Information Security Glossary



A form of spyware that enters your computer from an Internet download. Like spyware, it monitors your computer use, such as what Web sites you visit. Adware gets its name from also launching numerous pop-up ads in your browser. See also: Pop-up Messages or Ads, Spyware

Anti-Virus Software
Anti-virus software will protect your computer from viruses encountered on the Web. New viruses are born every day, so it's important to update your anti-virus software regularly.

A document, a picture, a video clip, program or any other kind of file that can be attached and sent with an e-mail or instant message. Malicious programs, viruses or spyware are commonly spread through attachments. What to do: Never open or download an IM or e-mail attachment from an unknown source or one that you are not expecting. Be cautious of attachments ending in .exe, .com, .scr, .bat or .pif. By simply deleting a suspect attachment or message, you take another step in protecting your computer.
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. IN private and public computer networks, authentication is commonly done through the use of log on password. Knowledge of the password is assumed to guarantee that the user is authentic.

Back to top


In a computer system, a backdoor refers to an overlooked or hidden entry into a computer system. A backdoor allows a hacker or other unauthorized user to bypass a password requirement and to gain access to a computer.

Back to top


A small data file that a Web site installs on your computer's hard drive to collect information about your activities on the site or to allow other capabilities on the site. Web sites use cookies to identify returning visitors and profile their preferences on the site. For example, many online shopping sites use cookies to monitor what items a particular shopper is buying to suggest similar items. Cookies are somewhat controversial as they raise questions of privacy and can be used by hackers as spyware.
Anything giving evidence that someone is entitled to or deserving of credit, confidence, etc. A user name and/or password can be defined as credentials that allows you some type of permission to access information or a website.

Back to top


Digital ID
Digital IDs are the electronic equivalents to peoples' identity cards. You can present a Digital ID electronically to prove your identity or your right to access information or services online. Digital IDs, also known as digital certificates, bind an identity to a pair of cryptographic keys.
The transfer of data from one computer (or server) to another computer. Downloading can refer to documents, software programs, photo, music or movie files. Often downloads can mask unwanted malicious programs. What to do: When you go to download that "free" screen saver, you may also be downloading spyware or a virus. Make sure you only download material from a legal, well-known source. Also, since instant message and e-mail sender names can be spoofed, only download instant message or e-mail attachments that you are expecting. See also: Attachment

Back to top


Encryption is the coding or scrambling of information so that it can only be decoded and read by someone who has the correct decoding key. Encryption is used in secure Websites as well as other mediums of data transfer. If a third party were to intercept the information you sent via an encrypted connection, they would not be able to read it.

Back to top


A security tool that protects an individual computer or even an entire network from unauthorized attempts to access your system. Firewalls often protect e-mail servers from receiving spam. A firewall will also scan both incoming and outgoing communications for your personal information and prevent it from leaving your computer without permission.

Back to top


A hacker is someone who has the technical know-how to intentionally breach or "hack" into a computer system to steal confidential information or to cause damage to a computer or whole network. Hackers are often looking to find financial or personal information in order to steal money or identities. They are not nice people.

HTTP (Hypertext Transfer Protocol)
This is the standard language that computers use to communicate with each other on the Internet. Web addresses tend to start with http://www. See also: HTTPS

If a Web address begins with https, it indicates that the Web site is equipped with an additional security layer. Typically, users must provide a password or other means of authentication to access the site. This is often used when making payments online or accessing classified information. What to do: When asked to provide personal information online, such as a credit card purchase, always look for https in the URL before you do so. If it's not there, the site is not secure--and neither is your information.

Back to top


Instant Messaging (IM)
Instant messaging rivals e-mail as the most popular form of online communication. IM allows users to relay messages to each other in real time for a "conversation" between two or more people. IM is also becoming the quickest new threat to network security. Because many IM systems have been slow to add security features, hackers have found IM a useful means of spreading viruses, spyware, phishing scams, and a wide variety of worms. Typically, these threats have infiltrated systems through attachments or contaminated messages.

What to do:

  • Use a strong IM password.
  • Don't automatically accept incoming messages or file transfers even if you think you know the sender. IM addresses can be easily forged and file transfers are commonly used to launch viruses.
  • Don't discuss personal or private information. Often, IM programs are easily compromised allowing hackers to read your messages as if they were postcards.
  • Watch for and download security upgrades from IM companies. Check them often for important patches and updates.

Back to top


This term refers to any "malicious software" created to damage or illegally access a computer or network. Computer viruses, worms, spyware, and adware are all examples of malware.

Back to top


Network Access Control
Is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network.

Back to top


A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance.
Personal Information
Any information that can personally identify you, such as your name, address, phone numbers, your schedule, Social Security number, bank account number, credit card account numbers, family members names or friends names. What to do: Treat your personal information with the utmost confidentiality on the Web. Finding this information is often the goal of hackers looking to steal your identity or your money. Also, don't send personal information over e-mail or IM. These are insecure methods of communication and can be read or intercepted by outside sources. Remember, once you send an e-mail, you no longer control the information in it. It can be forwarded to other people without your knowledge or consent. Keep your personal information private.

Like the sport it's named after, phishing refers to an urgent instant message or e-mail message meant to lure recipients into responding. Often these messages will appear to be from a friend, a bank or other legitimate source asking for personal information such as names, passwords, Social Security numbers or credit card information. These messages might also direct users to phony Web sites to trick users into providing personal information. Users falling for the "bait," often have their money or identities stolen. What to do: Be suspicious of any message asking for personal or financial information. If you are unsure about a message's authenticity, never click a link within the e-mail taking you to any Web site. Banks or other legitimate organizations are not likely to contact you in this manner due to the security risks of sharing sensitive material online. If you think the message may be legitimate, call or contact the sender using contact information you already have, not the contact information provided in the suspicious message. These types of IM or e-mail messages should be treated like spam: delete them. See also: Social Networking Sites, Spam

Pop-up Messages or Ads
Unsolicited advertising that "pops up" in its own browser window. Adware programs can overrun a computer with pop- up ads or messages. If you are receiving a huge amount of pop- ups in your online sessions, your computer may be infected with adware, spyware or a virus.

Back to top


This refers to a social engineering technique used to trick the end-user by displaying fake alerts about a virus or malware detection. They try to scare the end-user to have them do whatever it is they want, typically to buy something or install unwanted software.

SSL "Secure Sockets Layer"
SSL is a secure protocol developed for sending information securely over the Internet. Many websites use SSL for secure areas of their sites, such as user account pages and online checkout. Usually, when you are asked to "log in" on a website, the resulting page is secured by SSL.

Social Engineering
This refers to a direct communication, either in person, by phone, by fax or over the Internet, designed to trick you into providing your personal information. These messages usually ask you to "update" or "confirm" information by typing in a reply or clicking on a link. Legitimate institutions, such as banks, do not send e-mail or IM of this nature due to security concerns on the Internet. "Phishing" is a prime example of social engineering. See also: Phishing

Social Networking Sites
These are Web sites, such as Facebook or MySpace, where users build online profiles and share personal information, opinions, photographs, blog entries, and other media to network with other users, to find new friends or find a new job. Unfortunately, social networking sites have become targets of online predators, spammers, and other dangerous forces on the Web. What to do: Keep in mind that the Internet is a public resource. Only post information you are comfortable with anyone seeing and we do mean anyone your parents, your grandparents, your siblings, your teachers, your employer, even potential employers. It's not uncommon for companies to run an Internet search of job applicants before they offer them a position. There are several stories of people being "weeded out" from a job search due to compromising or ill-advised photos and information found on the Web, usually posted by that very person! Even if you remove information, that same information may still be living on other people's computers or networks. Also, don't post information that would make you vulnerable to a physical attack, such as your address, your schedule or where you will be meeting friends this weekend. Most of all, be careful of people you meet on the Web. The Internet provides people with a certain amount of anonymity. The Internet makes it easy for predators to pose as something they are not.

Unsolicited, commercial e-mail messages that are sent out in bulk, often to millions of users in hopes that one person may actually reply. Spam messages often involve Internet hoaxes and should be deleted immediately. Responding to a spam message will confirm to the sender that they have reached a legitimate e-mail address and they will more than likely continue to send messages to that address. What to do: Never respond to spam! Delete it. See also: Firewall, Phishing, Social Engineering, Spim

A new term for spam messages being sent to instant message addresses. What to do: Simply ignore them. Also, never respond to a message that looks like spim. A response will confirm to the sender that your account is legitimate and it's likely the messages will continue.

Forging an e-mail or instant message address to make it appear as if it came from someone or somewhere other than the true source. Whole Web sites can also be spoofed, tricking users into providing their passwords or other personal information, such as their credit card information.

Spyware refers to a software program that slips into your computer without your consent to track your online activity. These programs tend to piggyback on another software program. When the user downloads and installs the software, the spyware is also installed without the user's knowledge. There are different forms of spyware that track different types of activity. Some programs monitor what Web sites you visit, while others record key stokes to steal personal information, such as credit card numbers, bank account information or passwords. What to do: Consider the reliability of the site offering the software download. Be careful if a download prompts you to accept the installation of additional software. Scan the fine print before downloading. If you see anything that refers to monitoring browsing sessions or collecting information, consider this your "red flag" that you may be installing spyware. Two anti-spyware products for students, faculty and staff to download, install and run on their computers at no cost are Spy-bot Search & Destroy and Spyware Blaster. See also: Adware

Back to top


Trojan horse
If you read "The Iliad" in high school, you will remember that the Trojan horse concealed an army and fooled the citizens of Troy into taking it inside its city walls. Once inside the city gates, the army was let loose and brought Troy down. Similarly, in computer security terms, a Trojan horse refers to a malicious program that enters a computer or system disguised or embedded within legitimate software. Once installed on a computer, a Trojan horse will delete files, access your personal information, reconfigure your computer or even allow hackers to use your computer as a weapon against other computers on a network. What to do: Like most other viruses or malicious programs, Trojan horses are most commonly spread through e-mail or IM messages. Never open a message attachment unless you are expecting, even from someone you know. IM or e-mail addresses are easily forged and what you think is a message from your roommate could be from someone you've never met and would never want to meet. Also, check the file extension of all attachments you receive. If the attachment ends in .exe, .com, .scr, .bat, or .pif, be careful. These suggest a program that may start running on your machine if you click on it. See also: Pop-up Messages or Ads, Spyware
Two-Factor Authentication
Also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as multi factor authentication" that requires not only a password and username but also something that only, and only, tat user has on them, i.e. a piece of information only they should know or have immediately to hand- such as a physical token.

Back to top


A program that attaches itself to an executable file or vulnerable application and delivers a payload that ranges from annoying to extremely destructive. A file virus executes when an infected file is accessed. A macro virus infects the executable code embedded in Microsoft Office programs that allows users to generate macros.
Virtual Private Network VPN
Is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted.

Back to top


Just as a worm burrows through an apple making it inedible, a computer worm is a program built to reproduce itself and spread across a network, rendering it ineffective. A worm may be designed to complete several different malicious activities. However, one common denominator is that a worm can harm a network by consuming large amounts of bandwidth, potentially shutting the network down. Viruses, on the other hand, are more limited to targeting computers one-at-a-time. A virus also requires other programs to execute and replicate, whereas a worm can act independently of other programs. What to do: To keep a computer worm from entering your computer and network, be wary of unexpected or unknown e-mails, IMs or attachments. Also, use anti-virus software on your personal computer and update it regularly. See also: Pop-up Messages or Ads, Spyware

Back to top


A computer overtaken by a hacker and used to perform malicious tasks. Commonly, zombie computers are used to send large amounts of spam or host fraudulent Web sites. What to do: If you believe your computer has been taken over by an outside source, first: disconnect it from the Web. Then, contact the IT Help Desk. See also: Spyware, Pop-up Messages or Ads

Back to top