This glossary contains industry standard and City specific IT terminology. The glossary
should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
Trusted Operating Systems
Techno Crime is the term used by law enforcement agencies to denote criminal
activity which uses (computer) technology, not as a tool to commit the crime,
but as the subject of the crime itself. Techno Crime is usually pre-meditated
and results in the deletion, corruption, alteration, theft or copying of data on
an organization's systems. Techno Criminals will usually probe their prey system for weaknesses and will
almost always leave an electronic 'calling card' to ensure that their pseudonym
identity is known.
Techno Vandalism is a term used to describe a hacker or cracker who breaks
into a computer system with the sole intent of defacing and or destroying its
contents. Techno Vandals can deploy 'sniffers' on the Internet to locate soft
(insecure) targets and then execute a range of commands using a variety of
protocols towards a range of ports. If this sounds complex - it is! The best
weapon against such attacks is a firewall which will hide and disguise your
organization's presence on the Internet.
As the name suggests, a piece of hidden program code designed to run at some
time in the future, causing damage to, or loss of, the computer system. Time
bombs are less sophisticated than Logic Bombs, being concerned only with the
system date, rather than some specific event. Unless the date is changed, or the
code removed, the Bomb will go off on a specific date, come what may. A partial
defense against such code is frequent backup of data. There is
little to be gained by increasing the frequency of applications backup since the
coded will be contained within these copies as well. Data from mission critical
application should be backed up daily, if not actually mirrored in real time.
A utility program used primarily to create, manipulate, modify, or
other programs, such as a compiler or an editor or a cross-referencing program,
or perform maintenance and/or repairs on system hardware or application
software. Tools include Hex editors, disk checkers, file backup and recovery programs,
etc. Tools are powerful pieces of software and the use of tools within a
organization should be restricted to those personnel who have either received
the proper training or have otherwise proven their competence in the use of such
A collection of tools with related purposes or functions, e.g. Anti-Virus
Toolkit, Disk Toolkit, etc.
Less sardonic version of 'Dead Tree Edition'.
The index finger - used on mouse buttons, joysticks, weapons control systems,
and the 'Reply to..' key of newsgroup postings. Term used to describe injury/condition arising from over-use of said digit.
Such a condition can disable a mouse potato completely.
Term coined by hacker, turned spook, Dan Edwards. A Trojan Horse is a
malicious, security-breaking program that is disguised as something benign, such
as a directory lister, archiver, game or, in one notorious 1990 case on the
Apple Macintosh, a program to search and destroy viruses! A Trojan is a type of
virus which normally requires a user to perform some action before the
payload can be activated.
Famous examples include the latest (May 2000) attack by a virus known as
'Resume' in which an E-mail is received with an attachment which purports to be
the CV of a lady seeking employment. A CV is actually attached, but embedded
within it is a macro-virus which activates the Trojan program as soon as the
document is opened for viewing. If the attachment is not opened, the virus
cannot deliver the payload and no damage is done.
A basic defense against all viruses is a strict organization policy that
E-mail attachments should not be opened until they have been checked by an
anti-virus scanner and then only if they originate from a known, reliable,
source (even other known users may be infected). Any attachment which does not
meet these criteria should be saved to a floppy disk and passed to your anti
virus software vendor's investigation team to investigate. Meanwhile the
original E-mail message with its attachment must be deleted from the user's
An E-mail message, Usenet posting, or other electronic communication, which
is intentionally incorrect, but - unlike flame bait - not overtly controversial.
Trolling aims to elicit an emotional reaction from those with a hair-trigger on
the Reply To... key. A really subtle troll makes some people lose their minds.
Not a good idea for organization e-mail addresses to be associated with Trolls.
Baiting readers on Usenet newsgroups with a post designed to incite a large
volume of angry responses. Posts such as those that scream out racist epithets
are common trolls. This activity is not normally a problem for companies -
unless the person trolling happens to be using a organization machine when the
likely result may well be mail-bombing or other denial of service activity.
Trusted Operating Systems
Trusted Operating Systems are ones which have been specially modified to be
so secure as to be almost unusable! They afford maximum security for those
systems which require it .....
The reason for this development is due to the substantial rise in concern
over the apparent ease by which hackers are able to gain access to seemingly
secure systems, a number of vendors have developed variations on mainstream
version of UNIX and Windows® which go well beyond the standard Operating System
hardening which is advisable for all and any desktop and server systems.
However, the deployment of a trusted Operating system, does require
substantially more training of your systems operations staff as, no longer does
the Administrator necessarily have 'ultimate power'. Henceforth the functions
which control say, file, print or network access, are now split into separate
'sandboxes' which permit only a subset of actions to be performed by one systems
administrator. It will be apparent that a substantially higher degree of
coordination is required with the systems Operations team, and also a much
deeper level of planning before any changes are made.
Whilst this may appear to be a high overhead; it does prevent a system from
gradually being changed over time by a single systems' Administrator making
small changes 'here and there'. In effect the Operating System is locked down
and such Trusted Systems lend themselves to any e-commerce business where
maximum security is paramount; say e-banking.