Computer Network Threats, Security Concepts, and Counter-Measures

These vocabulary flashcards cover key terms and definitions spanning threat models, attack types, malware, security technologies, authentication, firewalls, incident response, backup strategies, and U.S. Air Force–specific security programs introduced in the lecture.

Threat

Any circumstance or event with the potential to adversely affect a system by exploiting a vulnerability.

STRIDE Model

Microsoft framework for threat analysis: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.

Spoofing

Pretending to be someone or something else to gain unauthorized access.

Tampering

Unauthorized modification of data on disk, network, memory, or elsewhere.

Repudiation

Ability for a user to deny having performed an action or transaction.

Information Disclosure

Providing information to an entity not authorized to have it.

Denial of Service (DoS)

Exhausting resources so legitimate users cannot obtain service.

Elevation of Privilege

Gaining capabilities beyond those originally granted.

Inside Attack

Security breach initiated by an authorized insider misusing legitimate access.

Outside Attack

Security breach initiated by an outsider who gains illegitimate system access.

Botnet

Network of compromised computers remotely controlled to launch attacks or send spam.

Vulnerability

Flaw or weakness in design, implementation, or operation that could be exploited.

Network Attack

Intentional act to evade security services and violate security policy of a networked system.

Distributed Denial of Service (DDoS)

DoS attack launched simultaneously from multiple computers, often via a botnet.

Unauthorized Access

Obtaining resources a system should not provide to the attacker.

Data Diddling

Fraudulently altering data during entry or processing to change its meaning.

Data Destruction

Process of making data completely unreadable or unrecoverable.

Degaussing

Using a strong magnetic field to erase data on magnetic media.

Social Engineering

Non-technical attack relying on psychological manipulation to obtain confidential info.

Phishing

Mass fraudulent solicitation (email/text/web) to acquire sensitive data.

Spear Phishing

Targeted phishing aimed at a specific individual or group.

Whaling

Spear phishing targeting high-value executives such as CEOs.

Baiting

Using enticing digital or physical lures (e.g., infected USB) to trick victims into running malware.

Malicious Code

Software/scripts written to cause undesired effects or security breaches.

Malware

Umbrella term for hostile or intrusive software such as viruses, worms, Trojans, etc.

Computer Virus

Self-replicating code that hides in programs or boot sectors and requires user action to spread.

Boot-Sector Virus

Virus residing in the first sector of media; loads at startup and infects every disk read.

File Infector Virus

Virus that attaches to executable files and activates when the file runs.

Macro Virus

Malicious code written in an application’s macro language, triggered when a file opens.

Logic Bomb

Hidden code that executes when a specific event or date occurs.

Trojan Horse

Program that performs expected functions while secretly installing unauthorized software or backdoors.

Worm

Self-replicating malware that spreads without user intervention, often across networks.

Ransomware

Malware that locks or encrypts data and demands payment for release.

Spyware

Hidden software that monitors user activity and sends data to a remote attacker.

Adware

Software that automatically displays advertisements, typically via pop-ups.

Rootkit

Stealthy software giving attackers privileged, often hidden, system access.

Vulnerability Scanning

Automated probing to identify hosts susceptible to known attacks.

Patching

Applying vendor-supplied fixes to remediate vulnerabilities or bugs.

User-Awareness Training

Education of users on security pitfalls and best practices to reduce risk.

Firewall

System that monitors and controls incoming and outgoing network traffic based on rules.

Anti-Spyware

Software that detects and prevents spyware infections or data collection.

Proxy Server

Intermediary system that forwards requests, providing security, privacy, and web filtering.

Mail Gateway

Server in a DMZ that scans and filters inbound/outbound email for spam and malware.

Anti-Virus

Software that detects, quarantines, or removes virus-infected files using signature patterns.

Syslog

Centralized logging protocol collecting logs from multiple devices.

Threat Agent

Entity (insider or outsider) capable of carrying out a threat.

Agent-Based NAC

Network Access Control requiring client software to report compliance before access.

Agentless NAC

NAC that performs compliance checks without installing client software.

Dissolvable Agent

Temporary NAC agent installed during connection and removed afterward.

Permanent Agent

Resident NAC software continuously monitoring a device’s posture.

Authentication

Process of verifying the identity of a user or system.

Something You Know

Knowledge-based authentication factor such as a password or PIN.

Something You Have

Possession-based factor like a smart card or token.

Something You Are

Biometric factor such as fingerprint or facial pattern.

Somewhere You Are

Location-based authentication using GPS or IP address.

Something You Do

Behavioral factor such as typing rhythm or gait.

Multifactor Authentication

Using two or more different factor categories for stronger authentication.

Single Sign-On (SSO)

Authenticate once to gain access to multiple systems without re-entering credentials.

802.1X

IEEE standard for port-based network access control requiring authentication before connection.

AAA

Combined services of Authentication, Authorization, and Accounting.

RADIUS

UDP-based AAA protocol for remote access authentication and accounting.

Diameter

TCP-based successor to RADIUS offering improved reliability and security.

TACACS+

Cisco AAA protocol separating authentication, authorization, and accounting over TCP.

Access Control List (ACL)

List of permissions specifying which users or systems can access a resource.

Software Development Life Cycle (SDLC)

Structured process for planning, creating, testing, and deploying software.

Waterfall Model

Linear SDLC where each phase completes before the next begins; no backtracking.

Agile Model

Iterative SDLC using short sprints allowing backtracking and continuous feedback.

Fuzzing

Testing method feeding random invalid data to find crashes or vulnerabilities.

Input Validation

Ensuring user-supplied data is checked for correctness and safety before processing.

Cross-Site Scripting (XSS)

Attack injecting malicious scripts into trusted web pages viewed by others.

Encryption

Transforming data into ciphertext unreadable without a decryption key.

Intrusion Detection System (IDS)

Monitors systems/networks for suspicious activity and alerts administrators.

Intrusion Prevention System (IPS)

Monitors and actively blocks or mitigates detected malicious activity.

HIDS

Host-based IDS running on individual systems to detect local threats.

NIDS

Network-based IDS analyzing traffic on network segments.

BIOS

Firmware that initializes hardware and starts the boot process in a PC.

CMOS

Chip storing BIOS settings such as boot sequence.

Secure Boot

Process verifying digital signatures of boot files to prevent unauthorized OS loading.

Full Disk Encryption (FDE)

Encrypting an entire hard drive so data is unreadable without authentication.

Trusted Platform Module (TPM)

Hardware chip storing cryptographic keys used by FDE like BitLocker.

Hardware Security Module (HSM)

Dedicated hardware card/appliance for managing cryptographic keys.

Packet-Filtering Firewall

Stateless firewall filtering traffic based on IP addresses and ports in packet headers.

Stateful Packet Inspection Firewall

Firewall tracking connection state to allow only packets matching valid sessions.

Application-Layer Firewall

Firewall inspecting packet payload and application commands for fine-grained control.

iptables

Linux command-line utility configuring firewall rules via policy tables.

Demilitarized Zone (DMZ)

Perimeter network segment between internal network and public internet hosting public-facing servers.

Extranet

Network zone granting selected external organizations controlled access to internal resources.

Guest Network

Isolated zone providing visitors internet access while blocking internal resources.

Incident

Assessed occurrence jeopardizing confidentiality, integrity, or availability of an information system.

Event

Any observable system or network occurrence that may indicate an incident.

First Responder (Incident)

Initial individual who takes charge of an incident and activates the response team.

Computer Incident Response Team (CIRT)

Group designated to handle, document, and resolve security incidents.

Root Cause Analysis

Process of determining the underlying reason an incident occurred.

Baseline Configuration

Documented initial secure state of a system serving as reference for future assessments.

Configuration Management

Process of maintaining systems in a known, consistent state through documented changes.

RAID 0

Striping across disks for speed without redundancy.

RAID 1

Mirroring data to a second disk for redundancy.

RAID 1+0 (RAID 10)

Striped set of mirrored pairs providing speed and fault tolerance.

RAID 5

Striping with single parity enabling tolerance of one drive failure.

RAID 6

Striping with double parity tolerating two simultaneous drive failures.