.htaccess ("hypertext access") is a configuration file in which directory-specific settings can be specified.

404 error page

An error page is a web page displayed when the user clicks on an Internet link that no longer works, for instance, or that calls up a non-existent URL. Most browsers display the standard page supplied by the webserver. Error pages may be individually designed by the site's webmaster.

Access point

A wireless access point is an electronic device acting as an interface between a wireless network and a cable computer network.


A technology developed by Microsoft to download small applications, so-called ActiveX controls, to the client’s computer from where they run when web pages are viewed. They enable different effects and functions to be carried out. Unfortunately this technology is often abused and represents a security risk. For example, dialers are downloaded through ActiveX to the computer and run. ActiveX problems only concern Internet Explorer because the other browsers do not support this technology.

Admin interface or administration panel

The admin interface is a graphical user interface with which an administrator can change settings.


Ad servers are employed for the placement and success measurement of Internet advertising. Both the physical server itself on which the ad server software runs as well as the software may be called ad servers.


Asymmetric Digital Subscriber Line A technology enabling a high-speed and permanent Internet access via telephone lines.

Advanced Persistent Threat

This threat results in very great damage impacting a single organisation or a country. The attacker is willing to invest a large amount of time, money and knowledge in the attack and generally has substantial resources.

Advanced Research Projects Agency Network (ARPANET)

ARPANET was originally commissioned by the US Air Force and developed by a small research group headed by the Massachusetts Institute of Technology and the US Department of Defense. It is the predecessor of today's Internet.


A contraction of the words “advertisement” and “software”. Adware is often used for targeted advertising purposes, by recording the user’s surfing habits and offering the corresponding products (e.g. through links).

Antivirus Software

Virus scanner (anti-virus) software protects your data from viruses, worms or Trojan horses.

Apache Web-Server

The Apache HTTP Server is an open source, free product of the Apache Software Foundation and is the most used webserver on the Internet.


"App" (an abbreviation of "application") generally refers to any type of application programme. In common parlance, the term now generally refers to applications for modern smartphones and tablet computers.


A computer programme that performs a given task. Word processing and internet browsers are examples of applications.

Attack vector

The means used or technology used by the attacker to gain access to the computer system.

Authoritative DNS server

An authoritative name server is responsible for a zone. Its information about this zone is therefore considered authoritative.


"Backdoor" refers to a software feature that allows users to circumvent the usual access control of a computer or of a protected function of a computer programme.


"Backup" means the copying of data with the intent of copying them back in the event of data loss.


Element of a webpage that displays advertisements. Banner elements can serve as inconspicuous vectors for attacking websites, since the content is rarely verified by the web administrators.


A "barcode" is an imprint that can be read optoelectronically and that consists of parallel lines and gaps of differing width.

Barcode scanner

A barcode scanner or reader is a data gathering device that can read and transmit different barcodes. The barcodes are recognised either purely optically or with red or infrared light.


Base64 describes a procedure for coding 8-bit binary data (e.g. executable programmes, ZIP files) as a sequence of characters consisting only of readable, code-page independent ASCII characters.

Binary file

A binary file is a file that, unlike a pure text file, also contains non-alphanumerical characters. It may thus contain any byte value. Files in binary format tend to be used to store data.

Biometric passport

Passport with electronically readable biometric data. Personal data such as name, sex, date of birth, etc., are recorded on an RFID chip.


BitTorrent is a collaborative file sharing protocol that is especially suited to the fast distribution of large data volumes.

Black- / White-List

Blacklist: A list of entities, e.g. websites, which are to be denied a particular privilege or service. For example, this may result in the website in question being blocked. Whitelist: A list of elements that the author considers to be trustworthy.


A blog is a diary or journal kept on a website and usually publically viewable, in which a person ? the weblogger or "blogger" ? keeps records, documents occurrences or writes down thoughts.


A technology for wireless communication between two terminals and which is mainly used in mobile phones, laptops, PDAs and input devices (e.g. computer mouse).

Bot / Malicious Bot

Comes from the Slavic word “robota” meaning work. Refers to a program that automatically carries out certain actions upon receiving the command. So-called malicious bots can control compromised systems remotely and have them carry out arbitrary actions.


Operator of a bot net.


A collection of computers infected with malicious bots. These can be fully remotely controlled by the attacker (the owner of the botnet). Depending on its size, a botnet may consist of several hundred to millions of compromised computers.


Computer programmes mainly used to display Web content. The best-known browsers are Internet Explorer, Netscape, Opera, Firefox und Safari.

Browser plug-in

Software, which provides web browsers with additional functions, e.g. so as to show multimedia content.

Buffer overflow

Buffer overflows are one of the most common vulnerabilities in current software, which can also be exploited via the Internet.

Buffer overflows

Buffer overflows are one of the most frequent vulnerabilities in current software. They can also be exploited via the Internet. Buffer overflows occur because of errors in the programme that write excessively large data volumes into a reserve memory area, the buffer, that is too small. This overwrites information located after the target memory.

Building Management System

A building management system (BMS) is software used to visualise and control a building with building automation. The usual functions of a building management system include the control of lighting and air conditioning systems.

Bulletproof hosting

"Bulletproof" provision of services or storage space without the usual content restrictions. This content can include hard (child) pornography, phishing sites, and other illegal content. The operators protect their clients from competitors' attacks and do not cooperate with law enforcement authorities. The Russian Business Network (RBN) is known for such bulletproof hosting services.

Cable modem

High speed device to send and receive data over the TV cable. They are provided by ISPs for accessing the Internet.


CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. CAPTCHAs are used to distinguish whether the counterpart is a human or a machine.


Computer Emergency Response Team CERT (also CSIRT for Computer Security Incident Response Team) refers to a team that coordinates and takes measures relating to incidents in IT significant to safety.

Certificate authority

A certificate authority is an organisation issuing a digital certificate. A digital certificate is the cyberspace equivalent of a personal identification card and serves to assign a specific public key to a person or organisation. This assignment is certified by the certificate authority with its own digital signature.

Circuit board

A circuit board is a carrier of electronic components. It serves to mechanically attach and electronically connect components. Nearly every electronic device has one or more circuit boards.

Click fraud

Click fraud is a type of Internet fraud that primarily targets banner advertisements paid per click. Click fraudsters may operate manually or with the help of programs. These programs simulate banner clicks to manipulate the underlying accounting systems.


A computer or a programme that uses the services offered by a server.


Cloaking is a search engine optimization technique in which a different page with the same URL is presented to the search engine's webcrawler than to the user. Cloaking serves to improve the ranking in search engines and indexing.

Cloud computing

Cloud computing (synonym: cloud IT) is a term used in information technology (IT). The IT landscape is no longer operated/provided by the provider himself, but rather obtained via one or more providers. The applications and data are no longer located on a local computer or corporate computing centres, but rather in a cloud. These remote systems are accessed via a network.


Programme instructions that tell the computer what commands to carry out.

Command & control server

Most bots can be monitored by a botmaster and receive commands via a communication channel. This channel is called command & control server.


A file containing an encrypted file system. When a password is entered, the container appears transparently as a normal drive to the user. When the user logs off, the container is closed, and the data are only available in encrypted form.

Content management system (CMS)

A content management system (CMS) is a system that makes possible and organizes the joint preparation and processing of content, consisting of text and multimedia documents, generally for the World Wide Web. An author may operate such a system even without programming or HTML knowledge. The information to be displayed is referred to as "content".

Country code - Top-level domain

Every Internet domain name consists of a sequence of characters separated by periods. The term "top-level domain" refers to the last name in this sequence and constitutes the highest level of the name resolution. For example, the TLD for is "ch". If this TLD is assigned to a country, the abbreviation ccTLD is used.

Critical (national) infrastructure

Infrastructure or part of the economy whose failure or breakdown would have enormous consequences on national security or the economic and/or social welfare of a nation. In Switzerland the following infrastructure has been defined as critical: energy and water supply, emergency and rescue services, telecommunications, transport and traffic, banks and insurance, government and public administration. In the information age their smooth running is increasingly dependent upon information and communication systems. Systems such as these are referred to as critical information infrastructures.

Critical Infrastructure Protection / Critical Information Infrastructure Protection

Important component in national security policies and defence planning. Generic term to describe concepts and strategies to protect critical infrastructures / critical information infrastructures.

Cross Site Request Forgery

A cross-site request forgery is an attack on a computer system in which the attacker modifies data in a web application without authorization. For this purpose, he takes advantage of the victim, who must be an authorized user of the web application. With the help of technical measures or personal persuasion, a compromised HTTP request is made to the web application.


Encryption tool, encryption algorithm. (Part of a program responsible for encryption).


A cryptosystem is a system used for encryption. Cryptography originally referred to the science of encrypting information.

Data Loss Prevention

Data loss prevention (DLP) is a memorable marketing term from the field of information security. Classically speaking, DLP is a security measure that directly helps protect the confidentiality of data and, depending on its design, also directly or indirectly the integrity and classifiability of the data.

Data Retention

"Data retention" means the storage of personal data by or for public authorities, even though the data are not currently needed.

DDoS attacks

Distributed denial of service attacks A DoS attack where the victim is simultaneously attacked by many different systems.

Deep Packet Inspection (DPI)

Deep packet inspection is a network technology process for monitoring and filtering data packets. The payload and header of the data packet are simultaneously investigated with respect to certain characteristics such as protocol violations, computer viruses, spam and other undesired content.


Unauthorized alteration of websites.


A desktop computer, or "desktop", is a computer designed so that it can be used as a workplace computer on a desk.


Establishment of a connection to another computer using the telephone network.

Digital certificate

Verifies the affiliation of a public key to a topic (person or computer).


Domain Name System .With the help of DNS the internet and its services can be utilised in a user-friendly way, because users can utilise names instead of IP addresses (e.g.

DNS amplification attack

A denial of service attack (DoS) that exploits publicly accessible DNS servers and uses these as amplifiers.

DNS resolver

DNS resolvers are simply constructed software modules installed on the computer of a DNS participant that can access the information of name servers. They form the interface between the application and the name server.


The domain name (e.g. can be resolved by the DNS (Domain Name System) into an IP address, which may then be used to establish network connections to that computer.

DoS attacks

Denial of service attacks. Have the goal of causing a loss of a specific service to users or at least to considerably restrict the accessibility of the service.


Initial component of a malware infection, may lead to an infection with further malicious programs. The downloader downloads the actual virus, Trojan, etc., and launches it on the infected system.

Drive by infection

Infection of a computer with malware simply by visiting a website. Often the websites concerned contain reputable offerings and have already been compromised beforehand for the purposes of spreading the malware. The infection occurs mostly by trying out exploits for vulnerabilities not yet patched by the visitor.

Driver software

A device driver, or simply "driver", is a computer programme or software module that controls the interaction with connected devices.

Dual use good

"Dual use" is a term primarily used in export control, designating the use of an economic good (e.g. a machine, but also software and technology) for both civilian and military purposes in principle.


E-commerce is the generic term in the Internet economy for electronic commerce.

EMV Chips

The abbreviation EMV refers to a specification for payment cards that contain a processor chip and for the associated chip card devices (POS terminals and ATMs). The letters EMV stand for the three companies that developed the standard: Europay International (now MasterCard Europe), MasterCard, and VISA.

European Train Control System (ETCS)

The European Train Control System (ETCS) is a component of the uniform European railway guidance system. ETCS is intended to replace the multiplicity of train protection systems employed in different European countries. It will be used for high-speed trains in the medium term and later throughout the entire European railway system.


Program that displays the error messages and notices of the Windows operating system.

Exploit code

(or exploit) A program, a script or a line of code with which vulnerabilities in a computer system can be used to advantage.

Fast flux

Fast flux is a DNS technique used by botnets to conceal phishing or malware-spreading sites by distributing them among different hosts. If a computer fails, the next computer steps into the breach.

Financial agent

A financial agent works as a legal money broker and thus engages in financial transfers. Recently, this term has been used in connection with illegal financial transactions.


A firewall protects computer systems by monitoring incoming and outgoing connections and rejecting them if necessary. A personal firewall (also called a desktop firewall), on the other hand, is designed to protect a stand-alone computer and is installed directly on it.


Instructions stored in a chip to control a device (e.g. a scanner, graphics card, etc.). Firmware, as a rule, may be modified by upgrades.


Adobe Flash (or simply "Flash", formerly "Macromedia Flash") is a proprietary, integrated development environment for creating multimedia content. Flash is now used on many websites, whether as web banners, as part of a website (e.g. as a control menu) or in the form of entire Flash pages.

Flash memory card

Flash memory cards are digital memory chips. Flash memory is used everywhere information must be stored in a very small space. Examples: USB sticks, memory cards for digital cameras, cell phones, handhelds, MP3 players.


Programmes which may be used free of charge.

Frequency-hopping spread spectrum (FHSS)

The frequency-hopping spread spectrum (FHSS) is a frequency spread process for wireless data transmission. It is divided into fast and slow hopping. The carrier frequency changes, and the sequence of the frequency change is determined by pseudo-random numbers.


File Transfer Protocol FTP is a network protocol for transferring data via TCP/IP networks. FTP can be used, for instance, to load websites onto a webserver.

General Packet Radio Service (GPRS)

General Packet Radio Service is a packet-oriented service for data transmission that is used in GSM (mobile communication) networks.


Restrictions for instance in regard to access to websites based on the country assignment of the IP address one uses.

Global Positioning System (GPS)

Global Positioning System (GPS), officially NAVSTAR GPS, is a global navigation satellite system for determining position and measuring time.

Global System for Mobile Communications (GSM)

The Global System for Mobile Communications (previously Groupe Spécial Mobile, GSM) is a standard for fully digital mobile networks, mainly used for telephony, but also circuit-switched and packet-switched data transmission and short messages.

Global System for Mobile Communications - Rail(way) (GSM-R)

Global System for Mobile Communications - Rail(way) (GSM-R or GSM-Rail) is a mobile communications system built on the worldwide dominant GSM standard, but modified for use with railways.


Device for disrupting GPS data.


A hard disk is a magnetic storage medium for computers, which writes the data on the surface of a rotating disk.


All parts of the computer that one could touch, including the keyboard, mouse, printer, external data carriers, graphic cards, etc.

Hidden text

Hidden text on websites that cannot be read by human beings, even though it exists. For instance, the font colour may be transparent.

Home Location Register (HLR)

The Home Location Register (HLR) is a (distributed) database and central component of a mobile communication network. It is the home register of a mobile number; every registered mobile station and associated mobile communication number is saved in the database.


In the field of computer security, a honeypot is a computer programme or server that simulates the network services of a computer, an entire computer network, or the behaviour of a user. Honeypots are employed to obtain information on attack patterns and attacker behaviour.


This was used and is still used in IT to refer mainly to computers with vast computing power (banking). Today, however, this also refers to smaller computer systems (computers of private users, web servers etc.).


File, in which computer names are assigned to IP addresses. This file is to be found on every computer and is used first, as a rule, when locating the computer name/IP address (even before the DNS).


An update which remedies a problem in a programme (bugs, security hole). The term "hotfix" is frequently used as a synonym for the term "patch".


HyperText Markup Language Pages for the World Wide Web are written in HTML. This allows to determine the properties of the web page (e.g. page representation, links to other sites, etc.). Because HTML is made up of ASCII characters, a HTML page can be edited using a normal word processing programme.


HyperText Transfer Protocol A communication standard for transferring HTML documents (e.g. over the Internet).


A protocol for the secure, i.e. encrypted transmission of HTML documents (e.g. via the Internet). See HTTP.


Hypertext is text which, with the help of a network-like structure of objects, links information between hypertext nodes using hyperlinks. Hypertext is written in markup languages which, in addition to formatting instructions, also include commands for hyperlinks. The best known is HyperText Markup Language (HTML) for Internet documents.

Identity theft

Theft and improper use of personal data (passwords, data to use the identity of individuals, corporate secrets, tax returns, credit card data, account information, etc.) by third parties.


Intrusion Detection System System with which unauthorised access to data or computers can be detected.


An IFrame (also inline frame) is an HTML element used to structure websites. It is used to integrate external web contents into one?s own website.

Index page

File on a webserver/website that is usually used as the homepage.

Input validation

Input validation describes the filtering of user input in such a way that it cannot damage the server.

Instant Messaging

Service which enables communication to take place between par-ticipants in real time (chat) and often to be able to exchange data. Millions of users around the globe have already registered with the existing, numerous IM services (AOL, MSN, ICQ, Yahoo, etc.).

Instrument landing system (ILS)

The instrument landing system (ILS) is a system that assists an airplane pilot during approach and landing with the help of two guidance beams.

Internet Protocol (IP)

The Internet Protocol (IP) is a widespread network protocol in computer networks, constituting the basis of the Internet. It is the implementation of the network layer of the TCP/IP or OSI model.

Internet Service Provider

See ISP.


Address to uniquely identify computers on the Internet or on a TCP/IP-network (e.g.:


Internet Relay Chat One of the earliest online chat protocols (no Instant Messaging).


Integrated Services Digital Network Digital telephone circuit. It allows two services to operate simultaneously. For example it is possible to simultaneously make a telephone call and surf on the Internet. Data transmission rates of 64 or 128 kilobits are higher than analogue telephone networks.


Internet Service Provider. Companies that provide different services, mostly against payment, which are necessary for using or operating internet services.

ITU-T X.509

X.509 is an ITU-T standard for a public key infrastructure for the issuing of digital certificates.


Jailbreaking is used to overcome the network restrictions on Apple products by using suitable software.


An object-based scripting language for developing applications. JavaScripts are programme components integrated in HTML code enabling specific functions in internet browsers. For example, while checking user input on an internet form, a JavaScript can verify that all the characters entered of a telephone number are actually numbers. As is the case with ActiveX Controls, JavaScripts are run on the client's computer. Unfortunately dangerous functions can also be programmed with Javascripts. In contrast to ActiveX, JavaScript is supported by all browsers.


Devices or programmes in operation between the computer and the keyboard to record keystrokes.

Keyword Stuffing

Keyword stuffing is considered an unethical method for search engine optimization. Using superfluous and frequently repeated keywords in the meta tags or in the content of the website, an attempt is made to deceive the search engine.

Lawful Interception

"Lawful interception" refers to the surveillance possibilities of states in regard to telecommunications, e.g. in the form of voice, text, images and videos.


A link farm is a collection of websites or entire domains on the Web that primarily serve to establish as many hyperlinks as possible to another website.


A live CD contains a bootable operating system.

Log file

A log file contains the automatically maintained log of all or specific actions of processes on a computer system.

Logic Bomb

A programme which activates a function upon the occurrence of a specific event. Logic bombs are often used by viruses, worms or Trojan horses. The implemented harmful action occurs at a predetermined point in time. For example, a Trojan horse will register keyboard inputs only after the internet browser is started and the user logs in to an online service.


Media Access Control Unique and globally identifiable hardware address of a network adapter. The MAC address is written in the ROM of the adapter by the respective manufacturer (e.g. 00:0d:93:ff:fe:a1:96:72).

Malicious Code

Generic term for software which carries out harmful functions on a computer. This comprises amongst others viruses, worms, Trojan horses. See also Malware.

Malware / Malicious Code

Comes from the terms "malicious" and "software". Generic term for software which carries out harmful functions on a computer. This comprises amongst others viruses, worms, Trojan horses. See also Malware.

Mass e-mail virus / e-mail worm

Malware which is spread by sending e-mails. The term "e-mail worm" is often used for this.

Master boot record (MBR)

The master boot record is the first data block (512 bytes) of a storage medium. The MBR contains information describing the structure of the data carrier and optionally a programme that launches an operating system in one of the partitions.

MD5 hash function

Algorithm converting any text into a numeric sequence of always the same length. Hash functions are used in three areas: - Cryptography. - Database systems. Database systems use hash functions to search efficiently within large databases. - Checksums. A hash value can be assigned to every file. An altered hash value indicates a manipulation.

Memory card

A memory card or flash card is a compact, re-recordable memory device on which any type of data can be stored.


"Metadata" and "meta-information" refer to data containing information about other data.

META refreshes

The refresh tag may be used to redirect to another URL when a page is accessed. Using the content parameter, a delay may also be specified before the redirect is executed. For example: <meta http-equiv="refresh" content="5; URL=" /> This redirects to the website after 5 seconds.


A microprocessor is a processor on a very small scale in which all components of the processor are contained on a microchip.


Man-in-the-middle attacks (MITM) Attacks in which the attacker infiltrates unnoticed the communication channel between two partners and is thereby able to spy on or even modify their data exchanges.


Multimedia Messaging Service Service to send messages with text, picture, animation, audio and video elements to mobile phone users.


MoneyGram International, Inc. is a US financial company headquartered in Minneapolis with an international financial market presence. MoneyGram offices can be used to transfer money between 2 persons in different places.


A compression procedure for audio data.

MP3 player

Software or hardware that can play compressed music data files (MP3).


A compression procedure for multimedia data (e.g. video), there are several standards (MPEG 1 – 4).

Near-Field-Communication (NFC)

Near field communication is an international communication standard for the contactless exchange of data across short distances.

Network Centric Warfare (NCW)/ Network Centric Operations (NCO)

Network-centric warfare (NCW) is a military concept for war in the information age. Modern IT means are included in warfare. Network-centric operations (NCO) refers to the execution of operations on the basis of network-centric warfare.

Network nodes (mesh network)

In a mesh network, every network node is connected with one or more other network nodes. The information is passed from node to node until the destination is reached.


A network share is a device or information on a computer that can be accessed remotely from another computer via a network.

Network stack

In data transmission, the network stack is a conceptual architecture of communication protocols.


A nickname is a (generally short) name used by computer users as a pseudonym in forums and chats.

One-time password

A one-time password is a password for authentication or authorisation. It is only valid for a single transaction and cannot be used a second time.

Open Source

Open source is a range of licences for software whose source code is publically available. Further developments are encouraged by the licence.


Opt-out is a marketing procedure providing automatic inclusion in a distribution list, where the client has the opportunity only after the first distribution to request removal from the list.


Peer to Peer Network architecture in which those systems involved can carry out similar functions (in contrast to client-server architecture). P2P is often used for exchanging data.


Compression program or compression algorithm of a program. Originally intended to optimize the size of a program on the hard drive. Malware often uses upstream packers to prevent recognition by anti-virus software and to make analysis of the malware (reverse engineering) more difficult.


A small, portable radio receiver that uses a radio service generally for altering or transmitting messages to the recipient.


Software which replaces the faulty part of a programme with a fault-free version. Patches are used to eliminate security holes. See also Hotfix.


PayPass is a contactless payment system for small sums based on RFID technology.


Personal Digital Assistant A small electronic device which provides several functions (e.g. agenda, note book, address book, word processing, e-mail and internet access).


The term "peering" is used to describe a direct link between IP networks for routing data exchange between two partners (e.g. providers).

Personal Firewall

A firewall protects computer systems by monitoring incoming and outgoing connections and rejecting them if necessary. A personal firewall (also called a desktop firewall) is designed to protect a stand-alone computer and is installed directly on it.


Manipulation of name resolution via DNS or via local configuration (e.g. host files) with the aim of redirecting users to false servers so as to gain access to confidential data (login data).


Fraudsters phish in order to gain confidential data from unsuspecting Internet users. This may, for example, be account information from online auctioneers (e.g. eBay) or access data for Internet banking. The fraudsters take advantage of their victim's good faith and helpfulness by sending them e-mails with false sender addresses.


PHP is a scripting language mainly used to create dynamic websites or web applications.


Phreaking is the term for “manipulation of telephone equipment”.


A personal identification number (PIN) is a number for authenticating oneself to a machine.


Public Key Infrastructure Infrastructure for the management and use of digital certificates.

Plug-In, Plugin

(Additional) software that extends the basic functions of an application, e.g. Acrobat plug-ins for internet browsers allow direct display of PDF documents.


Proof of Concept Brief, not necessarily complete proof that an idea or method works. For example, exploit codes are often published as PoC so as to underline the effects of a weak point.

Point of sale (POS)

A POS terminal (in Switzerland: EFT/POS terminal) is an online terminal for cashless payments at points of sale.

Point-of-Sale Terminals (POS)

Terminals in businesses where cashless payments with debit and credit cards are possible.


A pop-up is a visual element of a computer programme. Elements "pop up" and cover other parts of the programme.

Programmable logic controller (PLC)

A programmable logic controller (PLC) is a digitally programmed device used to control or regulate a machine or facility. For some years, it has replaced hardwired control elements in most domains.

Programmable Logic Controller (PLC)

A programmable logic controller (PLC) is a digitally programmed device used to control or regulate a machine or facility. For some years, it has replaced hardwired control elements in most domains.


A proxy is a communication interface in a network. It works as a mediator, receiving queries on the one side and making a connection on the other side via its own address.


A system for accepting and forwarding browser queries. In the case of a proxy bot, this task is assumed by a botnet. The primary purpose is to anonymize identity, since the IP address displayed is that of the bot, not that of the user actually submitting the browser query.

Proxy server

Often used as a synonym for HTTP proxy. A system which accepts and forwards browser requests. It is used, amongst other things, for speeding up similar requests, examining contents and for gaining anonymity.

Proxy server

A proxy is a communication interface in a network. It serves as a relay receiving requests on the one side and creating a connection to the other side via its own address.

Public IP address

IP address that is reachable directly and from every point on the Internet.


Redundant Array of Independent Disks A procedure to store data simultaneously on several hard drives. In the case of a hard drive error, loss of data can thereby be avoided. RAID systems can also be used to considerably increase hard drive data transfer rates.


A form of malware used to extort money from the owners of infected computers. Typically, the perpetrator encrypts or deletes data on an infected computer and provides the code needed to recuperate the data only after a ransom has been paid.


rar is an algorithm and file format for data compression, in order to reduce the storage space needed for the archiving and transfer of files.

Recovery process

The recovery of original data after data loss.


Used mostly in connection with websites when the surfer is automatically redirected to another website.


A referrer is the Internet address of the website from which the user has been referred by clicking the link to the current page. The referrer is part of the HTTP query sent to the webserver.


A relay is a system acting as an interim station for the provision of a service. In connection with malware and spam, relays are used to conceal the real sender and prevent blocking. Open SMTP relays are of particular note. These are computers that accept e-mails from any given computer and forward them to third parties, even though they are not responsible for the e-mails of either party. Botnets are often also used for relay purposes. Internet Relay Chat (IRC) is also significant in this connection, since it is often abused as a communication interface for botnets.

Remote Administration Tool

A remote administration tool is used for the remote administration of any number of computers or computing systems.

Réseaux IP Européens (RIPE)

The Réseaux IP Européens Network Coordination Centre (RIPE NCC) is a regional Internet registry responsible for assigning IP address ranges and AS numbers in Europe, the Middle East and Central Asia.


Resolvers are simply structured software modules installed on the computer of a DNS member that can access the information of name servers. Resolvers constitute the interface between application and name server.


RFID (radio-frequency identification) permits the automatic identification and localisation of objects and living beings.

Rogue software / Rogueware

Rogue software, also called rogueware, is malware pretending to have found malicious software (usually spyware) and offering to remove it for a fee.


Read Only Memory Memory in which data can only be read, but not altered.

Root certificate

Certificate serving to validate all subordinate certificates.


A collection of programs and technologies which allow unnoticed access to and control of a computer to occur.


Computer network, telecommunication, or also Internet devices used to link or separate several networks. Routers are used, for instance, in home networks, establishing the connection between the internal network and the Internet.

RSA encryption

Short for Rivest-Shamir-Adleman encryption. A public-key encryption algorithm introduced in 1978. RSA is an asymmetric algorithm.


Sandboxing is a technique generating a separated environment on a computer, which can be used to execute untrusted programmes.

SCADA systems

Supervisory Control And Data Acquisition Systeme. Are used for monitoring and controlling technical processes (e.g. in energy and water supply).


Scareware is software designed to scare the user or make the user uncertain. It is an automated form of social engineering. If the victim falls for the trick and believes to be under threat, an offer is often made to the victim to remove the non-existent threat in return for payment. In other cases, the victim is made to believe that an attack has already been successful, causing him or her to perform actions that make the attack possible in the first place.


Scareware is software designed to make computer users nervous or fearful. The term is composed of scare and software. It is an automated form of social engineering. If the victim falls for the trick and believes to be under threat, the scareware often offers the victim elimination of the non-existent threat in return for payment.


A screenshot in ICT is the storage of the current graphical content of the screen.


SecurID is a security system manufactured by RSA Security for authentication, i.e. for verification of the identity of users.

Security holes

A loophole or bug in hardware or software through which attackers can access a system.


Initial value for calculating one-time passwords, such as for SecurID.


Computer system which provides clients with certain resources or data, such as storage space, services (e.g. e-mail, internet, FTP, etc.).


Secure Hash Algorithm. The term "SHA" describes a group of standardised cryptological hash functions that calculate an unambiguous hash value for any kind of electronic data.


Software which can be tested free of charge for a certain period of time. Sometimes, some functions are not available. After the expiration time, the programme can and should no longer be used for free.


When a session is sidejacked, the attacker reads the network traffic between two parties in order to steal the session cookie.


A SIM card (subscriber identity module) is a chip card inserted into mobile phones and used to identify the user on the network


Session Initiation Protocol Protocol suite standardised by the IETF for VoIP and other communication technologies.


"Skimming" refers to a man-in-the-middle attack that illegally spies out credit card or banking card data. Skimming is used to obtain card data by reading data off magnet stripes and copying them to counterfeit cards.

Smart grid

Smart grids are intelligent (electricity) grids that report data from various devices on the grid (typically meters installed at the user's location) to the operator. Depending on the design, commands may also be issued to these devices.

Smart Meter

A smart meter is an energy meter that displays the actual energy use and actual usage period to an energy consumer; the information can also be transmitted to the energy supplier.


A smartphone is a mobile phone that offers more computer functionality and connectivity than a standard advanced mobile phone.


Short Message Service Service to send text messages (160 characters maximum) to mobile phone users.


The mobile TAN (mTAN) variant or smsTAN includes text messages as a transmission channel. The transaction number (TAN) is sent in the form of a text message.

Social Engineering

Social engineering attacks take advantage of people's helpfulness, credulity or lack of self confidence in order to gain access to confidential data or to prompt them to perform certain actions, for example.

Social networking sites

Websites for communication among users by means of personally designed profiles. Often, personal data such as names, dates of birth, images, professional interests, and hobbies are disclosed.

Software Update

Software which replaces the faulty part of a programme with a fault-free version. Patches are used to eliminate security holes. See also Hotfix.


Solaris (formerly SunOS) is a Unix operating system developed by Sun Microsystems and is a member of the Unix System V family. With Version 10 of Solaris, finally, important parts of the Sun source code were disclosed, and the system was freely released for download as OpenSolaris.

Source code

In computer science, "source code" refers to the text of a computer program written in a programming language that is readable for humans.

Source Code

Computer program written in a human-readable programming language.

Source text

In computer science, source text (or source code) refers to the text of a computer programme written in a programming language that humans can read.


Spam refers to unsolicited and automatically sent mass advertis-ing, into which category spam e-mails also fall. The person re-sponsible for these messages is known as a spammer, whereas the actual sending itself is known as spamming.


Spam traps are normally e-mail address specially created to receive spam. For this purpose, these addresses are published in as many places as possible.

Spear Phishing

Targeted phishing attacks. The victim is made to believe that he/she is communicating via e-mail with a person they are acquainted with.


In information technology, "spoofing" refers to various deception attempts in computer networks to conceal one's own identity.


Spyware collects information about the user's surfing habits or system configuration without his knowledge and transmits it to a predefined address.


Database built with the Structured Query Language (SQL) database language. SQL has a relatively simple structure based semantically on English. SQL provides numerous commands for manipulating data pools (insert, modify, and delete datasets) and for querying data.


SQL injection refers to the exploitation of a vulnerability in connection with SQL databases, resulting from insufficient verification of the variables to be transmitted. The attacker attempts to inject his own database commands, in order to change the data as desired or to gain control over the server.


Squatters are persons or organizations who register Internet domains with slight typographic modifications, in the hope that users will mistype and accidentally land on these websites (e.g.: instead of This can be used to place advertisements on these sites, but also to distribute malware. The term is also applied to persons who register unused, attractive domains in the hope of reselling them later on.


Secure Shell A protocol for encrypted communication. It may be used to securely login to a computer system via a network (e.g. the Internet).


Service Set Identifier Identifies the WLAN network names. All WLAN access points and end devices must use the same SSID in order to communicate with each other.


Secure Sockets Layer Protocol that provides secure communication on the internet. SSL is used today, for instance, in online financial transactions.

SSL/TLS server certificate

A digital certificate is the cyberspace equivalent of a personal identification card and serves to assign a specific public key to a person or organisation. This assignment is certified by the certificate authority with its own digital signature.

SSL certificate

Secure Sockets Layer certificate Certificate required for communication via SSL. This certificate can be used to verify the identity of a system.


In peer-to-peer networks, supernodes are responsible for data flow and the connections with other users; they serve as relays and proxies.

Symmetric encryption

In contrast to asymmetric encryption, both participants in symmetric encryption use the same key.


A SYN flood is a type of DDoS attack on a computer system. The attack employs the connection structure of the TCP transport protocol to make individual services or entire computers inaccessible from the network.

three-way handshake

A three-way handshake is a method for establishing loss-free data transmission between two instances. Although predominantly used in network technology, three-way handshakes are not restricted to that field.

Time to live (TTL)

Time to live or TTL is the name of a header field in the Internet Protocol preventing unlimited forwarding of undeliverable packets from router to router.


Hardware components, which provide an authentication factor (cf. two-factor authentication) e.g. smartcards, USB tokens, SecureID, etc.).


Software utility


A graphical bar in a computer programme on which buttons, symbols, menus and other elements are placed.


Every name of a domain on the Internet consists of a sequence of character strings separated by periods. The term "top level domain" refers to the last name in this sequence, constituting the highest level of the name resolution. If the full domain name of a computer or website is, for instance, the right-most member of the sequence (com) is the top level domain of this name.

Transaction number (TAN)

In the classic TAN procedure, the electronic banking customer receives a list of transaction numbers. Every time a transaction is conducted, a given TAN off this list must be entered.

Transaction signing

Additional security element in e-banking. When a client makes a payment order, a code is sent to the client's cell phone by SMS, for instance. Only after entering the code in the e-banking system does the bank execute the payment.

Transmission Control Protocol / Internet Protocol (TCP/IP)

Transmission Control Protocol / Internet Protocol (TCP/IP) is a family of network protocols, also referred to as the Internet protocol family because of its great importance for the Internet.


Hidden and unknown access to a computer or application to circumvent the login procedure. Trapdoors are often built-in during the development of software to speed up testing and which are not always removed upon delivery.

Trojan horses

Trojan horses (often referred to as Trojans) are programs that covertly perform harmful actions while disguised as a useful application or file.


Messages sent using the Twitter communication platform.

Two-factor authentication

For this at least two of the following three authentication factors are required: 1. Something you know (e.g. password, PIN, etc.) 2. Something you have (e.g. a certificate, token, list of codes, etc.) 3. Something you are (e.g. finger print, retina scan, voice recognition, etc.)


Uniform Resource Locator The web address of a document. It consists of protocol name, server name, path and document name (e.g.:

URL manipulation

With certain manipulations of the URL, a server can be made to display pages that are actually blocked.

URL shortening service

A URL shortening service is a service used to create URLs that forward to other URLs; the created URLs should consist of a character string that is at short as possible. The original purpose was to create more manageable aliases for long URLs.


Universal Serial Bus Serial bus (with a corresponding interface) which enables peripheral devices such as a keyboard, a mouse, an external data carrier, a printer, etc. to be connected. The computer does not have to be switched off when a USB device is unplugged or plugged in. New devices are for the most part automatically identified and configured (depending on the operating system).

USB Memory Stick

Small high capacity data storage devices, connected to a computer via the USB interface.

User Agent

A user agent is a client programme for accessing a network service.

User Datagram Protocol (UDP)

UDP is a minimal, connectionless network protocol belonging to the transport layer of the Internet protocol family. UDP's job is to assign data transferred via the Internet to the proper application.


A self-replicating computer program with harmful functions that attaches itself to a host program or host file in order to spread.

Voice phishing

Voice phishing is a form of Internet scam, derived from the word "fishing" and the method of VoIP telephony used.


Voice over IP. Telephony via internet protocol (IP). Frequently used protocols: H.323 and SIP.

Volume Boot Record (VBR)

A volume boot record is a boot sector on a data carrier system containing code to launch programmes that are contained on another data volume of the data carrier.


Virtual Private Network Provides safe communication between computers in a public network (e.g. the internet) by encrypting the data flow.


A loophole or bug in hardware or software through which attackers can access a system.


In computer jargon, warez refers to illegally obtained or distributed software (illegal copy).

Web 2.0

Web 2.0 is a slogan referring to a number of interactive and collaborative elements on the Internet and especially the World Wide Web. Drawing on the version numbers of software products, the term postulates a new generation of the Web, distinguishing it from earlier types of use.


Wired Equivalent Privacy An early encryption program used in WLAN connections, now considered insecure.

Western Union

Western Union is the leading provider of worldwide money transfer services and offers the possibility of transferring money quickly around the world, paying bills, and acquiring payment authorisations.


A "white list" or "positive list" in information technology refers to a tool with the help of which similar elements are compiled that, in the opinion of the author, are trustworthy.


WLAN stands for Wireless Local Area Network.


Unlike viruses, worms do not require a host program in order to propagate. Instead, they use vulnerabilities or configuration errors in operating systems or applications to spread by themselves from one computer to another.


Wi-Fi Protected Access Improved encryption method used in wireless LAN connections.


Wi-Fi Protected Access 2 New security standard for Wireless-LANs in accordance with IEEE 802.11i specification. Successor to the WPA technique and to the WEP technique considered to be insecure.


The X Window System (also: X Version 11, X11, X) is a network protocol and software for graphics display on most Unix-like operating systems and OpenVMS.

Zero day exploit

An exploit which appears on the same day as the security holes are made public.

Zero-day vulnerability

Vulnerability for which no patch exists.


zip is an algorithm and file format for data compression, in order to reduce the storage space needed for the archiving and transfer of files.

Zombie computer

Synonym for bot / malicious bot

Last modification 30.11.2020

Top of page