone attempting to gain |

|unauthorized access to network may call a business and trick someone into thinking they work for the company and ask for |

|passwords or other company confidential information so they can gain access to the network. |

Spyware

|Term used to describe a software program that is intentionally installed on the computer by a user to monitor or spy on |

|what other users of the same computer are doing. |

|A term used to describe a software program that has been designed to track a user's activity without the user fully |

|understanding the intentions of the program or not knowing about its installation. Spyware programs are often used to help |

|with tracking users' habits and help with delivering proper advertisements to a user. Spyware is installed onto a user's |

|machine when installing free programs such as free music sharing programs, visiting web pages such as adult oriented web |

|pages, and through other downloads and plug-ins on the Internet. |

|Additional information about Spyware, Malware, and Adware programs being installed and/or your browser being hijacked can |

|be found on document CH000578. |

|Information about how your computer becomes infected with spyware, viruses and other malware can be found on document |

|CH001045. |

Spam

|1. Also known as UCE (Unsolicited Commercial Email), spam, not to be confused with the meat product, is slang commonly used|

|to describe junk e-mail on the Internet. Spam is e-mail sent to thousands and sometimes millions of people without prior |

|approval, promoting a particular product, service or a scam to get other people's money. The first spam e-mail was sent by |

|Gary Thuerk in 1978 an employee at Digital who was advertising the new DECSYSTEM-2020, 2020T, 2060, AND 2060T on ARPAnet. |

|Computer Hope does not participate or endorse spam. We believe the best method of not receiving spam is simply to delete it|

|and not to participate in the product or service they are endorsing. In some cases replying to that e-mail indicates that |

|your e-mail address is valid and your e-mail address may be sent to other spam lists, although this is prohibited in many |

|countries.  |

|Additional information about how to help prevent e-mail spam can be found on document CH000477. |

|See document CH000883 for additional information about nonsense spam messages. |

|Below is an monthly poll we conducted August 1 - 31, 2003 to help see how much spam messages our visitors receive weekly.  |

|None (106 votes) [pic]6.26% |

|1 to 50 (534 votes) [pic]31.54% |

|50 to 100 (385 votes) [pic]22.74% |

|Over 100 (635 votes) [pic]37.51% |

|Not sure (33 votes) [pic]1.95% |

|(Total Votes: 1693 ) |

|When talking in chat or a newsgroup, spam, also known as flooding, is the process of posting multiple lines of the same |

|text two or more times. In a newsgroup, if a message is posted two or more times, this is also considered spam or a flood |

|of messages. |

|SSL ( secure socket layer) Protocol |

|The SSL protocol offers security to two application connected through a network. Specifically, the SSL protocol provides |

|the following: |

|A mechanism that the applications can use to authenticate each other's identity. |

|Encryption of the data exchanged by the applications. |

|When the SSL protocol is used, the target always authenticates itself to the initiator. Optionally, if the target requests |

|it, the initiator can authenticate itself to the target. Encryption makes data transmitted over the network intelligible |

|only to the intended recipient. An SSL connection begins with a handshake during which the applications exchange digital |

|certificates, agree on the encryption algorithms to be used, and generate the encryption keys to be used for the remainder |

|of the session. |

|The SSL protocol provides the following security features: |

|Server authentication-WebLogic Server uses its digital certificate, issued by a trusted certificate authority, to |

|authenticate to clients. |

|Client authentication-Optionally, clients might be required to authenticate themselves to WebLogic Server by providing |

|their own digital certificates. This type of authentication is also referred to as mutual authentication. |

|Confidentiality-All client requests and server responses are encrypted to maintain the confidentiality of data exchanged |

|over the network. |

|Data Integrity-Data that flows between a client and WebLogic Server is protected from tampering by a third party. |

|If you are using a Web browser to communicate with WebLogic Server, you can use the Hypertext Transfer Protocol with SSL |

|(HTTPS) to secure network communications. |

SYN attack

|Also known as a SYN flood, a SYN attack is a type of Denial of Service (DOS) attack on a computer or network that floods a |

|network with spoofed SYN packets or packets that contain an address that never responds to the SYN/ACK requests. |

Trojan horse

|A program or utility that falsely appears to be a useful program or utility, such as a screen saver. However, once |

|installed, it performs a function in the background such as allowing other users to have access to your computer or sending|

|information from your computer to other computers. |

Virus

|A software program first written Rich Skrenta in 1982 who was a 15-year old high school student. Known as The Elk Cloner |

|this virus spread to other computers by monitoring the floppy drive and copying itself to any floppy diskette that was |

|inserted into the computer. Once a floppy diskette became infected it would infect all other computers that disk was |

|inserted into, each computer that was infected would then infect every floppy diskettes inserted into it. A computer that |

|was infected would also display a short poem on every 50th boot. |

|Fred Cohen in 1983 later coined the term virus in a 1984 research paper as "a computer program that can affect other |

|computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself." Today a computer |

|virus is a software program, script, or macro that has been designed to infect, destroy, modify, or cause other problems |

|with a computer or software programs. Users can protect themselves and remove any viruses on the computer by installing an |

|antivirus protection program, which is designed to detect, protect, and clean any computer viruses. |

|For more information on computer viruses, see our virus info page. |

|Information about creating a virus is found on document CH000653. |

|Information about how your computer becomes infected with spyware, viruses and other malware can be found on document |

|CH001045. |

WEP

|Short for Wireless Equivalent Privacy, WEP is a type of encryption defined in the 802.11 standard that helps protect a |

|wireless network using encryption. WPA is an improved encryption standard introduced with 802.11i and a likely replacement |

|for WEP.  |

Worm

|First developed by John Shoch and Jon Hupp at Xerox PARC in 1978, a worm is a destructive software program containing code |

|capable of gaining access to computers or networks, and once within the computer or network, causes that computer or |

|network harm by deleting, modifying, distributing, or otherwise manipulating the data. |

|Short for Write Once Read Many, WORM is a type of CD that can be written to and then read from thereafter. See CD-R  for |

|additional information. |

Zombie

|Term used to describe a process that is doing nothing but utilizing system resources. |

|A computer that has been maliciously setup to do work of another program or users. A zombie computer is often a computer or|

|server that has been compromised to help a malicious user perform a Denial Of Service attack (DoS) or DDoS attack. |

|When referring to chat or IRC, a zombie or ghost refers to a user who has lost connection but their user is still logged |

|into the chat server. |

Botnet

|Also known as a zombie network, a botnet short for bot network is a group of infected computers that are under the control |

|of one or more individuals. The infected computers are used to perform complex tasks that would be hard for one computer |

|and/or a task someone would not want to be caught doing such as distributing SPAM e-mail and/or a Distributed Denial of |

|Service (DDoS) attack on other computers or networks. |

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download