UNIT 11. SPAM.

Warming up

Ex.1. Discussion.What is spam?Do you know the ways spammers collect e-mail addresses?How many spam letters do you receive every day?Have you ever responded to a spam letter?

Mainstream Ex.2. Listening.What is the origin of the word ‘spam’?What types of unsolicited mail are described in the podcast? How do they differ from each other?What problems does spam create for businesses?

Find the English equivalents to the Russian words and phrases:

принятый повсеместно адреса, найденные в интернете неновый, неоригинальный предшествовать список рассылки вездесущий, повсеместный широко распространенный, преобладающий автоматически нажать на ссылки обходить антивирусные программы список друзей (контактов) приноровиться бессмысленный и абсолютно бесполезный вероятность мошенничества обращаться к проблеме (решать проблему)

Write definitions for the four types of unsolicited messages described in the podcast.

Ex.3. fill the gapsappear build called decode designed devised gather

generate harvest led modified outlaw pass prevent recover reported unsolicited write

spambotA spambot is a program 1) ____________to collect, or 2) _____________, e-mail addresses from the Internet in order to 3) ____________ mailing lists for sending 4) __________e-mail, also known as spam. A spambot can 5) ____________ e-mail addresses from Web sites, newsgroups, special-interest group (SIG) postings, and chat-room conversations. Because e-mail addresses have a distinctive format, spambots are easy to 6) ____________.A number of legislators in the U.S. are 7) ____________ to be devising laws that would 8) __________ the spambot. A number of programs and approaches have been 9) ____________ to foil spambots. One such technique is known as munging, in which an e-mail address is deliberately 10) ____________ so that a human reader can 11) ___________ it but a spambot cannot. This has 12) ___________ to the

1

evolution of sophisticated spambots that can 13) ____________ e-mail addresses from character strings that 14) ___________ to be munged. The term spambot is sometimes used in reference to a program 1) ___________ to 15) ___________ spam from reaching the subscribers of an Internet service provider (ISP). Such programs are more often 16) ___________ e-mail blockers or filters. Occasionally, such a blocker may inadvertently 15) ________ a legitimate e-mail message from reaching a subscriber. This can be prevented by allowing each subscriber to 17) ___________a whitelist, or a list of specific e-mail addresses the blocker should let 18) ___________.

Ex.4fill the gaps

antennaauthorizedbroadcastconfiguring

defaultequippedextendsinsecure

legitimatelyperpetratorsrequiredsource

unprotectedvariationvolumesvulnerable

drive-by spamming

Drive-by spamming is a(n) _______________of drive-by hacking in which the ______________ gain access to a vulnerable wireless local area network (WLAN) and use that access to send huge _______________of spam. Using the drive-by method allows spammers to save themselves the considerable bandwidth costs _______________to send that many messages _______________, and makes it very difficult for anyone to trace the spam back to its ________________. A drive-by spamming incident starts with war driving: driving around seeking ____________ networks, using a computer with a wireless Ethernet card and some kind of a(n) _____________. A wireless LAN's range often _______________beyond the building housing it, and the network may _____________ identifying information that makes access simple. Once the attacker finds a(n) ________________ e-mail (SMTP) port, the attacker can send e-mail as easily as someone inside the building. To the mail server, the messages appear to have come from a(n) ______________ network user. According to a report in Geek News, 60-80% of wireless LANS are _______________ to a drive-by attack, mostly because administrators fail to change the ______________ settings for network access points (devices that serve as base stations in a wireless network) when _______________ the network.

Ex.5fill the gaps with phrases(a) a munged e-mail address, and can easily and unmistakably deduce the true e-mail address(b) a response to a particular correspondence is desired(c) the presence of the @ symbol(d) an e-mail address in order to send a confirmation(e) in this respect(f) information so it is no longer accurate(g) legitimate addresses belonging to third parties(h) spambots to scour the Internet for e-mail addresses(i) Web-based programs that build e-mail lists for spamming purposes(j) Web sites, e-mail correspondence, chat rooms, and postings to newsgroups and special interest groups (SIGs)

munging

Munging (pronounced (MUHN-jing or MUHN-ging) is the deliberate alteration of an e-mail address online with the intent of making the address unusable for 1) _______. People who transmit unsolicited e-

2

mail advertisements, called spam, often use programs called 2) _______. Such addresses are easily recognized because of their unique format, and because of 3) _______. When munging is done, it should be in such a way that a person reading the document (as opposed to a program scanning it) can easily tell that it is 4) _______. Here are four examples of the munging of stangib@reno.com: stangib at reno dot coms-t-a-n-g-i-b-at-r-e-n-o-d-o-t-c-o-mstangibNOSPAM@reno.comMy username is stangib, and the domain name is reno dot com. Munged e-mail addresses can be useful in 5) _______. However, some experts advise against the practice because it may violate the Terms of Service (TOS) of the subscriber's Internet service provider (ISP). Munging should not be used if 6) _______. For example, when making an online purchase, the seller typically asks for 7) _______. If the address is munged, the confirmation will not reach the purchaser. It is important that munged e-mail addresses not be mistaken for 8) _______. If an innocent person, corporation, or institution is harmed as a result of a munged e-mail address, civil or criminal action could result. Fake usernames or domain names are particularly dangerous 9) _______. The term munging probably derives from the acronym mung (pronounced just as it looks), which stands for "mash until no good." It may also derive from the hackers' slang term munge (pronounced MUHNJ), which means "to alter 10) _______."

Ex.6Decide what word is missing. The first letter is provided for help as well as the number of letters in the word. (There may be plural or verb forms)

self-sending spam

Self-sending spam is u - - - - - - - - - - e-mail that looks like you sent it to yourself: your name a - - - - - - on the "from" line as well as the "to" line. For example, Benjamin Googol might r - - - - - - a message addressed to "bengoogol@yourisp.net" that p - - - - - - - to be from "bengoogol@superfantasticdeals.com." In some cases (especially if you use one of the most common e-mail s - - - - - - -, such as Hotmail or Yahoo) a message may appear to be sent from your exact e-mail address. Self-sending spam is one version of e-mail s - - - - - - - (disguising a message's "from" address so that it appears to be from someone other than the actual sender). The sender manually constructs a message header with their chosen information in it. E-mail s - - - - - - - is often sometimes used l - - - - - - - - - - -, for example, by someone s - - - - - - - their own address to manage their e-mail. However, s - - - - - - - anyone other than yourself is illegal. Senders r - - - upon two factors - curiosity and a positive emotional response - that make the r - - - - - - - - more likely to open or even respond to a message that seems to be from someone with their name. A recent study at McMaster University found that people respond more positively to e-mail messages sent (at least apparently) from people with names similar or i - - - - - - - - to their own. Researchers, who sent out thousands of r - - - - - - - for simple information, found that the response rate was over 10 per cent higher for messages sent using the exact name of the r - - - - - - - - as the sender. Even if only one name matched that of the r - - - - - - - -, the response rate was higher than for messages from someone with a different first and last name. However, as people receive more of these messages and the n - - - - - - wears off, it is unlikely that self-sending spam will continue to e - - - - - any positive response.

3

Ex.7fill in the prepositions

splog

A splog (spam blog) is a fake blog created solely to promote affiliated Web sites, … the intent of skewing search results and artificially boosting traffic. Some splogs are written like long-winded ads … the Web sites they promote; others have no original content, featuring either nonsense or content stolen … authentic Web sites. Splogs include huge numbers of links … the Web sites … question to fool Web crawlers (programs that search the Web … sites to index). The sploggers associate popular search keywords … their pages so that the splog links turn up … blog search results and are sent out as search subscription notifications through e-mail and RSS feeds. Splogs have existed almost as long as blogs have, as enterprising spammers quickly realized the new medium's potential … exploitation. However, the attacks have become more common as attackers' methods have become more sophisticated. Automated attacks have caused what many in the industry referred … as a "turning point" for splog. … late October of 2005, a splogger used Google's blog-creation tool, Blogger, … conjunction … the BlogSpot hosting service to create what Tim Bray, of Sun Microsystems, called a "splogsplosion": hundreds, or even thousands of splogs turning up … search results and clogging RSS readers and e-mail inboxes. Here's how this attack was conducted: The splogger ran a search … blog search engines … popular keywords. Among those selected were the names of two prominent bloggers, Chris Pirillo and Dave Winer. Next, using a bot to automate the process, the splogger created tens of thousands of splogs, listing the selected keywords and publishing text taken directly … Pirillo's and Winer's own sites, along … the commercial links. People searching … the legitimate bloggers' sites and people … search subscriptions for RSS feeds found their results filled … splog links. … response to the attack and the media outcry … its wake, Google published a list of some 13,000 splog sub-domains. The company also implemented a type of Turing Test known as a CAPTCHA, forcing any entity creating a blog to prove satisfactorily that it is, … fact, a human and not a computer program.

Ex.8fill in the articles

SMS spam

SMS spam (sometimes called cell phone spam) is any junk message delivered to … mobile phone as … text messaging through … Short Message Service (SMS). … practice is fairly new to … North America, but has been common in … Japan for … years. In 2001-2002, … systems at … DoCoMo, … country's major service provider, were overcome by … volume of SMS spam, causing … users' screens to freeze and spreading programs that caused … phones to dial … emergency numbers. According to some experts, … other parts of … world should brace themselves for … similar deluge. … others, however, point to … several reasons why SMS spam is not likely to become as prevalent in … North America and … Europe as it is in … Japan. For … one thing, … text messaging itself is much more popular in … Japan. … Forrester Research reported that 80% of … Japanese mobile users use … text messaging, in … contrast to just 17% in … United States. Furthermore, it costs … sender about $0.08-0.12 to send … each text message -- not prohibitive for … most users, but too costly to make … mass mailings of … spammer profitable.

4

UNIT 12. PEOPLE IN SECURITY

warming up

Ex.1 DiscussionWhat terms to call people involved in computing do you know? Which of them can be related to the security aspect of IT?

Mainstream

Ex.2. Reading and discussing.Which of people described below act legally and which illegally?Find correlations with:hackers – crackersblack hat – white hat – grey hatArrange the terms denoting people in security in a scheme to show correlations among them.

hackerHacker is a term used by some to mean "a clever programmer" and by others, especially journalists or their editors, to mean "someone who tries to break into computer systems." 1) Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever programmer. A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing it. Raymond lists five possible characteristics that qualify one as a hacker, which we paraphrase here: A person who enjoys learning details of a programming language or system A person who enjoys actually doing the programming rather than just theorizing about it A person capable of appreciating someone else's hacking A person who picks up programming quickly A person who is an expert at a particular programming language or system, as in "Unix hacker" Raymond deprecates the use of this term for someone who attempts to crack someone else's system or otherwise uses programming or expert knowledge to act maliciously. He prefers the term cracker for this meaning. 2) Journalists or their editors almost universally use hacker to mean someone who attempts to break into computer systems. Typically, this kind of hacker would be a proficient programmer or engineer with sufficient technical knowledge to understand the weak points in a security system.

crackerA cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system. The term "cracker" is not to be confused with "hacker". Hackers generally deplore cracking. However, as Eric Raymond, compiler of The New Hacker's Dictionary notes, some journalists ascribe break-ins to "hackers." A classic story of the tracking down of a cracker on the Internet who was breaking into U.S. military and other computers is told in Clifford Stoll's The Cuckoo's Egg.

black hat

5

Black hat is used to describe a hacker (or, if you prefer, cracker) who breaks into a computer system or network with malicious intent. Unlike a white hat hacker, the black hat hacker takes advantage of the break-in, perhaps destroying files or stealing data for some future purpose. The black hat hacker may also make the exploit known to other hackers and/or the public without notifying the victim. This gives others the opportunity to exploit the vulnerability before the organization is able to secure it.The term comes from old Western movies, where heros often wore white hats and the "bad guys" wore black hats.

white hatWhite hat describes a hacker (or, if you prefer, cracker) who identifies a security weakness in a computer system or network but, instead of taking malicious advantage of it, exposes the weakness in a way that will allow the system's owners to fix the breach before it is can be taken advantage by others (such as black hat hackers.) Methods of telling the owners about it range from a simple phone call through sending an e-mail note to a Webmaster or administrator all the way to leaving an electronic "calling card" in the system that makes it obvious that security has been breached. While white hat hacking is a hobby for some, others provide their services for a fee. Thus, a white hat hacker may work as a consultant or be a permanent employee on a company's payroll. A good many white hat hackers are former black hat hackers. The term comes from old Western movies, where heros often wore white hats and the "bad guys" wore black hats.

gray hatGray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners. Unlike a black hat, a gray hat acts without malicious intent. The goal of a gray hat is to improve system and network security. However, by publicizing a vulnerability, the gray hat may give other crackers the opportunity to exploit it. This differs from the white hat who alerts system owners and vendors of a vulnerability without actually exploiting it in public.

ethical hackerAn ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testing, intrusion testing, and red teaming. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat. One of the first examples of ethical hackers at work was in the 1970s, when the United States government used groups of experts called red teams to hack its own computer systems. According to Ed Skoudis, Vice President of Security Strategy for Predictive Systems' Global Integrity consulting practice, ethical hacking has continued to grow in an otherwise lackluster IT industry, and is becoming increasingly common outside the government and technology sectors where it began. Many large companies, such as IBM, maintain employee teams of ethical hackers. In a similar but distinct category, a hacktivist is more of a vigilante: detecting, sometimes reporting (and sometimes exploiting) security vulnerabilities as a form of social activism.

hacktivismHacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. The individual who performs an act of hacktivism is said to be a hacktivist. A hacktivist uses the same tools and techniques as a hacker, but does so in order to disrupt services and bring attention to a political or social cause. For example, one might leave a highly visible message on the home page of a Web site that gets a lot of traffic or which embodies a point-of-view that is being opposed. Or one might launch a denial-of-service attack to disrupt traffic to a particular site.

6

A recent demonstration of hacktivism followed the death of a Chinese airman when his jet fighter collided with a U.S. surveillance plane in April 2001. Chinese and American hacktivists from both countries hacked Web sites and used them as "blackboards" for their statements. Whether hacktivism is a crime may be debated. Opponents argue that hacktivism causes damage in a forum where there is already ample opportunity for nondisruptive free speech. Others insist that such an act is the equivalent of a protest and is therefore protected as a form of free speech.

insider threatAn insider threat is a malicious hacker (also called a cracker or a black hat) who is an employee or officer of a business, institution, or agency. The term can also apply to an outside person who poses as an employee or officer by obtaining false credentials. The cracker obtains access to the computer systems or networks of the enterprise, and then conducts activities intended to cause harm to the enterprise. Insider threats are often disgruntled employees or ex-employees who believe that the business, institution, or agency has "done them wrong" and feel justified in gaining revenge. The malicious activity usually occurs in four steps or phases. First, the cracker gains entry to the system or network. Secondly, the cracker investigates the nature of the system or network in order to learn where the vulnerable points are and where the most damage can be caused with the least effort. Thirdly, the cracker sets up a workstation from which the nefarious activity can be conducted. Finally, the actual destructive activity takes place. The damage caused by an insider threat can take many forms, including the introduction of viruses, worms, or Trojan horses; the theft of information or corporate secrets; the theft of money; the corruption or deletion of data; the altering of data to produce inconvenience or false criminal evidence; and the theft of the identities of specific individuals in the enterprise. Protection against the insider threat involves measures similar to those recommended for Internet users, such as the use of multiple spyware scanning programs, anti-virus programs, firewalls, and a rigorous data backup and archiving routine.

script kiddyScript kiddy (sometimes spelled kiddie) is a derogative term, originated by the more sophisticated crackers of computer security systems, for the more immature, but unfortunately often just as dangerous exploiter of security lapses on the Internet. The typical script kiddy uses existing and frequently well-known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet - often randomly and with little regard or perhaps even understanding of the potentially harmful consequences. Hackers view script kiddies with alarm and contempt since they do nothing to advance the "art" of hacking but sometimes unleashing the wrath of authority on the entire hacker community. While a hacker will take pride in the quality of an attack - leaving no trace of an intrusion, for example - a script kiddy may aim at quantity, seeing the number of attacks that can be mounted as a way to obtain attention and notoriety. Script kiddies are sometimes portrayed in media as bored, lonely teenagers seeking recognition from their peers.

packet monkeyOn the Internet, a packet monkey is someone (see cracker, hacker, and script kiddy) who intentionally inundates a Web site or network with data packets, resulting in a denial-of-service situation for users of the attacked site or network. Packet monkeys typically use tools created and made available on the Internet by hackers. According to one writer's distinction, a packet monkey, unlike a script kiddy, leaves no clues as to who is making the exploit, making the identity of a packet monkey more difficult to trace. In addition, a denial-of-service attack can be launched on a wider scale than attacks performed by script kiddies, making them more difficult to investigate. Hackers look down on packet monkeys and often describe them as "bottom feeders." Because a packet monkey uses tools created by others, the packet monkey has little understanding of the harm that may be

7

caused. Typically, packet monkey exploits are random and without any purpose other than the thrill of making an effect.

8

UNIT 13. SECURITY

Warming up

What are the ways to protect computers and systems?

Mainstream

Read the texts and make summaries

1. Advanced Encryption Standard The Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies and, as a likely consequence, may eventually become the de facto encryption standard for commercial transactions in the private sector. (Encryption for the US military and other classified communications is handled by separate, secret algorithms.)In January of 1997, a process was initiated by the National Institute of Standards and Technology (NIST), a unit of the U.S. Commerce Department, to find a more robust replacement for the Data Encryption Standard (DES) and to a lesser degree Triple DES. The specification called for a symmetric algorithm (same key for encryption and decryption) using block encryption (see block cipher) of 128 bits in size, supporting key sizes of 128, 192 and 256 bits, as a minimum. The algorithm was required to be royalty-free for use worldwide and offer security of a sufficient level to protect data for the next 20 to 30 years. It was to be easy to implement in hardware and software, as well as in restricted environments (for example, in a smart card) and offer good defenses against various attack techniques. The entire selection process was fully open to public scrutiny and comment, it being decided that full visibility would ensure the best possible analysis of the designs. In 1998, the NIST selected 15 candidates for the AES, which were then subject to preliminary analysis by the world cryptographic community, including the National Security Agency. On the basis of this, in August 1999, NIST selected five algorithms for more extensive analysis. These were: MARS, submitted by a large team from IBM Research RC6, submitted by RSA Security Rijndael, submitted by two Belgian cryptographers, Joan Daemen and Vincent Rijmen Serpent, submitted by Ross Andersen, Eli Biham and Lars Knudsen Twofish, submitted by a large team of researchers including Counterpane's respected cryptographer, Bruce Schneier Implementations of all of the above were tested extensively in ANSI C and Java languages for speed and reliability in such measures as encryption and decryption speeds, key and algorithm set-up time and resistance to various attacks, both in hardware- and software-centric systems. Once again, detailed analysis was provided by the global cryptographic community (including some teams trying to break their own submissions). The end result was that on October 2, 2000, NIST announced that Rijndael had been selected as the proposed standard. On December 6, 2001, the Secretary of Commerce officially approved Federal Information Processing Standard (FIPS) 197, which specifies that all sensitive, unclassified documents will use Rijndael as the Advanced Encryption Standard.

plaintext In cryptography, plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted.

ciphertext Ciphertext is encrypted text. Plaintext is what you have before encryption, and ciphertext is the encrypted result. The term cipher is sometimes used as a synonym for ciphertext, but it more properly means the method of encryption rather than the result.

cipher A cipher (pronounced SAI-fuhr) is any method of encrypting text (concealing its readability and meaning). It is also sometimes used to refer to the encrypted text message itself although here the term ciphertext is preferred. Its origin is the Arabic sifr, meaning empty or zero. In addition to the cryptographic meaning, cipher also means (1) someone insignificant, and (2) a combination of symbolic letters as in an entwined weaving of letters for a monogram. Some ciphers work by simply realigning the alphabet (for example, A is represented by F, B is represented by G, and so forth) or otherwise manipulating the text in some consistent pattern. However, almost all serious ciphers use both a key (a variable that is combined in some way with the unencrypted text) and an algorithm (a formula for combining the key with the text). A block cipher is one that breaks a message up into chunks and combines a key with each chunk (for example, 64-bits of text). A stream cipher is one that applies a key to each bit, one at a time. Most modern ciphers are block ciphers.

9

2. Cryptography Cryptography is the science of information security. The word is derived from the Greek kryptos, meaning hidden. Cryptography is closely related to the disciplines of cryptology and cryptanalysis. Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit. However, in today's computer-centric world, cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption). Individuals who practice this field are known as cryptographers. Modern cryptography concerns itself with the following four objectives: 1) Confidentiality (the information cannot be understood by anyone for whom it was unintended) 2) Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected) 3) Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information) 4) Authentication (the sender and receiver can confirm each other?s identity and the origin/destination of the information) Procedures and protocols that meet some or all of the above criteria are known as cryptosystems. Cryptosystems are often thought to refer only to mathematical procedures and computer programs; however, they also include the regulation of human behavior, such as choosing hard-to-guess passwords, logging off unused systems, and not discussing sensitive procedures with outsiders. The origin of cryptography is usually dated from about 2000 BC, with the Egyptian practice of hieroglyphics. These consisted of complex pictograms, the full meaning of which was only known to an elite few. The first known use of a modern cipher was by Julius Caesar (100 BC to 44 BC), who did not trust his messengers when communicating with his governors and officers. For this reason, he created a system in which each character in his messages was replaced by a character three positions ahead of it in the Roman alphabet. In recent times, cryptography has turned into a battleground of some of the world's best mathematicians and computer scientists. The ability to securely store and transfer sensitive information has proved a critical factor in success in war and business. Because governments do not wish certain entities in and out of their countries to have access to ways to receive and send hidden information that may be a threat to national interests, cryptography has been subject to various restrictions in many countries, ranging from limitations of the usage and export of software to the public dissemination of mathematical concepts that could be used to develop cryptosystems. However, the Internet has allowed the spread of powerful programs and, more importantly, the underlying techniques of cryptography, so that today many of the most advanced cryptosystems and ideas are now in the public domain.

bastion host On the Internet, a bastion host is the only host computer that a company allows to be addressed directly from the public network and that is designed to screen the rest of its network from security exposure.

block cipher A block cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to a block of data (for example, 64 contiguous bits) at once as a group rather than to one bit at a time. The main alternative method, used much less frequently, is called the stream cipher. So that identical blocks of text do not get encrypted the same way in a message (which might make it easier to decipher the ciphertext), it is common to apply the ciphertext from the previous encrypted block to the next block in a sequence. So that identical messages encrypted on the same day do not produce identical ciphertext, an initialization vector derived from a random number generator is combined with the text in the first block and the key. This ensures that all subsequent blocks result in ciphertext that doesn't match that of the first encrypting.

10

3. cryptology Cryptology is the mathematics, such as number theory, and the application of formulas and algorithms, that underpin cryptography and cryptanalysis. Since the cryptanalysis concepts are highly specialized and complex, we concentrate here only on some of the key mathematical concepts behind cryptography. In order for data to be secured for storage or transmission, it must be transformed in such a manner that it would be difficult for an unauthorized individual to be able to discover its true meaning. To do this, certain mathematical equations are used, which are very difficult to solve unless certain strict criteria are met. The level of difficulty of solving a given equation is known as its intractability. These types of equations form the basis of cryptography. Some of the most important are: The Discrete Logarithm Problem: The best way to describe this problem is first to show how its inverse concept works. The following applies to Galois fields (groups). Assume we have a prime number P (a number that is not divisible except by 1 and itself, P). This P is a large prime number of over 300 digits. Let us now assume we have two other integers, a and b. Now say we want to find the value of N, so that value is found by the following formula: N = ab mod P, where 0 <= N <= (P · 1) This is known as discrete exponentiation and is quite simple to compute. However, the opposite is true when we invert it. If we are given P, a, and N and are required to find b so that the equation is valid, then we face a tremendous level of difficulty. This problem forms the basis for a number of public key infrastructure algorithms, such as Diffie-Hellman and EIGamal. This problem has been studied for many years and cryptography based on it has withstood many forms of attacks. The Integer Factorization Problem: This is simple in concept. Say that one takes two prime numbers, P2 and P1, which are both "large" (a relative term, the definition of which continues to move forward as computing power increases). We then multiply these two primes to produce the product, N. The difficulty arises when, being given N, we try and find the original P1 and P2. The Rivest-Shamir-Adleman public key infrastructure encryption protocol is one of many based on this problem. To simplify matters to a great degree, the N product is the public key and the P1 and P2 numbers are, together, the private key. This problem is one of the most fundamental of all mathematical concepts. It has been studied intensely for the past 20 years and the consensus seems to be that there is some unproven or undiscovered law of mathematics that forbids any shortcuts. That said, the mere fact that it is being studied intensely leads many others to worry that, somehow, a breakthrough may be discovered. The Elliptic Curve Discrete Logarithm Problem: This is a new cryptographic protocol based upon a reasonably well-known mathematical problem. The properties of elliptic curves have been well known for centuries, but it is only recently that their application to the field of cryptography has been undertaken. First, imagine a huge piece of paper on which is printed a series of vertical and horizontal lines. Each line represents an integer with the vertical lines forming x class components and horizontal lines forming the y class components. The intersection of a horizontal and vertical line gives a set of coordinates (x,y). In the highly simplified example below, we have an elliptic curve that is defined by the equation: y2 + y = x3 · x2 (this is way too small for use in a real life application, but it will illustrate the general idea) For the above, given a definable operator, we can determine any third point on the curve given any two other points. This definable operator forms a "group" of finite length. To add two points on an elliptic curve, we first need to understand that any straight line that passes through this curve intersects it at precisely three points. Now, say we define two of these points as u and v: we can then draw a straight line through two of these points to find another intersecting point, at w. We can then draw a vertical line through w to find the final intersecting point at x. Now, we can see that u + v = x. This rule works, when we define another imaginary point, the Origin, or O, which exists at (theoretically) extreme points on the curve. As strange as this problem may seem, it does permit for an effective encryption system, but it does have its detractors. On the positive side, the problem appears to be quite intractable, requiring a shorter key length (thus allowing for quicker processing time) for equivalent security levels as compared to the Integer Factorization Problem and the Discrete Logarithm Problem. On the negative side, critics contend that this problem, since it has only recently begun to be implemented in cryptography, has not had the intense scrutiny of many years that is required to give it a sufficient level of trust as being secure. This leads us to more general problem of cryptology than of the intractability of the various mathematical concepts, which is that the more time, effort, and resources that can be devoted to studying a problem, then the greater the possibility that a solution, or at least a weakness, will be found.

11

4. cryptanalysis Cryptanalysis refers to the study of ciphers, ciphertext, or cryptosystems (that is, to secret code systems) with a view to finding weaknesses in them that will permit retrieval of the plaintext from the ciphertext, without necessarily knowing the key or the algorithm. This is known as breaking the cipher, ciphertext, or cryptosystem. Breaking is sometimes used interchangeably with weakening. This refers to finding a property (fault) in the design or implementation of the cipher that reduces the number of keys required in a brute force attack (that is, simply trying every possible key until the correct one is found). For example, assume that a symmetric cipher implementation uses a key length of 2^128 bits (2 to the power of 128): this means that a brute force attack would need to try up to all 2^128 possible combinations (rounds) to be certain of finding the correct key (or, on average, 2^127 possible combinations) to convert the ciphertext into plaintext, which is not possible given present and near future computing abilities. However, a cryptanalysis of the cipher reveals a technique that would allow the plaintext to be found in 2^40 rounds. While not completely broken, the cipher is now much weaker and the plaintext can be found with moderate computing resources. There are numerous techniques for performing cryptanalysis, depending on what access the cryptanalyst has to the plaintext, ciphertext, or other aspects of the cryptosystem. Below are some of the most common types of attacks: 1) Known-plaintext analysis: With this procedure, the cryptanalyst has knowledge of a portion of the plaintext from the ciphertext. Using this information, the cryptanalyst attempts to deduce the key used to produce the ciphertext. 2) Chosen-plaintext analysis (also known as differential cryptanalysis): The cryptanalyst is able to have any plaintext encrypted with a key and obtain the resulting ciphertext, but the key itself cannot be analyzed. The cryptanalyst attempts to deduce the key by comparing the entire ciphertext with the original plaintext. The Rivest-Shamir-Adleman encryption technique has been shown to be somewhat vulnerable to this type of analysis. 3) Ciphertext-only analysis: The cryptanalyst has no knowledge of the plaintext and must work only from the ciphertext. This requires accurate guesswork as to how a message could be worded. It helps to have some knowledge of the literary style of the ciphertext writer and/or the general subject matter. 4) Man-in-the-middle attack: This differs from the above in that it involves tricking individuals into surrendering their keys. The cryptanalyst/attacker places him or herself in the communication channel between two parties who wish to exchange their keys for secure communication (via asymmetric or public key infrastructure cryptography). The cryptanalyst/attacker then performs a key exchange with each party, with the original parties believing they are exchanging keys with each other. The two parties then end up using keys that are known to the cryptanalyst/attacker. This type of attack can be defeated by the use of a hash function. 5) Timing/differential power analysis: This is a new technique made public in June 1998, particularly useful against the smart card, that measures differences in electrical consumption over a period of time when a microchip performs a function to secure information. This technique can be used to gain information about key computations used in the encryption algorithm and other functions pertaining to security. The technique can be rendered less effective by introducing random noise into the computations, or altering the sequence of the executables to make it harder to monitor the power fluctuations. This type of analysis was first developed by Paul Kocher of Cryptography Research, though Bull Systems claims it knew about this type of attack over four years before. In addition to the above, other techniques are available, such as convincing individuals to reveal passwords/keys, developing Trojan horse programs that steal a victim's secret key from their computer and send it back to the cryptanalyst, or tricking a victim into using a weakened cryptosystem. All of these are valid techniques in cryptanalysis, even though they may be considered unorthodox. Successful cryptanalysis is a combination of mathematics, inquisitiveness, intuition, persistence, powerful computing resources - and more often than many would like to admit - luck. However, successful cryptanalysis has made the enormous resources often devoted to it more than worthwhile: the breaking of the German Enigma code during WWII, for example, was one of the key factors in an early Allied victory. Today, cryptanalysis is practiced by a broad range of organizations: governments try to break other governments' diplomatic and military transmissions; companies developing security products send them to cryptanalysts to test their security features and to a hacker or cracker to try to break the security of Web sites by finding weaknesses in the securing protocols. It is this constant battle between cryptographers trying to secure information and cryptanalysts trying to break cryptosystems that moves the entire body of cryptology knowledge forward.

12

5. encryption Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. The use of encryption/decryption is as old as the art of communication. In wartime, a cipher, often incorrectly called a "code," can be employed to keep the enemy from obtaining the contents of transmissions. (Technically, a code is a means of representing a signal without the intent of keeping it secret; examples are Morse code and ASCII.) Simple ciphers include the substitution of letters for numbers, the rotation of letters in the alphabet, and the "scrambling" of voice signals by inverting the sideband frequencies. More complex ciphers work according to sophisticated computer algorithms that rearrange the data bits in digital signals.In order to easily recover the contents of an encrypted signal, the correct decryption key is required. The key is an algorithm that "undoes" the work of the encryption algorithm. Alternatively, a computer can be used in an attempt to "break" the cipher. The more complex the encryption algorithm, the more difficult it becomes to eavesdrop on the communications without access to the key.Encryption/decryption is especially important in wireless communications. This is because wireless circuits are easier to "tap" than their hard-wired counterparts. Nevertheless, encryption/decryption is a good idea when carrying out any kind of sensitive transaction, such as a credit-card purchase online, or the discussion of a company secret between different departments in the organization. The stronger the cipher -- that is, the harder it is for unauthorized people to break it -- the better, in general. However, as the strength of encryption/decryption increases, so does the cost.In recent years, a controversy has arisen over so-called strong encryption. This refers to ciphers that are essentially unbreakable without the decryption keys. While most companies and their customers view it as a means of keeping secrets and minimizing fraud, some governments view strong encryption as a potential vehicle by which terrorists might evade authorities. These governments, including that of the United States, want to set up a key-escrow arrangement. This means everyone who uses a cipher would be required to provide the government with a copy of the key. Decryption keys would be stored in a supposedly secure place, used only by authorities, and used only if backed up by a court order. Opponents of this scheme argue that criminals could hack into the key-escrow database and illegally obtain, steal, or alter the keys. Supporters claim that while this is a possibility, implementing the key escrow scheme would be better than doing nothing to prevent criminals from freely using encryption/decryption.

antivirus software Antivirus (or "anti-virus") software is a class of program that searches your hard drive and floppy disks for any known or potential viruses. The market for this kind of program has expanded because of Internet growth and the increasing use of the Internet by businesses concerned about protecting their computer assets.

service pack A service pack is an orderable or downloadable update to a customer's software that fixes existing problems and, in some cases, delivers product enhancements. IBM and Microsoft are examples of companies that use this term to describe their periodic product updates. When a new product version comes out, it usually incorporates the fixes from the service packs that have been shipped to update the previous product version.

13

6. authentication, authorization, and accounting Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security. As the first process, authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access. The AAA server compares a user's authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network. If the credentials are at variance, authentication fails and network access is denied. Following authentication, a user must gain authorization for doing certain tasks. After logging into a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies: determining what types or qualities of activities, resources, or services a user is permitted. Usually, authorization occurs within the context of authentication. Once you have authenticated a user, they may be authorized for different types of access or activity. The final plank in the AAA framework is accounting, which measures the resources a user consumes during access. This can include the amount of system time or the amount of data a user has sent and/or received during a session. Accounting is carried out by logging of session statistics and usage information and is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities. Authentication, authorization, and accounting services are often provided by a dedicated AAA server, a program that performs these functions. A current standard by which network access servers interface with the AAA server is the Remote Authentication Dial-In User Service (RADIUS).

Automated Fingerprint Identification System The Automated Fingerprint Identification System (AFIS) is a biometric identification (ID) methodology that uses digital imaging technology to obtain, store, and analyze fingerprint data. The AFIS was originally used by the U.S. Federal Bureau of Investigation (FBI) in criminal cases. Lately, it has gained favor for general identification and fraud prevention. Fingerprinting, as a form of personal identification, is a refined methodology that is proven in practice and accepted in courts of law. AFIS itself has been around for more than 25 years. Recently, a more advanced form of AFIS uses a process called plain-impression live scanning. Several vendors offer AFIS equipment and programs.

patch A patch (sometimes called a "fix") is a quick-repair job for a piece of programming. During a software product's beta test distribution or try-out period and later after the product is formally released, problems (called bug) will almost invariably be found. A patch is the immediate solution that is provided to users; it can sometimes be downloaded from the software maker's Web site. The patch is not necessarily the best solution for the problem and the product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In larger operating systems, a special program is provided to manage and keep track of the installation of patches.

14

7. backscatter body scanning Backscatter body scanning is an X-ray-based technology that yields a high-resolution image of a person's body beneath their clothing to reveal concealed objects. The process involved is sometimes referred to as "backscatting." Backscatter devices have been used for several years in prisons, diamond mines, and customs searches, and are currently being tested as an alternative to metal-detection and pat-downs for airport security. In a backscatter portal, a single ray is passed rapidly over a person's body, taking just eight seconds to scan each side. Data collected from the position of scattered photons are processed to deliver a photographic-quality image. The process uses high-energy X-rays, which tend to reflect (scatter back) from objects, unlike the low-energy X-rays used for medical procedures, which tend to penetrate objects. Because of an effect called "Compton scattering," the rays are deflected differently depending on the density of the matter being scanned. They penetrate clothing but not flesh and are blocked more completely by solid objects. This effect means that most weapons will be sharply revealed by backscatter imaging. However, some critics of the devices claim that because the X-rays used in backscatter devices do not penetrate skin, the devices could be foiled by people with certain physical characteristics, such as overlapping body parts, that make it possible for them to hide an object on their naked bodies. According to Robert Jacksta, Director of Passenger Programs at U.S. Customs, the amount of radiation emitted by one of the scanners is roughly equivalent to the exposure experienced by a passenger on a two-hour flight. Although relatively insignificant on an occasional basis, that level of exposure could be a concern for people who travel frequently and/or are subjected to radiation exposure from other sources. There are a number of other concerns about backscatting, not least among them the issue of privacy. The technology has been referred to as a "virtual strip search" and is sometimes likened to the "X-ray Specs" advertised in comic books in the 1950s and '60s. A major difference between the two is that, unlike the eyeglasses that disappointed so many of that generation, backscatting actually works as advertised. At a reported cost of $100,000, however, backscatter portals are likely to be out of the reach of most comic book readers.

online backup Online backup is a method of offsite data storage in which files, folders, or the entire contents of a hard drive are regularly backed up on a remote server or computer with a network connection. A number of companies provide online backup services for subscribers whose computers are connected to the Internet, automatically copying selected files to backup storage at the service provider's location. This is sometimes called Web-based backup. The rationale behind online backup is simple. By frequently (or continuously) backing up data on a remote hard drive, the risk of catastrophic data loss as a result of fire, theft, file corruption, or other disaster is practically eliminated. With a high-speed Internet connection and a Web browser interface, the remote files and folders appear as if they are stored on an external local hard drive. Encryption and password protection help to ensure privacy and security. For the home and small business computer user, online backup services may be unaffordable if the intent is to totally back up a hard drive on a frequent basis. This problem can be mitigated by backing up only the most critical or often-changed files online, and using physical offsite backup methods for less important or infrequently changed files. For medium-sized and large enterprises or for particularly valuable data, the cost of online backup can prove to be a wise investment. In a database, an online backup, more often called a hot backup or dynamic backup, is a backup performed on data even though it is actively accessible to users and may currently be in a state of being updated. Online backups can provide a convenient solution in multi-user systems because they do not require downtime, as does a conventional offline (cold) backup.

15

8. ethical wormAn ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities. Like its malicious counterpart, the ethical worm could propagate across networks exponentially and perform its tasks without user knowledge or consent, through a process sometimes called a drive-by download. According to some, such invasive behavior is warranted because many system administrators fail to install appropriate patches and service packs, despite knowledge of vulnerabilities and available solutions. The deployment of ethical worms for patch distribution is frequently suggested in discussion forums, especially in the wake of a wide-ranging malicious attack. In January 2003, a worm called the SQL Slammer exploited a known buffer overflow vulnerability in Microsoft SQL 2000 server systems to cause widespread Internet outages. The attack, which may have been carried out to illustrate the problem of lax security, was launched precisely six months after Microsoft released a patch for the flaw. Had the patch been installed to vulnerable systems, the SQL Slammer attack might have had little impact. Although installing security solutions through ethical worms would, at least, ensure they were deployed, there are concerns that the method would create more problems than it solved. According to Ed Skoudis, author of the book, "Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses," even if an ethical worm worked flawlessly, it could inadvertently cause damage because of conflicts with other programs and particular system configurations.

firewall A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to. Basically, a firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources. There are a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain name and Internet Protocol addresses. For mobile users, firewalls allow remote access in to the private network by the use of secure logon procedures and authentication certificates. A number of companies make firewall products. Features include logging and reporting, automatic alarms at given thresholds of attack, and a graphical user interface for controlling the firewall. Computer security borrows this term from firefighting, where it originated. In firefighting, a firewall is a barrier established to prevent the spread of fire.

disaster recovery plan A disaster recovery plan (DRP) - sometimes referred to as a business continuity plan (BCP) or business process contingency plan (BPCP) - describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention. Disaster recovery is becoming an increasingly important aspect of enterprise computing. As devices, systems, and networks become ever more complex, there are simply more things that can go wrong. As a consequence, recovery plans have also become more complex. According to Jon William Toigo (the author of Disaster Recovery Planning), fifteen years ago a disaster recovery plan might consist of powering down a mainframe and other computers in advance of a threat (such as a fire, for example, or the sprinkler system), disassembling components, and subsequently drying circuit boards in the parking lot with a hair dryer. Current enterprise systems tend to be too complicated for such simple and hands-on approaches, however, and interruption of service or loss of data can have serious financial impact, whether directly or through loss of customer confidence. Appropriate plans vary from one enterprise to another, depending on variables such as the type of business, the processes involved, and the level of security needed. Disaster recovery planning may be developed within an organization or purchased as a software application or a service. It is not unusual for an enterprise to spend 25% of its information technology budget on disaster recovery.

16

9. vulnerability disclosure Vulnerability disclosure is the practice of publishing information about a computer security problem, and a type of policy that stipulates guidelines for doing so. Either the person or organization that discovers the vulnerability or a responsible industry body such as the Computer Emergency Readiness Team (CERT) may make the disclosure, sometimes after alerting the vendor and allowing them a certain amount of time to fix the problem before publishing the information. The question of how much information to provide and when to make it public is a contentious issue. Some people argue for full and immediate disclosure, including the specific information that could be used in an exploit taking advantage of the vulnerability; others believe that limited information should be made available to a selected group after some specified amount of time has elapsed since the vulnerability was found; and still others believe that no vulnerability information should be published at all. A number of organizations are establishing vulnerability disclosure policies. According to CERT's policy, for example, they will: inform the vendor about a vulnerability as soon as practically possible after they receive a report; advise the reporter of changes in the status of the vulnerability; and, under most circumstances, disclose the information to the public 45 days after the problem is reported, whether the vendor has dealt with the issue or not.

chaffing and winnowing Chaffing and winnowing are dual components of a privacy-enhancement scheme that does not require encryption. The technique consists of adding false packets to a message at the source (sender end of the circuit), and then removing the false packets at the destination (receiver end). The false packets obscure the intended message and render the transmission unintelligible to anyone except authorized recipients. At the source, each legitimate message packet is assigned a unique serial number and a message authentication code (MAC). Every serial number and MAC is known to the receiver in advance. Then the bogus packets are added at the source; this is the chaffing process (chaff is the undesirable part of a plant such as wheat that is separated during milling). The chaff packets have the same format as the legitimate ones, and they also have reasonable serial numbers, but they have invalid MACs. It is impossible to tell the difference between the legitimate packets and the chaff except by comparing MACs at the destination. At the destination, the chaff packets are removed by comparing MACs. This is called winnowing. If an incoming packet has a bogus MAC, it is discarded; if it has a legitimate MAC, it is accepted. Thus, the original message is recovered.

hot site and cold siteA hot site is a commercial disaster recovery service that allows a business to continue computer and network operations in the event of a computer or equipment disaster. For example, if an enterprise's data processing center becomes inoperable, that enterprise can move all data processing operations to a hot site. A hot site has all the equipment needed for the enterprise to continue operation, including office space and furniture, telephone jacks, and computer equipment. A cold site is a similar type of disaster recovery service that provides office space, but the customer provides and installs all the equipment needed to continue operations. A cold site is less expensive, but it takes longer to get an enterprise in full operation after the disaster. Typically, a business has an annual contract with a company that offers hot and cold site services with a monthly service charge. Some disaster recovery services offer backup services so that all company data is available regardless of whether a hot site or cold site is used. If an enterprise must use a hot or cold site, there are usually daily fees and other incidental fees in addition to the basic service charge.

17

10. decipher All three terms - decipher, decrypt, and decode - mean to convert ciphertext into the original, unencrypted plaintext. Decrypt is actually a generic term, covering both the other terms, that simply means to unscramble a message. The root prefix crypto is from the Greek kryptos, meaning hidden or secret. Although decipher and decode are frequently used interchangeably, in the strictest sense, a distinction can be made between the two. Both terms refer to a system of encryption in which message data is replaced with other data to make it unreadable. The crucial difference between decipher and decode lies in the level of substitution used: in some security contexts, a message encrypted through the use of a cipher works with substitution at the level of letters; to decipher means to unscramble a message that uses substitution at the letter level. According to some accounts, Julius Caesar developed a cipher to encrypt messages so that they could be sent without fear that the messenger would betray him. Caesar replaced each letter in his message with the one three positions ahead of it in the alphabet, so that, for example, "A" became "D," "C" became "F" and so on. Only someone in possession of Caesar's encryption rule (or key) could read the message, by performing the opposite operation: substitute each letter with the one three positions before it in the alphabet. Caesar's encrypted message is an example of ciphertext and the unencrypted message an example of plaintext; the mathematical formula (shift by 3) used for encryption and decryption is a simple example of an algorithm. In contexts where a distinction is made between decipher and decode, to decode means to unscramble a message in which text is transformed through the substitution of words or phrases, since, in this context, encoded messages are encrypted at the level of words or phrases.

spam filter A spam filter is a program that is used to detect unsolicited and unwanted e-mail and prevent those messages from getting to a user's inbox. Like other types of filtering programs, a spam filter looks for certain criteria on which it bases judgments. For example, the simplest and earliest versions (such as the one available with Microsoft's Hotmail) can be set to watch for particular words in the subject line of messages and to exclude these from the user's inbox. This method is not especially effective, too often omitting perfectly legitimate messages (these are called false positives) and letting actual spam through. More sophisticated programs, such as Bayesian filters or other heuristic filters, attempt to identify spam through suspicious word patterns or word frequency.

dongle A dongle (pronounced DONG-uhl) is a mechanism for ensuring that only authorized users can copy or use specific software applications, especially very expensive programs. Common mechanisms include a hardware key that plugs into a parallel or serial port on a computer and that a software application accesses for verification before continuing to run; special key diskettes accessed in a similar manner; and registration numbers that are loaded into some form of ROM (read-only memory) at the factory or during system setup. If more than one application requires a dongle, multiple dongles can be daisy-chained together from the same port. Dongles are not in frequent use partly because enterprises don't like to have a serial or parallel port preempted for this use.

firefightingFirefighting is an emergency allocation of resources, required to deal with an unforeseen problem. In software development, for example, firefighting might involve assigning extra programmers to fix coding bugs that are discovered close to a product's release date; in a security context, it might involve allocating resources to deal with the breach of an information system or the outbreak of a computer virus. At the individual user level, firefighting might involve dealing with hardware or software problems that could have been prevented with basic computer maintenance practices. Just as in the real world, there's an assumption that "fires" are unpredictable and that they must be dealt with immediately. However, a too-frequent need for emergency action may reflect poor planning, or a lack or organization, and is likely to tie up resources that are needed elsewhere. To keep firefighting to a minimum, comprehensive disaster recovery planning (DRP) often includes the attempt to foresee, and protect against, such emergencies.

18

11. encoding and decoding In computers, encoding is the process of putting a sequence of characters (letters, numbers, punctuation, and certain symbols) into a specialized format for efficient transmission or storage. Decoding is the opposite process -- the conversion of an encoded format back into the original sequence of characters. Encoding and decoding are used in data communications, networking, and storage. The term is especially applicable to radio (wireless) communications systems. The code used by most computers for text files is known as ASCII (American Standard Code for Information Interchange, pronounced ASK-ee). ASCII can depict uppercase and lowercase alphabetic characters, numerals, punctuation marks, and common symbols. Other commonly-used codes include Unicode, BinHex, Uuencode, and MIME. In data communications, Manchester encoding is a special form of encoding in which the binary digits (bits) represent the transitions between high and low logic states. In radio communications, numerous encoding and decoding methods exist, some of which are used only by specialized groups of people (amateur radio operators, for example). The oldest code of all, originally employed in the landline telegraph during the 19th century, is the Morse code. The terms encoding and decoding are often used in reference to the processes of analog-to-digital conversion and digital-to-analog conversion. In this sense, these terms can apply to any form of data, including text, images, audio, video, multimedia, computer programs, or signals in sensors, telemetry, and control systems. Encoding should not be confused with encryption, a process in which data is deliberately altered so as to conceal its content. Encryption can be done without changing the particular code that the content is in, and encoding can be done without deliberately concealing the content.

honey pot A honey pot is a computer system on the Internet that is expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. (This includes the hacker, cracker, and script kiddy.) To set up a honey pot, it is recommended that you: Install the operating system without patches installed and using typical defaults and options Make sure that there is no data on the system that cannot safely be destroyed Add the application that is designed to record the activities of the invader Maintaining a honey pot is said to require a considerable amount of attention and may offer as its highest value nothing more than a learning experience (that is, you may not catch any hackers).

tarpitting Tarpitting is the practice of slowing the transmission of e-mail messages sent in bulk as a means of thwarting spammers. The intent is to maintain a high quality of service for legitimate users while making the sending process impractical for spammers, who -- because of low response rates -- must be able to send vast volumes of messages quickly and inexpensively. The delay is insignificant for typical recipient lists, and administrators can grant exemptions to people with valid reasons to send messages to a large number of recipients. There are a number of approaches to tarpitting. One method is to insert small delays (sometimes called sleeps) after a certain number of recipients in a Simple Mail Transfer Protocol (SMTP) session. For example, the first 20 messages in a session might be sent without delay and then a few seconds' delay added for each recipient in the list beyond that number. If a spam mailing list contains 10,000 recipients and a delay of even two seconds is applied for each recipient after the twentieth, the total delay incurred is over five and a half hours. Tarpitting is closely related to the concept of the teergrube (German for tar pit), a server that is intentionally configured to be slow, generally as a means of trapping address harvester programs.

19

12. teergrube A teergrube (German for tar pit) is a computer server set up to be intentionally slow, as a trap for spammers using address harvesting programs. The owner of the teergrube sets out fake e-mail addresses in places where harvesting programs search, along with a human-readable warning not to send messages to those addresses. The address harvester, unable to read the warning, collects the addresses and the spammer duly sends spam. The spammer's messages are accepted by the teergrube, albeit very, very slowly, thus tying up resources. A teergrube is configured to maintain a Simple Mail Transfer Protocol (SMTP) session for exceptionally long periods -- sometimes more than 24 hours -- so that the session is not timed-out. The extended time period that a spammer is stuck in a teergrube may also afford more opportunity to detect the source of messages.

spam cocktail A spam cocktail (or anti-spam cocktail) is the use of several different technologies in combination to successfully identify and minimize spam. The use of multiple mechanisms increases the accuracy of spam identification and reduces the number of false positives. A spam cocktail puts each e-mail message through a series of tests that provides a numeric score showing how likely the message is to be spam. Scores are computed and the message is assigned a probability rating. For example, it may be determined that a message has 85% probability that it is spam. E-mail administrators can create rules that govern how the messages are handled based on their scores; the highest scores may be deleted, medium scores may quarantined, and lower scores may be delivered but marked with a spam warning. A spam cocktail commonly includes several of the following identification methods, which may be weighted differently for message scoring: Machine learning: Implementing sophisticated computer algorithms that improve over time to analyze the subject line and contents of a message and predict the probability that it is spam based on past results. The Bayesian filter is a type of machine learning. Blacklisting: Subscribing to a blacklist or blackhole list of known spammers and blocking messages from those sources Content filtering: Using programs that look for specific words or criteria in the subject line of body of a message Spam signatures: Using programs that compare the patterns in new messages to patterns of known spam Heuristics: Using heuristic programs that look for known sources, words or phrases, and transmission or content patterns Reverse DNS lookup: Checking whether the IP address matches the domain name from which a message is coming.

cocooning Cocooning is the act of insulating or hiding oneself from the normal social environment, which may be perceived as distracting, unfriendly, dangerous, or otherwise unwelcome, at least for the present. Technology has made cocooning easier than ever before. The telephone and the Internet are inventions that made possible a kind of socialized cocooning in which one can live in physical isolation while maintaining contact with others through telecommunication. The term was popularized in the 1990s by marketing consultant Faith Popcorn in her book The Popcorn Report: The Future of Your Company, Your World, Your Life. Popcorn suggested that cocooning could be broken down into three different types: the socialized cocoon, in which one retreats to the privacy of one's home; the armored cocoon, in which one establishes a barrier to protect oneself from external threats; and the wandering cocoon, in which one travels with a technological barrier that serves to insulate one from the environment. A common example of home-based cocooning is staying in to watch videos instead of going to the movies. Wandering cocooning is evident in those who exercise or walk around the city while being plugged in with earphones to a private world of sound. Wireless technologies such as cell phones and PDAs have added a new dimension of social cocooning to wandering cocooning by allowing people to include selected others in their mobile cocoon. Examples of armored cocooning include network firewalls, virtual private networks (VPNs), surveillance cameras, and spyware-blocking software applications.

20

13. desktop management Desktop management is a comprehensive approach to managing all the computers within an organization. Despite its name, desktop management includes overseeing laptops and other computing devices as well as desktop computers. Desktop management is a component of systems management, which is the administration of all components of an organization's information systems. Other components of systems management include network management and database management. Traditional desktop management tasks include installing and maintaining hardware and software, spam filtering, and administering user permissions. In recent years, however, security-related tasks have become an increasingly large part of desktop management. As a result, an increasingly large proportion of administrative resources have been devoted to security-related tasks, such as patch management, fighting viruses and spyware, and controlling greynet applications (programs installed without corporate approval, such as instant messaging, file sharing programs, and RSS readers). Desktop Management Interface (DMI) is an industry framework for managing and keeping track of hardware and software components in a system of personal computers from a central location. DMI was created by the Desktop Management Task Force (DMTF) to automate system management and is particularly beneficial in a network computing environment where dozens or more computers are managed.

electronic discovery Electronic discovery (also called e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. E-discovery can be carried out offline on a particular computer or it can be done in a network. Court-ordered or government sanctioned hacking for the purpose of obtaining critical evidence is also a type of e-discovery. The nature of digital data makes it extremely well-suited to investigation. For one thing, digital data can be electronically searched with ease, whereas paper documents must be scrutinized manually. Furthermore, digital data is difficult or impossible to completely destroy, particularly if it gets into a network. This is because the data appears on multiple hard drives, and because digital files, even if deleted, can be undeleted. In fact, the only reliable means of destroying data is to physically destroy any hard drive where it is found. In the process of electronic discovery, data of all types can serve as evidence. This can include text, images, calendar files, databases, spreadsheets, audio files, animation, Web sites, and computer programs. Even malware such as viruses, Trojans, and spyware can be secured and investigated. Electronic mail (e-mail) can be an especially valuable source of evidence in civil or criminal litigation, because people are often less careful in these exchanges than in hard copy correspondence such as written memos and postal letters. Computer forensics, also called cyberforensics, is a specialized form of e-discovery in which an investigation is carried out on the contents of the hard drive of a specific computer. After physically isolating the computer, investigators make a digital copy of the hard drive. Then the original computer is locked in a secure facility to maintain its pristine condition. All investigation is done on the digital copy. E-discovery is an evolving field that goes far beyond mere technology. It gives rise to multiple legal, constitutional, political, security, and personal privacy issues, many of which have yet to be resolved.

21

UNIT 14. BLOGS

Warming up

1.What is blogging?2.Is it possible to learn English via blog entries?3.What do you think about blogging?

Mainstream

Ex.1 Reading

blog A blog (short for weblog) is a personal online journal that is frequently updated and intended for general public consumption. Blogs are defined by their format: a series of entries posted to a single page in reverse-chronological order. Blogs generally represent the personality of the author or reflect the purpose of the Web site that hosts the blog. Topics sometimes include brief philosophical musings, commentary on Internet and other social issues, and links to other sites the author favors, especially those that support a point being made on a post. The author of a blog is often referred to as a blogger. Many blogs syndicate their content to subscribers using RSS, a popular content distribution tool.

weblog 1) A weblog, sometimes written as web log or Weblog, is a Web site that consists of a series of entries arranged in reverse chronological order, often updated on frequently with new information about particular topics. The information can be written by the site owner, gleaned from other Web sites or other sources, or contributed by users. A weblog often has the quality of being a kind of "log of our times" from a particular point-of-view. Generally, weblogs are devoted to one or several subjects or themes, usually of topical interest, and, in general, can be thought of as developing commentaries, individual or collective on their particular themes. A weblog may consist of the recorded ideas of an individual (a sort of diary) or be a complex collaboration open to anyone. Most of the latter are moderated discussions. Since there are a number of variations on this idea and new variations can easily be invented, the meaning of this term is apt to gather additional connotations with time. A popular weblog is Slashdot.org, the product of programmer and graphic artist Rob Malden and several colleagues. Slashdot.org carries discussion threads on many subjects including: Money, Quake (the game), Netscape, Sun Microsystems, Hardware, and Linux. Slashdot.org solicits and posts interesting stories reported by contributors, includes a link to the story, and manages the threads of the ensuing discussion by other users. Another well-known weblog is Jorn Barger's Robot Wisdom Log, which is more of collection of daily highlights from other Web sites. Jessamyn West's librarian.net is a daily log of items interesting to librarians and possibly others, too. As a format and content approach for a Web site, the weblog seems popular because the viewer knows that something changes every day, there is a personal point-of-view, and, on some sites, there is an opportunity to collaborate or respond with the Web site and its participants. 2) Weblog is the name of a software product from South Korea that analyzes a Web site's access access log and reports the number of visitors, views, hits, most frequently visited pages, and so forth.

22

Ex.2. Discussionread the following comments about BBC Learning English blog.

Andrey, RussiaI am glad to find the new place or way to improve English. I suppose if you are interested in something it is studied good and easily. I like discussions with real people about real problems. I am interested in the World Football Cup. I'm joining this blog. Thanks.

Wojtek, PolandIt's definitely a great idea. It would be nice if it was possible to ask about the finer points of grammar and vocabulary through the blog. Waheed, KashmirIts really very exiting for me to learn and share my ideas with other friends around the globe. All the best.....

Ex.3. GrammarRead the following text about BBC Learning English blogs.

Insert prepositions and answer the question: What are the advantages and disadvantages of learning English via blogs? (answer in 2 – 4 sentences)

The main thing which makes a blog different from a broadcast or a standard webpage is that it’s a conversation 1)…the author and the audience. Blog entry is something written 2)…the blogger and published or put 3)… their blog page. This can include links 4)… pictures, audio and video or it can be just text.

BBC Learning English has two blogs. One blog is updated 5)… a student and the other blog 6)… an English language teacher. Each month a new student will blog 7)… our site giving daily updates about their life and their interests. The teacher blog will give the student advice 8)… what they write and suggestions 9)… improving their writing.

And you will be able to ask questions of both bloggers and write about their blogs. The success 10)… this blog will depend 11)… you sharing your views and opinions 12)… the student and the teacher blogger - let them know what you think 13)… what they're writing, discuss language points raised by the teacher, ask questions ...

14)… the student and teacher blog pages the most recent blog entries will appear 15)… the top 16)… the pages. Scroll down the pages to read previous entries. Below each calendar you will see a drop down menu. Use this to see blog entries 17)… previous months. Archive blogs are displayed 18)… date order, 19)… the beginning of the month through 20)… the end of the month. At the top 21)… each blog entry is the word comment. Click 22)… it, and you will be able to read comments and add your own to that particular entry. Try to keep your comments short and relevant to the blog entry you are commenting 23)….

23

Ex.4. VocabularyFill in the blanks using the words given in the table.

Blog entry

blog on our site

daily updates

building your brand

Blogger

runs the website

put on the blog page

keep trackable

mobile connected to the web

tracks 35 million blogs producing 700 000 posts a day

started to flower

searchengines

subscriptions to their logins

blog keeper

discourage being linked to

by virtue of becoming

1. The people that are formally known as your audience and your consumers are now participants in the process of a)…. If you care what people think about you, you are going to acquaint yourself with the work of David S. David b)… technorody.com which c)….

2. More and more people are d)… 3. The ability for the web to become much

more a part of our daily life and something we interact with in real time has really e)….

4. There’s a very deep level of accountability because you are the only person who can write to your blog, because it’s on the web and it’s public and it’s indexed by f)… like technorody.

5. You have to stand up for your words otherwise the g)… will recognize you as some guy who is always trying to create arguments.

6. How can I h)… the blogs which are affecting my company?

7. Sites like Wall Street Journal and the Economist and many other news organizations i)… making all or even the part of their site require j)….

8. The sites at the top of that chart have become a part of the conversations just k)… a part of many smaller conversations.

9. l)… is something written by the m)… and published or n)….

10. Each month new students will o)… giving p)… about their life and their interests.

24

Ex.5. ListeningListen twice and answer the questions in complete sentences.

1. What kind of problem/matter is discussed in the conversation?

2. What new opportunities for all the Internet users appear with blogs?

3. Blogging is not a technological phenomenon. Why?

4. Are there any relations between a blog and identity?

5. To what extent & why blogging means being responsible for the words you write to your blog?

6. Is it possible for any person who runs a company to control bloggers as they affect his business?

7. Who are the participants of building your brand in the blog sphere?

8. How can a person determine the influence of blogs on his business?

9. How can a person determine his influence in the blog sphere, for example, in the world of

baseball?

10. Does David S. agree with the opinion that we’re creating new personas for ourselves on the web?

11. What can a person do to increase the flow of incoming links? (you may add your own opinion to

the steps introduced in the conversation)

12. How sites of news organizations discourage being linked to?

13. What remarkable sociable abilities of people’s characters did David notice while watching blog

conversations going by?

14. What date the conversation took place?

25