Systems and Application Security
Logic Bomb
A computer program or part of a program that lies dormant until it is triggered by a specific logical event.
Stuxnet
A computer worm designed to find and infect a particular piece of industrial hardware; used in an attack against Iranian nuclear plants
Typosquatting
A form of cybersquatting that relies on mistakes, such as typographical errors, made by Internet users when inputting information into a Web browser.
Rootkit
A set of software tools used by an attacker to hide the actions or presence of other types of malicious software. Older definition: escalate privileges. Rootkits may run in a variety of privileged rings, from the ring 0 (kernel) to ring 3
Virtual SAN
A software product that allows the user to configure unused network capacity into virtual storage that mimics a physical SAN.
Adware
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
CryptoLocker
A specific form of ransomware that encrypts critical files or data until the victim pays a ransom to obtain the decryption keys.
Replay Attack
A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network. Easily defeated with session tokens or timestamps.
Armored Virus
A virus that goes to great lengths in order to avoid detection. May employ encryption, obfuscation, and/or sandboxing
Xmas Attack
An advanced attack that tries to get around detection and send a packet with every single option enabled. Crashes systems with poorly designed network stacks.
VM escape
An attack in which the attacker "breaks out" of a VM's normally isolated state and interacts directly with the hypervisor.
Man-in-the-middle
An attack that intercepts legitimate communication and forges a fictitious response to the sender.
Smurf Attack
Bot sends multiple echo/ping requests with victim's IP address as source to IP address, third parties sends victim an echo reply, and victim suffers dDoS
BYOD
Bring Your Own Device
COPE
Corporate Owned, Personally Enabled
DoS
Denial of Service attack. Makes computing services unavailable for legitimate use. Requires large amounts of bandwidth and ability to avoid being blocked by IP address.
DDoS Attack
Distributed Denial of Service Attack. Typically malware installed on many computers (thousands) activate at the same time and flood a target with traffic to the point the server becomes overwhelmed.
Amplified Attack
DoS attack, response to initial request is very large and overwhelms target.
DNS
Domain Name System. The Internet's system for converting alphabetic names into numeric IP addresses.
FDE
Full Disk Encryption. Method to encrypt an entire disk. TrueCrypt is an example.
Propagation
How malware spreads
Hybrid Cloud
Includes two or more private, public, or community clouds, but each cloud remains separate and is only linked by technology that enables data and application portability.
Worms
Independent computer programs that copy themselves from one computer to other computers over a network
IaaS
Infrastructure as a Service. A public cloud computing technology useful for heavily utilized systems and networks. Organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers. eg AWS, Microsoft Azure, and Google Compute. Customer secures app and data, vendor secures OS.
Scareware
Malicious software of no benefit that is sold using scare tactics
Polymorphism
Malware solution to avoiding digital signatures in anti-malware database; malware mutates after each propagation
Viruses
Malware spreading from system to system based on some kind of user interactions
Botnet
Malware that "calls home" to a command and control center for further instructions after it infects a computer. May be used to rent out other bots/botnets, initiate spam campaign, DDOS, mine bitcoins, brute force attacks, any situation requiring storage, computing power, or network connectivity.
MBSA
Microsoft Baseline Security Analyzer (MBSA) is software developed and used by Microsoft to check the security of an operating system by assessing missing security updates and less secure areas of the operating system. Provides a very comprehensive review since it runs with admin rights.
MDM
Mobile Device Management: software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprise. May include storage segmentation abilities for sensitive information.
PaaS
Platform as a Service. Vendors provide cloud customers with an easy-to-configure operating system and on-demand computing capabilities. Middle ground between SaaS and IaaS: they do not worry about managing servers, but still run their own code and secure OS, apps, and data.
Public Cloud
Promotes massive, global, and industry-wide applications offered to the general public. Shared tenancy and responsibility. Cloud provider is responsible for some areas of security, such as encryption and control policies, while customer is responsible for other areas, such as data being sent, and configuring access control policies. Includes SaaS, IaaS, and PaaS TIERS
RAT
Remote access Trojan. Malware that allows an attacker to take control of a system from a remote location.
Morris Worm
Robert Morris, grad student at Cornell, created a program to copy a message to systems on the Internet He wasn't as careful as he should have been with limiting the propagation Brought the Internet to near collapse for several days in 1988 First Denial of Service attack AKA RTM Worm
Private Cloud
Serves only one customer or organization and can be located on the customer's premises or off the customer's premises, does not want to share computing resources.
SLA
Service level agreement. An agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.
Backdoors
Shortcuts into programs created by system designers to facilitate system maintenance but used and abused by crackers.
SNMP
Simple Network Management Protocol. Used to collect system information from a remote/virtual computer
SaaS
Software as a Service. Applications provided over the Internet. Customers do not worry about processing, storage, networking, additional infrastructure details. Customer accesses services through web browsers. Vendor secures almost everything.
SDN
Software defined network. A method of using software and virtualization technologies to replace hardware routers. SDNs separate the data and control planes. Strong access controls needed since malicious individuals can take control of network and program it to their needs.
Ransomware
Software that encrypts programs and data until a ransom is paid to remove it.
Type 2 Hypervisor
Software to manage virtual machines that is installed as an application in an operating system. Most common hypervisor.
Type 1 Hypervisor
Software to manage virtual machines that is installed before any operating system is installed. AKA bare-metal hypervisor. Hypervisor runs directly on hardware and then hosts guest operating systems.
DNS poisoning
Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.
Payload
The destructive event or prank a virus was created to deliver.
TPM
Trusted Platform Module
Trojan Horse
a program that appears desirable but actually contains something harmful
ARP poisoning
an attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker's machine. Only works on local networks.
Spyware
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.