Seattle.gov Home Page
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Erin Devoto, Director
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Passwords
Securing Your Laptop
Protecting Your Home
Spyware Solutions
Wireless Network Security Solutions
Digital Consumer
Living Digital
Contact Us
Glossary of IT Terms

Information Security

Glossary A


This glossary contains industry standard and City specific IT terminology. The glossary should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

Techno Crime
Techno Vandalism
Time-bomb
Tool
Toolkit
Treeware
Trigger Finger
Trojan
Troll
Trolling
Trusted Operating Systems


Techno Crime
Techno Crime is the term used by law enforcement agencies to denote criminal activity which uses (computer) technology, not as a tool to commit the crime, but as the subject of the crime itself. Techno Crime is usually pre-meditated and results in the deletion, corruption, alteration, theft or copying of data on an organization's systems. Techno Criminals will usually probe their prey system for weaknesses and will almost always leave an electronic 'calling card' to ensure that their pseudonym identity is known.


Techno Vandalism
Techno Vandalism is a term used to describe a hacker or cracker who breaks into a computer system with the sole intent of defacing and or destroying its contents. Techno Vandals can deploy 'sniffers' on the Internet to locate soft (insecure) targets and then execute a range of commands using a variety of protocols towards a range of ports. If this sounds complex - it is! The best weapon against such attacks is a firewall which will hide and disguise your organization's presence on the Internet.


Time-bomb
As the name suggests, a piece of hidden program code designed to run at some time in the future, causing damage to, or loss of, the computer system. Time bombs are less sophisticated than Logic Bombs, being concerned only with the system date, rather than some specific event. Unless the date is changed, or the code removed, the Bomb will go off on a specific date, come what may. A partial defense against such code is frequent backup of data. There is little to be gained by increasing the frequency of applications backup since the coded will be contained within these copies as well. Data from mission critical application should be backed up daily, if not actually mirrored in real time.


Tool
A utility program used primarily to create, manipulate, modify, or analyze other programs, such as a compiler or an editor or a cross-referencing program, or perform maintenance and/or repairs on system hardware or application software. Tools include Hex editors, disk checkers, file backup and recovery programs, etc. Tools are powerful pieces of software and the use of tools within a organization should be restricted to those personnel who have either received the proper training or have otherwise proven their competence in the use of such software.


Toolkit
A collection of tools with related purposes or functions, e.g. Anti-Virus Toolkit, Disk Toolkit, etc.


Treeware
Less sardonic version of 'Dead Tree Edition'.


Trigger Finger
The index finger - used on mouse buttons, joysticks, weapons control systems, and the 'Reply to..' key of newsgroup postings. Term used to describe injury/condition arising from over-use of said digit. Such a condition can disable a mouse potato completely.


Trojan
Term coined by hacker, turned spook, Dan Edwards. A Trojan Horse is a malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game or, in one notorious 1990 case on the Apple Macintosh, a program to search and destroy viruses! A Trojan is a type of virus which normally requires a user to perform some action before the payload can be activated. Famous examples include the latest (May 2000) attack by a virus known as 'Resume' in which an E-mail is received with an attachment which purports to be the CV of a lady seeking employment. A CV is actually attached, but embedded within it is a macro-virus which activates the Trojan program as soon as the document is opened for viewing. If the attachment is not opened, the virus cannot deliver the payload and no damage is done.

A basic defense against all viruses is a strict organization policy that E-mail attachments should not be opened until they have been checked by an anti-virus scanner and then only if they originate from a known, reliable, source (even other known users may be infected). Any attachment which does not meet these criteria should be saved to a floppy disk and passed to your anti virus software vendor's investigation team to investigate. Meanwhile the original E-mail message with its attachment must be deleted from the user's system.


Troll
An E-mail message, Usenet posting, or other electronic communication, which is intentionally incorrect, but - unlike flame bait - not overtly controversial. Trolling aims to elicit an emotional reaction from those with a hair-trigger on the Reply To... key. A really subtle troll makes some people lose their minds. Not a good idea for organization e-mail addresses to be associated with Trolls.


Trolling
Baiting readers on Usenet newsgroups with a post designed to incite a large volume of angry responses. Posts such as those that scream out racist epithets are common trolls. This activity is not normally a problem for companies - unless the person trolling happens to be using a organization machine when the likely result may well be mail-bombing or other denial of service activity.


Trusted Operating Systems
Trusted Operating Systems are ones which have been specially modified to be so secure as to be almost unusable! They afford maximum security for those systems which require it .....

The reason for this development is due to the substantial rise in concern over the apparent ease by which hackers are able to gain access to seemingly secure systems, a number of vendors have developed variations on mainstream version of UNIX and Windows® which go well beyond the standard Operating System hardening which is advisable for all and any desktop and server systems.

However, the deployment of a trusted Operating system, does require substantially more training of your systems operations staff as, no longer does the Administrator necessarily have 'ultimate power'. Henceforth the functions which control say, file, print or network access, are now split into separate 'sandboxes' which permit only a subset of actions to be performed by one systems administrator. It will be apparent that a substantially higher degree of coordination is required with the systems Operations team, and also a much deeper level of planning before any changes are made.

Whilst this may appear to be a high overhead; it does prevent a system from gradually being changed over time by a single systems' Administrator making small changes 'here and there'. In effect the Operating System is locked down and such Trusted Systems lend themselves to any e-commerce business where maximum security is paramount; say e-banking.