A - I
Definition: Backdoors most frequently arrive as the malicious payload of a virus or other threat.
A backdoor is used to circumvent normal permissions and authentications, and is frequently used to open
communication ports, initiate an ftp server, or collect keystrokes and transmit the information back to
the attacker. As with Trojans, backdoors can easily penetrate the corporate firewall, thereby compromising
the security of the entire network.
Example: The Trojan that infects a user's computer infiltrates the systems to open a communications port,
enabling the remote malicious user to gain full access to the system at any time.
Definition: A malware scanning methodology developed during an era when viruses were transmitted via
removable media, therefore working on the assumption that the entity to be scanned could be randomly accessed.
Batch-based scanning commences only after the entire file is received, with outputting starting only after the
entire file has been scanned. As a result, end-users often experience long delays or sometimes even timeouts
while the file is transferred and scanned.
Definition: The term given to describe any malicious code that blends the capabilities of two or more types of malware to attack a system on multiple fronts.
Example: Malware infects a system and installs a keylogger, opens a backdoor, and communicates via Internet Relay Chat (IRC).
Definition: Short for "Web Robot", a bot is a malicious software application that installs itself on a user's system by
taking advantage of security vulnerabilities in either the user's operating system, or in one of his software applications.
By exploiting the vulnerability, the bot can install itself on the system automatically, with no user interaction required.
A bot can also be installed by a worm or Trojan that arrives via spammed email. Once the bot is installed, the infected computer
can be controlled by a remote malicious user without the knowledge or permission of the computer's rightful owner.
Definition: Short for "bot network", a botnet is a collection of computers, or "zombies", that have been infected by a
malicious software application, called a "bot". Computers in the botnet can be controlled by a remote malicious user without
the knowledge or permission of the computer's rightful owner.
Example: A single command goes from a malicious user to 20,000 zombie computers to simultaneously make multiple communications
requests of a single Web site. The result is a complete saturation of its resources, effectively shutting the site down.
Definition: A buffer overflow is a condition where a program attempts to put more data in a buffer than it can hold or when a
program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to
contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can
corrupt data, crash the program, or cause the execution of malicious code. Buffer overflows are often used in attacks which exploit
Definition: A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make
a computer resource unavailable to its intended users. One common method of attack involves flooding the victim machine or network
with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered
effectively unavailable. Distributed denial-of-service attacks are often carried out by botnets, where the resources of bot infected
machines carry out attacks from remote locations based on the commands of one or a few individuals.
Distributed Spam Analysis
Definition: Perpetual, coordinated communications between the ProSecure® gateway security appliances installed inside the company
network and the ProSecure® Spam Classification Center, to proactively detect and classify all types of email-borne threat patterns in real
time, based on the analysis of more than 50 million sources around the world. Distributed Spam Analysis technology extracts and analyzes
relevant message patterns, which are used to identify and classify distribution and structure patterns of email-borne outbreaks.
Distributed Web Analysis
Definition: Distributed Web Analysis is a hybrid in-the-cloud URL filtering architecture used in ProSecure® gateway security
appliances. The appliance queries the ProSecure® URL Classification Center for real-time URL categorization data. The response is then cached
locally by the appliance for future queries. The ProSecure® URL Classification Center processes and classifies URL data feeds from millions
of HTTP connectors deployed "in-the-cloud" at service providers throughout the world and features a growing URL database containing over
a hundred million URLs divided into 64 categories.
Definition: A malicious software application that is sent directly to users via email. The threat can be embedded in HTML email,
or it can come in the form of an email attachment. Email-borne threats typically employ a technique referred to as "social engineering"
to trick users into believing the email is legitimate, and therefore opening the email or launching the attachment. For HTML-embedded
threats, the user's system becomes infected simply by opening the email. If the threat is attached to the email, the system becomes
infected once the attachment is launched.
Two well-known threats that rely on email for propagation are spam and phishing. Though not inherently dangerous, per se, spam is
frequently employed as a vehicle for email-borne threats, due to its capability to be sent virtually simultaneously to millions of users
via networks of computer systems. Similarly, though phishing attacks are executed on the Web, it is the email hook that bears the burden
of delivering the victim to the site.
Example: An email arrives in the user's inbox, purportedly from a news agency, with a striking headline as the subject line. The email
may be in HTML with the threat embedded in the code, in which case the user's system becomes infected as soon as the email is opened.
Alternatively, the attacker may only include a brief abstract in the body of the email, then encourage the user to open the attachment
to read the full story.
In-the-Cloud Zero-Hour Detection
Definition: The continual gathering and analysis of data from more than 50 million sources from around the world to proactively
discover and block any suspected Internet threats that have not yet been identified. Email is accurately assessed in real-time by
analyzing its distribution patterns, rather than its header information. Once an email is classified as spam, the scanner assigns
it a signature and immediately generates a corresponding pattern file - effectively stopping an outbreak before it becomes widespread.
Likewise, Web usage is assessed using a hybrid in-the-cloud URL database containing more than 100 million websites for rapid and efficient
Definition: IPS (Intrusion Prevention System) is a network security device that monitors network and/or system activities for
malicious or unwanted behavior and can react, in real-time, to block or prevent those activities.
Definition: IPsec (IP Security) is a suite of protocols for securing Internet Protocol (IP) communications between a pair
of hosts (client based remote access), or a pair of Internet gateways (site to site tunnel) by authenticating and encrypting
each IP packet of a data stream. IPsec also includes protocols to establish mutual authentication between agents at the beginning
of a session and negotiate the cryptographic keys to be used during the session.
J - R
Definition: One of the most common forms of spyware, a keylogger is a program that captures and records
the user's keystrokes, then sends those keystrokes back to the attacker. Keyloggers are most commonly used
to steal passwords and can be used to easily gain unauthorized access to the company's network, its databases, or
other sensitive assets.
Definition: A shortened version of "malicious software", malware is a term used in the security industry to
refer generically to any type of computer threat. Malware was initially designed to cause damage to computers or
data contained in computer files, or to gain notoriety for the malicious author. However, most modern-day threats
are designed to steal personal or company information, with the intention of reaping financial gain.
Example: Viruses, worms, Trojans, and spyware are all considered malware.
ProSecure® Stream Scanning Technology
Definition: A patent-pending malware scanning methodology, based on the simple observation that network traffic
travels in streams. Rather than wait for the entire file to arrive, stream scanning begins receiving and analyzing traffic
the moment the stream enters the network. Once the minimum number of bytes is received, scanning commences. The scan
engine continues to scan additional bytes as they become available, while another thread outputs the bytes that have been
scanned. As a result, large amounts of data can be processed quickly, using a single scan to identify spam, malware,
security breaches, or unnecessary applications.
Definition: An email-based threat disguised as a communication from the user's bank or other trusted electronic commerce
organization. Intended to provoke the user into taking immediate action, a typical phishing email will pose as a fraud alert,
a notification of a security update, a special offer, or a request for the user to verify his credentials. Phishing emails
will almost always provide an embedded URL link, which will lead the user to a Web page that has been designed to look identical
to the legitimate site – possessing the same company logo, graphics, layout, typefaces, and other visual elements.
Example: An email arrives in the user's inbox, purportedly from his bank, warning him of some potentially fraudulent activity
on his account. He is encouraged to use the embedded link to log-in to the bank's Web site to check his account. Upon
selecting the link, he is led to an exact replica of the bank's site, where he enters his log-in credentials. Those credentials
go directly to the malicious user, who can now use them to gain unfettered access to the user's account.
Definition: A port scan is the action of using a port scanner to probe a machine/network for open ports. It is often used
by hackers to find potential vulnerabilities in a system.
Definition: A program that up levels itself to the highest level permission on a computer system. The purpose of a rootkit
is to mask other computer processes, making them totally invisible. Though not malicious in and of themselves, the fact that
they hide other processes that are occurring on the system poses a serious threat to the security of that system, as well as
the network as a whole.
S - Z
Definition: There are two types of spyware - nuisance spyware and malicious spyware. Malicious spyware, which
is the type that has the highest potential for adversely affecting businesses, is utilized by thieves to steal sensitive
information. If it gets into the network, it has the potential to compromise company or customer information.
Example: Spyware installed on a user's system sits silently, sending user-entered data back to the remote user on a
pre-determined time schedule. The remote malicious user analyzes the data, looking for credit card numbers, online banking
credentials, passwords, and other sensitive information.
Definition: SQL injection is a database layer vulnerability exploit in which malicious code is inserted into strings
that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of
direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct
attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings
are subsequently concatenated into a dynamic SQL command, the malicious code is executed.
Definition: SSL VPN (Secure Sockets Layer Virtual Private Network) is a type of VPN that runs on Secure Socket Layers
technology and is accessible via HTTPS over Web browsers. It permits users to establish safe and secure clientless remote
access sessions from virtually any Internet connected browser. SSL VPN offers a cost-effective, lightweight alternative to
legacy software client based VPN technologies.
Stateful Packet Inspection
Definition: Stateful Packet Inspection (SPI) is a firewall architecture that keeps track of the state of network connections
(such as TCP streams, UDP communication) traveling across it. The firewall contains rules used to distinguish legitimate packets.
Only packets matching a known connection state will be allowed by the firewall; others will be rejected and dropped.
TCP SYN Flood
Definition: A TCP SYN flood is a form of denial-of-service attack in which an attacker sends a succession of TCP SYN requests to a
target's system faster than it can process them. When a normal TCP connection begins, a TCP three-way handshake is initiated between
the destination host and source host. The source host sends a SYN (synchronize/start) packet to the destination host and the destination
host then sends back a SYN ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN ACK before
the connection is established.
Whenever a server receives a SYN segment from a client, computing resources (e.g., memory) are set aside in anticipation of a completed
handshake and subsequent data transfer. As there are limited resources on any server, only a set number of connections can be accepted. Any
additional requests are rejected. TCP SYN flood attacks overwhelm the victim machine with requests to the point where legitimate requests
Definition: Like its Greek Mythology namesake, a Trojan, or Trojan horse, is a malicious software application that is disguised to
appear as one that is harmless, in an attempt to trick the user into launching it. Frequently arriving as an email attachment, a Trojan
can easily get inside the corporate firewall and cause damage. Trojan horses enable the attacker to gain unauthorized access to the
infected system, which degrades the security of the entire network.
Example: Free screensavers, emoticons, or avatars are common disguises for Trojans. The user's system is infected when he attempts
to download one of these seemingly benign programs.
Definition: A malicious software application that can replicate its own code. Some viruses seek to cause harm, such as damaging
or deleting files, while others seek to overload the computer's memory. However, most are programmed solely to make their presence
known. A virus does not have any capability to spread from one system to another. Instead, they need to attach themselves to an
existing application to survive – and can only spread when the host application is taken to another computer.
Example: An email arrives in the user's inbox, promising nude pictures of a well-known female celebrity. The attachment is an
executable, but is disguised as an image file, which is named after the celebrity. Believing the attachment is, indeed, the nude
photos, the user launches the attachment, subsequently infecting his system.
Definition: Any malicious code that spreads through Web protocols (HTTP, HTTPS, and FTP). Many are coded in a browser-supported
in Web browsers, but most will reside on specific Web sites. Some are disguised as legitimate files such as a document, song, or
picture, to lure the user into downloading the content. Others can be automatically downloaded in the background when the user
visits an infected Web site, requiring no user interaction of any type. The infected site can be a rogue site, developed by a
malicious author to appear legitimate, or it can be a legitimate site that has been hijacked by the malicious author and subsequently
infected with the threat.
Example: A spyware application appears on a peer-to-peer (P2P) site, either disguised as or appended to an mp3 of a popular
song to elicit hundreds of thousands of downloads. The user's system is infected upon downloading the file.
Definition: A type of phishing scam that targets the top executives within a company. In whaling, a carefully crafted
email is sent to the targeted individuals, to lure them into clicking on an embedded link, which will lead them to a malicious
Web site. Once on the site, spyware can be downloaded to their machines, or the users may be tricked into entering sensitive
information about themselves or their businesses.
Example: An email arrives in the CFO's inbox, apparently from the Small Business Administration (SBA), with an important
update on the company's line of credit. The email instructs its recipient to click on the embedded URL to view the company's
account details. Upon selecting the link, he is led to an exact replica of the SBA site, where he enters his log-in credentials.
Those credentials go directly to the malicious user, who can now use them to gain access to the company's account.
Definition: A worm is a malicious software application that can replicate itself and move seamlessly through a company network
with no dependencies - unlike a virus, which requires user intervention. Worms consume significant amounts of network bandwidth as
they replicate and spread.
Definition: A zombie is a computer that has been infected by a malicious software application, called a "bot". Once the bot is
installed, the zombie computer can be controlled by a remote malicious user without the knowledge or permission of the computer's rightful owner