Hacker buzz: Denial of service, intrusion detection, and... honeypots?

As promised, this week's Jargon Watch returns to the subject of hackers. This time around, we'll focus on terms that describe malicious hacker activities, along with various strategies for foiling their attacks.

Recent security breaches at some of the Internet's largest Web sites have driven security issues to the top of the list as a major focus for IT efforts. If security is not your area of expertise, you might want to review some the hacker-related security terms in this week’s Jargon Watch.

Last week, we offered our first installment of hacker terms in "Good hackers, bad hackers, and hackers-for-hire ."

DDoS (distributed denial of service)
A distributed denial of service is a method of packet flooding that's launched from many computers with the intent of overloading networks. DDoS is often used by security consultants for penetration testing, but is also used by malicious hackers to cause disruption in a network. In a DDoS attack, the hacker uses unprotected Internet nodes around the world to flood a victim's computer with attacks from all the nodes simultaneously. This floods the network and prevents legitimate traffic from moving around. Some of the newer methods of DoS attacks are known as TRINOO, Tribe Flood Network (TFN, TFN2K), and Stacheldraht (barbed wire).

DCA (distributed coordinated attack)
A distributed coordinated attack is any attack that coordinates and uses distributed resources against a target or set of targets.

ID (intrusion detection)
Intrusion detection is the act of detecting inappropriate activity on a computer system. If the ID system is operating on a host machine, detecting malevolent activity is called host-based intrusion detection. If the ID system is operating on a network, it's called network-based intrusion detection. Many intrusion detection systems use a combination of host- and network-based intrusion detection.

A honeypot is a computer on a network that serves as a decoy or booby trap for hackers, collects information about their hack, and protects your network from unauthorized access. The honeypot contains information that may look vital to the company, but isn’t. As long as hackers think the data is interesting or important, they will stay occupied and away from your other systems. The longer the hacker stays on the honeypot, the more information is disclosed about what they are doing. Security personnel can use that information to determine how skillful the hackers are, what tools they are using, and what they’re looking for—and then use that information to defend the rest of the network.

Trojan horse
In Virgil’s Aeneid, a Trojan horse secretly hides Greek warriors who eventually emerge from the false gift and overrun the city. In the computer world, a Trojan horse is malicious code contained in what seems to be a harmless program (such as a free utility) or harmless data. It eventually allows a hacker at a remote site to take control and cause damage to the computer system. If it is widely distributed, it could be considered a virus, except that it does not replicate itself. Damage can include destroying data or programs on a hard disk, locating passwords, or making the system more vulnerable for a return visit.
For additional information on security-related issues, check out some of the words we've previously covered in our downloadable Jargon Watch glossary . Next week, we'll feature even more security terms. If you'd like to suggest some security words, please send us an e-mail or post a comment below. Also, be sure to read the variety of security articles on TechRepublic, including "Would you risk hiring a hacker?" and an interview with SRA's cyberterrorism expert.

Editor's Picks

Free Newsletters, In your Inbox