Skip to main content

Raising Security Awareness, One Security Term at a Time

Security awareness 750x425 15jun15 en

The Internet has finally, and in so many ways, become an integral part of our every day lives. As familiar as we are with it, however, we still need to understand how best to navigate our way in this vast digital territory securely. We all face challenges when trying to understand how to protect ourselves, our families and workplaces, and increasingly, all of our sensitive information from Internet attacks.

Before we can begin to practice Internet security, we need to learn the language. Security terminology is unquestionably daunting. The vocabulary used in Internet Security is nearly as large and dense as that found in the fields of medicine or the military. In fact, many Internet Security terms borrow from medical or military terminology, and like these, they require more than a one-line definition and are best accompanied by examples.

This post is the first of a series where I will attempt to explain common – and confounding – security terms. I hope this and future posts help you navigate the twisty little maze of Internet Security passages and your input will definitely be food for thought for future posts.

What is social engineering?

Social engineering is an attempt to influence or persuade an individual to take an action.

Some social engineering has beneficial purposes; for example, a company may distribute a healthcare newsletter with information intended to influence you to get a flu shot. But social engineering is commonly used by criminals to cause the recipient of an email, text, or phone call to share information (such as your online banking username and password, or personal identifying information such as your social security or passport number) or take an action that will benefit the criminal, not the individual.

Criminal social engineering often has an emotional component, to cause the individual to act in haste; for example, an email notice that informs you that your credit card has been suspended due to suspicious activity, or a notice that you've won an item or lottery. This is the "lure". The criminal hopes that you will take the action indicated in the message you receive; e.g., visit a link in the text or email, or call a telephone number. The link is the "hook": a link from a "phishing" email or text often takes you to a fraudulent site that impersonates your bank's login page where the criminal hopes you will submit account credentials or personal information that he can use or perhaps sell. A telephone number may be just as dangerous: the party you call may be an individual skilled at eliciting personal information from you.

The most adept criminals make very convincing impersonations of legitimate and well-intentioned correspondence. To better understand how to protect yourself against social engineering, visit such sites as stopthinkconnect.org or apwg.org.

Comments

    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."