Security glossary




A

Adware

A form of spyware that enters your computer from an Internet download. Like spyware, it monitors your computer use, such as what Web sites you visit. Adware gets its name from also launching numerous pop-up ads in your browser.

Anti-Virus Software

Anti-virus software will protect your computer from viruses encountered on the Web. New viruses are born every day, so it's important to update your anti-virus software regularly.

Attachment

A document, a picture, a video clip, program, or any other kind of file that can be attached and sent with an email or instant message. Malicious programs, viruses, or spyware are commonly spread through attachments.

F

Firewall

A security tool that protects an individual computer or even an entire network from unauthorized attempts to access your system. Firewalls often protect email servers from receiving spam. A firewall will also scan both incoming and outgoing communications for your personal information and prevent it from leaving your computer without permission.

H

HTTP (Hypertext Transfer Protocol)

This is the standard language that computers use to communicate with each other on the Internet. Web addresses tend to start with http://www.
See also: HTTPS.

HTTPS

If a Web address begins with https, it indicates that the Web site is equipped with an additional security layer. Typically, users must provide a password or other means of authentication to access the site. This is often used when making payments online or accessing classified information.

L

Layered Security

This type of security model applies a multi-pronged approach to security for the user. In banking, financial institutions commonly use Layered Security to prevent fraud on credit card purchases. Since financial institutions commonly track and normalize individual's behavior in using their services, when any irregularities to those normal service patterns pop up, the financial institution may respond to the irregularity with a phone call to the customer to clarify and resolve the concern.

For example, lets say you are contacted by your financial institution to confirm a $300 dollar purchase recently made on-line, (from a computer in China). If you indeed made the purchase, the credit card company will allow the transaction to continue however, if you didn't make the purchase, they could cancel the transaction, thus avoiding an improper charge to your credit card account.

What has happened in the background of this example is layered security. The use of your card from a non-standard computer/IP address triggered alerts at your financial institution warning them of abnormal activity on your account. As a precaution, the financial institution may then follow up with a phone call to the customer to substantiate the transaction.


M

Malware

This term refers to any "malicious software" created to damage or illegally access a computer or network. Computer viruses, worms, spyware, and adware are all examples of malware.

Multi-Factor Security

Multi-Factor Security refers to the type of security that requires something you have (like a debit card) and something you know (like a PIN-Personal Identification Number) in order to complete your request. A proper multifactor authentication model for security must have at least 2 of the following 3 common elements:

  • Something you know (password, mothers maiden name, first dogs name, high school you attended, PIN or Password)
  • Something you have (Credit Card, Debit Card, Hardware Token, Phone)
  • Something you are (Fingerprint, Voice recognition, Retinal Scan)
Single Factor example:
A site that requires a user-name and password or even multiple usernames/passwords is NOT multifactor since it is all something you know. A good example is a typical email account.

Multifactor example:
A debit card used to withdraw cash from an ATM uses Multifactor security. To complete the transaction, it requires both the physical card (something you have) and the PIN (something you know) in order to access the accounts and complete the transaction.


P

Personal Information

Any information that can personally identify you, such as your name, address, phone numbers, your schedule, Social Security number, financial institution account number, credit card account numbers, family members' names or friends' names.

Phishing

Like the sport it's named after, phishing refers to an urgent instant message or email message meant to lure recipients into responding. Often these messages will appear to be from a friend, a financial institution or other legitimate source asking for personal information such as names, passwords, Social Security numbers or credit card information. These messages might also direct users to phony Web sites to trick users into providing personal information. Users falling for the "bait," often have their money or identities stolen.

S

Social Engineering

This refers to a direct communication, either in person, by phone, by fax or over the Internet, designed to trick you into providing your personal information. These messages usually ask you to "update" or "confirm" information by typing in a reply or clicking on a link. Legitimate institutions do not send email or IM of this nature due to security concerns on the Internet. "Phishing" is a prime example of social engineering.

Spam

Unsolicited, commercial email messages that are sent out in bulk, often to millions of users in hopes that one person may actually reply. Spam messages often involve Internet hoaxes and should be deleted immediately. Responding to a spam message will confirm to the sender that they have reached a legitimate email address and they will more than likely continue to send messages to that address.

Spyware

Spyware refers to a software program that slips into your computer without your consent to track your online activity. These programs tend to piggyback on another software program. When the user downloads and installs the software, the spyware is also installed without the user's knowledge. There are different forms of spyware that track different types of activity. Some programs monitor what Web sites you visit, while others record key strokes to steal personal information, such as credit card numbers, financial institution information or passwords.

V

Virus

A computer virus refers to a program that enters your computer-often through email or Internet downloads-and makes copies of itself, spreading throughout your computer and files. There is a wide range of computer viruses out there. They can be anything from merely annoying to horribly damaging-deleting files or making your computer inoperable. Keep in mind that viruses attach themselves to an application on a computer and aren't actually executed until that application is accessed or run.