Terminologies For Cybersecurity And Ethical Hacking
Overview
Today's world is a digitized world. Technological evolution had made and making great changes in human civilization. The Internet becomes the daily part of our lives, also made the use of technology much comfortable to us. Also, it has it's bad effects cause cyberattacks are on the rise. In a world where cyberattacks have become a clear threat to our everyday lives, providing security to customers who want to protect their families and businesses from cyber threats and exposure to intrusive sites with inappropriate content, is an important role for service providers to fill.
Botnets, backdoors, Trojan Horses, malware, Denial of Service attacks – the language of cybersecurity is filled with distinct jargon to describe its multitude of tools and tactics.
Backbone of Cybersecurity (CIA Triad)
The CIA triad in cybersecurity is a model comprising three core principles: confidentiality, integrity, and availability.
Confidentiality
Integrity
Availability
Cybersecurity Terminologies
Antivirus Software
A software specifically designed for the detection and prevention of known viruses. Often bundled in an internet security package. It is consists of computer programs that attempt to identify threats and eliminate computer viruses and other malware.
Authentication
In cybersecurity, authentication is the process of verifying a user or device's identity before granting access to a system or resources. This ensures that only authorized entities can access sensitive information and systems, typically by using credentials such as passwords, biometrics, or tokens.
Authorization
Access Control
Availability
Adware
Application Gateway
Attack Vector
An Attack Vector is the collection of all vulnerable points by which an attacker can gain entry into the target system. Attack vectors include vulnerable points in technology as well as human behavior, skillfully exploited by attackers to gain access to networks. The growth of IoT devices and (Work from Home) have greatly increased the attack vector, making networks increasingly difficult to defend.
Anti-spyware software
Software specifically designed for the detection and prevention of spyware. Often bundled in an internet security package.
Attack
An intrusion against an information system (computer) resulting in the degradation, denial, or destruction of the information or information system (computer).
Anti-Botnet
Anti-Botnet tools automatically generate botnet checks when a user browses to a website. If a risk is detected, it sends back a warning message to the device. The most common anti-botnet solution is, CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart).
Anti-Malware
Anti-Malware is a program designed to protect computers and networks against any threats or attacks from viruses such as adware, spyware, and any such other malicious programs.
Anti-Phishing
Anti-Phishing protects users from fraudulent websites, often perfect replicas of legitimate websites, undetectable to the human eye. Protection is enforced by detecting fraudulent emails, and by blocking phishing websites.
Advanced Persistent Threat (APT)
In an APT attack a threat actor uses the most sophisticated tactics and technologies to penetrate a high profile network. APTs aim to stay ‘under the radar’ and explore the network while remaining undetected for weeks, months and even years. APTs are most often used by nation-state threat actors wishing to cause severe disruption and damage to the economic and political stability of a country. They can be considered the cyber equivalent of espionage ‘sleeper cells’.
Advanced Threat Protection (ATP)
Advanced Threat Protection (ATP) are security solutions that defend against sophisticated malware or hacking attacks targeting sensitive data. Advanced Threat Protection includes both software and managed security services.
Active Directory (AD)
Backdoor
Refers to any method which allows an authorized or unauthorized user to bypass some or all security measures to gain access to a computer system, network, or software application. Not all backdoors are nefarious—they can be used to assist users who become locked out of their system.
Baiting
Leaving a piece of portable electronic storage media such as a CD, laptop or USB drive near a target’s workplace to tempt the curious victim into seeing what’s on it. When the victim attempts to use the media a malware program releases a virus or exposes personal and financial information to hackers.
Beacon
A type of malware that systematically calls out to a specified IP address or URL from a victimized system. A waiting threat agent can answer this beacon, establishing a connection that provides partial or even full remote access to the victimized system.
Black Hat
A hacker that breaks into a network or device without consent to conduct malicious activities that can be used to harm the owner/users.
Bot/Botnet
A software application or tool that performs tasks on command, allowing an attacker to take control remotely of an affected computer—a collection of infected computers is a botnet.
Brute Force Attack
A programming style that does not include any shortcuts to improve performance, but relies on sheer computing power to try all possibilities until the solution to a problem is found.
Buffer
a buffer is a temporary storage area in memory used to hold data as it is being transferred from one location to another. A buffer overflow occurs when more data is written to the buffer than it can hold, causing the excess data to overwrite adjacent memory locations, potentially leading to security vulnerabilities.
Buffer Overflow
A buffer overflow, also known as a buffer overrun, is a condition in programming and information security where a program writes data to a buffer beyond its allocated memory, overwriting adjacent memory locations. This can lead to erratic program behavior, crashes, or the execution of malicious code.
Bug
A Bug is a flaw or vulnerability in software or hardware that can be exploited by attackers to gain unauthorized access or privileges, compromising the confidentiality, integrity, and availability of digital resources. These bugs can arise from various sources such as coding errors, design flaws, or unexpected interactions between different system components. They can range from minor issues like misspelled words in the user interface to severe problems like system crashes.
Banker Trojan
A Banker Trojan is a malicious computer program that intercepts sensitive personal information and credentials for accessing online bank or payment accounts.
Blacklist, Blocklist, Deny list
Blocklist or Deny list is a basic access control mechanism that allows elements such as email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc. through the system, except those explicitly mentioned which are denied access.
Bot
A Bot is a program that automates actions on behalf of an agent for some other program or person, and is used to carry out routine tasks. Their use for malicious purposes includes spam distribution, credentials harvesting, and the launching of DDoS attacks.
Botnet
A Botnet is a collection of compromised computers running malicious programs that are controlled remotely by a C&C (command & control) server operated by a cyber-criminal. Cybercriminals exercise remote control through automated processes (bots) in public IRC channels or web sites. (Such web sites may either be run directly by the ‘bot herder,’ or they may be legitimate web sites that have been subverted for this purpose).
Business Continuity Plan
A Business Continuity Plan is an organization’s playbook for how to operate in an emergency situation, like a massive cyberattack. The business continuity plan provides safeguards against a disaster, and outlines the strategies and action plan on how to continue business as usual in the event of any large-scale cyber event.
Business Disruption
The term Business Disruption refers to any interruption in the usual way that a system, process, or event works. Cyberattacks cause disruption to business operations and the associated risk of losses to the organization.
Bring Your Own Device (BYOD)
A policy of the organization allowing, encouraging or requiring its employees to use their personal devices such as smartphones, Tablet PCs, and laptops for official business purposes and accessing enterprise systems and data.
Captcha
A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a challenge response test commonly used by websites to verify the user is a real human and not a bot. They can include simple arithmetic and questions about images, that bots have difficulty answering.
Clickjacking
Clickjacking involves tricking someone into clicking on one object on a web page while they think they are clicking on another. The attacker loads a transparent page over the legitimate content on the web page, so that the victim thinks they are clicking on a legitimate item when they are really clicking on something on the attacker’s invisible page. This way, the attacker can hijack the victim’s click for their own purposes. Clickjacking could be used to install malware, to gain access to one of the victim’s online accounts, or to enable the victim’s webcam.
Clientless
Clientless refers to a program that is run entirely from the network, without requiring any installation of software on the endpoint device running the program.
Code Injection
Code Injection is commonly used by malware to evade detection by antivirus and anti-malware programs by injecting a malicious code into a legitimate process. This way the legitimate process serves as camouflage so all anti-malware tools can see running is the legitimate process and thus obfuscates the malicious code execution.
COTS(Commercial off-the Shelf)
Commercial off-the Shelf or Commercially Available off the Shelf (COTS) products are packaged solutions which are then adapted to satisfy the needs of the purchasing organization, rather than the commissioning of custom made, or bespoke, solutions.
Critical Infrastructure
Critical Infrastructure represents the fundamental systems of an organization that are important for its survival and where any threat to such basic systems would endanger the entire organization.
Crypto jacking
Crypto jacking consists of hackers using the computing power of a compromised device to generate or “mine” cryptocurrency without the owner’s knowledge. Mining can be performed either by installing a malicious program on the target computer or through various kinds of fileless malware. Sometimes attackers take over part of the computer’s processing power when a page containing a special mining script is opened. Crypto jacking has been known to occur when viewing online ads or solving a CAPTCHA.
Cyberbullying
Cyberbullying is the use of electronic means, primarily messaging and social media platforms, to bully and harass a victim. Cyberbullying has become a major problem, especially affecting young people, as it allows bullies to magnify their aggressive behavior, publicly ridicule victims on a large scale, and carry out damaging activities in a way that is difficult for parents and teachers to detect.
Cybersecurity
Cybersecurity relates to processes employed to safeguard and secure assets used to carry information of an organization from being stolen or attacked. It requires extensive knowledge of the possible threats such as virus or such other malicious objects. Identity management, risk management and incident management form the crux of cybersecurity strategies of an organization.
Confidentiality
Dark Web
Is a subset of the deep web. Its content is not indexed and consists of overlaying networks that use the public internet but require unique software, configuration, or authorization to access; designed to hide the identity of the user. Commonly contains anonymous journalism and marketplaces for illegal goods and services, and is regularly used by threat actors.
Decryption
Decryption is the process of converting ciphertext (encrypted data) back into plaintext (readable data) using a decryption key or algorithm. This process is essential for ensuring that sensitive information remains confidential and is only accessible to intended recipients who possess the correct decryption key. Decryption is a fundamental component of secure communication, data storage, and various cryptographic protocols.
Deepfake
An audio or video clip that has been edited and manipulated to seem real or (make two lines believable.
Deep Web
Online content that is not indexed by traditional search engines. The content is available to the general public but is harder to find unless you have the exact URL. Legitimate uses of the deep web include online banking, web mail, cloud storage, and legal documents.
Denial of Service (DoS)
Is an attack that inhibits a computer resource from communicating on a network, preventing it from being available to fulfill its purpose either temporarily or permanently.
Directory
Is a centralized listing of resources such as users, groups, files and applications. Directories are also known as folders.
Distributed Denial of Service (DDoS)
Is a DoS attack that is sourced/distributed from many different host systems. In other words, it is an attack that involves using many computers to flood a single target simultaneously, causing a denial-of-service condition. The acronym D/DoS is a common method for referring to both DoS and DDoS attacks.
Domain Name System/Server (DNS)
Domain Name System is a hierarchical naming system built on a distributed database. This system transforms domain names to IP addresses and makes it possible to assign domain names to groups of Internet resources and users, regardless of the entities’ physical location.
DNS Hijacking
A malicious exploit in which a hacker or other party redirects users through the use of a rogue DNS server or other strategy that changes the IP address to which an Internet user is directed.
Domain Name
A text-based translation of the numerical IP address assigned to an internet resource. Most networks and websites have text-based domain names that people can remember, such as www.army.mil. Domain names are also referred to as internet addresses.
Doxing
The process of gathering information about a person or business using online public sources such as social media profiles, reverse phone lookup and search engines. Doxxing typically leads to an anonymous person’s identity being revealed.
Encryption
The conversion of plain text to ciphertext through the use of a cryptographic algorithm. Encryption is commonly used to ensure the confidentiality and integrity of electronic communications and is a direct application of cryptography.
Exploit
In cybersecurity, an exploit is a piece of code or software that takes advantage of a vulnerability in a computer system to perform malicious actions, such as gaining unauthorized access or installing malware. It is designed to cause unintended behavior or to exploit security flaws for malicious purposes.
Firewall
A firewall in cybersecurity is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between trusted internal networks and untrusted external networks such as the internet, helping to block unauthorized access and malicious traffic.
Hacker
An unauthorized user who attempts to or gains access to an information system, the act of which is known as hacking.
Hacktivist
Formed by combining “hack” with “activism,” hacktivism is the act of hacking into a website or computer system to communicate a politically or socially motivated message. For the hacktivist, it is an Internet-enabled way to practice civil disobedience and protest.
Hardware & Hardware Security
Hardware refers to physical devices specifically designed to protect computer systems from vulnerabilities and threats. These devices can include secure boot mechanisms, trusted platform modules (TPMs), and hardware security modules (HSMs). Hardware security involves measures such as physical security and encryption to prevent unauthorized access to the hardware and its data.
Host
A host refers to any hardware device capable of permitting access to a network through a user interface, specialized software, network address, protocol stack, or other means. This includes computers, personal electronic devices, thin clients, and multi-functional devices. Host security encompasses a range of security tools implemented and deployed at the host level to protect these devices. A network host may also work as a server offering information resources, services, and applications to users or other hosts on the network.
Integrity
In cybersecurity, integrity refers to the protection of data from unauthorized modification or tampering, ensuring that the data remains accurate and reliable. This involves safeguarding data during transmission and storage to prevent any unauthorized changes that could compromise its trustworthiness and usability.
Information System (IS)
An information system (IS) is an interconnected set of components used to collect, store, process, and transmit data and digital information. It includes hardware, software, data, people, and processes that work together to transform raw data into useful information, supporting various business objectives such as improved customer service and increased operational efficiency. In the context of cybersecurity, information systems are critical because they contain sensitive data that needs protection from unauthorized access, use, disclosure, disruption, modification, or destruction.
Information Security Policy (ISP)
ISP stands for Information Security Policy, which is a set of rules and processes for employees and affiliated parties designed to protect an organization's information and supporting technology, including servers, networks, and applications, using the principles of confidentiality, integrity, and availability.
Intrusion
An intrusion refers to any unauthorized access or activity on a digital network aimed at compromising data or network security. This can include theft of valuable resources, installation of malware, or other malicious actions intended to disrupt or exploit the network.
Internet Protocol (IP) address & IP Security (IP-Sec)
Internet Protocol (IP) is a set of standards for addressing and routing data on the Internet, ensuring packets of data reach their correct destination using IP addresses and routing information attached to each packet.
In the context of cybersecurity, Internet Protocol Security (IP-Sec) is a comprehensive set of protocols designed to enhance the security of Internet communications. It verifies the identity and encrypts each IP packet to ensure sensitive information remains private and inaccessible to unauthorized users.
IP-Sec encrypts data and provides authentication, offering protection during online communication and when transferring sensitive data such as financial or personal details.
IPv4
Or IP version 4, is a 32-bit numeric address written as four sets of numbers, called octets, separated by periods (e.g., 131.107.10.7).
IPv6
Or IP version 6, is a new method for IP addressing being implemented on newer computers and networking equipment that provides a larger address space than the IPv4. It is written as eight groups of hexadecimal digits separated by colons (e.g., 2001:0db8:85a3:08d3:1319:8a2e:0370:7334).
Malware
Malicious software that attacks a computer. Malware has three categories: viruses; Trojans; and worms. Malware is commonly used to commit fraud and intrusions.
Metadata
Structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. Or more simply, metadata is data about data.
Network
Two or more devices that are connected (via wires or wirelessly) and communicate with each other.
Network Intrusion
The compromise of one or more devices on a network or networks, and at least partial access to the resources within.
Packet
A small amount of computer data sent over a network. Each packet contains the address of its origin and destination, and information that connects it to the related packets being sent.
Packet Sniffers
Tools commonly used by network technicians to diagnose network-related problems. Packet sniffers can also be used by hackers for spying on network user traffic and collecting passwords.
Personally Identifiable Information (PII)
A type of data that identifies the unique identity of an individual. It includes basic personal information such as name, gender, address, telephone number email address or basic biometric data information that is electronically stored in a device or application.
Phishing
Sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords or credit card numbers.
Ransomware
A form of malware that either deliberately prevents the victim from accessing computer files—holding data hostage until a ransom is paid—or threatens to release the victim’s data unless a ransom is paid.
Rootkit
A set of programs placed by an intruder in the system root (the directory where operating systems files are stored) to manipulate the system and make it easier to hide his or her presence.
Script
A script is a sequence of instructions, often written in languages like Python, Bash, PowerShell, or JavaScript, that can be executed automatically to perform specific functions or processes. These scripts are used to automate tasks, manage system configurations, and enhance security measures. A script is essentially a program or sequence of commands that another program interprets rather than the computer processor directly executing compiled code. This allows for the automation of computing processes, saving time and reducing errors.
Script Kiddie
A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet to gain root access to a system.
Secure Socket Layer (SSL)
A networking protocol that manages server authentication, client authentication and encrypted communication between servers and clients.
Server
A piece of hardware or software that provides services to other devices or programs in a network. In other words, a host that receives requests to use its resources.
Shoulder Surfing
The act of obtaining personal or sensitive information through direct observation. Shoulder surfing involves looking over a person’s shoulder while the victim is preoccupied using a device. This is especially effective in crowded places where a person uses a computer, smartphone or ATM. Binoculars, video cameras and vision-enhancing devices also are used.
Smishing
A form of phishing in which an attacker uses text messaging to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone.
Social Engineering
A technique used to manipulate and deceive a person in order to gain sensitive and private information or access. Social engineering makes use of previously attained information usually garnered from social media.
Software
A set of programs that can be installed and used to tell a computer to perform a task. Spam: unsolicited advertising or other information sent out via email or other messaging services.
Spam
Spam refers to unsolicited messages sent in bulk to a large number of recipients, often with commercial or malicious purposes. These messages can be sent via email, instant messages, social media, or text messages and may contain promotional content, phishing attempts, malware, or fake links and attachments.
Spear phishing
An email or electronic communications targeted at a specific individual, organization or business, intended to steal data for malicious purposes or install malware on the targeted user's computer.
Spoofing
Deceptive behavior on computer systems or on other computer users. This is typically done by hiding one’s identity or faking the identity of another user. Spoofing can take the form of false emails, IP addresses and online identities.
Structured Query Language (SQL) Injection
An attack in which unauthorized SQL commands (or simply database commands) are used to trick a server into processing data input as a regular database query. SQL injections allow hackers to exploit the security vulnerabilities of the software that runs a website.
Surface Web
Contains content for the general public that is indexed by traditional search engines and readily available by use of any internet browser. Examples include websites for news, social networking.
Threat
A threat is any situation or event with the potential to adversely impact an organization's operations, assets, or individuals through unauthorized access, destruction, disclosure, modification of information, or denial of service. Threats can originate from various sources, including intentional actions by malicious actors such as hackers or criminal organizations, as well as unintentional events like computer malfunctions or natural disasters.
Threat Agent/Actor (Malicious Actor)
A threat actor, also known as a malicious actor, is any person or organization that intentionally causes harm in the digital sphere. They exploit weaknesses in computers, networks, and systems to carry out disruptive attacks on individuals or organizations.
Trojan Horse
A computer program that appears to have a useful function but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system.
Two Factor Authentication (also known as strong authentication)
A security mechanism that requires two types of credentials for authentication, that is designed to minimize security breaches by providing an additional layer of validation.
Unauthorized Access
Unauthorized access in cybersecurity refers to the act of gaining entry into a computer system, network, or database without permission from the owner or authorized user. This practice is illegal and can lead to serious consequences, both for the individuals involved and the organizations they target. It can involve a variety of actions. Unauthorized access is a significant threat to data security and privacy, and it can have severe consequences for both individuals and organizations.
Uniform Resource Locator (URL)
Short for Uniform Resource Locator, is a standardized address used to make website connections. Also known as a web address, an example URL is https://example.com.
Virtual Private Network (VPN)
A tool that creates a private network connection across a public network connection, providing privacy, anonymity, and security while on the internet.
Virus
A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a device.
Vishing
A combination of “voice” and “phishing”, it is the phone version of email phishing, using automated voice messages to trick individuals into sharing their confidential information via a phone call.
Vulnerability
A weakness in an information system, system security procedures, or internal controls that could be exploited to gain unauthorized access.
Web Crawler
Also known as a robot; spider; or simply crawler, is a program that can be used to automatically browse a site and follow and save all available links. Search engines use crawlers to browse the internet and build an index of available sites to provide its users efficient search results.
Whaling
Masquerading as a senior member of an organization to directly target senior or other important individuals at an organization to steal money or sensitive information or gain access to computer systems for criminal purposes.
White Hat
A hacker that breaches a network to gain sensitive information with the owner’s consent; usually employed to test infrastructure vulnerabilities.
Wireless Hotspot
Used to refer to a location or device which allows individuals to connect to the internet wirelessly. Cellphones can be used as mobile hotspots, sharing its cellular data connection with another device wirelessly.
Worm
A self-replicating, self-spreading, self-contained program that uses networking tools to spread itself. Or more simply, a worm is a computer program that replicates itself across network connections to other systems.
Worms vs. Viruses
viruses cannot be executed (carried out) unless the infected file is opened while worms are immediately executable. Viruses will not spread to other computers on a network unless a user sends the virus to another computer and a user on that second computer opens the infected file. However, worms send themselves to other computers and sometimes run exploits against other computers, infecting them automatically.
Zero Day / Zero Day Exploit
A zero-day attack is an exploit that takes advantage of a previously unknown vulnerability in software or hardware. This vulnerability is called a "zero-day" because the vendor has had zero days to prepare a fix or patch for it. Once the vulnerability is discovered and exploited, it can lead to significant security breaches until a patch is developed and deployed.
Comments
Post a Comment