Vocabulary of IT Security

As background for the security course I am teaching, I am going to be building a vocabulary of terms related to IT security.   Below is my first draft of that vocabulary.  I will continue to update this blog entry with new terms and words as the course proceeds.

Antivirus Software

Most Internet users are well aware of these programs since nearly every computer sold today provides at least short – term access to this type of software. In a nutshell, these programs protect your computer from Internet viruses or codes that can quickly disable your computer (or an entire network). When functioning properly with all necessary updates, this software will constantly monitor your computer to prevent viruses from “infecting” it; (Global Risk Community)

Attacks

People stage intentional active and passive attacks while trying to bypass computer security controls. During an active attack, the perpetrator tries to alter a system’s data, resources or operations. However, a passive attack simply involves trying to access and use a computer system’s information –without trying to alter its resources, operations or data; (Global Risk Community)

Back Door

Sometimes used interchangeably with the term “trap door,” a software or hardware designer makes ones of these to allow herself (or privileged others) to circumvent computer security; (Global Risk Community)

Blended Threats

Hackers or cyber terrorists who approach computer networks using blended threats are trying to maximize the damage they can inflict by using different traits of both viruses and worms. For example, an attacker might try to send out an e-mail virus with a Trojan horse embedded in an HTML file. Past examples of blended threats include both Bugbear and CodeRed; (Global Risk Community)

Bots

A person attacks your computer with a bot – or remote control agent – by bypassing your firewall and antivirus software. Once installed on your computer, a bot becomes part of a bot network (botnet) that the hacker or bot owner/bot herder can then manipulate at will. Bots can install various types of spyware (or malicious logic) on your computer, allowing the bot owner to take it over whenever it’s connected to the Internet. Some people use the term “zombie” interchangeably with the term “bot;” (Global Risk Community)

Cloud

All aspects of the internet- servers outside your direct control.

Cybersecurity

“The activity or process, ability or capability, or state whereby information and communication systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation;” (Global Risk Community)

Denial of Service (DoS)

A malicious bombarding of a server with such a large number of requests for service that the server is can not respond to any request for service.

Distributed Denial of Service (DDoS)

A DoS attack arising from many concurrent attackers

Encryption

“The process of translating plaintext into ciphertext.” Unencrypted data is called plaintext while encrypted data is referred to as ciphertext. The two main types of encryption are referred to as asymmetric and symmetric

  

Firewall

“A capability to limit network traffic between networks and/or information systems.” In other words, it’s “A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized;”

Gateway

A “logical” bridge between two computer networks; often a physical link with wires involved.

Hacker.

An unauthorized user who seeks to maliciously disrupt, surreptitiously use, or

http: 

a standard communication protocol used on the internet.  Messages are sent as plain ext (even if formatted in fancy ways; the formatting is reconstructed at the receiving end using “tags” that defining the semantics and format of the message.  (You might see <{some tag name}> in messages you receive.)

https: 

communication between your browser and the web site are “secure.”  It doesn’t mean that the communication is stored secure at either end. Web browsers such as Internet Explorer, Firefox and Chrome also visually display a padlock icon in the address bar

https SSL Certificate

Generally, https works by encrypting the message.  To unencrypt the message, two keys (random numbers) are needed.  One is the public key, which is sent with the message, and one is the private key, which is maintained on the receiving end of the transaction.  The sender gets the public key to send back to the receiver by getting the public key from the receiver.  This is called the https certificate.

Internet

A constantly growing number of computer users regularly communicate with each other via this worldwide global network. In fact, there were 3.5 billion Internet users as of the beginning of 2016; (Global Risk Community)

Intranet

“A network based on TCP/ICP protocols (an internet) belonging to an organization, usually a corporation, accessible only to the organization’s members, employees, or others with authorization.” A special firewall is designed to protect an intranet website from those unauthorized to use it; (Global Risk Community)

Intrusion Detection System

Classify traffic based on patterns on a network or in a devices based what would be observed in malicious activity.

A Keylogger

This type of harmful or malicious program is used to infiltrate your computer to record information about all of your computer keyboard activities, including all Internet browsing activities, e-mail usage and instant messaging communications; (Global Risk Community)

Malicious Code

This refers to any type of software that’s installed in your computer (system) and can perform unauthorized activities. Malware is a similar term that refers to malicious software created to damage, disrupt or even possibly destroy a computer (system) with viruses, Trojan horses and other harmful programs; (Global Risk Community)

Malware

See Malicious Code

Network Forensics

Tests and techniques used to detect cybercrimes and potential exposure to cybercrime on a network. This can take three forms depending on the timing:  (1) Activities that occur before a cybercrime begins; (2) Activities that occur when a cybercrime is occurring; (3) Activities that occur after a cybercrime has been detected.  Tools and techniques include:

• Penetration Testing
Verify/troubleshoot questionable transactions
• Analyze overall network performance
• Identify low-performing segments
• Verify VOIP or video traffic problems
• Operation of Intrusion Detection Systems

Penetration Test

A controlled attempt, know to the owners of the devices, to access and control devices

Phishing

These Internet scam programs often contact unsuspecting people via e-mail, urging them to visit fake websites designed to look like those run by well-known banks or other financial institutions. Perpetrators then try to obtain private information by telling users it’s time to update their account passwords or usernames. If unwitting people comply, all types of fraud, including identity theft, may result; (Global Risk Community)

Rootkit

tbd

Spyware

This type of software is installed on a network of computers without the owner’s knowledge. Its main purpose is to gather personal/group information and communicate it to an unknown third party. Spyware can monitor your activities and even pick up critical information like credit card numbers, usernames and passwords; (Global Risk Community)

Trojan Horse

This type of harmful computer program can be easily installed on your computer while you’re downloading unknown programs or files off the Internet (or simply opening up unfamiliar email attachments). A Trojan horse will nearly always damage your computer in some way; (Global Risk Community)

Virus

A computer virus is harmful “software” that attaches itself to other programs in order to impair or destroy a computer’s ability to function normally; (Global Risk Community)

VOIP

Acronym for "Voice Over IP," which means using the internet for transmitting your land line phone communication.

White Hat

A security role assigned the job of testing the security of a system or organization, or publish the results of generalized testing, revealing vulnerabilities.

Worm

This is an independent program that replicates (reproduces) from machine to machine across network connections, often clogging networks and information systems as it spreads. (Global Risk Community)

Zero Day Attack