DOCSLIB.ORG

A Short Course Computer Viruses

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

A Short Course on Computer Viruses by Dr. Frederick B. Cohen Copyright c ASP Press, 1990 { All Rights Reserved ISBN# 1-878109-01-4 ASP Press PO Box 81270 Pittsburgh, PA 15217 USA Contents 0.1 Introduction 1 Computer Virus Basics 1.1 What is a Computer Virus? 1.2 How Do Viruses Spread Through Systems? 1.3 What Damage Could A Malicious Virus Do? 1.4 Some Other Things Malicious Viruses Might Do 1.4.1 A Data Diddling Virus 1.4.2 The Random Deletion Virus 1.4.3 A Production Destruction Virus 1.4.4 A Protection Code Changing Virus 1.4.5 A Network Deadlock Virus 1.4.6 An Ex- ecutive Error Virus 1.4.7 A Covert Channel Virus 1.4.8 Synergism in Attack 1.5 What Could a Benevolent Virus Do? 1.5.1 Maintenance Viruses 1.5.2 Distributed Databases with Viruses 1.5.3 Life for Its Own Sake 1.5.4 Practical Limits 1.6 Viruses in Specific Computing Environments 1.6.1 Viruses in MVS 1.6.2 PC, MacIntosh, and Amiga Viruses 1.6.3 Viruses in Unix and VMS 1.6.4 Viruses in LANs 1.7 The Three Differ- ences 1.7.1 Generality 1.7.2 Range of Effect 1.7.3 Persistence 1.8 High Risk Activities 1.9 Summary 2 Real World Viruses 2.1 Some Early Experiments 2.1.1 The First Scientific Experiment 2.1.2 A Compression Virus 2.1.3 A Bell-LaPadula Based System 2.1.4 Instrumentation 2.1.5 Psychological Effects of Experi- ments 2.2 The Computer Virus Record Book 2.2.1 The Smallest 2.2.2 The Fastest on a PC 2.2.3 Spreading in Networks 2.2.4 Other Time Dependent Indications of Interest 2.3 Real World Computer Viruses 2.3.1 The Xerox Worm 2.3.2 The First Maintenance Viruses 2.3.3 The Lehigh Virus 2.3.4 The Brain Virus 2.3.5 The Jerusalem Virus 2.3.6 The Swiss Amiga Virus 2.3.7 The Mainframe Christmas Card Virus 2.3.8 The MacMag Virus 2.3.9 The Scores Virus 2.3.10 The Internet Virus 2.3.11 The AIDS Disk 2.3.12 The Datacrime Virus 2.3.13 Early Evolutionary Viruses 2.3.14 Simulation (Stealth) Viruses 2.3.15 The Bulgar- ian Viruses 2.3.16 Some Trends 2.3.17 Virus ToolKits and Automated Evolution 2.3.18 Cruncher 2.3.19 What's in a Name? 3 Technical Protection From Viruses 3.1 Perfect Technical Defenses 3.1.1 Limited Sharing 3.1.2 Limited Transitivity 3.1.3 Limited Function 3.2 Technical Defenses With Major Flaws 3.2.1 Can We Detect All Viruses? 3.2.2 Can We Find Resulting Infections 3.2.3 The Tail Chasing Problem 3.2.4 Instrumentation 3.2.5 Vaccines 3.2.6 Virus Scanners 3.2.7 Software Self Defense 3.2.8 Boot Locks 3.2.9 Snapshots 3.2.10 System Call Interception 3.3 Technical Defenses That Work Well 3.3.1 Software Fault Tolerance 3.3.2 Sound Change Control 3.3.3 Integrity Shells 3.3.4 Integrity Shell Limitations and Features 3.4 Defense-in-depth Against Viruses 3.4.1 The Moated Wall 3.4.2 Synergistic Effects of Defense-in-depth 3.4.3 Limits of Synergism 3.4.4 Other Effects 4 Non-Technical Defenses 4.1 Limited Sharing 4.1.1 Isolation During Attack 4.1.2 Separation of Function 4.1.3 The AIDS Disk 4.1.4 No External Disks 4.1.5 Clearing Houses 4.1.6 Limiting Information Sources 4.2 Change Controls 4.3 Auditing 4.4 Peer Network Problems 4.5 Tracking Down Attackers 4.5.1 Tracking Down The Christmas Card Attacker 4.5.2 Tracking Down The Internet Attacker 4.5.3 When A Success Is Not A Success 4.5.4 Needed Improvements In EDP Audit 4.6 Backups as a Defense 4.6.1 They Don't Always Work 4.6.2 They Aren't Kept Long Enough 4.6.3 They Act As Safe Harbor For Viruses 4.7 Recovery From Viral Attack 4.7.1 See It 4.7.2 Kill It 4.7.3 Get Away Quickly 4.8 CERT Teams 4.9 Reactive And Proactive Defense 4.10 Management Tools 4.11 Laws Against Malicious Viruses 4.11.1 Intent 4.11.2 Malice 4.11.3 Unauthorized 4.11.4 Other Factors 4.11.5 Civil Re- course 5 Some Analysis 5.1 Risk Analysis 5.2 Product Comparison By Type 5.2.1 Defense-in-depth 5.2.2 Perfect Defenses 5.2.3 Integrity Shells 5.2.4 Cryptographic Checksums 5.2.5 System Call Detection and Prevention 5.2.6 Known Viruses Detectors 5.2.7 Special Purpose Defenses 5.2.8 Looking For Questionable i ii CONTENTS Instructions 5.2.9 Examining Printable Strings 5.3 Epidemiology of Computer Viruses 5.3.1 Virus Vectors 5.3.2 General Trends and Time Factors 5.3.3 Susceptibility of Modern Systems 5.3.4 How Defenses Impact Epidemiology 5.3.5 Another Vital Result 5.3.6 The Impact of Evolution on Epidemiology 5.3.7 How Good is Good Enough? 5.3.8 Epidemiology and Strategic Planning 5.4 Exposure Analysis 5.4.1 The Informa- tion Flow Model 5.4.2 The New Exposure Analysis 5.5 A Cost Analysis Of Viruses and Select Defenses 6 Strategy and Tactics in Virus Defense 6.1 General Principles 6.1.1 General Strategic Needs 6.1.2 General Tactical Needs 6.2 Some Widely Applicable Results 6.3 Some Examples 6.3.1 Typical Attacks 6.3.2 The Small Business Scenario 6.3.3 The University Scenario 6.3.4 The Financial Institution Scenario 6.3.5 The Computer Company Scenario 0.1. INTRODUCTION iii 0.1 Introduction This book was derived from recordings of my one-day short courses on computer viruses. The course runs about 8 hours, and at the time of this writing, had been taught about 50 times. In this course, I try to avoid the deep technical details and most of the mathematics behind the conclusions presented. At the same time, I think it is important to provide enough evidence to be convincing and understandable. As an aid to the technically inclined reader, I have provided a number of good references which contain more detailed technical information. This is not a technology book, it is a science book. By that I mean that the purpose of the book is to educate the reader, so that for the rest of their life, they will understand about computer viruses, and never be surprised by what happens. For that reason, I avoid discussing details of particular technologies except for the purpose of providing examples. The point is to give you knowledge of the subject that can be applied regardless of the system you are using, the programming languages in the environment, or the most popular operating system of the day. The intended audience is anyone who works intimately with computers on a day-to-day basis. It will be particularly helpful to computer programmers, information systems managers, systems administrators, EDP auditors, and computer security specialists, but it would also be a good book for an undergraduate student who has taken a course on computers, and has been used in graduate programs as a supplement to other material. You will find the coverage of this book quite broad. We begin with the basics of computer viruses, and discuss how they work, what they can do, and how they are different from other technologies. We then discuss scientific experiments with viruses, viruses that have appeared in the real world, and how organizations have historically responded to the threat of viruses. Next, we go into details about defenses, starting with theoretically sound defenses, then moving into a series of examples of defenses that don't work very well, describing the best current defenses in real systems, and discussing non-technical defenses and management issues. Next we analyze the impact of computer viruses and defenses, go through a series of scenarios that consider viruses in a variety of real-world situations, and sum up the course. Finally, in the appendices, we tell `the good joke' that I tell just after lunch to wake people up before starting the second half of the course, include the most commonly requested technical details, and provide a list of about 75 annotated references to related works. I hope that you enjoy this book, and I welcome your comments and suggestions. iv CONTENTS Chapter 1 Computer Virus Basics 1.1 What is a Computer Virus? I would like to start with a formal definition . 8M8V (M; V ) 2 VS , [V 2 TS]and[M 2 TM]and [8v 2 V [8HM [8t8j [1)PM (t) = jand 2)2M (t) = 2M (0)and 3)(2M (t; j); :::; 2M (t; j+ j v j −1)) = v] ) [ 9v0 2 V [9t0 > t[9j0 [1)[[(j0+ j v0 j) ≤ j]or[(j+ j v j) ≤ j0]]and 0 0 0 0 0 0 2)(2M (t ; j ); :::; 2M (t ; j + j v j −1)) = v and 3)[9t00s:t:[t < t00 < t0] and 00 0 0 0 [PM (t ) 2 j ; :::; j + j v j −1] ]]] ] ] ] ] ] Figure 1.1: Formal Definition So much for that! Now let me tell you what it means.
Recommended publications
  • Security on the Mainframe Stay Connected to IBM Redbooks

    Security on the Mainframe Stay Connected to IBM Redbooks

    Front cover Security on the IBM Mainframe Operating system and application security IBM Security Blueprint and Framework IBM mainframe security concepts Karan Singh Lennie Dymoke-Bradshaw Thomas Castiglion Pekka Hanninen Vincente Ranieri Junior Patrick Kappeler ibm.com/redbooks International Technical Support Organization Security on the IBM Mainframe April 2010 SG24-7803-00 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. First Edition (April 2010) This edition applies to the IBM System z10 Enterprise Class server, the IBM System z10 Business Class server, and Version 1, Release 11, Modification 0 of z/OS (product number 5694-A01). © Copyright International Business Machines Corporation 2010. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . ix Trademarks . .x Preface . xi The team who wrote this book . xi Now you can become a published author, too! . xii Comments welcome. xii Stay connected to IBM Redbooks . xiii Part 1. Introduction . 1 Chapter 1. Introduction. 3 1.1 IBM Security Framework. 4 1.1.1 People and identity . 5 1.1.2 Data and information. 5 1.1.3 Application and process . 5 1.1.4 Network, server, and endpoint . 5 1.1.5 Physical Infrastructure . 6 1.2 Framework and Blueprint . 7 1.3 IBM Security Blueprint. 7 Chapter 2. Security of the IBM Mainframe: yesterday and today . 13 2.1 Operating systems . 14 2.1.1 z/OS operating system family . 14 2.1.2 z/VM Hypervisor family .
  • CA ACF2 for Z/OS Quick Reference Guide

    CA ACF2 for Z/OS Quick Reference Guide

    CA ACF2™ for z/OS Quick Reference Guide r12 Third Edition This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational purposes only and are subject to change or withdrawal by CA at any time. This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. This Documentation is confidential and proprietary information of CA and may not be used or disclosed by you except as may be permitted in a separate confidentiality agreement between you and CA. Notwithstanding the foregoing, if you are a licensed user of the software product(s) addressed in the Documentation, you may print a reasonable number of copies of the Documentation for internal use by you and your employees in connection with that software, provided that all CA copyright notices and legends are affixed to each reproduced copy. The right to print copies of the Documentation is limited to the period during which the applicable license for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
  • Malware Primer Malware Primer

    Malware Primer Malware Primer

    Malware Primer Malware Primer Table of Contents Introduction Introduction ...........................................................................................................................................................................2 In The Art of War, Sun Tzu wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” This certainly applies Chapter 1: A Brief History of Malware—Its Evolution and Impact ..............................3 to cyberwarfare. This primer will help you get to know cybercriminals by providing you with a solid foundation in one of their principle weapons: Chapter 2: Malware Types and Classifications ....................................................................................8 malware. Chapter 3: How Malware Works—Malicious Strategies and Tactics ........................11 Our objective here is to provide a baseline of knowledge about the different types of malware, what malware is capable of, and how it’s distributed. Chapter 4: Polymorphic Malware—Real Life Transformers .............................................14 Because effectively protecting your network, users, data, and company from Chapter 5: Keyloggers and Other Password Snatching Malware ...............................16 malware-based attacks requires an understanding of the various ways that the enemy is coming at you. Chapter 6: Account and Identity Theft Malware ...........................................................................19 Keep in mind, however, that we’re only able here
  • Virus Bulletin, June 1996

    Virus Bulletin, June 1996

    ISSN 0956-9979 JUNE 1996 THE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Ian Whalley CONTENTS Assistant Editor: Megan Skinner EDITORIAL Technical Editor: Jakub Kaminski A Little Knowledge… 2 Consulting Editors: VIRUS PREVALENCE TABLE 3 Richard Ford, Command Software, USA Edward Wilding, Network Security, UK NEWS 1. Yisrael Radai 3 2. Scary Monsters and Super Creeps? 3 IBM PC VIRUSES (UPDATE) 4 IN THIS ISSUE: INSIGHT • Through the looking-glass. Windows 95 descended on The Road is Long… 6 the world last year with a media outcry reminiscent of a VIRUS ANALYSIS major discovery in the medical field. With it, inevitably, came the threat of viruses, followed by anti-virus soft- CNTV – New Technology 8 ware developed for the system. What is available, and COMPARATIVE REVIEW how good are the products? VB has done an exhaustive When I’m Cleaning Windows 10 series of tests: turn to p.10 for the whole story. CONFERENCE REPORT • On being professional. NetPROT has been reincarnated as F-PROT Professional for NetWare: an evaluation of IVPC 96: Exponentially Yours 25 Command Software’s latest network baby can be found PRODUCT REVIEWS on p.26. 1. F-PROT Professional for NetWare 26 • Yisrael Radai. Just before going to print, VB learned of 2. Vi-Spy 29 the death of Yisrael Radai, internationally recognised END NOTES & NEWS 32 anti-virus researcher. Story on p.3. VIRUS BULLETIN ©1996 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, OX14 3YS, England. Tel +44 1235 555139. /96/$0.00+2.50 No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form without the prior written permission of the publishers.
  • Virus Bulletin, August 1993

    Virus Bulletin, August 1993

    August 1993 ISSN 0956-9979 THE AUTHORITATIVE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Richard Ford Technical Editor: Fridrik Skulason Consulting Editor: Edward Wilding, Network Security Management, UK Advisory Board: Jim Bates, Bates Associates, UK, David M. Chess, IBM Research, USA, Phil Crewe, Ziff-Davis, UK, David Ferbrache, Defence Research Agency, UK, Ray Glath, RG Software Inc., USA, Hans Gliss, Datenschutz Berater, West Germany, Igor Grebert, McAfee Associates, USA, Ross M. Greenberg, Software Concepts Design, USA, Dr. Harold Joseph Highland, Compulit Microcomputer Security Evaluation Laboratory, USA, Dr. Jan Hruska, Sophos, UK, Dr. Keith Jackson, Walsham Contracts, UK, Owen Keane, Barrister, UK, John Laws, Defence Research Agency, UK, Dr. Tony Pitt, Digital Equipment Corporation, UK, Yisrael Radai, Hebrew University of Jerusalem, Israel, Roger Riordan, Cybec Pty, Australia, Martin Samociuk, Network Security Management, UK, John Sherwood, Sherwood Associates, UK, Prof. Eugene Spafford, Purdue University, USA, Dr. Peter Tippett, Symantec Corporation, USA, Steve R. White, IBM Research, USA, Joseph Wells, Symantec Corporation, USA, Dr. Ken Wong, PA Consulting Group, UK, Ken van Wyk, CERT, USA. CONTENTS VIRUS ANALYSES 1. Daemaen: Multi-multipartism 9 EDITORIAL 2. 8888 - The Poor Man’s Commander Bomber 12 Crime and Punishment 2 ROGUES’ GALLERY VIRUS PREVALENCE TABLE 3 Keep It To Yourself 14 NEWS Storing Up Trouble 3 PRODUCT REVIEW 40Hex Print DAME Source code... 3 Better CPAV than CPAV? 16 Crown Wins Logic Bomb Case 3 COMPARATIVE REVIEW IBM PC VIRUSES (UPDATE) 4 OS/2 Virus Protection 20 INSIGHT Getting to the Point 7 END NOTES & NEWS 24 VIRUS BULLETIN ©1993 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England.
  • CA ACF2™ R14 SP1 for Z/OS Security Target

    CA ACF2™ R14 SP1 for Z/OS Security Target

    CA ACF2™ r14 SP1 for z/OS Security Target Version 1.1 March 7, 2011 Prepared for: CA 2400 Cabot Drive Lisle, IL 60532 Prepared by: Booz Allen Hamilton Common Criteria Testing Laboratory 900 Elkridge Landing Road, Suite 100 Linthicum, MD 21090-2950 Page 1 Table of Contents 1 Security Target Introduction ....................................................................................... 7 1.1 ST Reference ....................................................................................................... 7 1.1.1 ST Identification ............................................................................................. 7 1.1.2 Document Organization .................................................................................. 7 1.1.3 Terminology .................................................................................................... 8 1.1.4 Acronyms ...................................................................................................... 10 1.1.5 References ..................................................................................................... 11 1.1.6 CC Concepts ................................................................................................. 11 1.2 TOE Reference.................................................................................................. 12 1.2.1 TOE Identification ........................................................................................ 12 1.3 TOE Overview .................................................................................................
  • IBM Multi-Factor Authentication for Z/OS

    IBM Multi-Factor Authentication for Z/OS

    IBM Multi-Factor Authentication for z/OS Ross Cooper, *CISSP IBM z/OS Security Software Design and Development NewEra – The z Exchange 10/24/2017 Current Security Landscape 1,935 81% Number of security incidents Number of breaches in 2016 with confirmed data due to stolen and/or disclosure as a result of weak passwords.1 stolen credentials.1 (18% worse than prior year) (506 worse than prior year) 60% $4 million Number of security The average total cost incidents that are from 2 of a data breach. insider threats. 3 Criminals are identifying key employees at organizations and exploiting them with savvy phishing attacks to gain initial access to the employees’ system and steal their account credentials. This puts emphasis on the need for tighter restrictions on access privileges to key data repositories.1 1 2017 Verizon Data Breach Investigations Report 2 Ponemon: 2016 Cost of Data Breach Study: Global Analysis 2 3 IBM X-Force 2016 Cyber Security Intelligence Index User Authentication Today on z/OS • Users can authenticate with: ‒ Passwords ‒ Password phrases ‒ Digital Certificates ‒ via Kerberos • Problems with passwords: ‒ Common passwords ‒ Employees are selling their passwords ‒ Password reuse ‒ People write down passwords ‒ Malware ‒ Key log ‒ Password cracking 3 Compliance PCI DSS v3.2 8.3 Secure all individual non-console administrative access and all remote access to the CDE using multi-factor authentication. 8.3.1 Incorporate multi-factor authentication for all non-console access into the Cardholder Data Environment (CDE) for personnel with administrative access. Note: This requirement is a best practice until January 31, 2018, after which it becomes a requirement.
  • CNS Lecture 13

    CNS Lecture 13

    In the news CNS Lecture 13 Microsoft workstation server buffer overflow Microsoft XML core services remote code execution Network defenses Microsoft agent buffer overflow IPsec WinZip remote code execution Virtual Private Networks (VPNs) Wireless security Kerberos Trusted systems Secure OS CNS Lecture 13 - 2 Network security You are here … Attacks & Defenses Cryptography Applied crypto VULNERABILITIES COUNTERMEASURES • denial of service • disable denial of service disable • Risk assessment •Random numbers •SSH – ICMP smurf, redirects, unreachable • configure properly – SYN flooding • xinetdxinetd,, tcpwrappers • Viruses – frag, teardrop – filters (allow, deny) •Hash functions •PGP • • Unix security impersonationimpersonation – audit and alarm – host rename (LAN) • filtering portmap MD5, SHA,RIPEMD • • S/Mime – DNS • application filtering ((securelibsecurelibsecurelib)))) authentication – source routing • patches • Network security •Classical + stego •SSL • Session capture/modification • scanners ((NessusNessusNessus,, ISS) – TCP seq number guessing • Firewalls,vpn,IPsec,IDS firewalls •Number theory •Kerberos – TCP hijacking • intusionintusion detection & response • Forensics – sniffing • encryption, virtual private networks ((VPNsVPNsVPNs)))) • • • Server/application attacks Symmetric key IPsec – application flooding (ftp,mail,echo) – buffer overflows DES, RijndaelRijndael,, RC5 •Crypto APIs – Software bugs •Public key •Secure coding RSA, DSA, DD----H,ECCH,ECC CNS Lecture 13 - 3 CNS Lecture 13 - 4 Where to encrypt? Internet
  • Identity Manager 3.6.1 Fan-Out Driver for Linux and UNIX Administration Guide Novdocx (En) 24 March 2009

    Identity Manager 3.6.1 Fan-Out Driver for Linux and UNIX Administration Guide Novdocx (En) 24 March 2009

    novdocx (en) 24 March 2009 March 24 (en) novdocx AUTHORIZED DOCUMENTATION Administration Guide Novell® Identity Manager Fan-Out Driver for Linux* and UNIX* 3.6.1 December 10, 2009 www.novell.com Identity Manager 3.6.1 Fan-Out Driver for Linux and UNIX Administration Guide novdocx (en) 24 March 2009 March 24 (en) novdocx Legal Notices Novell, Inc. and Omnibond Systems LLC. make no representations or warranties with respect to the contents or use of this documentation, and specifically disclaim any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. and Omnibond Systems LLC. reserve the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. and Omnibond Systems LLC. make no representations or warranties with respect to any software, and specifically disclaim any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. and Omnibond Systems LLC. reserve the right to make changes to any and all parts of the software, at any time, without any obligation to notify any person or entity of such changes. Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of the other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S.
  • IT Acronyms at Your Fingertips a Quick References Guide with Over 3,000 Technology Related Acronyms

    IT Acronyms at Your Fingertips a Quick References Guide with Over 3,000 Technology Related Acronyms

    IT Acronyms at your fingertips A quick references guide with over 3,000 technology related acronyms IT Acronyms at your Fingertips We’ve all experienced it. You’re sitting in a meeting and someone spouts off an acronym. You immediately look around the table and no one reacts. Do they all know what it means? Is it just me? We’re here to help! We’ve compiled a list of over 3,000 IT acronyms for your quick reference and a list of the top 15 acronyms you need to know now. Top 15 acronyms you need to know now. Click the links to get a full definition of the acronym API, Application Programmer Interface MDM, Mobile Device Management AWS, Amazon Web Services PCI DSS, Payment Card Industry Data Security Standard BYOA, Bring Your Own Apps SaaS, Software as a Service BYOC, Bring Your Own Cloud SDN, Software Defined Network BYON, Bring Your Own Network SLA, Service Level Agreement BYOI, Bring Your Own Identity VDI, Virtual Desktop Infrastructure BYOE, Bring Your Own Encryption VM, Virtual Machine IoT, Internet of Things Quick Reference, over 3000 IT acronyms Click the links to get a full definition of the acronym Acronym Meaning 10 GbE 10 gigabit Ethernet 100GbE 100 Gigabit Ethernet 10HD busy period 10-high-day busy period 1170 UNIX 98 121 one-to-one 1xRTT Single-Carrier Radio Transmission Technology 2D barcode two-dimensional barcode Page 1 of 91 IT Acronyms at your Fingertips 3270 Information Display System 3BL triple bottom line 3-D three dimensions or three-dimensional 3G third generation of mobile telephony 3PL third-party logistics 3Vs volume, variety and velocity 40GbE 40 Gigabit Ethernet 4-D printing four-dimensional printing 4G fourth-generation wireless 7W seven wastes 8-VSB 8-level vestigial sideband A.I.
  • Java Security and Z/OS

    Java Security and Z/OS

    Front cover Java Security on z/OS - The Complete View Comprehensively describes z/OS security services for Java applications Provides use cases illustrated with Java program examples Discusses industry-class Java applications Patrick Kappeler Jonathan Barney Pierre Béda Michael Buzzetti Saheem Granados Ebbe Mølgaard Pedersen Kin Ng Michael Onghena Eysha Powers Martina Schmidt Richard Schultz ibm.com/redbooks International Technical Support Organization Java Security on z/OS - The Complete View December 2008 SG24-7610-00 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. First Edition (December 2008) This edition applies to Version 1, Release 10 of z/OS (Program Number 5694-A01). © Copyright International Business Machines Corporation 2008. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . ix Trademarks . .x Preface . xi The team that wrote this book . xi Become a published author . xiii Comments welcome. xiii Part 1. Java and Security . 1 Chapter 1. Overview of Java on z/OS . 3 1.1 Why to choose Java . 4 1.1.1 Introduction to the Java programming language. 4 1.1.2 Java package . 4 1.2 Java Native Interface . 5 1.2.1 Basic elements of the Java Native Interface. 6 1.2.2 JNI and Security . 9 1.3 Accessing z/OS MVS datasets from Java. 9 1.3.1 Using the Java Record I/O API . 10 1.3.2 Using the JZOS toolkit API . 10 1.3.3 Running a Java program as a batch job .
  • The Silent Network: Denying the Spam and Malware Chatter

    The Silent Network: Denying the Spam and Malware Chatter

    The silent network Denying the spam and malware chatter using free tools Peter N. M. Hansteen [email protected] According to statements by a certain proprietary software marketer, the spam and malware problem should have been solved by now. That company isn’t even close, but in the free software world we are getting there fast and having fun at the same time. This paper offers an overview of principles and tools with real life examples and data, and covers the almost-parallel evolution of malware and spam and effective counter-measures. We present recent empirical data interspersed with examples of practical approaches to ensuring a productive, malware and spam free environment for your colleagues and yourself, using free tools. The evolution of content scanning is described and contrasted with other methods based on miscreants’ (and their robot helpers’) behavior, concluding with a discussing of recent advances in greylisting and greytrapping with an emphasis on those methods’ relatively modest resource demands. Copyright © 2006-2007 by Peter N. M. Hansteen This document is Copyright © 2006-2007 Peter N. M. Hansteen. All rights reserved. Paper presented at the BSDCan conference in Ottawa, Ontario, Canada on May 18, 2007. Table of Contents Malware, virus, spam - some definitions ..........................................................................1 A history of malware .............................................................................................................2 The first virus: the Elk Cloner .........................................................................................2