Is your encryption scheme protecting the integrity of your data? Learn some of the more important network security terms here.
Hackers, data thieves, and other cyber-criminals make the evening news almost nightly. Enter stolen data in any search engine and you will find pages and pages of stories about compromised passwords, social security numbers falling into the wrong hands, or stolen laptops.
I have been asked with growing frequency, "How can I protect my network?" When I start explaining different methods of computer network security and I start to see a blank stare come over the person's face. Immediately I can tell that they have no idea what I am talking about.
In order to protect a computer network, you have to understand that all networks and all computers are at risk. Period. You then have to know the jargon of network security so when you are discussing strategies for you network, you aren't left out in the cold.
Access Control - Preventing the unauthorized use of a resource. Preventing a resource from being used in an unauthorized manner.
Asset - Everything and everybody forming part of system operation or development (i.e. hardware, software, documentation, staff and data). Assets can be tangible, such as computers or software, and they can be intangible, such as ideas.
Baseline - The minimum acceptable level of security necessary to protect a system or business.
Corporate Security Policy - The set of laws, rules and practices that regulate how assets including sensitive data are managed, protected and distributed within an organization.
Disclosure - The public distribution of information or data through print, speech, or other forms of communication.
Dumpster Diving - Dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for just access codes or passwords written down on sticky notes alone. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network.
Encryption - The process of disguising data so that its contents cannot be understood by an unauthorized viewer.
Integrity - Of Data: Data that has not been altered or destroyed in an unauthorized manner.
Of Systems: The requirement that all system assets are operating according to specification and in the way that the current user believes them to be operating.
Risk Analysis - The identification and assessment of risk against assets.
Social Engineering - A non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what used to be called a "con game".
Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them.
