Introduction to Cybersecurity – Vocabulary Flashcards

A comprehensive set of vocabulary flashcards covering key cybersecurity concepts, threats, controls, and best practices discussed in the lecture notes.

Cybersecurity

The ongoing practice of protecting networks, systems, and data from unauthorized access, attack, or damage.

Personal Data

Any information (e.g., name, SSN, address) that can be used to identify an individual.

Online Identity

The persona and credentials you establish and use on the internet.

Username Best Practices

Choosing unique, non-identifying names and avoiding reuse to reduce password-guessing risks.

Organizational Data

Information critical to a company’s operations, including IP, financials, and customer records.

Intellectual Property

Trademarks, patents, trade secrets, and product plans owned by an organization.

The Foundational Principles (CIA Triad)

The three foundational principles of information security: Confidentiality, Integrity, Availability.

Confidentiality

Restricting information access to authorized users only.

Integrity

Protecting data and systems from unauthorized or accidental alteration.

Availability

Ensuring authorized users can access data and systems when needed.

Protecting Information in Processing

Data actively being used or modified by a system.

Protecting Information in Storage

Data at rest residing on media such as SSDs, USB drives, or cloud storage.

Protecting Information in Transmission

Data moving between systems across a network.

Technical Controls

Hardware and software solutions like firewalls or encryption that enforce security.

Cyberattacker

An individual or group that exploits systems for personal, financial, or political gain.

Script Kiddie

An inexperienced hacker who uses existing tools or scripts to launch attacks.

White Hat Hacker

Security professional who lawfully tests systems and reports vulnerabilities.

Black Hat Hacker

Malicious hacker who exploits weaknesses for illegal, personal, or financial benefit.

Grey Hat Hacker

Hacker who explores systems without permission but may disclose findings without malicious intent.

Hacktivist

Attacker who hacks to promote a political or social cause.

Organized Crime Hacker

Group-based attackers seeking financial gain through cybercrime services.

State-Sponsored Hacker

Well-funded, highly trained attacker acting on behalf of a government.

Cyberwarfare

Nation-state use of cyber tools to disrupt or damage another country's infrastructure.

Stuxnet

A sophisticated state-sponsored worm that caused physical damage to Iranian centrifuges.

Malware

Any malicious code designed to harm, steal, or compromise systems.

Spyware

Software that secretly monitors user activity and collects data by modifying security settings.

Adware

Programs that auto-display unwanted ads and may track user behavior.

Backdoor

Hidden method of bypassing normal authentication to gain system access.

Ransomware

Malware that encrypts data and demands payment for decryption.

Trojan Horse

Malware disguised as legitimate software to trick users into installing it, often found in games, images Or audio files

Rootkit

Stealthy malware that hides its presence and grants elevated privileges to attackers.

Worm

Self-replicating malware that spreads across networks without a host program

Virus

Malware that requires end user interaction which attaches to legitimate files, replicates, and can damage data

Methods of Infiltration

Tactics used by cyber attackers to gain unauthorized access to systems. Include phishing, on-path attacks, SEO poisoning and social engineering.

Botnets

Denial of Service (DoS)

Attack that disrupts service by overwhelming a target with traffic or requests.

Distributed Denial of Service (DDoS)

DoS attack launched from multiple compromised systems simultaneously.

Social Engineering

Manipulating people into revealing confidential information or performing unsafe actions.

Phishing

Fraudulent emails or messages that trick users into revealing sensitive data.

Pretexting

Creating a fabricated scenario to persuade a victim to divulge information.

Quid Pro Quo Attack

Social engineering that offers a benefit (e.g., free gift) in exchange for information.

Man-in-the-Middle (MitM)

Attack where a hacker intercepts and potentially alters communications between two parties.

Man-in-the-Mobile (MitMo)

MitM variant that hijacks a victim’s mobile device, often to steal SMS 2FA codes.

SEO Poisoning

Manipulating search rankings to lure users to malicious sites.

Brute Force Attack

Systematic trial of all possible password combinations to gain access.

Password Spraying

Trying common passwords across many accounts to avoid lockouts.

Dictionary Attack

Using a commonly used list of words to guess passwords systematically.

Rainbow Table Attack

Matching captured password hashes against pre-computed hash tables to reveal plaintext.

Network Sniffing

Capturing network packets to read unencrypted passwords or data.

Advanced Persistent Threat (APT)

Stealthy, long-term, well-funded attack campaign against a specific target.

Security Vulnerabilities

Any kind of hardware or software defect

Exploit

Code or technique that takes advantage of a vulnerability to perform an attack.

Hardware Vulnerability

Security flaw built into physical components like CPUs (e.g., Meltdown, Spectre).

Software Vulnerability

Defect in code or configuration that exposes a system to attack.

Buffer Overflow

Writing data beyond a buffer’s limits, potentially hijacking control flow.

Race Condition

Flaw where system behavior depends on timing of events, enabling attacks.

Non-Validated Input

A vulnerability in which data supplied to a program, by a user or exploit causes the app to behave in an untended way.

Weak Access Controls

improper use of practices that manage physical control of equipment, data or apps

Cryptocurrency

Digital currency (e.g., Bitcoin) secured by cryptography and recorded on a blockchain.

Blockchain

Decentralized ledger that immutably records cryptocurrency transactions in blocks.

Mining

A complex process involving miners solving math puzzles

Cryptojacking

Unauthorized use of someone’s computing resources to mine cryptocurrency.

Ways to protect your devices and networks

• Turn on your firewall

• Install antivirus and antispyware

• Manage operating system

• Set up password protection

Firewall

Security device or software that filters incoming and outgoing network traffic to protect device from unauthorized access

Antivirus & antispyware

Downloaded to scan computers and incoming emails for viruses or spyware and delete them.

Shodan

A web-based IoT device that identifies any vulnerable devices on three internet

Wireless Network

A ‘magic pathway’ that allows your devices to connect to the internet without any wires

SSID

Service Set Identifier

WPA2

Wireless Protected Access 2

How can you secure your wireless network?

• Enable WPA2 encryption

• Update devices

• Use wired connections for devices with a network interface card (NIC)

• Use virtual private network (VPNs) for wireless networks

Intrusion Prevention System (IPS)

Appliance that uses a set of traffic signatures that match & block malicious traffic and attacks

Virtual Private Network (VPN)

Encrypted tunnel from mobile computers that secures remote connectivity to a private network.

Types of Firewall

• Network layer

• Transport Layer

• Application Layer

• Context aware layer

• Proxy server*

• Reverse Proxy Server

• Network Address Translation (NAT)*

• Host-based firewall*

Routers

Provide basic traffic filtering capabilities which helps to define which computer from a given network segment can communicate with which network segments

Security appliances

• Routers

• Virtual Private Networks (VPN)

• Intrusion Prevention Systems (IPS)

• Firewalls

• Antimalware

Encryption

The process of converting Information into a form which unauthorized parties can’t read. Only a trusted authorized person with the secret key can decrypt data to it’s original form

Backing up Data

Prevents the loss of irreplaceable data

Data Storage Locations

• Home network

• Secondary Location; Network Attached Storage (NAS) device, thumb drive or external drive

• The Cloud

Permanent deletion of data

• Overwrite data with 1s and 0s multiple times using specifically designed tools

• Physically destroy data

Antimalware

Software that detects, prevents, and removes malicious code on endpoints.

Network Layer Firewall

Filters communication based on source & destination IP addresses

Transport Layer Firewall

Filters communication based on source & destination data parts and connection states

Application Layer Firewall

Filters communication based on source of an app, program or service

Context-Aware Firewall

Considers user, device, role, app type and threat intel to enforce granular policies.

Proxy Server

Filters web contact requests like URLs, domain names & media types

Reverse Proxy Server

Protect, hide, offload & distribute access to web servers when placed in front of them

Network Address Translation (NAT) Firewall

Masks private IP addresses by translating them to a single public IP.

Host-Based Firewall

Software firewall running on an individual computer that filters local traffic.

Encrypting File System (EFS)

Windows feature that encrypts files tied to a specific user account.

Backup

Creating a duplicate copy of data to enable recovery after loss.

Cloud Backup

Storing data copies in a cloud service such as AWS for off-site protection.

Data Shredding

Secure deletion method ensuring data cannot be recovered from storage media.

Terms of Service

Legal contract outlining rules between a user, a service provider and others who use the service.

Data Use Policy

Statement explaining how a provider collects, uses, and shares user data.

Privacy Settings

User controls that determine who can view or access personal information online.

Security Policy

Organization’s formal plan describing measures to protect collected data.

Two-Factor Authentication

Login method requiring two or more verification factors (e.g., password + code).

Open Authentication (OAuth)

Open standard protocol allowing users to grant apps access using existing credentials without sharing passwords.

Private Browsing Mode

Browser feature that disables cookies, history, and temporary files for the session.