What is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network?

Glossary Chapter 10 802.11i Sometimes called WPA2, a network standard developed by IEEE with enhanced security for wireless communications. access control Security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer. adware Program that displays an online advertisement in a banner or pop-up window on Web pages, e-mail, or other Internet services. anti-spam program Program that attempts to remove spam before it reaches a user’s inbox. antivirus program Program that protects a computer against viruses by identifying and removing any computer viruses found in memory, on storage media, or on incoming files. audit trail Computer file that records both successful and unsuccessful access attempts. back door Program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network. backup Duplicate or copy of a file, program, or disk that can be used if the original is lost, damaged, or destroyed. biometric device Device that authenticates a person’s identity by translating a personal characteristic, such as a fingerprint, into a digital code that then is compared with a digital code stored in a computer verifying a physical or behavioral characteristic. biometric payment Payment method where the customer's fingerprint is read by a fingerprint scanner that is linked to a payment method such as a checking account or credit card. botnet Group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks, usually for nefarious purposes. See also zombie army. CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart; program used by some Web sites to provide further protection for a user's password by verifying that user input is not computer generated. certificate authority (CA) Authorized person or company that issues and verifies digital certificates. clickjacking Scam in which an object that can be clicked on a Web site, such as a button, image, or link, contains a malicious program. computer addiction Growing health problem that occurs when the computer consumes someone’s entire social life. computer crime Any illegal act involving a computer. computer ethics Moral guidelines that govern the use of computers and information systems. computer security risk Any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. computer vision syndrome Eyestrain due to prolonged computer usage. content filtering Process of restricting access to certain material on the Web. cookie Small text file that a Web server stores on a computer. copyright Exclusive rights given to authors and artists to duplicate, publish, and sell their materials. cracker Someone who accesses a computer or network illegally with the intent of destroying data, stealing information, or other malicious action. cybercrime Online or Internet-based illegal acts. cyberextortionist Someone who uses e-mail as a vehicle for extortion. cyberterrorist Someone who uses the Internet or network to destroy or damage computers for political reasons. decrypt Process of deciphering encrypted data into a readable form. denial of service attack Assault on a computer or network whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. See also DoS attack. digital certificate A notice that guarantees a user or a Web site is legitimate. digital forensics The discovery, collection, and analysis of evidence found on computers and networks. See also computer forensics, cyberforensics, or network forensics. digital rights management (DRM) Strategy designed to prevent illegal distribution of movies, music, and other digital content. digital signature Encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender. DoS attack Assault on a computer or network whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. See also denial of service attack. e-mail filtering Service that blocks e-mail messages from designated sources. employee monitoring The use of computers to observe, record, and review an employee’s use of a computer, including communications such as e-mail messages, keyboard activity (used to measure productivity), and Web sites visited. encryption Process of converting readable data into unreadable characters to prevent unauthorized access. encryption algorithm Set of steps that can convert readable plaintext into unreadable ciphertext. See also cypher. encryption key Set of characters that the originator of the encrypted data uses to encrypt the plaintext and the recipient of the data uses to decrypt the ciphertext. ENERGY STAR program Program developed by the United States Department of Energy (DOE) and the United States Environmental Protection Agency (EPA) to help reduce the amount of electricity used by computers and related devices. firewall Hardware and/or software that protects a network’s resources from intrusion by users on another network such as the Internet. green computing Computer usage that reduces the electricity and environmental waste involved in using a computer. hacker Someone who accesses a computer or network illegally. hardware theft The act of stealing computer equipment. hardware vandalism The act of defacing or destroying computer equipment. information privacy Right of individuals and companies to deny or restrict the collection and use of information about them. information theft Computer security risk that occurs when someone steals personal or confidential information. intellectual property rights Rights to which creators are entitled for their work. intrusion detection software Program that automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized intrusions, and notifies network administrators of suspicious behavior patterns or system breaches. license agreement An agreement issued by a software manufacturer that gives the user the right to use the software. malware Short for malicious software; programs that act without a user’s knowledge and deliberately alter a computer’s operations. password Private combination of characters associated with a user name that allows access to certain computer resources. payload Destructive event or prank a malicious-logic program is intended to deliver. personal firewall Utility program that detects and protects a personal computer and its data from unauthorized intrusions. personal identification number (PIN) Numeric password, either assigned by a company or selected by a user. pharming Scam, similar to phishing, where a perpetrator attempts to obtain your personal and financial information, except they do so via spoofing. phishing Scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal and financial information. phishing filter Program that warns or blocks you from potentially fraudulent or suspicious Web sites. piracy Unauthorized and illegal duplication of copyrighted material. possessed object Any item that a user must carry to gain access to a computer or computer facility. product activation Process that attempts to prevent software piracy by requiring users to provide a software product’s 25-character identification number in order to receive an installation identification number. quarantine Separate area of a hard disk that holds the infected file until a virus can be removed. real time location system (RTLS) Safeguard used by some businesses to track and identify the location of high-risk or high-value items. repetitive strain injury (RSI) Injury or disorder of the muscles, nerves, tendons, ligaments, and joints. restore To copy backed up files by copying them to their original location on the computer. rootkit Program that hides in a computer and allows someone from a remote location to take full control of the computer. script kiddie Someone who accesses a computer or network illegally with the intent of destroying data, stealing information, or other malicious action but does not have the technical skills and knowledge. secure site Web site that uses encryption techniques to secure its data. social engineering Gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others. software theft Computer security risk that occurs when someone (1) steals software media, (2) intentionally erases programs, (3) illegally copies a program, or (4) illegally registers and/or activates a program. spam Unsolicited e-mail message or newsgroups posting sent to many recipients or newsgroups at once. spoofing Technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. spyware Program placed on a computer without the user’s knowledge that secretly collects information about the user. surge protector Device that uses special electrical components to smooth out minor noise, provide a stable current flow, and keep an overvoltage from reaching the computer and other electronic equipment. See also surge suppressor. system failure Prolonged malfunction of a computer. Trojan horse Program named after the Greek myth that hides within or looks like a legitimate program. trusted source Company or person a user believes will not send a virus-infected file knowingly. unauthorized access Use of a computer or network without permission. unauthorized use Use of a computer or its data for unapproved or possibly illegal activities. uninterruptible power supply (UPS) Device that contains surge protection circuits and one or more batteries that can provide power during a temporary or permanent loss of power. user name Unique combination of characters, such as letters of the alphabet and/or numbers, that identifies a specific user. virus Potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission. virus definition Known specific pattern of virus code. See also virus signature. virus hoax E-mail message that warns users of a nonexistent virus or other malware. virus signature Known specific pattern of virus code. See also virus definition. war driving Intrusion technique in which an individual attempts to detect wireless networks via their notebook computer while driving a vehicle through areas they suspect have a wireless network. See also access point mapping. Web filtering software Program that restricts access to certain material on the Web. Wi-Fi Protected Access (WPA) Security standard that improves on older security standards by authenticating network users and providing more advanced encryption techniques. worm Program that copies itself repeatedly, using up system resources and possibly shutting down the system. zombie A compromised computer whose owner is unaware the computer is being controlled remotely by an outsider.

What is the term for a website that uses encryption techniques to protect its data?

What provides a mobile user with a secure connection to a company network?

What is hardware and or software that limits access to networks by external intruders?

What is an AUP intended to do?