LIS 505 - Security


Originally, expert computer enthusiasts generally; now commonly meaning those who attempt to gain unauthorized access to computer systems (more exactly called crackers).

white-hat hackers

Hackers who attempt to gain unauthorized access to computer systems, but warn the system owners of the holes in their security rather than taking advantage of them.

social engineering

Intrusion methods relying mostly on social interaction, such as tricking people into revealing information, rather than on technology.


Instructions deliberately hidden in software to cause something bad to happen later. More exactly called logic bombs. ComputerUser

DoS attacks

Short for denial-of-service attacks. Attempts to cause a network not to function by flooding it with useless traffic.


Undocumented ways of gaining access to programs, online services, or computer systems. Also called trapdoors.


User authentication techniques that rely on measurable physical characteristics that can be checked automatically.

disaster recovery plans

Descriptions of how organizations are to deal with potential disasters.

hot and cold sites

Types of commercial disaster recovery services. A hot site has all the equipment needed for an organization to continue its operations. A cold site provides space but not equipment.

surge protectors

Devices that protect power supplies and communications lines from power surges.


Short for uninterruptible power supplies. Power supplies that contain batteries to maintain power for a few minutes during power outages.


Copying files to a second medium as a precaution in case the first medium fails.

Trojan horses

Malicious programs that masquerade as useful applications.


Software, usually malicious, that replicates itself over computer networks.


Sets of instructions that are loaded into a computer and executed without the user's knowledge and against the user's wishes and can replicate themselves.

antivirus programs

Utilities that search a computer system for viruses and (often) remove them.


Hardware or software designed to prevent unauthorized access to or from a network.


Translation of data into a secret code.

symmetric encryption

Encryption using a key that is also used for decrypting the same message. Also known as private key encryption

public key encryption

Encryption that uses a pair of matching keys, one known to the public and the other known only to one individual. Also called asymmetric encryption. The public key is typically used for encryption and the private key for decryption; but the reverse scheme may be used to verify the identity of a sender.


Messages given to browsers by servers, which are to be returned by the browser each time the browser requests a page from the corresponding server.

Last updated October 29, 2002.
This page maintained by Prof. Tim Craven
E-mail (text/plain only):
Faculty of Information and Media Studies
University of Western Ontario,
London, Ontario
Canada, N6A 5B7