Validation – confirmation, through provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled.
VAR – a value-added reseller.
Vector – in computing, this is the method that malware uses to propagate itself.
Verification – confirmation through the provision of objective evidence that specified requirements have been fulfilled.
Verified by Visa – see 3-D Secure.
Virtualisation – as ‘virtual’ usually means that the thing to which it refers isn’t real, the idea of virtualisation might seem odd. The term, however, refers to the emulation of operating systems and applications within a virtual environment, which itself may co-exist completely independently from other virtual environments on the same physical hardware. Virtualisation enables organisations to substantially reduce the hardware costs associated with running large server farms and, indeed, even with running small numbers of applications.
Virtual Private Networks (SSL, IPSEC) – a Virtual Private Network is an encrypted tunnel over a public network which provides privacy as good as that available on a private network. It consists of encrypted and authenticated logical (not physical) links across shared or public networks that are used to provide remote links to an organisational network. A VPN server within the organisational perimeter encrypts data sent to a VPN client outside the perimeter, and vice versa. See Internet Protocol Security and Secure Sockets Layer.
Virus – a virus is a piece of computer code that is designed to make your computer sick. Like biological viruses, it indiscriminately selects and infects those whose defences are weak or non-existent. Technically, a virus has at least two properties: it is a program capable of replicating, i.e. producing functional copies of itself, and it depends on a host file (a document or executable file, shared by e-mail or Instant Messenger) to carry each copy. It may or may not have a ‘payload’, the ability to do something funny or destructive or clever when it arrives.
Virus hoax – there are people out there who think it’s dead funny to send e-mails to everyone they know, warning of a virus that isn’t one. Frankly, if a real or important new virus existed that you had to hear about from some acquaintance rather than from your anti-virus company, you’ve either chosen a very poor anti-virus supplier (if you have one at all) or you’re being hoaxed. If you’re reading this book, the chances are that it will be the latter. The website: http://vmyths.com is a good place to go if you really want to be sure that a message you’ve received is a hoax.
Virus writers – ‘people’ who write viruses; they should be taken outside and have unspeakable things done to them. Mostly, they are sad people who do it for fun and because they enjoy the challenge of writing clever code. Sometimes they do it out of loneliness, or because they want to have some impact on the world. They often work together and have online groups, websites and communities through which they share work and ideas. They also compete with one another and certainly their relationship with anti-virus companies is often extremely hostile. Virus toolkits are available online, so that anyone with limited code writing skills can also create a virus.
Vishing – this is the criminal use of social engineering techniques over a telephone system, often with features provided by VoIP, to gain access to personal and financial data. Do not provide sensitive personal information to anyone who phones you, however convincing they sound!
VoIP/VOB – Voice over IP/Voice over Broadband is a technology that enables voice-to-voice communication across the Internet.
VPNs – see Virtual Private Networks.
Vulnerability – a weakness of an asset or group of assets that can be exploited by a threat. * The alternative definition, from ISO27000, substitutes ‘control’ for ‘group of assets’ but is otherwise the same. There are regularly updated central stores of known technical vulnerabilities at Bugtraq (www.securityfocus.com/archive/1), CVE (Common Vulnerabilities and Exposures: http://cve.mitre.org/) and in the SANS Top Cyber Security Risks (SANS – SysAdmin, Audit, Network, Security) Institute.
Vulnerability assessment – this is the (usually automated) evaluation (or vulnerability scanning) of operating systems and applications to identify missing fixes for known problems, so that the necessary fixes can be installed and the systems made safe.
Vulnerability scanning – an automated process of scanning a network or a series of information assets to establish if they display any of the characteristics of known vulnerabilities.