ITS Homepage Click here for text version of ITS homepage University at AlbanyUAlbany Site IndexUAlbany Search
Information Security Home
Threat Matrix
Security Threats
System Alerts
Security Defenses
Best Practices
Technical Controls
 
Security Tools
Network Standards


Information Security
 

Glossary

Below is a list of frequently used terms and their meanings.
Adware . . . . . . . . . . . . . . . . .
A form of Malware normally consisting of 'pop-up' and other advertisements.
^ Back to Top ^

Apple or Macintosh . . . . . . .
Referring to either the Apple OS (operating system) or the Apple Macintosh computer. Both of which are manufactured by the Apple corporation.
^ Back to Top ^

Backdoor . . . . . . . . . . . . . . .
Normally installed by a virus or worm, a backdoor is a alternate method of accessing a system. For example, a virus can install a backdoor to give a hacker access to your computer.
^ Back to Top ^

BHO or (B.H.O.) . . . . . . . . . .
Browser Helper Object (BHO) is a add-in / plug-in that modifies a web browser. These objects may be useful, like goggle's toolbar, or harmful, like a spyware or adware program that looks like a toolbar.
^ Back to Top ^

Bot or AIM Bot, IRC Bot . . . .
Bot can refer to a infected computer, or the infection. Bots (as the computer) are controlled by a Bot Master. Bot (as the virus), aka AIM Bot or IRC Bot is a form of malware that allows a remote user (the Bot Master) to execute programs or operations on an infected computer.
^ Back to Top ^

Bot Herd(s) / Bot Net(s) . . . .
A group of computers infected with a Bot. Bot Herds are controlled by a Bot Master. Typical Bot herds have anywhere from several hundred to several thousand remote controlled computers (Bots). Some of the largest Bot Herds are estimated at 50,000 compromised machines. In total, the number of machines unknowingly and unwillingly a member of a Bot Net is estimated to be well over a million computers.
^ Back to Top ^

Bot Master or Bot Controller:
A Bot Master is one who 'controls' a Bot Herd. Often they are also the creator of the Bot which created the heard of infected computers. Bot Masters can use their herds to spread other types of spyware, attack computer systems, or just to spread SPAM and Adware. Bot Masters are often motivated by greed and pride, they compete with other Bot Masters to control the most computers, and often sell their 'services' (SPAM, Adware, Network Attacks) on the black market.
^ Back to Top ^

Browser or Web Browser . . .
A program such as Internet Explorer, Safari, Opera, or Mozilla Firefox that allows a user to view web pages. Many web browsers also feature support for multi-media such as animation, music, and video.
^ Back to Top ^

Brute Force / Dictionary Attacks:
A system of password cracking such that many log-in attempts are made by a script or program. Often such attacks use a 'dictionary' or collection of likely words and phrases. It is because of these types of attacks that it is recommended to never use a word or phrase, that is not complex, as your password.
^ Back to Top ^

Bundling / Software Packaging:
Software bundling/packaging is the common practice of including several applications, or programs, in one installer. For example, some applications come bundled with toolbars, extra features, and other programs. Bundling is a common method of infecting a computer with Spyware, (eg. most file- sharing software has spyware bundled with it).
^ Back to Top ^

Client Side / End-User. . . . . .
Client Side generally describes a software or device that works on / from the user's computer. Such programs are installed on the computer, and do not need connection to the internet, or other computers to operate ( yet they may need updates from these sources). End-User, on the other hand, normally describes the computer user them self, but may refer to their computer, or their interaction with the computer.
^ Back to Top ^

Complex Password . . . . . . . .
Complex passwords are required for many of the university systems (eg. MyUAlbany, Webmail, UNIX). Please note that a 'good password' is both complex AND secure.

To meet the University's complexity requirements, a complex password should consist of:
  • At least eight characters.
  • At least one letter: (a-z).
  • At least one number: (0-9).
  • At least one special character: @ , $ , * , ?, etc.
  • Does NOT use the characters: !, &, {, ~ , ", `, ' , < .
^ Back to Top ^

Data Mining . . . . . . . . . . . . .
A method of comparing large amounts of data to find patters. Normally this is used for models and forecasting. However, a malicious hacker may use data mining to determine the best audience for a particular type of attack, based on collected information.
^ Back to Top ^

EULA . . . . . . . . . . . . . . . . . .
End User Licence Agreement. These Licence agreements are often found when installing a software package. The EULA specifies what the software vendor can and cannot do with your machine via the software. Occasionally, EULAs are used to legally install spyware on a computer (eg. AOL Instant Messenger) Please see the Reading your EULAs page for more information.
^ Back to Top ^

Fish / Fishing . . . . . . . . . . . . .
See Phishing.
^ Back to Top ^

Hacker / Computer Hacker:
Please see the Threats: Hackers page.
^ Back to Top ^

Hard Drive / Hard Disk (HD) or Hard Disk Drive (HDD):
Often called the 'C-Drive' or 'C:' in computers running Microsoft Windows, the Hard Disk is the nonvolatile magnetic storage device used to retain data for extended periods of time. Unlike a 'network' or 'server' drive, it is often NOT backed up. The operating system, as well as most files and documents are kept on the Hard Dive of the computer your are using, particularly with home computers. It is recommended that all important data be backed up via CD, DVD, USB Key, External HD, for home users, and to a networked or server drive for university employees. NEVER store CONFIDENTIAL DATA on external media without encryption or other data access controls.
^ Back to Top ^

Hijack or Hijacking . . . . . . . .
Often done by spyware or adware, hijacking (and in particular, browser hijacking) is used to divert your from an intended item, to a fake. For example, browser hijacking may be used to divert you to a fake online- banking website when you try to go to the real one. When hijacked, you may enter log-in information into the fake site, giving a hacker access to your online banking account. Normally, after you enter the information into a fake site, you receive a "Incorrect Password" screen, and are then forwarded to the real bank-website. Thinking you made a typo, you re-enter your information and log-into the real bank website never knowing the difference, or that your information was stolen.
^ Back to Top ^

Identity Theft. . . . . . . . . . . .
Please see the Damage Control: Identity Theft page.
^ Back to Top ^

Keylogger . . . . . . . . . . . . . . .
A malicious program that records keystrokes. Often, a keylogger also keeps track of visited web sites, and time-stamps when you visit, as well as what keys you type. More advanced keyloggers can limit their recordings to certain prompts / fields (like the user-name and password boxes) and for only 'secure' web sites (like you bank or EBay etc.) Since the keylogger records information as you type it, as opposed to intercepting it when you submit information on a web page, the information is unencrypted even from secure web sites. Keyloggers are one of the most dangerous forms of malware (due to identity theft), and therefore it is recommended that if you find one, immediately unplug your ethernet / modem cable, back up your important files, and reformat.
^ Back to Top ^

Malware . . . . . . . . . . . . . . . .
Malicious software (mal-ware) is a form of computer program designed with malicious intent. This intent may be to cause annoying pop-up ads with the hope you click on one and generate revenue, or forms of spyware and viruses that can be used to steal your identity or track your activities. Please see the Threats: Malware page for more information.
^ Back to Top ^

Matriculated Student(s) . . .
A matriculated student is one that has been formally recognized as a student by the university. Generally, a student is considered matriculated after they have received a formal letter of acceptance, paid their deposit, and have registered for classes.
^ Back to Top ^

MyUAlbany / IAS . . . . . . . . .
MyUAlbany (http://www.albany.edu/myualbany) is a web-service available to University at Albany students and alumni. This service allows online registration for classes, campus housing (dormitories as well as university apartments), and many other services such as campus food-plan information and parking tickets. The term IAS is normally associated with the faculty side of this service, called the Integrated Administrative System.
^ Back to Top ^

Operating System (OS or O.S.) :
A software intermediary that facilitates collaboration between hardware and software on a given computer. Operating Systems often are designed with a friendly user interface that makes the computer easier to use. Most operating systems also come with 'bundled' programs such as a web-browser, music and video player, and a text-editor or word-processor. Software that you purchase is written for a particular operating system as every OS differs in how it communicated with the physical hardware of the computer. Likewise, most forms of malware are designed for one OS, and will not work on another. Furthermore, the complexity and size of modern operating systems lend themselves to unseen loop holes in security that may lead to new viruses / spyware to be written to take advantage of the security shortcomings and install itself. Because of this, there are often patches or updates released to fix these vulnerabilities (such as Windows Updates which are released monthly).
^ Back to Top ^

Pass / Password Phrase . . .
A password created by condensing a phrase into one word. Often, unique spellings, and character substitution is also used. For example the phrase "My new complex password." can become: "mynuc0mp13Xpasswd" where as 'new' becomes 'nu', 'complex' becomes 'c0mp13X', and 'password' becomes 'passwd'. (However, note 'Password', 'pword', 'passwd', and 'pwd' should never be included in your password as there are easily guessed and common variations on the word 'password'. Also, your name, and other personal information should not be included, even is you use character substitutions in them.)
^ Back to Top ^

Password . . . . . . . . . . . . . . .
A word, phrase, or other collection of characters used as a security device to limit access to something to only those who know the password. Passwords used in computer systems are normally more abstract, including characters not originally belonging in that word (see complex password). These non-standard words are more secure against brute force attacks.
^ Back to Top ^

Password Cracking. . . . . . . . .
Please see the Threats: Password Cracking page.
^ Back to Top ^

Payload or Package . . . . . . .
Normally referring to the contents of a trojan-horse / virus. The payload is often the unexpected malicious program that executes upon activation from the program it is carried within. For example, a E-mail attachment may have a picture in it, yet also contain a payload of a e-mail virus that sends the e-mail to all your contacts, as well as installing a keylogger on your computer.
^ Back to Top ^

Phishing (pronounced: Fishing):
A type of social engineering where as the identity thief / hacker / malicious software writer, attempts to lure you into divulging important information. Often a phishing attack occurs without the user realizing it, using malware you browser may become hijacked and redirect you to a fake website. For example, you may try to do online banking, but when you input the address of your bank, your browser may re-direct you to a fake copy of the website. Once there, you enter your username and password, which are then stolen by the phisher. Most phishing attacks occur through e-mail, such as a fake email from a online bank stating there is a problem with your account, and to click the following link to fix it. However, that link (even if it looks legitimate) may lead you to a fake website just like above. Whenever you receive a e-mail stating there is a problem with your account, you should call the bank / website / institution, to verify the e-mails legitimacy. However, note that some social engineers take this into account, and place a fake phone number in the e-mail, so you should always use a number from a statement, or phonebook.
^ Back to Top ^

RAM or R.A.M. . . . . . . . . . . . .
Random Access Memory, sometimes called system memory, is used to store current program information. RAM has faster access speeds than Hard Disk Drives, however, unlike a Hard Disk, the memory is volatile, needing constant power to maintain data. When you shut-down your computer, often data in RAM is transferred to the Hard Drive (HD) so it can be used in the next session. However, sudden loss of power (like a power outage) will cause the data to dissipate before it is written to the HD, thus any programs with "unsaved" data (data not written to the HD) is lost.
^ Back to Top ^

Reformat / Hard Drive Reformatting:
Reformatting is the process where the Hard Disk is wiped clean (all information is re-written). This is normally done when a machine has become seriously compromised, or the Operating System has a serious flaw and needs to be re-installed. Note that many newer operating systems also have an option to re-install without reformatting, however, this would NOT eliminate a security threat, and should only be done if there is a problem with the OS not related to malware. Also note that since all information is rewritten, you will need to back up any data (photos, music, documents, saved games, templates) that you wish to use one you re-install the OS.
^ Back to Top ^

Reinstall, or OS Reinstall/Repair:
Reinstalling or Repairing your Operating System is the action where as the system files of the OS are deleted, and then replaced. Unlike a reformat, a repair will normally not interfere with your data, however, you will have to re-install any programs or applications. As a precaution, you may want to back up all important data as a reinstall may cause information loss, or other problems that may create the need for a reformat.
^ Back to Top ^

Secure Password . . . . . . . . .
A password that has not been shared with anyone, nor containing any personal information (eg. name, dog's name, child's day of birth, etc.). It is recommended that all passwords be secure (as in only you know that password, and it is not easy to guess). However, a random word from a dictionary may be secure, but it is not complex, and the University requires complex passwords to hinder brute force password cracking attempts.
^ Back to Top ^

Special Character . . . . . . . . .
A non-numeric character not in the a-z alphabet. Common examples include ~!@#$%^&* ()_+=-`';/.,?><:"|}{\ In the context of the required Special Character for Complex Passwords, it is recommended that you do not use: @, %, ^, &, {, ~, <, or punctuation marks (such as: !, ? , ., :, ;, ' ,", ,. )
^ Back to Top ^

Spyware . . . . . . . . . . . . . . .
A form of Malware that is often associated with Browser Hijacking, Keyloggers, and recording / sending web browsing habits to a 3rd party. Spyware is one of the most common forms of malware, and often slows the performance of your computer. Spyware infections occur from clicking on pop-up ads and Bad Links, in a Payload, by visiting certain malicious web sites, or can be Bundled with other applications.
^ Back to Top ^

Strong Password . . . . . . . . .
Can refer to both a password that is complex, or, more commonly, a password that is both complex AND secure ( that is it contains numbers, letters, and special characters that do not include personal information such as name or birth date. ) The later being the best type of password (complex and secure).
^ Back to Top ^

Trojan / Trojan Horse . . . . .
A malicious program that masquerades as a legitimate application or file. A common example can be a fake music or picture file in a e-mail attachment. Trojan infections normally open a Backdoor and/or 'drop' a payload. This 'dropped' payload is often a virus that infects your computer.
^ Back to Top ^

UAlbany . . . . . . . . . . . . . . . .
A common short-hand term for the University at Albany. Not to be confused with MyUAlbany.
^ Back to Top ^

University Owned Computer / University Computer:
A computer owned by the University at Albany for use by faculty, staff, students, or alumni of UAlbany. These computers are covered by the Symantec Corporate Edition Site- Wide licence. (As are on-campus students).
^ Back to Top ^

Virus or Computer Virus . . . .
Please see the Threats: Viruses page.
^ Back to Top ^

Windows or Microsoft(MS) Windows:
The most popular Operating System, Windows is run on over 90% of personal computers. Due in part to this popularity it has become the target of nearly all malware. While viruses exist for Apple OS, and LINUX operating systems, very little spyware and adware has been written to infect them. As with all operating systems, it is VERY IMPORTANT to keep it up-to-date, this can be done with: Windows Update. Also, it is highly recommended that you set up Automatic Updates.
^ Back to Top ^

Zombie or Computer Zombie:
Another term for a computer that has been hacked, or compromised in such a way that a unauthorized person has control over the computer. A computer zombie is much like a Bot, however zombie is often used to describe a isolated incident, while Bot usually implies that the computer is one of many infected by the remote control malware.
^ Back to Top ^

Glossary

 SiteMap