Cyber Security

Quiz February 4th

advanced persistent threat (APT)

a cyber attack campaign with specific objectives, conducted by a coordinated team of experts, combining organizations, intelligence, complexity and patience

Air-Gap

to physically isolate a computer or network from other unsecure networks, including the public internet to prevent network-enabled attacks

Botnet

a network of “zombie” computers controlled by a single actor. They are common tools for malicious activity on the Internet, including denial-of-service attacks and spam, since they provide free (stolen) computation and network resources while hiding the identity of the controller.

cloud computing

a shift in control of computing resources from the individual or organization to a shared resource run by a third party. By pooling network-enabled resources, cloud computing enables mobility, scalability, flexibility, and efficiency, but increases the dependency on the cloud provider

computer emergency response team (CERT)

Organizations located around the world that serve as hubs of cyber security technical expertise, collaboration, and security information dissemination. Many governments have their own national CERTs, as do an increasing number of industrial sectors and large organizations.

Computer Network operations (CNO)

military concept of utilizing computers to “destroy, deny, degrade, disrupt and deceive” while at the same time preparing and defending against the enemies attempt to do the same

critical infrastructure

the underlying components of the economy that run out modern-day civilization, ranging from power and water to banking health care and transportation many countires have special policies and regulations for critical infastucture protection

Cyberterrorism

as defined by the FBI a “premeditated politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by subnational groups or clandestine agents

distributed denial of service (DDoS)

an attack that seeks to inundate a targeted systems functions or connection to the internet. attackers distribute the overwhelming traffic across multiple sources often using botnets of thousands or even millions of machines

Domain Name Systems (DNS)

the hierarchical, distributed naming system that translates the humanly memorable names (like BC.edu) into numeric IP adresses (192.245.194.172)

Firewall

a filter that rejects data traffic from entering a specific network or machine following specific rules

Hacker

A passionate technicals expert who ignores rules. it is not necessarily a malicious actor (“white hat” hackers try to find and close weaknesses before a “black hat” criminal can)

Hacktivism

Combining hacking with activism, the use of computer means of protest and attack to aid in the cause of civil disobedience

HyperText Transfer Protocol (HTTP)

the technical protocol that defines how applications ask for and deliver content on the world wide web

International Telecommunications union (ITU)

formed in 1865 to regulate cross-border telegraph communications a UN agency that coordinates international communication policies and interconnections

Internet Corporation for assined names and number (ICANN)

the private non-profit created in 1998 to run the various internet administration and operations tasks that had previously been performed by US government organizations

Internet Protocol (IP)

the primary principal communications protocal that enables internet workings it defines adressing methods and how to deliver packets from one point to another soley based on their IP adress

Internet Protocol IP adress

a numerical label that is assigned to an addressable connection to the internet: an endpoint

internet service provider (ISP)

an organization that provides access to the internet as well as other services such as web hosting or e-mail. it is a primary control point since all traffic from an individual or organization flows through

Malware

malicious or malevolent software including viruses, worms, and trojans that is preprogramed to attack disrupt and or compromise other computers and networks a packaged exploitation of vulnerability there is often a payload of instructions detailing what the system should do after it has been compromised

packet

digital envelope of data by breaking up flows of data into smaller components packets can each be delivered in an independent and decentralized fashion then reassembled at the endpoint. when conversations are broken into smaller partys packets from multiple different conversations can share te same network links without a controlled path or dedicated circuits

patch

a software code update vendors use security patches to mitigate of fix security vulnerabilities

secure internet protocol router network (SIPRNet)

the us military classified network used to communicate secret information following the same basic protocols as the broader internet

supervisory control and data acquisitions (SCADA)

a type of industrial control system particularly used to monitor and manage interconnected sensors and control large facilities

transport control protocol (TCP)

paired with the internet protocol one of the foundational protocols of the internet it manages expectations tat each end of a networked communication link has of the other end

virus

a malware program that can replicate itself and spread from computer to computer

worm

a type of malware that spreads automatically over a network installing and replicating itself the network traffic from apid replication and spread can cripple networks even when the malware does not have malicius payload

zero day

an attack that exploits a previously unknown vulnerability

zombie

a computer that has been compromised by and outside party, for the purpose of exploiting its computation and network resources frequently linked to botnet