Cybersecurity

Virus

A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data

Social Engineering

Tricking/Deceiving Someone into giving you private information or data

Backdoor

Attacker gets access by using an exploit to access the system

Spyware

software that obtains information about another computer's activities without knowledge of the user

Spear Phishing Attack

is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user's computer.

DOS

Denial of Service: an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

DDOS

Distributed Denial of Service: occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.

Botnet

a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, used to send spam messages, ddos attacks, mine for cryptocurrency, and more

Dumpster Diving

looking through trash to obtain sensitive information

Ransomware

malicious software that blocks access to computer until an amount of money is paid

Malware

software intended to harm computers, networks, people, or businesses

Drive-by Download

Downloads installed by just passing through an infected webpage

E-mail flooding

sending many emails to a target to flood the inbox and take down the server

Trojan Horse

a virus disguised as real software, to make it appear harmless so victims download and run it

Worm

a self-replicating virus that does not usually alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

DNS spoofing

also referred to as DNS cache poisoning, is a form of computer hacking in which corrupt Domain Name System data is introduced into a DNS resolver's cache, causing the name server to return an incorrect IP address, which results in diverting traffic to the attacker's computer (or any other computer).

Scareware

Malware which tricks users into buying fake antivirus protection

White Hat

A hacker who does good. Tests security systems with consent of the owners.

Black Hat

A hacker who uses their abilities for malicious purposes such as breaching and bypassing internet secuirty.

Cyberterrorist

Someone who uses computers to cause severe damage or widespread fear in society.

Hacktivist

a computer hacker whose activity is aimed at promoting a social or political cause.

Cyberespionage

the use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.

Bots

Bots can send spam attacks, dos attacks, and others. Malware ran on a computer can let the attacker place these on computers which once infected are called zombies.

A collection of bots all controlled by one person is called a botnet, commonly used for DDOS attacks

Password Cracker

a program used to guess a users password, using lists of keywords and common passwords.

Adware

Malware that displays ads when the user is on the internet, and can collect marketing data without the user's knowledge. Adware can also redirect a search request.

Sniffing

allows individuals to capture data as it is transmitted over a network and is used by network professionals to diagnose network issues, and by malicious users to capture unencrypted data, like passwords and usernames.

Script Kiddie

a person who uses existing computer scripts or code to hack into computers, lacking the expertise to write their own.

Compromised Key Attack

the use of a key that an attacker has stolen to gain access to a secured transmission. The key allows the attacker to decrypt the data that is being sent. The sender and receiver are usually not aware of the attack.

Antivirus

computer systems that block, detect, and remove viruses and other malware

Firewall

a part of a computer system or network that is designed to block unauthorized access while permitting outward communication.

Spam Email

unsolicited emails sent to many addresses

Software Patch

an update to a computer program in order to fix or update the program

Vulnerability

a flaw or weakness that hackers or malware can exploit

Audit Trail

A record showing who has accessed a computer system and what operations he or she has performed during a given period of time. Useful both for maintaining security and for recovering lost transactions.

Blended Threat

A computer network attack that seeks to maximize the severity of damage and speed of contagion by combining methods, for example using characteristics of both viruses and worms, while also taking advantage of vulnerabilities in computers, networks, or other physical systems. An attack using a blended approach might send a virus via an e-mail attachment, along with a Trojan horse embedded in an HTML file that will cause damage to the recipient computer. The Nimda, CodeRed, and Bugbear exploits were all examples of blended threats.

Ciphertext

Form of cryptography in which the plaintext is made unintelligible to anyone, who intercepts it by a transformation of the information itself, based on some key.

Encryption

The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.

Decryption

the process of converting encrypted data back into its original form, so it can be understood.

What should you do if you receive an email from someone you don't know with an attachment?

Mark it as spam, ignore it, or delete it.

You have a Mac so you don't have to worry about viruses.

(True/False)

False

Directory Harvest Attack

an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database

IP Spoofing

IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonate another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value.

IPSec

IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPsec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well.

L2TP

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself.

SSL

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

WEP

Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN.

WPA

Wi-Fi Protected Access (WPA) is a security standard for users of computing devices equipped with wireless internet connections, or Wi-Fi. It improved upon and replaced the original Wi-Fi security standard, Wired Equivalent Privacy (WEP). WPA provides more sophisticated data encryption than WEP, and it also provides user authentication -- WEP's user authentication was considered insufficient.

802.1x

IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

VPN

A virtual private network (VPN) is a network that is constructed using public wires — usually the Internet — to connect to a private network, such as a company's internal network. There are a number of systems that enable you to create networks using the Internet as the medium for transporting data.

IEEE 802.**

IEEE 802.11 - Wireless LAN (WLAN) & Mesh (Wi-Fi certification)

IEEE 802.3 - Ethernet

IEEE 802.1 - Higher Layer LAN Protocols (Bridging)

IEEE 802.15 - Wireless PAN

Audit Policy

What you monitor on the network. Establishing audit policy is an important facet of security. Monitoring the creation or modification of objects gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach.

There are nine different kinds of events you can audit. If you audit any of these kinds of events, Windows® records the events in the Security log, which you can find in Event Viewer.

Audit Policy Options

You can choose these to monitor in windows:

•Account logon events.

•Account management

•Directory service access

•Logon events

•Object access

•Policy change

•Privilege use

•Process tracking

•System events

Incident Response

Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

Incident Response Procedure

According to SANS institute:

1. Preparation: Preparing users and IT staff to handle potential incidents should they should arise

2. Identification: Determining whether an event is indeed a security incident

3. Containment: Limiting the damage of the incident and isolating affected systems to prevent further damage

4. Eradication: Finding the root cause of the incident, removing affected systems from the production environment

5. Recovery: Permitting affected systems back into the production environment, ensuring no threat remains

6. Lessons learned: Completing incident documentation, performing analysis to ultimately learn from incident and potentially improve future response efforts

Dual-homed host/firewall

A dual-homed host is a term used to reference a type of firewall that uses two (or more) network interfaces. One connection is an internal network and the second connection is to the Internet. A dual-homed host works as a simple firewall provided there is no direct IP traffic between the Internet and the internal network.

Triple-homed firewall (Aka screened subnet)

A screened subnet (also known as a "triple-homed firewall") is a network architecture that uses a single firewall with three network interfaces.

Interface 1 is the public interface and connects to the Internet.

Interface 2 connects to a DMZ (demilitarized zone) to which hosted public services are attached.

Interface 3 connects to an intranet for access to and from internal networks.

Even if the firewall itself is compromised, access to the intranet should not be available, as long as the firewall has been properly configured.

DMZ

In computer networks, a DMZ (demilitarized zone) is a physical or logical sub-network that separates an internal local area network (LAN) from other untrusted networks, usually the Internet. External-facing servers, resources and services are located in the DMZ so they are accessible from the Internet but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts the ability of hackers to directly access internal servers and data via the Internet.

VLan

Ports on switches can be assigned to one or more VLANs, allowing systems to be divided into logical groups -- e.g., based on which department they are associated with -- and rules to be established about how systems in the separate groups are allowed to communicate with each other. These can range from the simple and practical (computers in one VLAN can see the printer on that VLAN, but computers outside that VLAN cannot), to the complex and legal (e.g., computers in the trading departments cannot interact with computers in the retail banking departments).

Intranet

An intranet is a private network that is contained within an enterprise. It may consist of many interlinked local area networks and also use leased lines in the wide area network. Typically, an intranet includes connections through one or more gateway computers to the outside Internet.

Extranet

an intranet that can be partially accessed by authorized outside users, enabling businesses to exchange information over the Internet securely.

Typically, larger enterprises allow users within their intranet to access the public Internet through firewall servers that have the ability to screen messages in both directions so that company security is maintained. When part of an intranet is made accessible to customers, partners, suppliers, or others outside the company, that part becomes part of an extranet.

Public Key Infrastructure

public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.

Hacking

use a computer to gain unauthorized access to data in a system

Cracking

The term "cracking" means trying to get into computer systems in order to steal, corrupt, or illegitimately view data. The popular press refers to such activities as hacking, but hackers see themselves as expert, elite programmers and maintain that such illegitimate activity should be called "cracking."

Intellectual Property

a work or invention that is the result of creativity, such as a manuscript or a design, to which one has rights and for which one may apply for a patent, copyright, trademark, etc. Things your company doesn't want someone stealing basically.