The Security Guide Security Guide RSS Feed


Internet and Data Security Knowledgebase

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 


PCI Payment Card Industry - data security standard.
PGP E-mail is the most widely used online communication medium. Yet it is based on insecure protocols, with no authentication and no security.
Anyone can send an e-mail with a fake header, pretending to be anyone else, and once sent, anyone listening in can see the full text of the message, where it came from and where it's going.
PGP, which stands for Pretty Good Privacy, is an e-mail mechanism that was invented to solve both the authentication and the encryption part.
The way authentication and encryption works in with PGP is called Public Key Cryptography. Each person who wants to authenticate or encrypt messages needs to first create what's called a private and a public key.
The private key is what they need to keep secret, and the public key is what they publish online, and what other people use both to encrypt messages for them, and verify their identity.
PGP, and the open source alternative, GPG, is the most popular implementation, but there are other solutions such as S/MIME.
PPTP Point-to-Point Tunnelling Protocol: PPTP provides security for transmission of sensitive information over unprotected networks such as the Internet.
PSSU Post-Setup Security Updates (PSSU) is designed to protect the server from risk of infection between the time the server is first started and the application of the most recent security updates from Windows Update.
Packet The basic unit of data transmission on a network.
Padlock A symbol in a web browser that indicates that an encrypted (SSL) connection is being used to communicate with a site that has a valid certificate.
Pairing When two Bluetooth devices establish a permanent, secure, trusted relationship.
Password A password is a secret word or phrase that gives a user access to a particular program or system. Common password vulnerabilities are:
- Blank passwords.
- Passwords that are the same as the corresponding user account names.
- Passwords that are the same as the corresponding machines.
- Passwords that use the word ôpassword.ö
- Passwords that use the words ôadminö or ôadministrator.ö
Peer-to-peer A network in which each computer is capable of being both a server and a client; typically used to share music files over the internet.
Penetration testing When trusted hackers simulate an attack on a computer system in the hope of revealing vulnerabilities and finding opportunities for improving its security.
Perimeter layer Hardware or software firewalls, or both, and virtual private networks that use quarantine procedures.
Personal firewall A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy.
Most home users use a software firewall on their PC.
Pharming An exploit in which criminals disrupt the normal functioning of DNS software which translates internet domain names into addresses. The user enters a correct address but is redirected to a fake website.
Phishing Phishing is when you receive an email that looks like it's from your bank, Paypal, or another site you use, and asking you to login to confirm your information.
The way this works is the attacker sets up a web site which mimics the target site, say a fake bank site, and then sends this phishing email to thousands of people, until one bites.
Then when the person tries to login, his login information is gathered by the bad guys and used to steal information or money.
The most basic rule is to never click a link in an email, never download from an untrusted source, and always type in the address of your financial sites to access them.
Phone calls Do not trust people who call you up and pretend to be your bank. In the same way that you should type in your URLs yourself, you should be the one calling your bank, not trusting that the caller is who they say they are.
Physical access Physical access to a system can allow an attacker to execute utilities, install malicious programs, change configurations, remove components, and cause physical damage.
Port restrictions Traditionally, when a port opening is created, it is open to incoming traffic from any network location, such as a local network or the Internet.
With Windows Firewall, you can configure the port to receive only network traffic with a source address from the local subnet, from specific IP addresses or from specific subnets, or from both.
Port scanner Software which scans a given IP address looking for open ports.
Each network service on a given computer has its own port, like a telephone extension.
Port sniffer A hacker program designed to find open or unguarded ports.
Private key One of two keys in public key encryption. The user keeps the private key secret and uses it to encrypt digital signatures and to decrypt received messages. See also Public Key.
Proxy server In computer networks, a proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers.
A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server.
The proxy server provides the resource by connecting to the specified server and requesting the service on behalf of the client.
A proxy server that passes all requests and replies unmodified is usually called a gateway or sometimes tunneling proxy.
Public key One of two keys in public key encryption. The user releases this key to the public and anyone can use it to encrypt messages to be sent to the user and decrypt the user's digital signature. See also private key.
Public key encryption An asymmetric encryption scheme that uses a pair of keys for encryption: the public key encrypts data, and a corresponding secret key decrypts it.
For digital signatures, the process is reversed: the sender uses the secret key to create a unique electronic number that can be read by anyone possessing the corresponding public key.
Public key infrastructure Generally, the laws, policies, standards, and software that regulate or manipulate certificates and public and private keys.

© RuleWorks - All Rights Reserved - Policy -