With security being such an important part of every task a sysadmin undertakes, and with the stakes so high, we are starting a new series on the GFI Blog that deals with Security 101. The last week of every month, we will cover something along the lines of a “Security 101” topic to help those who need security, but don’t have the background, to improve their skills.
Those of you who are security sysadmins, or who have been managing systems for years, may find this to be a bit too basic, but we encourage you to follow this series anyway, and contribute your wisdom and share your opinions on the topics we cover. Everyone, from the new sysadmin to the 10-year veteran, can benefit from the knowledge of others, and who knows, the story you tell about when something bad happened to you might just save someone else from making the same mistake!
In this first post, we’re going to lay some groundwork for future articles by starting with some definitions. In fact, there’s so much vocabulary in and around security that our next several posts will security vocabulary.
The practice of removing anything from a dataset that could be used to identify an individual, group, or organization.
A software application that runs on a computer to protect it from malware. Antivirus software can scan files on access or download, running processes and other applications, and removable media to detect and either remove or quarantine malware. Antivirus software can detect malware based on patterns in the code (signatures) or by detecting anomalous behavior by executables and scripts.
The preferred term for a hacker (see below) with malicious intent, who attempts to gain unauthorized access to systems or data for financial gain, to destroy data or prevent authorized users from accessing a system, to deface websites, raise awareness for a political or social cause, or as part of state sponsored activity against others.
Software applications and/or services installed on a system to protect it against malware and attempts to gain unauthorized access.
An individual who attempts to learn more about a system by exploring its parameters or capabilities, or by evaluating its code or inputs. Hackers are usually well-intentioned and are attempting to increase their skills or knowledge, but the media and popular culture have misappropriated the term and use it to denote only malicious individuals, more appropriately referred to as crackers.
Any system on a network that can communicate on the network, and offers services or uses them as a client. Workstations, servers, firewalls, routers, switches, load balancers and more are all considered hosts on a network.
In virtualization, the physical computer that runs software designed to run virtual machines is called the host computer, or simply the host. Hosts can run VMware, Microsoft’s Hyper-V, VirtualBox, or other host software. See also VM.
The practice of assigning the absolute minimum rights and privileges to a user necessary for them to perform their primary job. Administrators who perform their normal work using unprivileged accounts, and only log onto systems with their administrative account when needing to perform administrative actions, are practicing the minimum form of least privilege. Removing administrative access from end users to their own workstations is a more common implementation of least privilege. While a popular approach to restricting access and reducing risk in information security, many enterprise applications require users to have administrative rights, making least privilege very difficult to implement for many organizations.
Any software designed to intentionally steal, damage, destroy, or deny access to data, or to provide unauthorized users with access to a system or data, either directly or by compromising or stealing credentials used to access a system.
An acronym for Non Public Information, NPI is any data about an individual (customer, patient, taxpayer, user, et al.) that is not public record, or that can be used to specifically identify an individual. See also PHI, and PII.
Another acronym related to NPI and PII, PHI stands for personally identifiable health information or more simply Personal Health Information. PHI includes patients’ medical records, health history, diagnoses and information on medical treatments or prescriptions. See also NPI and PII.
An attack that targets a user and attempts to convince them to reveal sensitive information, such as passwords or bank accounts, to a site or individual that the victim believes to be entitled to such information. Spear phishing specifically targets an individual, compared to phishing which is more indiscriminate.
An acronym that stands for personally identifiable information. PII is any data that can be used to specifically identify an individual, such as full name, address, telephone number, etc. See also NPI and PHI.
The act of obtaining copies of software or media (movies, television shows, music) without paying the creator, producer, publisher, or copyright holder is referred to as piracy. Many will dispute calling this stealing or theft, as the act of piracy does not prevent the legitimate owner from using or selling the item, but only denies them payment.
The popular name for unsolicited commercial email (UCE,) spam is any email that is sent with the hope that the recipient will click a link or purchase something of value. Call it spam, UCE, or junk mail, you probably get some of it in your mailbox daily.
An acronym for Virtual Machine, a VM is an operating system that runs wholly in software on a Host (virtualization.) VMs can be used to make the most of hardware, or to quickly stand up machines for testing. See also Host (virtualization.)
In our next post, we will list those terms and phrases used when discussing encryption.