Do You Speak Securitese? Five Security Terms You Should Know

Dec 02, 2011 07:06 am | PC World
Knowing these terms won’t make you a security expert—but they’ll provide a good head start on the jargon.

by Nick Mediati

Most websites that handle sensitive information, such as banking and shopping sites, use SSL to keep your private information safe, but sites like Facebook, Gmail, and Twitter also give you the option to use SSL. For other sites, check your account settings to see whether this feature is available.

Certificates: Any website—including malicious ones—can use SSL, so the lock icon in your browser’s toolbar by itself does not mean that you’re safe.

Enter certificates. Briefly, a certificate is a digital document of sorts—an ID badge—that verifies a site’s identity. Certificates are typically issued by organizations called “certificate authorities,” and most are “signed,” which basically means that the certificate authority was able to verify the identity of the website in question. If a certificate isn’t signed, however, your browser will usually pop up a warning about it.

Like everything in security, though, a certificate isn’t a sure thing: In September, a hacker claimed to have broken into the computer systems of DigiNotar, a Dutch certificate authority; the breach resulted in the issuance of forged certificates that attackers might use to make malicious sites appear legitimate and secure.

If you want to learn more, security training company SANS offers a comprehensive glossary of security terms. Google’s “Good to Know” site is a great place to brush up on basic Internet security. And our Security Alert blog provides ongoing security news and information.