Some Computer Security Related Definitions

Shoulder Surfing

Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.

Dumpster Diving

Dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash.

Sniffers

A sniffer is a program that monitors and analyzes network traffic, detecting bottlenecks and problems. Using this information, a network manager can keep traffic flowing efficiently.

A sniffer can also be used legitimately or illegitimately to capture data being transmitted on a network. A network router reads every packet of data passed to it, determining whether it is intended for a destination within the router's own network or whether it should be passed further along the Internet. A router with a sniffer, however, may be able to read the data in the packet as well as the source and destination addresses. Sniffers are often used on academic networks to prevent traffic bottlenecks caused by file-sharing applications.

The term "sniffer" is occasionally used for a program that analyzes data other than network traffic. For example, a database could be analyzed for certain kinds of duplication

Trojan

A trojan is malicious program that, when installed on a system, can be used for nefarious purposes by an attacker. Tools that allow remote administration or access to a vulnerable system (RATs) are called Trojans. With a Trojan an attacker can control rearly all hardware and software on the system by remote. Today trojans are very advanced and provide attackers with many different features for remote control. Once a trojan has been introduced into a system, not only does all the data become vulnerable to threat, but there is a good chance that the compromised system can be used to set up an attack on some third-party sytem.