Deutschland 
France 
- Norton Internet Security
- Norton for Macintosh Security
- Norton Antivirus 2010
- Norton 360™ Version 4.0
- Norton 360™4.0 Premier Edition
- Norton 360™4.0 Netbook Edition
- Norton GHOST & Utilities
Norton Antivirus Program 2011
Best Antivirus Software and Program
Download Antivirus Program
Jargon
Norton Internet Security Download
Window Antivirus
Advantages of having Norton Antivirus software
Risks of not having an antivirus system
Glossary
Terms and definitions of commonly used terms.
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
%CommonProgramFiles%
Refers to the Common Files folder. By default, this is C:Program FilesCommon Files.
%CurrentFolder%
Refers to the folder where the risk was originally executed.
%DriveLetter%
Refers to any drive letter assigned to fixed, mapped, or removable drives that may be connected to the computer. For example, a USB key connected to the computer may appear as drive D.
%ProgramFiles%
Refers to the program files folder. By default, this is C:Program Files.
%System%
Refers to the System folder. By default, this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP, Vista).
%SystemDrive%
Refers to the drive on which Windows is installed. By default, this is drive C.
%Temp%
Refers to the Windows temporary folder. By default, this is C:WindowsTEMP (Windows 95/98/Me), C:WINNTTemp (Windows NT/2000), C:Documents and Settings[CURRENT USER]Local SettingsTemp (Windows XP), or C:User[CURRENT USER]AppDataLocalTemp (Windows Vista).
%UserProfile%
Refers to the current user’s profile folder. By default, this is C:Documents and Settings[CURRENT USER] (Windows NT/2000/XP) or C:User[CURRENT USER] (Windows Vista).
%Windir%
Refers to the Windows installation folder. By default, this is C:Windows or C:Winnt.
.dam
Indicates a detection for files that have been corrupted by a threat or that may contain inactive remnants of a threat, causing the files to fail to properly execute or produce reliable results.
.dr
Refers to a file that is considered a dropper. This program drops the virus or worm onto the victim's computer.
.enc
Refers to a file that is encrypted or encoded. For example, a worm that creates a copy of itself with MIME encoding may be detected with the .enc suffix.
@m
Signifies that the virus or worm is a "mailer." An example: Happy99 (W32.Ska) only sends itself by email when you send mail.
@mm
Signifies that the virus or worm is a "mass-mailer." An example: W97M.Melissa.A sends messages to every email address in your mailbox.
A
ACS
A communications server that manages a pool of modems. It directs outgoing messages to the next available modem and incoming messages to the appropriate workstation.
Action
A predefined response to an event or alert by a system or application.
Active
A status that indicates that a program, job, policy, or scan is running. For example, when a scheduled scan executes, it is considered active.
Activity log
A type of report in which all the recorded events are sequentially organized.
Administrative domain
An environment or context defined by a security policy, security model, or security architecture.
Administrator
An individual who:
Oversees the operation of a network.
Is responsible for installing programs on a network and configuring them for distribution to workstations.
May also update security settings on workstations.
Adware
Adware is a software package that facilitates the delivery of advertising content to the user. Learn more about different adware risks.
Age
A rating used to calculate the vulnerability based on the relative amount of time since the discovery of the vulnerability. According to experts, the potential for exploiting a vulnerability increases as the age of the vulnerability increases. The assumption that people are likely to be aware of the existence of the vulnerability supports this statement. The L-3 Network Security researchers assign lower ratings to the age factor of recently discovered vulnerabilities. Older vulnerabilities are rated higher.
Alarm
A sound or visual signal triggered by an error condition.
Alert
An automatic notification that an event or error has occurred.
Alertable event
Any event or member of an event set configured to trigger an alert.
Also Known As
Names that other antivirus vendors use to identify a threat. Often Symantec's bloodhound heuristics will identify a potential threat before a specific detection is added. In such cases, the name of the bloodhound detection will appear in this field.
Antivirus
A subcategory of a security policy that pertains to computer viruses.
Application server
A software server that lets thin clients use applications and databases that are managed by the server. The application server handles all the application operations and connections for the clients.
Asset
A physical item, informational item, or capability required by an organization to maintain productivity. Examples include a computer system, a customer database, and an assembly line.
Asset measure
A quantitative measurement of an asset. The asset measure is the confidentiality, integrity, and availability of an asset in relation to other assets in an organization.
Asset value
The perceived or intrinsic worth of an asset.
Attack signature
The features of network traffic, either in the heading of a packet or in the pattern of a group of packets, which distinguish attacks from legitimate traffic.
Attribute
A property of an object, such as a file or display device.
Authenticated, self-signed SSL
A type of SSL that provides authentication and data encryption through a self-signed certificate.
Authentication
The assurance that a party to some computerized transaction is not an impostor. Authentication typically involves using a password, certificate, PIN, or other information that can be used to validate the identity over a computer network.
AutoInstall package
An executable created by AI Snapshot and AI Builder that contains one or more applications distributed to client computers using the Symantec Ghost Console.
B
Backup regime
A group of settings that determines which computer to include in a backup task, as well as other details such as scheduling.
Banner grab
A client receives this readable string immediately following a connection to a server. The type of received string usually identifies the operating systems and server types.
Baseline risk
The risk that exists before safeguards are considered.
Benefit
The effectiveness of a safeguard in terms of vulnerability measure. If the safeguard is applied by itself, it lowers the danger that the vulnerability poses by the amount specified.
Bits per second (bps)
A measure of the speed at which a device, such as a modem, can transfer bits of data.
Blank
To clear or not show an image on the computer screen. You can configure a pcAnywhere host to blank the host's screen once a connection has been made. This enhances the security of an unattended pcAnywhere host.
Blended Threat
Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage. Characteristics of blended threats include:
Causes harm: Launches a Denial of Service (DoS) attack at a target IP address, defaces Web servers, or plants Trojan Horse programs for later execution.
Propagates by multiple methods: Scans for vulnerabilities to compromise a system, such as embedding code in HTML files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment.
Attacks from multiple points: Injects malicious code into the .exe files on a system, raises the privilege level of the guest account, creates world read and writeable network shares, makes numerous registry changes, and adds script code into HTML files.
Spreads without human intervention: Continuously scans the Internet for vulnerable servers to attack.
Exploits vulnerabilities: Takes advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorized administrative access.
Effective protection from blended threats requires a comprehensive security solution that contains multiple layers of defense and response mechanisms.
Boot package
A file, bootable disk, Ghost image, or Preboot Execution Environment (PXE) image of a bootable disk that contains the Symantec Ghost executable and any drivers required to start a client computer and Symantec Ghost.
Broadcast
To simultaneously send the same message to all the users on a network.
Broadcast alert action
An AMS2 response to an alert in which a message is sent to all the computers logged onto the server that generates the alert.
Bug
A programming error in a software program that can have unwanted side effects. Some examples include Various web browser security problems and Y2K software problems.
C
Callback
A security feature that lets a host disconnect a remote caller after a successful connection and then recall the remote computer, either for security verification or financial responsibility.
Canvas
The window in which hosts and other drawing objects, which represent a network scheme, are placed.
Capability
The measure of a threat's technical expertise or knowledge of a system's connectivity.
Capability Maturity Model for Software (CMM or SW-CMM)
A model for judging the maturity of the software processes of an organization and for identifying the key practices that are required to increase the maturity of these processes.
Captured attack sessions
A record of any network session that contains an attack signature. You can configure NetProwler to capture a record of any type of attack. You can view these sessions in the Attack Sessions branch of either the NetProwler Console or the Agent Graphical User Interface (GUI).
Case-sensitive
The discrimination between lowercase and uppercase characters.
Causes system instability
This payload may cause the computer to crash or to behave in an unexpected fashion.
Certificate
Cryptographic systems use this file as proof of identity. It contains a user's name and public key.
Certificate authority
An office or bureau that issues security certificates.
Certificate authority-signed SSL
A type of SSL that provides authentication and data encryption through a certificate that is digitally signed by a certificate authority.
Certificate store
A database that contains security certificates.
Channel
In communications, a medium for transferring information, which is also called a line or circuit. Depending on its type, a communications channel can carry information in analog or digital form. A communications channel can be a physical link, such as a cable that connects two stations in a network, or it can consist of some electromagnetic transmission.
Client
A program that makes requests of, or transmits data to, a parent server program.
Client computer
A computer that runs a client program. In a network, the client computer interacts in a client/server relationship with another computer running a server program.
Client/server program
A program in which one portion of the program is installed on a computer that acts as a server for that particular program; and, another portion is installed on one or more client computers.
Client/server relationship
A relationship in which two computers, usually a server and client, communicate across a network. Usually one computer manages or supplies services to the other computer.
Client-side reporting
A method of reporting in which data is retrieved from the server and processed at the client.
Clone
To make a specified folder on the host or remote computer identical to a specified folder on another computer. Any files in the source folder are copied to the destination folder. Files that are in the destination folder and that are not in the source folder are deleted from the disk. Also see synchronize.
Cluster server
A group of two or more servers linked together to balance variable workloads or provide continued operation in the event that one server fails.
CME initiative
The CME initiative is an effort headed by the United States Computer Emergency Readiness Team (US-CERT), in collaboration with key organizations within the security community. Through the adoption of a neutral, shared identification method, the CME initiative seeks to: reduce the public's confusion in referencing threats during malware incidents; enhance communication between anti-virus vendors; and improve communication and information sharing between anti-virus vendors and the rest of the information security community.
CME number
A Common Malware Enumeration (CME) number is a unique, vendor-neutral identifier for a particular threat (see CME initiative above).
Command-Line Interface (CLI)
A utility providing an alternate way to execute the ESM commands in UNIX and Windows NT environments. The CLI supports most of the ESM commands available in the ESM Console. In addition, you can create Agent records, remove modules, or execute batch files that contain CLI commands from the Command Line Interface.
Common Information Model (CIM)
A common data model of an implementation-neutral schema for describing overall management information in a network/enterprise environment. A Specification and Schema comprise CIM. The Specification defines the details for integration with other management models (such as the SNMP MIBs or the DMTF MIFs), while the Schema provides the actual model descriptions.
Communications
The transfer of data between computers by a device such as a modem or cable.
Communications device
Also called the connection device. The communications device is a modem, network interface card, or other hardware component enabling remote communications and data transfer between computers.
Communications link
A connection between computers (and/or peripherals) enabling data transfer. A communications link can be a network, modem, or cable.
Communications port (COM port)
Also called a serial port. The COM port is a location for sending and receiving serial data transmissions. The ports are referred to as COM1, COM2, COM3, and COM4.
Communications protocol
A set of rules designed to enable computers to exchange data. A communications protocol defines issues such as transmission rate, interval type, and mode.
Communications session
The time during which two computers maintain a connection and are usually engaged in transferring information.
Compile
To convert a high-level script into a low-level set of commands that can be executed or run. Syntax errors are discovered when a script is being compiled.
Compromises security settings
This payload may attempt to gain access to passwords or other system-level security settings. It may also search for openings in the Internet-processing components of the computer to install a program on that particular system, which an individual could remotely control over the Internet.
Connection
The successful establishment of a communications link.
Connection item
An item representing a pcAnywhere file, which contains connection device information and security settings to be used during a session.
Console
1. A program interface for the management of software or networks. 2. In a mainframe or UNIX environment, a terminal consisting of a monitor and keyboard.
Content filtering
A subcategory of a security policy that pertains to the semantic meaning of words in text (such as email messages). It can also include URL filtering.
Crash recovery
A file transfer option that directs pcAnywhere to continue transferring files where it left off when computers are reconnected after a broken connection, instead of restarting the transfer.
Current risk
The remaining risk after safeguards have been applied.
Current vulnerability measure
The danger posed by a vulnerability after accounting for the safeguards you use to secure it. If you use a valid safeguard, the current vulnerability measure is less than the default vulnerability measure.
CVE References
A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. (Source: CVE Web site)
Click here to read more about Symantec and CVE compatibility.
D
Damage
The damage component measures the amount of harm that a given threat might inflict. This measurement includes triggered events, clogging email servers, deleting or modifying files, releasing confidential information, performance degradation, errors in the virus code, compromising security settings, and the ease with which the damage may be fixed.
Data conversion
To convert the configuration files (for example, connecting to a host computer) from an earlier version of pcAnywhere so that you can use them in the current version. You can also use data conversion to import or export configuration files to or from text files for record-keeping purposes.
Data template
A template that defines files or registry entries to be included in a backup.
Data transfer
The movement of information from one location to another. The transfer speed is called the data rate or data transfer rate.
Data transmission
The electronic transfer of information from a sending device to a receiving device.
Default threat measure rating
A rating based on the appropriate threat profile and the estimations of security experts. Expert estimations were obtained using the Delphi inquiry method.
Default vulnerability measure
The danger posed by a vulnerability before you account for the safeguards that you use to secure it. If you use a valid safeguard, the current vulnerability measure is less than the default vulnerability measure.
Degrades performance
This payload slows computer operations, which could involve allocating available memory, creating files that consume disk space, or causing programs to load or execute more slowly.
Deletes files
This payload deletes various files on the hard disk. The number and type of files that may be deleted vary among viruses.
Deploy
To perform a remote installation.
Desktop computer
1. A computer used primarily to perform work for individuals rather than to act as a server. 2. A personal computer or workstation designed to reside on or under a desktop.
Dial
To initiate a connection via LAN, modem, or direct connection, regardless of whether actual dialing is involved.
Dialers
A dialer is any software package that dials a high cost toll number, sometimes by changing the modem configuration, or requests payment for access to particular content.
Direct connection
A form of data communication in which one computer is directly connected to another, usually via a null modem cable.
Disabled
A status indicating that a program, job, policy, or scan is not available. For example, if scheduled scans are disabled, a scheduled scan does not execute when the date and time specified for the scan is reached.
Discovery
A process in which one computer attempts to locate another computer on the same network or domain.
Distributed Management Task Force (DMTF)
An industry organization that leads the development, adoption, and unification of management standards and initiatives for desktop, enterprise, and Internet environments. Working with key technology vendors and affiliated standards groups, the DMTF enables a more integrated, cost-effective, and less crisis-driven approach to management through interoperable management solutions.
Distribution
This component measures how quickly a threat is able to spread.
Domain
A group of computers or devices that shares a common directory database and is administered as a unit. On the Internet, domains organize network addresses into hierarchical subsets. For example, the .com domain identifies host systems used for commercial business.
Domain Name System (DNS)
A hierarchical system of host naming that groups TCP/IP hosts into categories. For example, in the Internet naming scheme, names with .com extensions identify hosts in commercial businesses.
Download
To transfer data from one computer to another, usually over a modem or network. Download usually refers to the act of transferring a file from the Internet, a Bulletin Board System (BBS), or an online service to an individual's computer.
Download folder
The folder in which files that are received during file transfer are stored.
Driver
A program that interprets commands for transferring to and from peripheral devices and the CPU.
E
Electronic exposure
A rating used to calculate the vulnerability based on whether a threat must have electronic access to your system to exploit a vulnerability.
Enabled
A status indicating that a program, job, policy, or scan is available. For example, if the scheduled scans are enabled, any scheduled scan will execute when the date and time specified for the scan are reached.
Encrypted Virus
A virus using encryption to hide itself from virus scanners. That is, the encrypted virus jumbles up its program code to make it difficult to detect.
Encryption
A method of scrambling or encoding data to prevent unauthorized users from reading or tampering with the data. Only individuals with access to a password or key can decrypt and use the data. The data can include messages, files, folders, or disks.
Extended Partition Boot Record (EPBR)
Each logical partition resembles a physical hard disk, and on each logical hard disk, an EPBR occupies the same position as the MBR of a physical hard disk.
ESM Agent
A software component that performs security assessment on a host system and returns the results to the ESM Manager. The ESM Agents also store snapshot files of system-specific and user-account information, make user-requested corrections to files, and update snapshots to match corrected files.
ESM Enterprise Console
A Graphical User Interface (GUI) used to administer managers and agents. It receives user input, sends requests to the ESM Manager, and formats the returned security assessment data for display. The ESM Enterprise Console is supported for ESM versions 5.0 and later. Older versions of ESM use the ESM GUI.
ESM Manager
A software component that coordinates the work of its assigned ESM Agents, provides communication between the Agents and the ESM user interfaces, and stores security data gathered by the Agents.
Event
A significant occurrence in a system or application that a program detects. Events typically trigger actions, such as sending a user notification or adding a log entry.
Event class
A predefined event category used for sorting reports and configuring alerts.
Event normalization
The process by which events from disparate sources are mapped to a consistent framework.
Event viewer (ITA event viewer)
A separate Windows NT or UNIX Graphical User Interface (GUI) for viewing event data captured by intruder alert agents.
Exploit
A program or technique that takes advantage of a vulnerability in software and that can be used for breaking security, or otherwise attacking a host over the network.
Exposure
An exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:
Allows an attacker to conduct information gathering activities
Allows an attacker to hide activities
Includes a capability that behaves as expected, but can be easily compromised
Is a primary point of entry that an attacker may attempt to use to gain access to the system or data
Is considered a problem according to some reasonable security policy
*Source: CVE Web site
Extended (partition)
An extended partition is a primary partition that was originally developed in order to overcome the four-primary-partition limit. The extended partition is a container, or a place-holder, for logical partitions. The extended partition itself does not contain any data, nor does it receive a drive letter assignment. It can contain any number of logical partitions, and each logical partition receives a drive letter assignment, as long as the logical partition is recognized by the operating system.
eXtensible Markup Language (XML)
The common language of the Web used to exchange information.
External Hostile Structured (EHS) threat
An individual or group outside of an organization that is motivated to attack, exploit, or disrupt mission operations. This highly funded, extremely skilled threat has substantial resources and unique tools. Foreign intelligence services, criminal elements, and professional hackers involved in information warfare, criminal activities, or industrial intelligence often fall into the EHS threat category.
External Hostile Unstructured (EHU) threat
An individual outside of an organization who is motivated to attack, exploit, or disrupt mission operations. This individual has limited resources, tools, skills, and funding to accomplish a sophisticated attack. Many Internet hackers and most crackers and vandals fall into the EHU threat category.
External Nonhostile Structured (ENS) threat
An individual outside of an organization who has little or no motivation for attacking it. However, this threat has special resources, skills, tools, or funding to launch a sophisticated attack. System and network security professionals who use the Internet to obtain information or improve their skills usually fall into the ENS threat category.
External Nonhostile Unstructured (ENU) threat
An individual outside of an organization who has little or no motivation for attacking. This threat has limited resources, skills, tools, or funding to launch a sophisticated attack. Common Internet users fall into the ENU threat category.
External threat
A threat that originates outside of an organization.
F
File Allocation Table (FAT)
File Allocation Table. FAT can refer to three different types of partitions: FAT12, FAT16, and FAT16b. FAT16b is the most common type, and is used for partitions that are larger than 32 MB. FAT12 and FAT16 partitions were used with MS-DOS 5.0, and are still used with Windows 98 (depending on the partition size). The FAT file system format is used and recognized by DOS, Windows 3.x, Windows 95, Windows NT, OS/2, and nearly all other operating systems.
FAT32
32-bit File Allocation Table. File system format recognized by Windows 95 B (or later versions) and Windows NT 5(or later versions).
FAT32x
A FAT32 partition that crosses over the 1024th cylinder of a hard drive.
File transfer
The process of using communications to send a file from one computer to another. In communications, a protocol must be agreed upon by sending and receiving computers before a file transfer can occur.
Firewall Rules
A security system that uses rules to block or allow connections and data transmission between your computer and the Internet.
Fully Qualified Domain Name (FQDN)
A URL consisting of a host and domain name, including top-level domain. For example, the parsing of the FQDN, www.symantec.com, is:
www is the host,
symantec is the second-level domain, and
com is the top-level domain.
An FQDN always starts with a host name and continues to the top-level domain name, so www.sesa.symantec.com is also an FQDN.
G
Geographic distribution
This measures the range of separate geographic locations where infections have been reported. The measures are high (global threat), medium (threat present in a few geographic regions), and low (localized or non-wild threat).
Group
In Windows NT user manager, an account that contains other accounts, which are called members. Permissions and rights granted to a group are also provided to its members, making groups a convenient way to grant common capabilities to collections of user accounts.
H
Hack tool
Tools that can be used by a hacker or unauthorized user to attack, gain unwelcome access to or perform identification or fingerprinting of your computer. While some hack tools may also be valid for legitimate purposes, their ability to facilitate unwanted access makes them a risk. Hack tools also generally:
Attempt to gain information on or access hosts surreptitiously, utilizing methods that circumvent or bypass obvious security mechanisms inherent to the system it is installed on, and/or
Facilitate an attempt at disabling a target computer, preventing its normal use
One example of a hack tool is a keystroke logger -- a program that tracks and records individual keystrokes and can send this information back to the hacker. Also applies to programs that facilitate attacks on third-party computers as part of a direct or distributed denial-of-service attempt.
Hardware setup
A set of hardware parameters, such as modem type, port/device, and data rate, which is used as a singular named resource in launching a host or remote session.
HLLC
Refers to a virus compiled using a high-level language that adds itself to a location on the system from which it can be easily executed.
HLLO
Refers to a virus compiled using a high-level language that overwrites files.
HLLP
Refers to a virus compiled using a high-level language that is parasitic; that is, the virus infects files with itself.
HLLW
Refers to a worm that is compiled using a High-Level Language. (Note: This modifier may or may not be used as a prefix - it is only a prefix in the case of a DOS High-Level Language Worm. If the Worm is a Win32 file, the proper name is W32.HLLW.)
Hoax
Hoaxes usually arrive in the form of an email. Please disregard the hoax emails - they contain bogus warnings usually intent only on frightening or misleading users. The best course of action is to merely delete these hoax emails. Learn more about different hoaxes.
Host
1. In a network environment, a computer that provides data and services to other computers. Services may include peripheral devices, such as printers, data storage, email, or World Wide Web access. 2. In a remote control environment, a computer to which remote users connect to access or exchange data.
Hypertext Transfer Protocol Secure (HTTPS)
A variation of HTTP that is enhanced by a security mechanism, which is usually the Secure Sockets Layer (SSL).
I
Ignore
A condition that prevents an action from being executed on a rule.
Image file
A file that is created using Norton Ghost. An image file of a disk or partition is created and used to produce duplicates of the original disk or partition.
Image file definition
A description of the properties of an image file, including the image file name, location, and status
Impact
The effect, acceptable or unacceptable, of an incident on a system, operation, schedule, or cost. Unacceptable impact is impact deemed, by the system owner and as compared to the missions and goals of the U.S. Department of Defense (DOD), as severe enough to degrade an essential mission, capability, function, or system causing an unacceptable result. Like impact, unacceptable impact refers to the total system and all areas of operational concern, not only confidentiality.
Inactive
A status indicating that a program, job, policy, or scan is not currently running. For example, when a scheduled scan awaits for the specified date and time to execute, it is inactive.
Incident
The actualization of a risk. The event or result of a threat that exploits a system vulnerability.
Incident response
The ability to deliver the event or set of events to an incident management system or a HelpDesk system to resolve and track incidents.
Incident response cycle
The sequence of phases that a security event goes through from the time it is identified as a security compromise or incident to the time it is resolved and reported.
Infection Length
This is the size, in bytes, of the viral code that is inserted into a program by the virus. If this is a worm or Trojan Horse, the length represents the size of the file.
Information
A rating used to calculate a vulnerability, based on the relative availability of information that discloses a vulnerability. For example, if a vulnerability is disclosed in books or on the Internet, then the information factor is rated high. If a vulnerability is not well-known and little or no documentation on the vulnerability exists, then information is rated low.
Initialize
To prepare for use. In communications, initialize means to set a modem and software parameters at the start of a session.
Integrated Services Digital Network (ISDN)
A type of phone line used to enhance Wide Area Network (WAN) speeds. ISDN lines can transmit at speeds of 64 or 128 kilobits per second (Kbps), as opposed to standard phone lines, which transmit at only 9600 bps. The phone company installs an ISDN line at both the server and remote sites.
Internal Hostile Structured (IHS) threat
An individual or group within an organization that is motivated to disrupt mission operations or exploit assets. This threat has significant resources, tools, and skills to launch a sophisticated attack and potentially remove any evidence of the attack. An IHS threat is unlikely to act but has the greatest potential to cause damage. Highly skilled, disgruntled employees (such as system administrators or programmers) or technical users who could benefit from disrupting operations often fall into the IHS threat category.
Internal Hostile Unstructured (IHU) threat
An individual within an organization who has physical access to network components. This individual is motivated to disrupt the operations of the organization but lacks the resources, tools, or skills necessary to launch a sophisticated attack. It would not be unusual for this threat to attack the organization by deploying a common virus. Unskilled, disgruntled employees or users who could benefit from disrupting operations often fall into the IHU threat category.
Internal Nonhostile Structured (INS) threat
An individual within an organization who has physical access to network components. This individual is not motivated to disrupt mission operations but can do so by making common mistakes. Individuals executing INS threats are usually skilled and have tools to assist them in performing security-related functions. System administrators, network engineers, and programmers often fall into the INS threat category.
Internal Nonhostile Unstructured (INU) threat
An individual within an organization who has physical access to network components. This individual is not motivated to disrupt mission operations but can do so unknowingly. Individuals executing INU threats do not have any unusual skills or tools and are not interested in attacking. Usually, they are typical users who make mistakes that can impact mission operations. The INU threat category is typically the most likely to disrupt operations.
Internal threat
A threat that originates within an organization.
Internet Engineering Task Force (IETF)
An international community of network designers, operators, vendors, and researchers who are concerned with the evolution of Internet architecture and the smooth operation of the Internet. IETF is open to any interested individual. The technical work of the IETF is done in its working groups, which are organized by topic into several areas (such as routing, transport, security, and so on). Much of the work is handled via mailing lists.
Internet Protocol (IP) address
Identifies a workstation on a TCP/IP network and specifies routing information. Each workstation on a network must be assigned a unique IP address, which consists of the network ID, plus a unique host ID assigned by the network administrator. This address is usually represented in dot-decimal notation, with the decimal values separated by a period (for example 123.45.6.24).
Internet Relay Chat (IRC)
IRC is a multi-user chat system, where people meet on "channels" (rooms, virtual places, usually with a certain topic of conversation) to talk in groups, or privately. This system also allows for the distribution of executable content.
Interrupt Requests (IRQ)
Also called hardware interrupts. IRQ means that a connection device signals other hardware components that it needs attention. When you install new devices (such as serial ports, modems, and mouse devices), you may find that previous devices no longer work, because the new devices use the previously used IRQs.
Intruder Alert agent
In Intruder Alert, the agent monitors the hosts and responds to events, by performing defined actions based on applied security policies.
Intruder Alert manager
A software application that runs in the background mode as either a UNIX daemon or a Windows NT service.
Intrusion Detection
A security service that monitors and analyzes system events to find and provide real-time or near real-time attempt warnings to access system resources in an unauthorized manner. This is the detection of break-ins or break-in attempts, by reviewing logs or other information available on a network.
Intrusion Detection Working Group (IDWG)
A group that defines data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, as well as to management systems that may need to interact with them. The IDWG coordinates its efforts with other Internet Engineering Task Force work groups.
J
Joke programs
Programs that alter or interrupt the normal behavior of your computer, creating a general distraction or nuisance.
K
Known Dependencies
These programs have been known to install the security risk as a component, and will therefore not function as intended if the security risk is removed from the computer.
L
Large scale e-mailing
This type of payload involves sending emails to large numbers of people. This is usually done by accessing a local address book and sending emails to a certain number of people within that particular address book.
M
Managers:
Maintain secure communications with all registered Agents,
Maintain the master list of domains and policies applied to each Agent,
Communicate domain and policy changes to Agents,
Receive and store event data from Agents, via the Record to Event Viewer action,
Serve as the communications link among the Intruder Alert Administrator, Intruder Alert Event Viewer, and Agents, and
Maintain the list of policies and the domains to which they are applied.