Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Accounts
Network, Phone & TV
Software
Email, Calendar, Mobile
Secure Your Computer
Security Term Definitions
Clusters & Printing
Web Services
Media Technology Services
Technical Support & Services
Campus Partners
Information Security Office (ISO)

Security Term Definitions

This document offers indepth definitions of some basic security terms.

Computer Breakins: Breakins are attacks that specifically target your computer. They can occur through a file you download and run, or via some security hole exposed through a network connection. Breakins are NOT always detectable through up to date antivirus software, and typically, there is no automated clean up method. Most often it is recommended or even required that the computer be reformatted and reinstalled since determining the extent of the breakin is usually very difficult. Today, many malicious programs are hybrids with characteristics of both viruses and worms. The program may initially infect a computer by being executed from an email attachment, but will then execute code which attempts to infect other systems via file sharing, or by exploiting vulnerabilities on other networked computers. Once it is running, the virus can infect other programs, documents or computers.

Computer Virus: Similar to a biological virus, a computer virus piggybacks on top of other programs or documents in order to become executed, infecting the machine. Viruses can be carried along via e-mail or other files that you have downloaded or transferred. Up to date anti-virus software or special removal tools are used to detect and clean viruses.

Computer Worm: Unlike viruses, worms spread by sending copies of themselves across the network, exploiting vulnerabilities in programs on other computers. Up to date anti-virus software or special removal tools are used to detect and clean worms.

Email Spoofing: Many email viruses use a technique known as "spoofing" by which the worm randomly selects an address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to another individual.

For example, Linda Anderson is using a computer infected with W32.Sobig.F@mm. Linda is neither using an antivirus program nor has the current virus definitions. When W32.Sobig.F@mm performs its email routine, it finds the email address of Harold Logan. The worm inserts Harold's email address into the "From" portion of an infected message, which it then sends to Janet Bishop. Then, Janet contacts Harold and complains that he sent her an infected message; however, when Harold scans his computer, his antivirus program does not find anything, because his computer is not infected.

Exception: An exception is a hole you open in the firewall for use by a specific application or service. This hole or set of ports allows that application or service to answer incoming connect requests from the network based on the scope of the exception. The scope defines where the allowed callers are located. Possible scope values are: any computer, subnet, and custom. The any computer scope allows any computer on the Internet to connect to that application/service. The subnet scope allows any computer in your building (roughly speaking) to connect. The custom scope allows you to define multiple subnets (buildings) that are allowed to connect. Unless your computer is a server, it should have very few if any exceptions.

File System Realtime Protection: File System Realtime Protection allows the program to automatically check all files as they are downloaded and used. This feature is turned on by default when you load the Symantec anti-virus software. However, some people disable this feature in an effort to speed up their connection. This is HIGHLY discouraged.

Firewall: A firewall is a system designed to reinforce the security of the data flowing between two networks. All messages entering or leaving pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Firewalls can also make your computer "invisible" to the outside world so that it doesn't become an easy target for an attacker.

Microsoft Updates: Microsoft updates come in three types: High Priority; Software, Optional; and Hardware, Optional. High Priority updates are absolutely critical and often fix security vulnerabilities that would allow malicious people to take control of your computer or crash it remotely. High Priority updates should be installed as soon as possible. Software, Optional updates add new features and capabilities to your existing applications. As the name suggests this update is optional. Hardware, Optional updates upgrade your device drivers to fix bugs or improve performance.

Peer to Peer File Sharing: This is the practice of downloading files from another “peer” workstation. This practice can be used for legal or illegal purposes. For additional information, refer to Peer to Peer and P2P File Sharing.

Ports: In a TCP/IP-based network such as the Internet, the port is a number assigned to an application running in the computer; some Common Ports are listed below:

20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH (Secure Shell)
23 Telnet
25 SMTP (Send Mail Transfer Protocol)
43 whois
53 DNS (Domain Name Service)
68 DHCP (Dynamic Host Control Protocol)
79 Finger
80 HTTP (HyperText Transfer Protocol)
110 POP3 (Post Office Protocol, version 3)
115 SFTP (Secure File Transfer Protocol)
119 NNTP (Network New Transfer Protocol)
123 NTP (Network Time Protocol)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
389 LDAP (Lightweight Directory Access Protocol)
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
666 Doom
993 SIMAP (Secure Internet Message Access Protocol)
995 SPOP (Secure Post Office Protocol)
1243 SubSeven (Trojan - security risk!)
1352 Lotus Notes
1433 Microsoft SQL Server
1494 Citrix ICA Protocol
1521 Oracle SQL
1604 Citrix ICA / Microsoft Terminal Server
2049 NFS (Network File System)
3306 mySQL
4000 ICQ
5010 Yahoo! Messenger
5190 AOL Instant Messenger
5632 PCAnywhere
5800 VNC
5900 VNC
6000 X Windowing System
6699 Napster
6776 SubSeven (Trojan - security risk!)
7070 RealServer / QuickTime
7778 Unreal
8080 HTTP
26000 Quake
27010 Half-Life
27960 Quake III
31337 BackOrifice (Trojan - security risk!)

Last Updated: 12/8/09