«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»
1. A back door is the name given to a ‘secret’ access route into the system. Such routes are usually undocumented and almost certainly were not originally specified. In fact, usually only the original developer would be aware of the back door(s) to their system. So why design a back door? Some boffin programmers, suspected that the end users would, at some point, make such a mess of the system, that normal ID and password routines would not allow access, and that another route into the system (known only to the programmers) would be required - the back door.
In this particular context the existence of a Back Door can be a useful feature but, it does represent a significant risk in that a person - not necessarily on the staff of the organisation - could be in a position to penetrate the system with malicious intent without the organisation’s knowledge. It is reasonable to assume that a programmer with sufficient skill to build the system in the first place will also have the skills necessary to penetrate the system and withdraw again without leaving any evidence of the incursion.
2. Name of several unpleasant viruses/Trojans which jeopardise network security and attempt to give malicious users access to the computer.
Backup The process whereby copies of computer files are taken in order to allow recreation of the original, should the need arise. A backup is a spare copy of a file, file system, or other resource for use in the event of failure or loss of the original.
The term is most commonly used to refer to a copy of all the files on a computer's disks which is made periodically and kept on magnetic tape or other removable medium (also called a ‘dump’).
This essential precaution is neglected by most new computer users until the first time they experience a crash or accidentally delete the only copy of the file they have been working on for the last six months.
Ideally the backup copies should be kept at a different site or in a fire safe.
Although hardware may be insured against fire, the data on it is almost certainly neither insured nor easily replaced. Consequential loss policies to insure against data loss can be expensive, but are well worth considering.
Glossary 394 Backup and Restore / Recovery Whilst backup is a routine that is well understood, the ability to restore data is usually only performed when data is lost, corrupted, or otherwise changed. It is extremely important to review and test the restore procedures, to ensure that, in an emergency, appropriate action can be taken. A real danger, when restoring files from the backup, is that of restoring additional files which then over-write newer files. Were this to happen to an order processing system, or other system which records transactions, such an error could result in severe loss.
To avoid even the possibility of such an error, you should always restore files to a specific location that is separate from the live files. Then, having verified the integrity of the restored file(s), they may be copied to the required area; again, cautiously and with consideration for the risks involved.
Backup Files Backup files are those files which are retained, often on high capacity tape or separate disk sub-system, which represent the organisation’s protection against loss, damage or non-availability of the data held on information systems.
Whilst it is important to have available the most recent few backups - to enable restore in case of need - it is also crucial that recent backup tapes / disks are stored safely off-site; sufficiently far away to reduce the risk of environmental damage (e.g. flood) destroying both the primary systems and the off site backups.
Backup Power Generators Backup Power Generators are usually gasoline driven units which are linked to an Uninterruptible Power Supply (UPS), to prevent your systems crashing as a result of power failure. Power generators should be of adequate capacity to support the systems which require power. Bear in mind that backup power generators are used rarely. As a result, they can remain idle for years, as usually the UPS will bridge the gap until the power is either restored, or the systems have been safely shut down. As a result, when needed, the power generator may not have been tested for a considerable period. It is important that, periodically, the power generator is tested and serviced, in accordance with the manufacturer’s recommendations. It is also vital to ensure that fresh gasoline replaces unused gasoline each year; and that there are adequate supplies available.
1. A term from the days before real-time processing when data was collected together throughout the day in batches waiting for the IT staff to run the End of Day routines which included ‘batch processing’. This approach requires less computer power than real-time processing since account balances and other record are not changed until the end of the working day and, effectively the system is on ‘enquiry only’ status until the next processing run. In some ways batch processing is more secure than real-time since there is more time to check transaction data before it reaches the computer’s files, however the advantages of having accurate, upto-the-minute information (especially in banking and finance) are generally viewed as outweighing any benefits batch processing may offer.
2. Batch files (files with the extension.bat) are small ‘programs’ instructing the computer to perform some processing, start another program running, recognise some hardware etc., The most common example is the autoexec.bat file (standing for AUTOmatic
Bench Testing The testing of new / revised software by the developers. Bench testing is a critical step in the software development process and precedes the more ‘formal’ User Acceptance Testing process.
Bench testing should verify that the software performs in accordance with System Requirements.
Bespoke In the same way as this term means ‘made to measure’ in clothing, it is used generally to describe software which has been written/developed specifically for one organisation. Bespoke differs from ‘Customised’ in that customisation usually refers to modification of existing software rather than starting from scratch.
Beta Software Term used to describe software which is almost fully developed but not yet quite ready for release to the market, or internal users. The Beta version of the software is preceded by the alpha version. Beta versions of commercial programs are often made available to consumers at attractive prices on the basis that there are numerous bugs still to be sorted out, and the first batches of users to install the product are, effectively, taking part in an enormous acceptance testing programme. The developer will take note of the findings and comments made by Beta users to incorporate modifications, fixes, patches, etc., in the version which is finally released.
Beta versions of software, whether purchased or developed in-house, should not be installed on live systems and should never be used for mission critical processes.
Big Blue Affectionate nickname for IBM, deriving from the colour of their hardware.
Binders Binders are programs that allow hackers to ‘bind’ two or more programs together to result in a single.EXE file. These may be useful tools but they easily allow a hacker with malicious intent to insert Trojan executables into harmless.EXE animations, e-greetings and other.EXEs that are commonly passed around as email attachments.
‘The only way to stop an executable from harming your PC is to run it in a proactive ‘sandbox’ environment and monitor its behaviour for malicious activity in real-time.’
BIOS BIOS, the Basic Input Output System of a personal computer. The BIOS contains the code which results in the loading (booting) of a computer’s operating system e.g. Microsoft Windows®. The BIOS also controls the flow of data to/from the operating system and peripheral devices, such as printer, hard disk, keyboard and mouse.
Bitloss Loss of data bits during a transmission. Such losses are usually self evident when the incoming file is reviewed, but, occasionally the loss is such that it goes unnoticed. Bit loss can be counteracted by use of Control Totals.
Bloatware Software that provides minimal functionality while requiring a disproportionate amount of diskspace and memory. Especially used for application and OS upgrades. This term is very common in the Windows/NT world. So is its cause.
Blue Screen of Death Commonly abbreviated to BSOD, this term is closely related to the older Black Screen of Death but much more common. Due to the extreme fragility or ‘bugginess’ of the Microsoft Windows® 3.1/3.11 of the early 1990s, and early versions of Windows® 95 / 98, misbehaving applications can crash the system.
The Blue Screen of Death, sometimes decorated with hexadecimal error codes, is what you get when this happens. The only solution is to re-boot and hope that it doesn’t happen again (but it always does!). Solution: use a more stable operation system. If Microsoft Windows® compliance is key, which it normally is for most Small to Medium Sized Enterprises), consider Windows® 2000 professional or server.
BMUS Beam Me Up, Scotty. From the original Star Trek series, now used as a plea for help by any techie in a tight spot. Also the source of the term ‘Beam’.
Boeing Syndrome The ultimate disaster scenario for contingency planning purposes. The name, allegedly, comes from a conference in which IT specialists, administrators, planners, etc were asked first to imagine that a Boeing 747 Jumbo fell out of the air onto their computer centre (with the resulting complete loss of systems) and then asked to prepare a contingency/disaster recovery plan to keep their organisation going in such circumstances. A very useful exercise - even for small companies, who often do not realise just how important their computer systems are to their continued existence as a viable business.
Boot Disk CD-ROM or Floppy disk used to start a PC or server when it cannot do so from the hard drive. Boot disks are often used when there is a problem with a Hard Drive, but, equally, may be used as a Key Disk security feature when a PC has been deliberately configured by technical staff to refuse to run without the Key Disk present.
Borg From ‘Star Trek: The Next Generation’ in which the Borg is a species of cyborg that ruthlessly seeks to incorporate all sentient life into itself; their slogan is ‘Resistence is futile. You will be assimilated.’ In tech-speak, the Borg is usually Microsoft, which is thought to be trying just as ruthlessly to assimilate all computers and the entire Internet into itself - there is a widely circulated image of Bill Gates as a Borg - ie Borging the competition. Being forced to use Windows or NT is often referred to as being ‘Borged’. It is reported that this term is in use within Microsoft itself. Other companies, notably Intel and UUNet, have also occasionally been equated to the Borg.
Bot Short for Robot, - the term describes little programs designed to perform automated tasks on the Internet such as indexing, looking/watching for message contents, or to act as avatars (human surrogates). On IRC, Bots can be malicious by cloning themselves, (clonebots), or flooding the IRC channels with garbage (floodbots). There are hundreds of different types of Bots including, by some definitions, Agents and Crawlers.
BotrunnerA person who operates software robots on the Net.
Bottlenecking Also known as Mail Bombing, and similar in nature to Spamming and Flaming, Bottlenecking involves material being sent electronically to a organisation’s access points (typically E-mail servers) in such large quantities that the system becomes blocked, and genuine business material cannot get through - for example sending ten full copies of the complete Encyclopaedia Britannica to all known E-mail addresses at an organisation will choke quite a few LAN servers for a good while.
Although the material itself may not be inflammatory or abusive the senders usually have a grudge of some kind, real or imagined, against the organisation, and the end result is a organisation which cannot communicate with the outside world for an unknown period of time.
bps bits per second. This is a term from which you can gauge the relative speed of a modem and / or network. Modern modems all offer at least 56K bps whilst the more modern ADSL lines are promoting 512K bps for home users and 2M bps for business users. The faster, the better, especially for Internet Web browsing.
Glossary 398 Brochureware Planned but non-existent product similar to vapourware, but with the added implication that marketing is actively selling and promoting it – i.e. they've printed brochures. Brochureware is often deployed as a strategic weapon alongside the pre-emptive announcement; the idea is to con customers into not committing to an existing product of the competition. It is a safe bet that when a brochureware product finally becomes real, it will be more expensive than and inferior to the alternatives that had been available for years. Typically market leader Organisation A will hear/see that competitor Organisation B has a superb new product likely to take market share from A. Organisation A therefore announces its own version and prints the brochures (while covertly reverse engineering/decompiling etc., B’s product) so that existing customers will keep their brand loyalty and hold off buying from B. If successful enough, the brochureware can drive B out of the market, and B, together with its product range can be taken over by A. This part of the process is known as ‘Borging’.
Brooks' Law‘Adding manpower to a late software project makes it later’.
Browser Often known as a ‘Web Browser’, it is software used to make contact with Web sites on both the Internet and internal Intranets. The topic of software houses development and use of Browsers is controversial, and lies at the heart of the US Government anti-trust (monopoly) case against Microsoft. The only real effect of this case upon users is likely to be that, in future, Browser applications will have to be acquired and installed separately, rather than being supplied as part of an operating system.