The following is a glossary of terms that we commonly use here at SpearTip when creating security assessment reports.
Used by the system processor to store and process data currently being manipulated by computer system. Active memory includes data being processed or transmitted by processes on the system and is lost when a system is powered off.
ARIN (American Registry of Internet Numbers)
This is the primary governing body that regulates Internet IP addresses. Other similar registries include APNIC and RIPE NCC.
Certified Ethical Hacker
A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems, using the same knowledge, methods, tactics and tools as a criminal hacker or cyber terrorist.
Command and Control Server
A network server that sends commands to compromised computers within a botnet.
Dynamic Linked Library. Microsoft implementation that allows for functions and data to be shared between executable files without having to recompile or relink the executable.
DNS (Domain Name System)
A protocol used on the Internet for translating hostnames into Internet addresses. For example, DNS is the service that would translate www.google.com into the IP address 126.96.36.199. DNS is basically a phone book for the Internet.
Strings of alphanumeric characters used to name/identify computers, networks, and organizations on the Internet.
A script or program that takes advantage of vulnerabilities in services or programs to allow an attacker to gain unauthorized or elevated system access.
The process of scrambling or converting data into a form that cannot be easily understood by individuals who are not authorized to view the data.
Any of a number of security protocols that prevent unauthorized users from gaining access to a computer network. Generally, a firewall is a hardware device installed on a network to help protect the network from hackers and attacks.
Forensics and Malware Analysis Definitions
Chain of Custody:
Documentation representing the path evidence takes from the time of seizure to presentation in court
A bit by bit duplicate of digital evidence performed utilizing forensically sound tools and methodologies
A person who explores the details of programmable systems and how to stretch system capabilities, as opposed to most users, who prefer to learn only the minimum necessary. Many times the term is also used to describe a person who breaks into computer systems and/or networks.
A section of data not typically viewable by a user which contains information about the file, including metadata and information regarding the format of the file.
HIPAA (Health Insurance Portability and Accountability Act)
The Health Insurance Portability and Accountability Act of 1996 was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, require the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
HITECH (Health Information Technology for Economic and Clinical Health Act)
This legislation was created to stimulate the adoption of Electronic Health Records (EHR) and supporting technology in the United States. HITECH became law in February 2009 as part of the American Recovery and Reinvestment Act of 2009 (ARRA), an economic stimulus bill. Healthcare providers will be offered financial incentives for demonstrating meaningful use of EHR. Incentives will be offered until 2015, after which time penalties may be levied for failing to demonstrate such use. The Act also establishes training center grants for personnel required to support health IT infrastructure.
A node on a network; usually refers to a computer or device on a network which both initiates and accepts network connections.
The 32-bit address defined by the Internet Protocol in STD5, RFC 791. It is usually represented in dotted decimal notation. Any device connected to the Internet that uses TCP/IP is assigned an IP Address. An IP Address can be likened to an individual’s address due to the fact that no two are alike.
Malware designed to monitor user activity and capture user keystrokes. Modern keyloggers also have the capability of capturing and transmitting screenshots of the user’s desktop.
Short for malicious software. This is a general term used to describe any software, program or process that performs malicious, destructive or other unwanted actions on a computer system without the knowledge of the user.
Data about data. Metadata includes any data describing a file or folder on a computer system. Examples include creation date, last accessed date and modified date.
Used by applications to allow programs to share resources, but not simultaneously. Mutexes are also often used by malware authors to ensure that particular malware does not continuously re-infect a computer system and marks the presence of the malware on the compromised system.
An interconnected group of computers and electronic systems; a Local Area Network (LAN) is an example of a network. The Internet is another example of a network (albeit much more complex).
New Technology File System. File system used to track the creation, modification and deletion of files and folders on most modern Windows operating systems.
PHI (Protected Health Information)
Any information in a medical record, or designated record set, that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment.
PII (Personally Identifiable Information)
As used in information security, refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. For more information, refer to U.S. standards such as the National Institute of Standards and Technology (NIST) Guide to Protecting the Confidentiality of PII (SP 800-122).
A program used to test reachability of destination nodes by sending them an Internet Control Message Protocol (ICMP) echo request and waiting for a reply.
In the network sense, a pathway that a computer uses to transmit and receive data. As an example, web servers typically listen for requests on port 80.
Files created and used by Windows operating systems to improve system performance.
A standard procedure for regulating data transmission between computers. For example, an email server uses a specific set of protocols so that anyone on the Internet can send email to anyone else on the Internet, regardless of which software or Internet Service Provider (ISP) either party is using.
Software or processes designed to compromise and gain remote access of a target system. This form of malware also seeks to employ defensive mechanisms to remain undetected on a compromises system.
A computer that provides some service(s) to other computers that are connected to it via a network. For example, a web server provides web pages to your computer via the Internet.
A program running on a remote machine that, in one way or another provides a service to users. For example, when one visits a website, the remote server displays a web page via its web server service.
A portion of a network, which may be a physically independent network segment, sharing a network address with other portions of the network.
TCP/IP (Transmission Control Protocol / Internet Protocol)
A suite of data networking and communications protocols for communication between computers; used as a standard for transmitting data over networks and as the basis for standard Internet protocols.
Unallocated space is an area of the hard drive not currently “allocated”, or in use by the operating system, to store files or process data.
URL (Uniform Resource Locator)
Specifies the availability of an identified resource and the mechanism for retrieving it. An example of a URL is the “address” of a web page on the World Wide Web, e.g. http://www.example.com.
A weakness or a flaw in a program or service that can allow an attacker to gain unauthorized or elevated system access.
An Internet directory service for looking up information on a remote server. “WHOIS” is commonly used to locate information about people, companies, IP addresses, computers, and domain names.