APPENDIX 7: GLOSSARY
Form of advance fee fraud, in which the victim is
persuaded to put down a sum of money in anticipation of a much
larger gain, which then fails to materialise. Named after the
relevant article of the Nigerian criminal code.
Abstraction [of network layers]
Principle that there are different layers in a network
and each one has a specific function, with clear boundaries between
Controller of a botnet.
Collection of compromised computers (individually
called robots or zombies) running malicious programs that allow
them to be controlled remotely; commonly used to distribute spam
or launch Distributed Denial of Service attacks.
Computer program which permits the viewing of material
on the World Wide Web.
2003 Act of the United States Congress designed to
regulate the use of spam.
Distributed Denial of Service attack
Attack launched by means of compromised systems (typically
controlled via botnets), designed to overwhelm a particular servers
or networks by flooding them with packets of information.
Name identifying a computer or computers belonging
to a single organisation on the Internet.
Crime committed against or with significant use of
Principle that the network core should only carry
traffic, and that additional services should be delivered at the
edges of the network, by end-points, not within the network core.
Known way of taking advantage of a security problem
with a system on the Internet.
Practice of making files available for others to
download over the Internet.
Device controlling the passage of data between areas
of a network that are more or less trustworthy.
Person who tests out computer security, whether lawfully
or unlawfully (e.g. for research, or for criminal purposes).
Text on a computer that leads the user to other information,
e.g. by means of a "hyperlink".
Real-time communication between users of a network,
by means of typed text.
The global network of interconnected networks that
transmits data by means of the Internet Protocol.
Protocol for communicating data via the Internet
Internet Relay Chat
Form of real-time Internet communication via dedicated
Program that surreptitiously captures a user's keystrokes
so that a remote attacker may learn passwords etc.
Level 1/2/3 crime
Crime that affect a local police force only (level
1); that crosses force boundaries (level 2); or that is committed
nationally or internationally (level 3).
Man in the middle
Attack in which the attacker places himself between
two parties, e.g. the individual end-user and his bank, without
those parties being aware that the link between them has been
Interconnected group of computers.
Device within a network.
Program that manages the hardware and software resources
of a computer.
Police investigation into over 7,000 individuals
in the United Kingdom whose details were found on a database held
by Landslide Inc, an American company offering access to child
Block of data carried by a computer network.
Paradigm for communicating information by which communications
between end-points are broken down into packets, and then routed
between the nodes making up the network, before being reconstructed
at the destination end-point.
Piece of software designed to fix a software vulnerability.
Network in which participants share files or bandwidth,
all participants being equals, rather than communicating through
a central server.
Criminal activity that relies on social engineering
to persuade victims to enter user names, passwords etc on a spoof
Set of guidelines governing communication between
Root [name server]
One of the thirteen servers that answer requests
for the "root domain" (the empty sequence at the end
of every domain name) and redirect such requests to the "top
level domain" (e.g. ".uk" or ".com")
Device that determines the proper path for data to
travel between networks.
Virtual container in which programs that are not
trusted can safely run within infecting the rest of the computer
Unsolicited bulk email messages.
Launching an attack by masquerading as someone else.
A set of inter-related programs for a particular
purpose, such as the production of malware or the incorporation
of exploits into a Trojan.
The Onion Router, a system allowing users to communicate
anonymously on the Internet.
Program that installs malicious software, under the
guise of doing something else.
Two factor [authentication]
Authentication requiring two different methods to
be used, typically something known (a password) and something
owned (often a key-fob generating a random sequence of six-digit
Manufacturer of software or some other product.
Malicious program, attaching itself to an existing
program, which can copy itself and infect or corrupt computers
without the knowledge or permission of their owners.
Weakness in a system that exposes it to attack.
Wireless communications medium used by mobile computing
World Wide Web
System of documents, identified or located by means
of Uniform Resource Identifiers (that is, strings of characters
used to specify particular resources or pages), interlinked by
means of hypertext, and accessed via the Internet.
Malicious program that replicates itself and sends
copies to other computers, so endangering the network by consuming
bandwidth, but which does not need to attach itself to an existing
program and may or may not corrupt the host computer itself.
Compromised machine controlled by an external source,
typically forming part of a botnet.