Term
|
Definition
A field of security engineering
Computing in the presence of adversaries
Security maxim: "A security system is no stronger than its weakest link" |
|
|
Term
|
Definition
| Danish computer security service provider best known for tracking vulnerabilities in more than 10,000 pieces of software and OS, also tracks currently active viruses |
|
|
Term
|
Definition
| Based on 85 advisories published by Secunia between 2003-2005, about 25% of IE bugs remain unpatched. More than 40% of those are serious enough to be used in system compromise attacks. |
|
|
Term
|
Definition
Infected 1/4 million in a week(2001)-->$2 billion in lost productivity
Viruses cost over $50 billion in 2003 |
|
|
Term
|
Definition
Estimated in 2005, at least a million computers penetrated and "owned" by malicious parties; used for sending spam, phising, identity fraud
1/2 of spam sent by such zombie networks
Security is like a game of chess--often attacker get last move--we have to think like attackers |
|
|
Term
| SATAN(Security Administrators' Tool for Analyzing Networks) |
|
Definition
Developed 1995--became benchmark for network security analysis for few years--but only few updates--became obsolete
SARA(Security Auditor's Research Assistant) inherited SATAN |
|
|
Term
|
Definition
| National Vulnerability Database |
|
|
Term
|
Definition
CIA
Confidentiality--also called as secrecy/privacy
Integrity--blocking modification, deletion, ...
Availability--defend against DOS(Denial Of Service)
In the past, C & I were on focus, A is next challenge
Above 3 can be independent, can overlap, can be mutually exclusive, sometimes conflicts each other |
|
|
Term
|
Definition
|
|
