Glossary
Copyright
Selling or Installing copies of unlicensed commercial software or other copyright protected materials (Warez).
DoS, DDoS, Sabotage
By this kind of an attack a system is bombarded with so many packets that the operations are delayed or the system crashes. Examples of a remote DoS are SYS-a. PING-flooding or E-mail bombing (DDoS: TFN, Trinity, etc.) However, the availability also can be affected by local actions (destruction, disruption of power supply, etc.).
Exploiting of known vulnerabilities
An attempt to compromise a system or to disrupt any service by exploiting vulnerabilities with a standardised identifier such as CVE name (e.g. buffer overflow, backdoors, cross side scripting, etc.)
Harrassment
Discreditation or discrimination of somebody (i.e. Cyber stalking)
Login Attempts
Multiple login attempts (Guessing/ cracking of passwords, brute force)
Masquerade
Type of attacks in which one entity illegitimately assumes the identity of another in order to benefit from it.
New attack signature
An attempt using an unknown exploit.
Privileged Account Compromise, Unprivileged Account Compromise, Application Compromise
A successful compromise of a system or application (service). This can have been caused remote by a known or new vulnerability, but also by an unauthorized local access.
Scanning
Attacks that send requests to a system to discover weak points. This includes also some kind of testing processes to gather information about hosts, services and accounts. Examples: fingerd, DNS querying, ICMP, SMTP(EXPN, RCPT,…)
Sniffing
Observing and recording of network traffic (wiretapping)
Social Enginerring
Gathering information from a human being in a non-technical way (e.g. lies, tricks, bribes or threats )
Spam
Spam or “Unsolicited Bulk Email”, this means that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having an identical content.
Unauthorised access to information, unauthorised modification of information
Besides a local abuse of data and systems the information security can be endangered by a successful account or application compromise. Furthermore attacks are possible that the intercepts and access information during transmission (wiretapping, spoofing or hijacking).
Unauthorized use of resources
Using resources for unauthorised purposes including profit-making ventures (E.g. the use of email to participate in illegal profit chain letters or pyramid schemes).
Viruses, Worms, Trojan, Spyware, Dialer
Software that is intentionally included or inserted in a system for a harmful purpose. A user interaction is normally necessary to activate the code.
