General Security Information

Glossary of Security Terms

Most of these definitions were reprinted with permission from Computer Security Basics by Deborah Russel and G. T. Gangemi, Sr., copyright 1991, O'Reilly and Associates, Inc., call 800-998-9938 for orders and information.

cracker - One who tries to break the security of a computer systems without authorization.

ciphertext - In cryptography, the unintelligible text that results from encrypting original text. Sometimes called "cipher."

COMPUSEC - Short for computer security. The government program whose focus is the techniques (e.g. trusted systems) that prevent unauthorized access to information while it's being processed or stored.

computer security - Protection of information while it's being processed or stored.

decryption - The transformation of encrypted text (called ciphertext) into original text (called plaintext). Sometimes called "deciphering."

encryption - The transformation of original text (called plaintext) into unintelligible text (called ciphertext). Sometimes called "enciphering."

firewall machine - A dedicated gateway machine with special security precautions on it, used to service outside network connections and dial-in lines. The idea is to protect a cluster of more loosely administered machines hidden behind it from unauthorized access.

INFOSEC - Short for information security. The government program whose focus is the techniques that increase the security of computer systems, communications systems, and the information they process or transmit.

login - The process of identifying oneself to, and having one's identity authenticated by, a computer system.

password - A secret sequence of characters that's used to authenticate a user's identity, usually during a login process.

plaintext - In cryptography, the original text that is being encrypted.

security - Freedom from risk or danger. Saftey and the assurance of saftey.

trap door - A hidden mechanism that allows normal system protection to be circumvented. Trap doors are often planted by system developers to allow them to test programs without having to follow secruity procedures or other user interfaces. They are typically activated in some unobvious way (e.g., by typing a particular sequence of keys).

Trojan horse - An independent program that appears to perform a useful function but that hides another unauthorized program inside it. When an authorized user performs the apparent funciton, the Trojan horse performs the unauthorized function as well (often usurping the privileges of the user).

virus - A code fragment (not an independent program) that reproduces by attaching to another program. It may damage data directly, or it may degrade system performance by taking over system resources which are then not available to authorized users.

worm - An independent program that reproduces by copying itself from one system to another, usually over a network. Like a virus, a worm may damage data directly, or it may degrade system performance by tying up system resources and even shutting down a network.

For More Information

* A nice introduction to cryptology.

* Top 10 internet security threats.

* PBS Frontline program that discussed hackers. A good introduction to the mind of the hacker.

* Computer virus information.

* The FIRST (Forum of Incident Response and Security Teams) Security Papers are a collection of papers on various security issues, including cryptography, virus information, passwords security, legal issues, authentication. In postscript format.

* Online papers (in postscript) from Purdue's COAST Project (Computer Operations, Audit, and Security Technology). A variety of security topics.

* The Electronic Frontier Foundation is a public interest group that has alot of information on cryptography and its impact on privacy issues.

* Firewalls are a hot topic. The SOS Corporation has a good Introduction to Firewalls page.

* Department of Energy's Computer Incident Advisory Capability CIAC Home Page.

To learn more about crackers, espionage, and general cyber-mayhem ...

* The Hacker Crackdown, Law and Disorder on the Electric Frontier by Bruce Sterling. An online copy of The Hacker Crackdown can be obtained here.

OC2020 Home Page

Comments to Mike Cook
Last Modified: 15 Feb 01