Cyber Enabled Glossary
Exploit kits
Exploit kits are used by malicious actors to target computers and networks with malware based on information provided by a device after visiting a compromised website. These kits download targeted malware based on the vulnerabilities of software/operating system data sent by the user. Hackers can then later activate the malicious software remotely. Exploit kits can be hidden in advertisements on legitimate websites, or in targeted emails such as with phishing or spearphishing campaigns.
IP Address
An IP address is a series of unique numbers assigned to each interface with any computer device (router, computer, smartphone, network printer, etc.) connected to a network using Internet Protocol (IP). This address works like a postal address. It allows for the identification of any device on a network just as a postal address allows for the geographic identification of a place on a map. It is with its IP address that a device is recognized by other systems on the network. As with a postal address, the IP address is used to route a data packet to another IP address. Each data packet transmitted by the Internet Protocol is tagged with two IP addresses to identify the sender and recipient. As with a postal service, the data packet is routed from station to station to its destination. The IP addresses on the data packet are used to keep track of this package and allow the receiver to know the origin of the information it receives, and to respond if necessary. An IP address also links a device to an Internet service provider. Every website also has an IP address: the URL address you enter (or domain name) to access a website is converted to obtain the alphanumeric IP address of the server for that site. When the Internet was first set up back in the 70s it was never envisioned that more than 4 billion IP addresses would be needed, which is what the fourth version of Internet Protocol or IPv4 allows for. At that time the IP address took this form: ###.###.###.### where each 3-digit segment ranges from 0-255 and zeroes do not appear. But with the growth of the Internet more addresses were needed. The sixth version of the Internet protocol was therefore created. IPv6 allows for 3.4x1038 addresses while the IPv4 only allows for 4 billion addresses. An example of an alphanumeric IPv6 address is 2001:0db8:0000:0042:0000:8a2e:0370:7334.
Advanced Persistent Threats
An advanced persistent threat in cybersecurity occurs when an unauthorized party gains access to a system or network and is present for a prolonged amount of time. Think of it like a spy tapping into a CEO's office and listening to all his or her private conversations for days, weeks, or even months, collecting vast amounts confidential information. The spy isn't sabatoging any of the company property, but rather using it against them to expose any private information in order to compromise their security or business operations. In a similar way, APT attacks don't ruin government or company networks, they only get in, stick around for as long as they can, and then leave or get kicked out having obtained any vital information they can.
Domain Name System (DNS)
The DNS is how the internet is organized, with different computers or networks, public and private, having different functionality and characteristics. Domain names such as .gov, .mil, or .uk group similar systems together under a single set of rules for how the network operates, known as the network protocol. The DNS translates the letters of the name into the numerical IP address, which helps to identify and group similar systems with the same network protocols.
Malware
The term "malware" is a portmanteau of "malicious" + "software" and can be thought of as a computer disease. It infiltrates and/or damages a computer system by performing an unauthorized function or process. Like a disease, the malware interferes with the normal functioning of computer hardware or software. Malware can take many forms. In the same way that a disease is not necessarily caused by a virus, malware can take the form of a computer "virus" but also computer worms, trojan horses, spyware, adware and ransomware. Malware is typically deployed by a cybercriminal in order to infiltrate, damage or obtain information from a computer system without the owner's consent. Cybercriminals use malware to target individuals or companies to steal sensitive personal or financial information or to spy on the device's activities without the user's knowledge.
Drive-by-download
Think about a real-world drive-by. It's meant to be fast and unexpected, similar to an ambush or springing a trap. The same is true for a drive-by download. This is where clicking on an advertisement, link, pop-up window, or email attachment immediately initiates an unwanted download of software or malware into a computer's system. This software could do almost anything. It could lock files and demand ransom, destroy files completely, or even use the computer as a bot to send spam emails. Plus, the user may or may not be aware that the download has taken place until it's too late and the damage is done. The best ways to reduce the risk of this type of attack are to keep your browser and operating system updated, use an ad-block program, and always double-check before following links or opening attachments.
Keyloggers
When conducting a premeditated kidnapping, one must complete surveillance ahead of time. You might follow the person throughout the day and learn their routine; the time they leave for work, where they eat lunch and who they come in contact with. A similar type of surveillance can be done online through a software tool known as a keylogger (aka keystroke logger or system monitor) which is used to monitor and record each keystroke typed on a specific computer. This surveillance is covert and the individual user does not realize their actions are being monitored. There are legitimate reasons for keyloggers; a company can oversee employees' usage of computers during work hours, parents can monitor kids' internet usage, and police can use it to investigate crimes linked to personal computers. However, there is often malicious intent behind keyloggers as they can be used to intercept passwords (to email, bank accounts, social networking accounts, etc.), account numbers, PINs, or other sensitive information. Keyloggers can be software-based (i.e. a computer program designed to work on the target computer) or hardware-based (i.e. a physical device plugged into a computer).
PUAs (potentially unwanted applications)
"When you download an application X on a given device, sometimes, there is a hidden application which is installed alongside that first application X. The hidden application, or PUA, can be installed by default, hidden in the application X website, folder, or link. This hidden application can use lots of resources, slowing down the device. Each PUA can have a distinct purpose: run ads on the device, gather data on the user, or just simply to install an extra application as default. As most of them gather the user's data, there is usually a third party where the information is transmitted to. A very common example is a pop-up ad
Secure Sockets Layer (SSL)
If you ever used a secret code to pass notes in grade school, then you already have a basic understanding of the idea behind SSL! Secure Sockets Layer (SSL) is an encryption protocol that was developed for sending information securely over the internet. It is employed by websites in secure areas such as online payment and user account information. In much the same way that you and your friends were the only ones who had the key to your note's code, only the secure server and the end user's computer have the key (in the form of an SSL certificate) that allows the data being transmitted to be viewed. Of course, SSL is a lot more complex (and secure) than your secret code from elementary school, but the objective is the same—preventing anyone who isn't the intended audience from being able to figure out what's being said!
LAN (Local Area Network)
Imagine a spider web where all the nodes are interconnected, and each node of the web has its own system capable of sending messages to the other nodes through the web. This connection between all the nodes through the spider web is controlled by the spider, to ensure strong connectivity between the nodes, and that no message gets lost or interfered by outsiders. This system that connects all the nodes together is a Network. Each node is referring to a computer, which can access the network to send messages and information to the other nodes on the same network. The spider, or network administrator, is responsible for making the sure the software and hardware are updated and the connectivity between the computers are capable to access them. A Local Area Network (LAN) refers to the connection between all the computers in a relatively small geographic area. The size of the area varies from just a small room, a house, or a whole building, commonly used by corporations and business. A LAN also allows every computer connected to the LAN to share data and to communicate with any hardware connected to the LAN, such as printers. LAN can be called WLAN, or Wireless Local Area Network, when the connection between the computers are wireless, using Wi-Fi for example.
Attack Signature
In order to attribute a hack to a specific individual or group, it is useful to look at particular or distinctive characteristics of the hack that may be similar to characteristics seen with previous hacks. In part, tell-tale signatures exist because developing software is expensive, and so malware developers recycle existing code and make changes only as needed. Attack signatures can range from mundane coding patterns (such as those instructing the host to respond to the attacker) to the type of payload (e.g. worm, virus or trojan), or the style (such as spearphishing or DoS attacks). Attack signatures function much like fingerprints at a crime scene - a hacker may change their outward approach, but it's much harder to alter the "fingerprints" of their attack. Many software security systems are centered around being on the alert for known attack signatures.
CIA Integrity (I of CIA)
Integrity is the second part of the CIA security principle triad, which is a model for the development of policies and operations concerning data security within an organization. It is the concept of protecting the reliability and correctness of data. Integrity protection prevents unauthorized alterations of data. It could mean the protection against the alteration of a routing number, or the misrepresentation of the amount of $$ in an account. Integrity security principles, when properly implemented, provide a means for authorized changes to data while protecting against intended and malicious unauthorized activities, as well as mistakes made by authorized users. In short, integrity can be boiled down to preventing unauthorized subjects from making modifications to a resource, preventing authorized subjects from making unauthorized modifications.
Virus
Much like an unwanted pathogen, a computer virus is an infection that can cause significant damage or "death" of a device. Similarly, a virus normally arises from an external pathogen, that sometimes utilizes a vector (i.e. a USB stick) to attach itself within a program of an unsuspecting victim. As a result, a computer virus either seeks to destroy the host or to use the initial victim to spread the infection across other devices via multiple networks. Once infected, a device is likely to suffer a wide range of consequences, including file deletion, software modifications, as well as complete hard-drive breakdown. The most dangerous viruses are those that use their self-replication capabilities to infect large numbers of devices, causing extensive damage. Significantly, unlike in the cases of infectious diseases, a computer device cannot be completely inoculated against known viruses. Instead, the best way of preventing a virus from entering the device is a good computer hygiene, coupled with a strong anti-virus software and a periodic network scan for malicious agents. The latter can recognize and disable some of the viruses, however, given the continuous development of new ways to penetrate the system, it must be kept up to date at all times.
Exfiltration (of data)
You are sitting in a cafe with a friend; you reach down to pull your wallet out of your bag but it's gone! The bag contained your debit cards, driver's license, checkbook, and insurance card. When this type of theft occurs online it's defined as 'data theft'; exfiltration of data is a form of data theft - the unauthorized copying, retrieval, or transfer of data from a computer or server. This exfiltration can occur through a variety of techniques. For example, an employee who has physical access to a company computer can download sensitive information onto a personal thumb drive, or a hacker via a network connection can use malware to hack into an individual's computer and copy passwords they had saved in a Word document. Often, certain types of data are targeted for extraction including, but not limitied to, usernames and associated passwords, cryptographic keys, personal financial information (bank account numbers), social security numbers, mailing addresses, or other forms of sensitive information (think top secret government data). Exfiltration of data is also lnown as data exfil, data exportation, data extrusion, or data leakage.
Botnet
"A botnet is a group of computers connected in a coordinated fashion for malicious purposes. Each computer in a botnet is called a bot. These bots form a network of compromised computers, which is controlled by a third party and used to transmit malware or spam, or to launch attacks. The term botnet is derived from the words; robot and network. A bot in this case is a device infected by malware, which then becomes part of a network, or net, of infected devices controlled by a single attacker or attack group. The botnet malware typically looks for vulnerable devices across the internet.The objective for creating a botnet is to infect as many connected devices as possible, and to use the computing power and resources of those devices for automated tasks that generally remain hidden to the users of the devices. More often than not, what botnets are looking to do is to add your computer to their web. That usually happens through a drive-by download or fooling you into installing a Trojan horse on your computer. Once it sets itself up, the botnet will now contact its master computer and let it know that everything is ready to go. Now your computer, phone or tablet is under the control of the person who created the botnet. You will not suspect anything since it usually take a little of your computing power."
Protocol Stack
"A protocol stack is a group of protocols that all work together to allow software or hardware to perform a function. For example, the TCP/IP protocol stack (Transmission Control Protocol (TCP) and the Internet Protocol (IP) is the world's most widely-used non-proprietary protocol suite because it enables computers using diverse hardware and software platforms, on different types of networks, to communicate). TCP/IP facilitates common applications such as e-mail and file transfer. TCP/IP protocol stack has four layers: The first layer is Network Interface, which manages the exchange of data between the network and other devices. The second layer is Internet , it uses the IP address to determine the address of the device it is communicating with. The third layer is Transport Control Protocol (TCP) it works by asking another device on the network if it is willing to accept information from the local device. The fourth layer is Application, it combines the Session, Presentation and Application layers of the OSI model.
Ransomware
"As the name implies, ransomware is a type of malware- or malicious software, that demands the victim pay a ransom to recover their encrypted data. Depending on the victim, it could be a family threatened with the prospect of their family photos and legal documents being destroyed, or something larger such as releasing sensitive information about high-profile individuals or businesses, which could be financially detrimental or even physically dangerous. Ransome can typically be paid through a variety of methods- such as wire transfer, cryptocurrency exchanges, etc. In the case of notable WannaCry Attack in 2017- victims were provided a bitcoin address to send funds. There are five main types of ransomware: lockers, scareware, doxware, and RaaS. Lockers try to get into a computer system quietly- and completely lock down the system, encrypt files and demand payment before unlocking the system. Scareware is fake software that acts like an anti-virus software claiming that you have a virus- and for only $19.99 it will get rid of the virus! The attack bombards the victim with a sense of urgency- making the victim feel like they have a very limited time to act before the malware does great damage to their device. In a scareware attack, the victims data could be held for ransom, but not isn't a necessary characteristic of the attack. Next is doxware, also known as leakware. Doxware threatens to publish your stolen information online if you don't pay- this can cause panic among some individuals, who quickly pay the ransom before their files make it to the front page of the New York Times. RaaS, or "Ransomware as a Service" is exactly what it sounds like. Similar to hiring a hitman- an individual will seek out a hacker to put ransomeware on a target's device or system- when the ransom is payed, the hacker will be given a part of the proceeds.
Server vs client
"Both "client" and "server" refer to computers that are used for different purposes. A client is a small computer that accesses a server through a network. For example, at MIIS, a student logs in to the client machine which could be their own laptop or a computer in MIIS library to access his/her papercut account to print out a home assignment. A server is a large-capacity computer that can store a wide variety of files such as application and data files. A server at MIIS monitors files that students download using their client computers and MiddleburyCollege wi-fi. Since the server machine has login and wifi information for each MIIS student it can easily determine who downloaded which file. The differences between a client (machine) and a server (machine) can be conceptualized through four different attributes: their hardware, complexity, purpose, and number of users logging in. 1. Hardware: A client machine is a small computer with a basic hardware configuration whereas A server machine is a high-end computer with an advanced hardware configuration. 2. Complexity: A client is a simple and less powerful machine whereas A server is a powerful expensive machine 3. Purpose: A client is used for simple tasks whereas A server is used for storing huge data files and applications 4. Log-ins: A client supports a single user log-in at a time whereas A server supports simultaneous, multiple user log-ins
Cryptojacking
"Cryptojacking is the unauthorized use of a computer or computer system to "mine" digital currency, unbeknownst to the owner of the computer. This is done by infecting a system with malware, turning it into a covert crypto-mining machine. When a computer is infected with a cryptojacking program, it secretly downloads a program to do mine cryptocurrency. This program runs in the background, invisible to the regular user of the computer, taking up processing power in secret. Any cryptocurrency that is mined is transferred to wallets belonging to the cryptojacker. The owner of the hacked device shoulders all of the costs of the computer's use--slow response time, heat from the processor always running causing components to break down faster than expected, and a heightened electricity bill--without receiving any of the benefits in the form of the cryptocurrency rewards. Why do it this way?
Digital certificate/signature
"Digital signatures and digital certificates are two different, although closely related, forms of security measures. A digital signature is a mechanism that acts as a stamp of authentication, and is used to validate the authenticity of specific digital information and ensure to the receiver that it was not modified by someone else along the way. Digital certificates on the other hand are used as a form of digital identification. They are issued by recognized authorities and contain information on the owner and issuer to ensure they can be identified and trusted. They can also be revoked by the issuing authority. Digital Certificates are commonly are used to sign documents as digital signatures. Digital signatures ensure the integrity and validity of the data being sent while certificates ensure the validity of the sender. One way to think of a digital signature/certificate is to compare it to an envelope in the mail. When the envelope is sent it is typically sealed and thus you know that it hasn't been tampered with when it is delivered to you, the signature. Upon receiving the mail, you can inspect items like the address line on the envelope or watermarks on the documents to verify the legitimacy of the sender, the certificate.
Public key
"Have you ever had a personal diary with all the secrets that you did not want to share with any unauthorized personnel? If so, you might have been very careful and instead of just hiding the notebook you had all the information in, you decided to convert your letters into cipher or codes. Each of the letters would have had different numbers or specific characters so that they would not be interpretable by those who do not know which number is assigned to which letter. In this way your thoughts remain secrets and become accessible only for those with whom you share the logic behind your coding system. As the example of the diary shows, the ability to read something does not automatically guarantee understanding. Because of this fact, the public key is the foundation of all secure messaging since it encrypts the data and makes it impossible to understand for unauthorized readers. Today, secured communication uses 256 bit key encryption, which means that the person who wants to decrypt the message would have to try billions of options to crack the code. This would take more than a lifetime."
Man-in-the-middle attack
"Imagine receiving an e-mail from a long-time vendor requesting payment to a new account only to learn, after you made thpayment, that the e-mail you received had been altered by a cyber-criminal. This is just one of the dangers associated with the "Man in the Middle" or MITM attack. MITM is equivalent toelectronic eavesdropping in which a hacker surreptiously intrercepts e-mail messages, website communications or any other data in transit. After the data is collected, it is seamlessly forwarded to the original destination unbeknownst to the sender or the intended recipient. A common MITM scenario involves taking advantage of unsecure WIFI networks. The data can be snatched mid-transmission and then redirected with edits to enable the scam. Communications with websites can also be intercepted, making login and account information vulnerable. The MITM attacker then uses the captured data to perpetuate frauds on the unsuspecting user. All the while, your e-mails, logins and other data appear to be authentic. MITM is thus analagous to an invisible imposter who can receive, alter and redirect, your electronic communications in order to steal your messages, your identity, your money and, ultimately, your entire virtual life."
Password manager
"Many of us tend to use straightforward or reusable passwords across multiple accounts for one logical reason: it's far easier to remember a simple code than having to memorize a series of long, meaningless combinations of numbers, letters, and symbols that have no particular relation to us. While it certainly makes our private information more susceptible to attacks and password leaks, there is no reasonable way to remember super-complex, unique passwords to every website we use. A password manager, however, can serve as a so-called vault that essentially stores all of your existing accounts and passwords while also offering to create secure random passwords for any new account. While web browsers such as Chrome and Firefox also have built-in password managers, these browser-based managers store passwords on your device in an unencrypted form that doesn't sync across platforms or generate secure random passwords on your behalf. By simply generating one strong master password - the combination safe to your vault - a user can encrypt an entire password database. Though password managers typically use cloud-based storage, those who find storing all their passwords in the cloud a bit unsettling can disable sync features and keep their encrypted password manager on local storage, like keeping a vault strictly in your own home. At the same time, the natural benefit of cloud-based storage for a password manager is that a computer crash won't prevent access from another device. That is, your house burning down won't prevent you from still accessing your vault from the backyard shed.
Defense-in-Depth
"One strategy that has been developed to protect computer systems from cyber attacks and data breaches is called "Defense in Depth." The term is derived from a military tactic which employs various defensive measures on the battlefield meant to bog down an approaching enemy until a counter-attack can be launched. For computer networks, "Defense in Depth" has become a fundamental security principle which provides for defensive controls at multiple levels throughout the IT system. For example, firewalls are used to protect the network perimeter, monitor network traffic and secure web applications. At the database level, protection includes encryption, hashing and secure data transmission. Access to data can also be limited by authentication, biometrics and time limitations. Anti-virus and anti-spam software can be used at the desktop level. and anti-spam software can be used at the desktop level. mulitple points of defense to prevent, detect and defend against an attack, and thereby limit the damage. As such, "Defense in Depth" has been likened to a modern castle defense system which employs a moat, a draw bridge, towers and battlements, all to secure the treasures of the kingdom."
Phishing, Smishing, Vishing
"Phishing is a commonly used method of internet fraud to obtain sensitive information including but not limited to social security numbers, driver's license, credit card information, bank information, or login and password information for certain services. This usually begins with a message in your inbox that is seemingly benign which indicates a win or that an account that has been hacked and immediate action is required. A subsequent link directs the recipient to enter personal information that can quickly be utilized by the phisher. Smishing is a similar method gathering sensitive personal information but the difference is that it takes place in the form of SMS messages. This usually entails a link with little information. The lack of detail and the possibility of incurring additional costs if you were to investigate with a follow-up call or message lend to the success of smishing attempts. Vishing is a form of phishing that employs the use of a phone call. It relies on "social engineering techniques" to obtain personal information. For example, a call can be received from a bank employee claiming that their account will be blocked if they don't provide certain information or a call may be received claiming that their social security has been suspended.
Plaintext vs ciphertext
"Plaintext, refers to easily readable information that is waiting to go through the process of encryption or information that has been through the process of decryption. This data could be anything from text, images, audio and so on. Plaintext that has been processed by encryption algorithms is known as Ciphertext. Ciphertext, typically indecipherable in its current form, must undergo decryption before it can become plaintext again and thus easily readable. Another way of thinking about this distinction is to think of a document being a completed puzzle. You can see it and understand it, but after it is disassembled it is no longer understandable and becomes ciphertext. If someone knows how the puzzle fits together, they can piece it back together again to make it plaintext."
DDoS attack
"Suppose, you have arranged 1,000 of your facebook friends, call the emergency 911 at the same time on the same day, thereby, hampering the service to the regular customers. This is what happens in a DDoS attack; the main difference is that you would use millions of computers or botnets to do the job.So, a distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. The DDoS attack will send multiple requests to the attacked web resource - with the aim of exceeding the website's capacity to handle multiple requests and prevent the website from functioning correctly. Typical targets for DDoS attacks include internet shopping sites, online casinos and any business or organization that depends on providing online services. Being on the receiving end of a DDoS attack is practically impossible to prevent. However, the business impact of these attacks can be minimized through some core information security practices, including performing ongoing security assessments to look for and resolve denial of service-related vulnerabilities and using network security controls, including services from cloud-based vendors specializing in responding to DDoS attacks."
The "cloud"
"The "cloud" isn't an actual cloud you might find in the sky, but it does connect the different networks of individuals and organizations to one another via the internet. Think of the "cloud" as your remote access storage container allowing you to have 24/7 connection, as long as you have the internet, without the need to take up space on your harddrive. The "cloud" exists on the internet via services like Google drive, Dropbox and iPhotos. Companies that offer cloud-based services, invest in data farms that physically store your data on gigantic servers, sometimes hundreds of servers, and even in different locations. This method of redundancy helps to create backups if a data-farm location is compromised (I.e. a fire, a hacker, or a zombie apocalypse). Backups for your backups, for your backups, etc.! The large "cloud" companies, like Amazon Web Services, store your data on their server, which allows you to free up your hard drive for everyday use. Some providers will offer a certain amount of storage for free and as your storage needs increase, you can pay for more. Just because your data is on your computer, your computer is connected to the internet, and you have accounts on a cloud-based service, does not mean that all your data is on the "cloud." The user chooses the data they want to put on the cloud, uploads it onto the cloud, and chooses the settings for visibility, accessibility and security. Have no fear, your 3,000 cat photos can be uploaded and right settings will ensure its safety. We've all heard the celebrity horror stories of scandalous photos being leaked by hackers who target the cloud and we don't want this to happen to our pictures of Mr. Fluffins, the persian cat who simply loves his costumes, so, how can we delete? Data can be deleted but just because you delete something from the cloud, does not necessarily mean it is deleted from the server. When you delete data, the server, marks the data as deleted, but it is still on the server in case you change your mind. A couple clicks, and it's back. Some "Cloud" providers will save the deleted files for up to 30 days and then purge them if not prompted to recover. The option to permanently delete data on command is possible, but is a murky area because it doesn't mean the file cannot be retrieved, especially when Cloud providers have secondary backups for their servers. Many Cloud Service Providers (CSPs) have security technologies within their system but the end-user must develop their own cyber-hygiene routine. This includes, finding a provider that has strong security policies (for example: strong passwords and multi-authentication measures), encryption capabilities, and the ability to deploy firewall solutions (to control access to your cloud account). The user is able to adjust the settings to fit their needs and the needs of the data. If this is intimidating for you, many companies offer IT help and they can assist you to secure your data in the "cloud."
Bug
"The first thing that comes to mind when someone thinks of a bug is an insect that is- in some way- unpleasant for humans. For example, a bedbug is most likely the worst sleeping partner one can have. These insects have a small, flattened body that allows them to fit into very tiny places and get into our houses under the radar. Bedbugs usually remain hidden during the day and bite people in their sleep, then disappear without anyone noticing. The only reason one knows their existence is the marks they leave on the skin. This is exactly how we should think about software or computer bugs! A software bug is an invisible problem written inside of the code that causes a noticeable error in various functions of the computer. This deficient code can be programmed into the software accidentally or intentionally. In the first case, the software/ application developer makes a mistake in the source coding that results in inadequate behavior of the given program. For instance, an application might crash or freeze. Sometimes these hidden bugs can be exploited by hackers. In order to be more efficient, companies have created a so called "bug bounty program"- also known as vulnerability rewards program- which rewards individuals who discover and report software bugs. The lucky ones can benefit even $20,000. "
Firewall
"The term firewall, in the non-computing sense, refers to a physical barrier constructed to prevent the spread of a fire. Analogous to the physical wall, a computing firewall is software or firmware that either permits or blocks data "packets" according to an established set of security rules. To not confuse its use with a physical wall, it might even be easier to think of a computing firewall as a type of permeable wall, a filter, or some form of border patrol regulating incoming and outgoing traffic. .So what is this border cop looking for and where exactly is it located? Well, a firewall serves as a barrier between your trusted internal network and incoming traffic from outside sources, like the internet. Stationed at a computer's entry points (ports) where information is exchanged with external devices, a firewall's primary purpose is to block unauthorized web users or malicious software from infiltrating your private network. In doing so, a firewall serves as your computer's first line of defense against untrusted or suspicious data. While many company networks often manually configure their firewall settings, software firewalls for Windows and OS X generally include basic default settings that are sufficient for typical users. When turned on, these built-in firewalls will prevent any unauthorized applications, programs, and services from accepting incoming connections. If turned off, you'd be lucky to go even a couple of hours without malicious traffic entering an open port and infecting not only your computer, but all devices connected to your same network.
(cybersecurity) Threat
A cyber security threat is anything that can stop a computer system from working properly. If the computer system were a house, a threat could be a burglar breaking into your home; an uninvited guest, an earthquake which would destroy the building, and a power outage. The last two examples are also actual physical cybersecurity threats. If the threat to the system finds a vulnerability to exploit (such as a single pane window in a ground floor apartment, a burglar would break with a rock) it can cause serious damage. In the technological world, other than the physical examples above; a threat could be in the form of a computer virus, malware, phishing attack, ransomware, or hackers.
Patch
A patch can also be referred to as a fix or a repair job that is meant to provide a solution to errors in software or vulnerabilities. It works in a way that is similar to a bandaid which has a job to protect an open wound from bacteria that would otherwise make its way into your system. Patches are important as they often address the vulnerabilities that may be targeted by cybercriminals and make an effort to protect your devices from a security breach. Though it is not necessarily a permanent solution to the issues it is meant to fix, more permanent solutions are likely to follow in future updates.
Private key
A private key, what does that mean? Is it yours only? Is it a secret special key? Well, when it comes to cyber, think of a private key like one of those keys that says DO NOT DUPLICATE. A private key is unique. You must keep this key private, confidential, and only for your use. A private key's purpose is to be kept private, secret, for the designated person. When it comes to a private key, it isn't like a mail key, where you don't duplicate it, it's complex in a way that when it comes to using the key, the private key has a special function to it. In order to keep the key private, there's an algorithm (cryptographic) to the key, giving it a special digital signature, that later enables the key for future use. The private key is the cryptic, digital signature that acts as a verification or confirmation for the public key. When the proper private key (signature) has been used to verify the public key, consider the verification like you successfully opening your mailbox. (See "Encryption")
Rootkit
A program designed to provide a user "root access," or administrator access, to a computer without being detected. Imagine your computer a house— anyone in possession of a master key has unfettered access to that house and everything in it. They can turn off your security cameras to avoid detection, install their own hidden monitoring devices to spy on you, steal your bank account information that you have stashed in a notebook in a dresser drawer, and almost anything else that they may dream up. A rootkit is like a copy of that master key, giving a user the highest level of access to the computer that the rootkit is installed on. A criminal may steal your key and copy it or trick you into letting them see it, but you may also willingly provide a copy of that key to a maintenance worker. Much in the same vein, there are both legitimate and nefarious uses for the functionality of a rootkit as well. Malicious actors often employ social engineering techniques, such as phishing, or just engage in some good old-fashioned theft, to obtain credentials in order to install rootkits, but they can also be used to detect attacks, to enhance security software, and in anti-theft protection!
Router
A router connects devices within a network forwarding data packets between them by assigning IP address to each of devices of the network. In a household that has more than one device the router is essential. The router helps you not only to connect multiple devices to internet but also to connect these devices to each other. Thus you can still create your own network of computers or other devices even without internet, which enables you to transfer and share files within your network via different deivces such as printer, scanner and game consoles.
Access control: authen/authoriz
Access control for computer and digital systems is a lot like what you might imagine access control being for physical places, such as gyms, homes, campuses, and other facilities. Owners and administrators determine who, how, and when people are allowed to access a private location or facility. For example, a landlord can make duplicate apartment keys to allow tenants to access their rental unit. Before doing so, the tenants must provide documents and official ID to prove they are who they say they are. This is called authentication. After authenticating the prospective tenant and finalizing the rental agreements, the landlord then gives them a set of keys to their designated apartment. The landlord obviously doesn't give them keys to the whole building and all the other apartment units; they are only allowed, or authorized to access their own. Computer systems and networks work in a very similar way. Access control works with the same two steps: authentication and authorization. Authentication is generally done via username and password (kind of like how the tenants provided the land lord with verified ID). It can also include answering security questions you may have included should any security issues arise. Authorization is generally automated into the given system and determines what you're allowed to access (i.e., files, resources, services, etc.) through your account (like how the landlord gave the tenants keys to only their respective property).
VPNs
Also known as a "virtual private network". A VPN allows you to access a secure network from anywhere with an internet connection. One example is if you were working from home one day and needed to access your company's records which are available only on your desktop at work. By using a VPN, you can access your desktop at work to gain access to the records. A VPN extends the private network of your company to your home computer as a private tunnel makes its way across a public or unsecure network. You would never want to use public wifi at the mall or at the airport without privacy settings, right? There's too much risk that a stranger could monitor what you access and send. A VPN provides you with a protective tunnel to pass through. It gives you security as well as access to things that are a part of the secure private network like at work.
Air Gap
An air gapped machine or network is one that is not physically connected to the internet or any other external networks. To air gap your computer you can disable or physically remove the wireless interface controller. Basically, you're offline. The benefit of being offline is increased security of your network, as data can only leave or enter the airgapped machine or network manually, such as through a USB. Air gapping is perhaps best known as a buzzword that emerged from Stuxnet. Stuxnet was a worm that targeted several Iranian organizations, in particular the uranium-enrichment facility at Natanz. As the network was air gapped, it is widely believed that the virus made its way onto the network via a USB flash drive. So, in fairness to airgapping, it seems as though human error or having someone on the inside was the downfall of the air-gapped system in that case.
Encryption (Asymmetric)
Asymmetric encryption is a method of cryptography that uses both a public and a private key. This method is also known as public key cryptography. If this method is being used to encrypt private messages, the sender would obtain the public key of the receiver and then send the encrypted message with this key. The receiver would then use their private key to decrypt the message and read its contents. Asymetric encryption is safer than symetric encryption because of the fact that each party must have their own private and public keys in order for the encrypt-decrypt process to function properly. As opposed to all parties sharing the same key leaving it at risk of being intercepted by a nefarious actor.
CIA Availability (A of CIA)
Availability is the third principle of the CIA security principle, which is a model for the development of policies and operations concerning data security within an organization. It refers to authorized users being granted timely and uninterrupted access to data and resources (someone's ability to access their bank account #s). This includes the prevention of DoS (denial of service) attacks and the implication that the supporting infrastructure (network services, communications, access control mechanisms) is functional and allows those authorized users to gain authorized access. Availability depends on both confidentialty and integrity. Without these other 2, availability cannot be maintained. There also has to be usability, accessibility, and timeliness. The financial system, and more and more modern business in general, operate on timelines that stretch from the blink of an eye to year long processes. Well maintained availability is necessary for these wide ranging functions.
Social engineering
Based largely on manipulation of people, social engineering is the dark side of social networking. With so many people connected via the internet and most services available one click away, those behind social engineering attempt to deceive, influence, or plainly steal from other people by tricking them into sharing personal or sensitive information. Social engineering is similar to being tricked into oversharing confidential information by a phone scammer, only in this case a wide range of computer tactics, including "phishing" emails or false website alerts, are used to lure people into sharing their confidential information. As such, social engineering relies upon trust of other people to willingly share their information, such as bank account or social security numbers, instead of attempting to hack into their computer systems via malware. Much like other scamming tactics, some social engineering approaches utilize false giveaways or prizes to lure more people in. The ultimate goal of such efforts is to gain financial advantage over unsuspecting individuals by utilizing their confidential information, with identity theft being the most common tactic. While there are no specific rules of avoiding social engineering, much of it relies on one's individual ability to recognize suspicious activity from an unfamiliar source, coupled with requirements to share personal information. Since most of these attacks are opportunistic, the best prevention is to be skeptical about the sources of such behavior. Furthermore, it is important to verify the legitimacy of suspicious requests by cross-checking the origins of the message before acting upon it.
Zero Day Exploit
Before they go to bed, many people close all their ground floor windows, lock the doors, and set the alarm. Now imagine, you come home one-day and you are exhausted because it was one of those days. You lock the door behind you, set the alarm, and head straight to bed. You wake up in the middle of the night because you hear a noise coming from the back of the house. Immediately, you remembered that you forgot to lock the kitty door. Next thing you know, someone is taking advantage of the fact that you forgot to lock the ktity door and attempting to steal from you. That idea is similar to a Zero Day Exploit (0-Day) attack. When it comes to networks, a Zero Day Exploit is when a loophole is found and a patch has not been established to remedy the problme. The hacker then uses that weak entry point to gain access to the system and wreak havoc; whether that be releasing classified documents or creating malicious viruses to only attack computers running certain programs.
Sandboxing
Before we get to the cyber description of sandboxing, picture you're in your backyard and there is a sandbox in front of you. What does a sandbox look like? A sandbox can be described as a pit of sand surrounded by four wooden walls. The walls are barriers that keep the sand from leaking out and making a mess of the playground. When it comes to cybersecurity, sandboxing is a strategy used to protect a network from files that might contain malware (See "Malware"). Sandboxing isolates and prevents certain applications, negatively affecting the rest of the system. Without sandboxing, the wooden walls to the sandbox, an application would have unrestricted access to all the system's resources, causing harm. Just like a physical sandbox, where it's limited in size, an application's sandbox has a limited storage area, memory space, containing only the resources the program needs. This would be like a sandbox only having enough sand for the sandbox and its dimensions. As said before, sandboxing is a protection strategy in cybersecurity that helps with attaching files and opening them up in a safe environment, where the files can be observed to see if there is any strange activity, that would help us know if the files are malicious and avoid opening the potentially malicious files directly, which would help prevent exposing the rest of the system to the harmful malware.
Biometrics
Biometrics. Biometric authentication is a method of authorizing individuals based on "something they are" (i.e. uses a part of human body offered for verification, such as finger prints, facial recognition, retina scans or voice verification). Physical objects such as smart phones or keys brake, can be easily lost or stolen, passwords can be forgotten or sabotaged, that is what makes biometrical authentication so popular. And since human body is so unique and many of our characteristics are not repeated in any other humans, biometric authentication is possible. Essentially, it is just like a human looking through the peephole to authenticate the face of the person on the other side before opening the door, or asking: "Who is there?" to authenticate an individual by voice.
Hashing
But why do this? Because hashes allow data to be seen and checked against without actually exposing the underlying information. If your password is "monkey" and you show it to someone else, they now know your password. But if "monkey" is turned into ae673br921fk by the hashing function, seeing that doesn't give you the faintest clue what the original string was. What's important is that any entered string should turn into a unique hash. When you go to a website and enter your password, it doesn't check "monkey" against its password database--it runs the hashing function on "monkey" and compares that to the hash in its database. Because the two hashes match, the user must have entered the right original string ("monkey"), because any other string would have turned into a different hash."Hashing is a way of securing data by transforming it into a code that can be checked and verified by the receiver. When a user enters a string (a series of characters), such as a password ("monkey") or a message ("Meet me here"), a hash function transforms it into a new form, a long string of seemingly random alphanumeric characters. This is done in an algorithmic way, such that the output follows certain rules, meaning it's not actually random--it just looks like it. Stronger hashing algorithms are made so that it's possible to hash a piece of data and check it, but not to deduce the original data from the hash. Hashing is also useful for ensuring the accurate transmission of messages. When you send a message like "meet me here" over an encrypted channel, it runs a hash function on your message, then sends both the text and the hash separately. On the receiving end, the program runs the hashing function again on the incoming text of "meet me here", and compares that to the separately-received hash. If the received hash and the recalculated hash match, the message has been securely delivered, with no alterations made at any stage in transmission. If they don't match, something has gone wrong. "
CIA Confidentiality (C of CIA)
Confidentiality is the first part of the CIA triad, which is a model for the development of policies and operations concerning data security within an organization. Confidentiality security measures focus on a set of rules and regulations that an organization has in place to make sure only authorized users have access to certain data, such personable identifiable information like a SSN#, the amount in someone's bank account, or the cache of hashed passwords that a website stores.. The goal of confidentiality protection is to prevent unauthorized users from having access to those resources. Confidentiality is especially important in the worlds of finance and healthcare. If a threat actor were able to compromise the confidentiality of a bank's wiring system, they would be able to send funds at their own discretion. If the confidentiality of a hospital's medical equipment infrastructure were compromised, a threat actor would be able to influence the working of medical machinery.
Cryptocurrency mining
Cryptocurrency mining works by having a computer do very difficult mathematical puzzles--when a computer solves one, it is rewarded with a "block" of cryptocurrency. This block is a reward for dedicating your processing power to keeping the blockchain secure. While you can mine using your own computer, the likelihood that your computer will be the one to happen on the solution is extremely low, so you're not going to make any money that way. But, imagine if you have a botnet--a group of thousands or even millions of computer systems, all infected with a virus that meant they would take orders from a server you had set up. Now, you could get every single one of those computers to mine for cryptocurrency, and the likelihood of gaining those rewards becomes attractive, especially because you're paying none of the aforementioned costs incurred by mining on your own system.The botnet's control server will broadcast instructions about what currencies to mine, how much processing power to use, etc., essentially giving the cryptojacker a world-spanning supercomputer of mining power."
Sniffing (of packets)
Frequently used by hackers to collect data across a network, the action of sniffing packets recalls the idea of a hunting dog sniffing the air to identify and target game. In the same way, packet sniffing might be used by unauthorized entities to capture information illegally. When data is being transmitted over the network, it's broken into bits (called packets) that will be reassembled once they arrive at their destination. The action of sniffing packets is done through tools that inspect the packet and look for specific types of information. These tools are not only used by hackers committing fraud but also by advertising agencies and the government. By adding advertisements that might contain tracking tools into the packet stream, Ad agencies are able to glean information on content you're more likely to Click on. Government agencies such as the NSA passively collect vast amounts of packet data to be reviewed at a later date. If you are wondering whether packet sniffing is possible to avoid, then the answer is yes: always use trusted Wi-Fi networks and encrypt the data you send and receive.
Authentication
Generally, there are 3 authentication factors: something you know (passwords, PINs, combos, code words or secret handshakes); something you have (includes physical objects, i.e. keys, smart phones, token devices, USBs, CAC cards); something you are ( includes any part of human body offered for verification, i.e. finger prints, facial recognition, retina scans, voice verification).""Authentication. Imagine the world where everybody could access your social media account and read your messages, or even worse, imagine a nuclear power plant being completely open for access, just walk in through the open gates. That potentially could result in a huge catastrophe. To prevent that and make sure that only authorized individuals (the people who have the rights/business needs to be there) can access a certain physical or virtual location, we use authentication. Authentication is the process of recognizing a user's identity, during which the provided credentials are compared to those on a file in a database. For example, almost all of us use emails nowadays. First, you will need to create a login and password, after which each time you would like to access your mailbox, the system will prompt you to type them in and compare them to the ones you created during the initial set up to make sure that it is indeed you who is accessing it.
Rainbow tables
Hacking is hard work! Users' passwords are usually protected by software developers by being converted into hashes-- think of hashes as passwords that have been converted into a new, secret language. Thus, when a hacker hacks into a computer to steal login data, they can only see a list of usernames and their corresponding hashes, not the plain text password. So how can the hacker use this information? With some elbow grease, hackers can convert hashes back into regular old passwords, but it's a labor-intensive, time-consuming process. That's where rainbow tables come in. Think of rainbow tables as "hash-to-password" translation dictionaries, huge files that contain many possible password combinations AND their corresponding hash. With a rainbow table, hackers can try more combinations faster, allowing them to crack more passwords in a shorter amount of time.
Packets
Have you ever wondered how information (email, image, webpage, etc.) gets transmitted from your computer halfway across the world to another computer? It works much the same way as the transporter in Star Trek that transports living things or inanimate objects from one location to another. First, the information is broken up into many little bits, called "packets". These packets are then converted into pulses of light or radio signals that travel through cables in milliseconds. The packets do not necessarily take the same route. They will take the most efficient route and then be reassembled at their final destination like the pieces of a puzzle being reassembled. How do they know how to reassemble themselves? Each packet contains header information saying where it's going, where it came from, and how much it contains. Sometimes a packet gets lost or "dropped." If that happens, a replacement is sent. Imagine a letter written on a piece of paper and then torn up into many tiny pieces, which are then blown through a long series of pipes to the intended recipient. But instead of receiving a pile of confetti, the pieces of the letter are already magically reassembled!
Honeypots
Honeypots are a detection method to identify hackers who are trying to penetrate an individual or business's computer system. When an individual or company uses a "honeypot" they are actively allowing a hacker to access information in their computer system. The information the hacker sees is actually fake information (or a decoy) made to look like real data that the company might typically use to conduct business. The honeypot, or decoy data, is not only designed to lure the intruders away from the real assets, but also to set a tripwire for those who are monitoring the system for unauthorized intrusions. Imagine you hack into your friend's computer to see if they have been emailing your boyfriend about planning you a surprise party. Your friend suspects you might do this, so your friend sets a trap and create fake emails between themselves and your boyfriend about the party. When you hack into their computer you see the fake emails, which you believe to be real, giving you all the details about the party. And when you open those emails, your friend receives a confirmation receipt. The fake emails would be considered a "honeypot".
IPv4 vs IPv6
IPv4 is fourth version of Internet Protocol, which is used to identify devices through their IP address. The growth of the internet has caused an issue where the number of new IPv4 addresses is running low because of the multitiute of devices connected to it. IPv6 was created to address the need for more access and additionally to new-and-improved generation of IP. This is why it is sometimes referred to as IPng or Internet Protocol next generation. The technological changes include but are not limited to simplified and efficient routing, built-in authentication and privacy support and easier administration.
Multifactor Authentication
Imagine you walk into a bank to access your safety deposit box. The teller asks you to provide 1 government form of identification, the answer to a previously determined question, and a physical key. Although to some, it may appear to be overkill but having different requirements only aids in ensuring that the individual who wishes to access the box is the owner/has permission from the owner. If one, or more, of those attempts at authenticating the individual failed, anyone could walk into a bank and gain access to your safety deposit box. The main idea behind multifactor authentication (MFA) is to give the user a better sense of security. While there are different versions of MFA (2-factor authentication and 2-step authentication) the goal is to allow the user to provide information that they have, that they are, and that they know. In many cases, this is simply the user entering a password and then receiving a text message with a specific code to enter. By providing the extra information, the code, the hope is that your account is more secure.
(cybersecurity) Vulnerability Get
In the cybersecurity context a vulnerability is or flaw or weakness in the software, hardware or the way access controls have been setup, that can compromise security. This could be in the form of; no password or the same password for everything; a connection to an open network or server where information is shared across multiple devices. It can also be physical like a USB port where anyone can plug in a USB device that will give it direct access to the computer.
Brute force attack
In the simplest terms, brute force attack is a trial and error method that attempts all the combinations for a password. Using automated software to generate a large number of consecutive guesses as to the value. The attack process is designed to keep guessing the password until you are successful, but this process can be very slow and tiresome. Furthermore, most email accounts will lock the user out after a number of failed attempts. To maneuver around this hurdle the technique shifts off-line using computer software tools like "Hydra", which guesses the password against a provided wordlist. Wordlist is a text file containing a collection of predefined words for the software to test the password. The most common wordlists used are from the Dictionary, Wikipedia and any password database leaks. The point of going off-line is to test against all possible combinations of a user's password within the software, to find the correct password without locking up the user's account. The off-line brute force technique is strongly favored because it tests against a large volume of users and passwords gathered from the internet, specifically the dark web. Hydra, which is equipped with a large computational resource, usually comes up with a match within minutes.
Transmission Control Protocol) TCP layer
Layer 1: Network Access Layer - This layer is where data travels across a physical network"A TCP Network model has several layers. Each layer is separate from the others and has a specific function. Data moves from one layer to another, communicating through the network. Layer 2: Internet Layer - This layer is where network packets travels from one host to another across network boundaries Layer 3: Transport Layer - This layer provides communication between hosts Layer 4: Application Layer - This layer lays out the communication protocols to be used when transporting data between hosts
Penetration testing
Penetration testing is an evaluation method used to test the effectiveness of a system's defense. There are two types of penetration testing, white box and black box. White box test looks at the internal system and gives you information about your systems weak points. Let's think of a restaurant, you want to make sure the servers are communicating with the cooks and making sure the right information is being passed around. You are taking a look at the internal system of kitchen staff. Black box test is the opposite, you don't care about what type of code was used. In a black box test you check to see if what you request is what you get. It's all about checking the inputs and outputs. Let's go back to the restaurant and this time you order burger but instead you get a salad. You don't know what is going on in the kitchen but you know what you requested or your "input" was not what you received or your "output". Other methods of testing include: external, internal, blind, double-blind, and, targeted testing. All tests check to see what vulnerabilities exist in the security of a network or information system.
Personally Identifiable Info (PII)
Personally Identifiable Information, or PII, is informational data that has the potential to distinguish or identify an individual or entity. PII can be separated between two different categories, Sensitive PII or Non-Sensitive PII. PII is characterized as sensitive when the resulting information of an individual or entity by being disclosed results in a certain degree of harm to the individual or entity. Some examples would be SSN's, biometric data, passwords, or medical records. Information that when disclosed does not result in harm is characterized as non-sensitive. For example, public records, phone books, and public websites. Think of it as a jigsaw puzzle of an individual. The more pieces that are publicly available or that a foreign entity has of another, whether it be sensitive or not, the more complete and clear the puzzle.
Remote Access Service
Remote Access Service allows remote clients to connect through a telephone line or other wide area network (WAN) link to a host server. The service allows users to securely access data on the network while away from it as though logged on to the server directly. Made possible by a combination of Operating System software (macOS, MS Windows, or Linux), hardware (Personal Computer, tablet or smartphone) and Internet connectivity. To simply explain think of the Remote Access Service (RSA) in the terms of the famous Middle Eastern folk tale - Ali Baba and the Forty Thieves. In the story, Ali Baba a poor woodcutter discovers the secret of a thieves' den, entered with the phrase "Open Sesame" (Wikipedia) let's go even further and grant Ali Baba access to a "Magic Carpet" (Wikipedia), which only responds to Ali Baba's command. Ali Baba (Client) using his voice (Password) commands the Magic Carpet (Remote Access) to take him high and fast thru the sky (Internet Connectivity) without detection (Network Port) to the thieves' den (Host Server) where he uses the discovered secret phrase - open sesame (Host Password) to access the Thieves den, (Network) and steals their Treasure (Hacking). Remote Access Service would be the agreed upon parameters of this entire story.
SQL injections
SQL can be used to attack attack databases when an attacker injects the database with an SQL-coded malicious query which searches for a particular programming language for targets of information. The injected query is input into the system through its client's data. Once injected the attacker can re-write code and issue commands."SQL stands for Structured Query Language and is a language used for programming data in database management systems. SQLi vulnerabilities can be detected through testing and then repaired by using parameterized queries so that the database treats them as data rather than as commands. This prevents SQL injections in client data from taking over control of other parts of the system.
Spyware
Spyware is a type of malicious software that intends to gather information about a person or organization without their knowledge. This information can be relayed or sold to advertisers, data firms, or external users for a variety of uses, such as tracking and selling your internet usage habits, capturing your credit card or banking formation, or identity theft. Some spyware can change the settings on your devices, even changing your data sharing preferences to lock you out of important accounts. Spyware can take many forms, but three notable types include: adware, tracking cookies, and system monitors. Adware tracks your brower history and downloads with the intent of predicting what products or services you're going to use or buy- this software is used for marketing and can greatly slow your computer. Next are tracking cookies. Similar to adware, these track your online activities. That data is mined and then sold without your consent. Lastly, system monitors are used to track your internet history, keystrokes, emails, chat-room dialogs, etc. which can be costly and embarrassing depending on the information that the perpetrators are able to find and attempt to sell or use for extortion.
Worms
Stuxnet is one of the most notorious computer worms to date, consists of a worm component for propagation of the malware through the sharing of infected USB devices, as well as malware that targets supervisory control and data acquisition systems, which are widely used in industrial environments, including power utilities, water supply services, sewage plants and elsewhere."A computer worm is self-replicating malware that duplicates itself to spread to uninfected computers. Worms often use parts of operating systems that are automatic and invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them.
Encryption (Symmetric)
Symmetric encryption is a method of cyptography that utilizes a singular encryption key that is used to encrypt and decrypt private information, such as a secret message. Both entities communicating using this method must exchange the key to encrypt and decrypt the message. The message, or data, that is being relayed is converted to a form that cannot be understood and requires a key to be returned to its original state. This method fails when the key is discovered by someone looking to intercept the message, which is why asymetric encryption became popular.
Principle of least privilege
The Principle of Least Privilege, or POLP, is a cyber security best-practice for organizations. In order to protect users from themselves (i.e., accidentally downloading viruses, opening malware attachments, or falling for online scams), IT departments limit users' abilities to only what is absolutely vital to complete their work-- this applies to access to both computing functions and data. This means that if a user, say, only needs the ability to read email, they will only have the ability to read email-- no visiting other websites, no downloading new software, no editing the desktop image to be a photo of an adorable kitten hanging from a tree branch. This also means that data is only accessible on a need-to-know basis; for example, the front desk clerk in a doctor's office needs access to the doctor's calendar, but they do not need access to patient's medical records. According to the POLP, that clerk should not have the ability to access those medical records. In the event of a data breach, security issue, or technological problem, this practice also simplifies the troubleshooter's job; it (theoretically) limits the number of ways a user could screw up the system.
Trojans
The Trojan name comes from the mythological horse from Homer's Iliad. Just as the horse was designed to deceive the people of Troy, a trojan looks like a normal file, software or program but inside is destructive malware. The horse's purpose was to deceive the citizens of Troy into thinking it was a gift. Comparatively, in the cyber-world, before a trojan is revealed (i.e. when the user downloads an email attachment or a computer game), it is initially disguised to function as you intended; by then it's too late. Trojans vary in capability but are usually intended to steal, disrupt, and damage the data and the networks attached to your device. There are many varieties of Trojans that are capable of different types of attacks. For instance, a Backdoor Trojan is designed to open a backdoor to your computer to allow other attackers access to your system. A Ransom Trojan is designed to install onto your computer and deny access to the owner unless they pay a ransom. A Remote Access Trojan (RAT) is designed to gain access to your computer after downloading. RAT's are considered to be malware. Once access is granted, attackers have free reign to control and manipulate your device including (but not limited to): recording from your webcam, exporting confidential data and taking screenshots. A Banking Trojan is designed to steal data attached to your financial accounts. Regardless of the type of trojan, it is important that you invest time into finding the right type of virus scans and be mindful when opening up emails, clicking on links, etc., especially if it is from an unknown source.
Threat landscape
Threat landscape is an overview of existing threats, as well as current and emerging trends. For example ransomware( see ransomeware definition) and cryptojacking(see cryptojacking definition). Different companies publish the threat landscape reports, ENISA(European Network and Information Security Agency) is just on entity that provides this information.Think of your local police department issuing a public service announcement about the local threat landscape by warning people of current dangers, e.g. spike in car break-ins targeting people who leave valuables visible in their car, muggings of people walking alone after dark, and burglaries in a particular neighborhood by suspects driving around in an old volkswagen.
Software as a Service
Try to think of the Software as a Service as a film or TV series of your favourite media-services provider, like Netflix. In order to have access to every film and TV series that this platform offers, you must own a subscription that you can renew on a periodic basis. Although Netflix is not a Software as a Service, the idea is closely related: the Software as a Service, better known in its acronym form, SaaS, is a web-based model of software delivery that is centrally hosted. This means that software vendors will maintain and host the server, while licensing the software to the customers. In other words, the end users of the software won't own the software per se (and for this reason the software is not installed in the computer), but they will be granted access via the internet through a license that is renewable on a periodic basis. SaaS software might be free or require a monthly fee. SaaS became very popular between business applications. For instance, Microsoft Office 365, Google Apps and Amazon Web Services are examples of SaaS. Extending this SaaS idea, cybercriminals now trade in something called RaaS (this stands for Ransomware as a Service). Ransomware, similar to a kidnapper demanding a ransom for a hostage, is a malware that encrypts and locks down data on your computer, providing you with the data if you pay a financial ransom. But rather than create or buy the ransomware "kit" themselves, cybercriminals are contracting with the owners of the malware in a profit-sharing scheme.
Black hats/White hats
We categorize many things by color, and that includes hackers, too. The color of the hat determines the purpose of the hacker. A Black hat would be referred to as a "malevolent hacker". This is someone who hacks into computer systems in order to compromise security. The OPM data breach of 2015 is one very famous example of black hat activity, compromising an estimated 21.5 million personal records. While black hats usually hack for illicit financial gain, the reasons can vary. They could be hacking for politcal protest, or it could simply be for thrills. On the flipside, a White hat is the "benevolent hacker". This is someone who discovers vulnerabilities in computer systems for the sake of improving security. This person could be an employee of a company trying to find these vulnerabilities, or they could be a concerned individual telling a company that they discovered a cybersecurity weakness. These two types of hackers are like two different types of neighbors. A Black hat would be that terrible neighbor that notices the lock on your front door doesn't work, so they sneak in and steal the leftovers from your fridge. A White hat would be the kind of neighbor who tells you "hey, I noticed the lock on your front door doesn't work, you should get that fixed because someone could walk in and steal your leftovers if they wanted to".