Comprehensive Cybersecurity and Encryption Techniques for Network Security

Advanced Encryption Standard (AES)

is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies and, as a likely consequence, may eventually become the de facto encryption standard for commercial transactions in the private sector.

authentication

is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords.

back door

is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected.

biometrics authentication

is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits. Unique identifiers include fingerprints, hand geometry, earlobe geometry, retina and iris patterns, voice waves, DNA, and signatures.

brute force attack

is a method of defeating a cryptographic scheme by systematically trying a large number of possibilities; for example, a large number of the possible keys in a key space in order to decrypt a message.

chainmail

are those that, in the body or subject of the message, asks the recipient to forward the e-mail on to multiple people. Many consider chain e-mail to be a type of spam.

common key cryptography

a cryptography scheme wherein the same key is used for encryption and decryption.

content filtering

is the technique whereby content is blocked or allowed based on analysis of its content, rather than its source or other criteria. It is most widely used on the internet to filter email and web access.

cookie

is a small string of text stored on a user's computer by a web browser. A cookie consists of one or more name-value pairs containing bits of information such as user preferences, shopping cart contents, the identifier for a server-based session, or other data used by websites.

cracker

A person who breaks into a computer system without authorization, whose purpose is to do damage (destroy files, steal credit card numbers, plant viruses, etc.). Because a cracker uses low-level hacker skills to do cracking, the terms "cracker" and "hacker" have become synonymous with the latter becoming the most widely used term.

Cross Site Scripting (XSS or CSS)

is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.

cyber terrorism

is the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.

Data Encryption Standard (DES)

is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries.

Demilitarized Zone (DMZ)

Part of an organization's computer network that is accessible to general public over the internet. DMZ is almost always separated from the rest of the network by a firewall, and may even be housed on a service provider's servers as an extra security measure.

Denial of Service (DoS) attack

attempt to make a computer resource unavailable to its intended users.

dictionary attack

is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password.

digital watermarking

is the process of embedding copyright information such as author/owner/usage restrictions into the original file, be it a Beatles song or an original photograph.

Distributed Denial of Service (DDoS) attack

occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.

electronic signature

is any legally recognised electronic means that indicates that a person adopts the contents of an electronic message.

digital signature

A set of alphabetic or numeric characters used to authenticate a cryptographic message by ensuring that the sender cannot later disavow the message, the receiver cannot forge the message or signature, and the receiver can prove to others that the contents of the message are genuine and originated with the sender.

face authentication

involves a one to one check that compares an input image (also called a query image, probe image or simply probe) with only the image (or class) that the user claims to be.

falsification

the act of producing something that lacks authenticity with the intent to commit fraud or deception.

tampering

the gathering and modification of computer program and/or data without the knowledge of the computer's owner.

fingerprint authentication

refers to the automated method of verifying a match between two human fingerprints.

firewall

is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications.

hacker

is a person who breaks into computers.

honey pot

An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system.

Hypertext Transfer Protocol Security (https)

is a combination of the Hypertext Transfer Protocol and a cryptographic protocol.

Information Security Management System (ISMS)

a set of policies concerned with information security management.

Intrusion Detection System (IDS)

is a defense system, which detects hostile activities in a network.

IP spoofing

refers to the creation of IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system.

IPsec

a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream.

iris recognition

is a method of biometric authentication that uses pattern-recognition techniques based on high-resolution images of the irides of an individual's eyes.

Kerberos

is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

macro virus

is a virus that is written in a macro language: that is to say, a language built into a software application such as a word processor.

mail bomb

is the sending of a massive amount of e-mail to a specific person or system.

message digest

The representation of text in the form of a single string of digits, created using a formula called a one-way hash function.

Network Address Translation (NAT)

is the process of modifying network address information in datagram packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another.

One Time Password (OTP)

is to make it more difficult to gain unauthorized access to restricted resources, like a computer account.

one-time password

By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced.

packet filtering

the checking of every packet against a set of rules, if it doesn't pass the rule, the packet will be filtered.

packet sniffing

Inspecting packets being transmitted in a network.

password cracking

is the process of recovering passwords from data that has been stored in or transmitted by a computer system.

penetration test

is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker.

personal firewall

is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy.

Personal Identification Number (PIN)

is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system.

phishing

is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

plain text

is a term used for an ordinary "unformatted" sequential file readable as textual material without much processing.

port scan

is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides.

Pretty Good Privacy (PGP)

is a computer program that provides cryptographic privacy and authentication.

private key

or secret key is an encryption/decryption key known only to the party or parties that exchange secret messages.

secret key

or private key is an encryption/decryption key known only to the party or parties that exchange secret messages.

proxy

it is a computer system or router that breaks the connection between sender and receiver. Functioning as a relay between client and server, proxy servers help prevent an attacker from invading a private network and are one of several tools used to build a firewall.

public key

is a value provided by some designated authority as an encryption key that, combined with a private key derived from the public key, can be used to effectively encrypt messages and digital signatures.

public key cryptography

is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms.

Public Key Infrastructure (PKI)

is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates.

R. Rivest, A. Shamir, L. Adelman (RSA)

is an algorithm for public-key cryptography.

salami technique

is the illegal practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions.

sanitizing

is the process of deliberately, permanently, irreversibly removing or destroying the data stored on a memory device.

secret key cryptography

is sometimes referred to as symmetric cryptography. It is the more traditional form of cryptography, in which a single key can be used to encrypt and decrypt a message.

Secure Electronic Transaction (SET)

was a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet.

Secure MIME (S/MIME)

is a standard for public key encryption and signing of e-mail encapsulated in MIME.

Secure Shell (SSH)

is a network protocol that allows data to be exchanged using a secure channel between two networked devices.

Secure Sockets Layer (SSL)

is a commonly-used protocol for managing the security of a message transmission on the Internet

security hole

Shortcoming of a computer program (software code) that allows unauthorized users (hackers) to gain access to a system or network, and to interfere with its operations and data.

shoulder hack

someone who steals information from the back

Single Sign-On (SSO)

is a property of access control of multiple, related, but independent software systems

skimming

refers to taking cash "off the top" of the daily receipts of a business (or from any cash transaction involving a third interested party) and officially reporting a lower total

social engineering

is the act of manipulating people into performing actions or divulging confidential information

spam

is the abuse of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately

spoofing

is the creation of TCP/IP packets using somebody else's IP address

spyware

is computer software that is installed surreptitiously on a personal computer to collect information about a user, their computer or browsing habits without the user's informed consent

SQL injection

is a code injection technique that exploits a security vulnerability occurring in the database layer of an application

Trojan horse

also known as trojan, in the context of computing and software, describes a class of computer threats (malware) that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine, giving them the ability to save their files on the user's computer or even watch the user's screen and control the computer

Unsolicited Bulk E-mail (UBE)

Synonymous to spam

vein authentication

the use of patterns in veins inside fingers, etc. for identification purposes

Virtual Private Network (VPN)

is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger networks (such as the Internet), as opposed to running across a single private network

voice verification

based upon the distinctive characteristics derived from spoken phrases to identify one individual from another

vulnerability

is applied to a weakness in a system which allows an attacker to violate the integrity of that system

web bug

is an object that is embedded in a web page or e-mail and is usually invisible to the user but allows checking that a user has viewed the page or e-mail

Wired Equivalent Privacy (WEP)

is a deprecated algorithm to secure IEEE 802.11 wireless networks

worm

is a self-replicating computer program

Firewire

the Apple brand name of IEEE 1394, which is a serial bus interface standard for high-speed communications and isochronous real-time data transfer, frequently used by personal computers, as well as in digital audio, digital video, automotive, and aeronautics applications.

Web beacon

another name for Web bug, is an object that is embedded in a web page or e-mail and is usually invisible to the user but allows checking that a user has viewed the page or e-mail. One common use is in e-mail tracking.

Logic bomb

is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.

Virtual machine (VM)

a software implementation of a machine (computer) that executes programs like a real machine.

DNS poisoning

This is an attack where DNS information is falsified. This attack can succeed under the right conditions, but may not be real practical as an attack form.

Teardrop

a DoS attack where a normal packet is sent. A second packet is sent which has a fragmentation offset claiming to be inside the first fragment.

Fragmentation offset

A second packet is sent which has a fragmentation offset claiming to be inside the first fragment.

Smurf

A DoS attack where a ping request is sent to a broadcast network address with the sending address spoofed so many ping replies will come back to the victim and overload the ability of the victim to process the replies.

Man-in-the-middle attack

Occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently.

Eavesdropping

When an attacker is eavesdropping on your communications, it is referred to as sniffing or snooping.

Backdoor

A design fault, planned or accidental, that allows the apparent strength of the design to be easily avoided by those who know the trick.

Certificate

An electronic document attached to someone's public key by a trusted third party, which attests that the public key belongs to a legitimate owner and has not been compromised.

Certificate authority (CA)

A trusted third party (TTP) who verifies the identity of a person or entity, then issues digital certificates vouching that various attributes (e. g., name, a given public key) have a valid association with that entity.

Time stamping

Recording the time when an event happens (typically in a log) or when a piece of information is created or modified.

WEP (Wired Equivalent Privacy)

The security aspects of 802.11b, a standard that enables wireless devices such as PDAs and laptop computers to access a network via radio frequencies instead of physical wiring.

Jabber

A faulty device (usually a NIC) continuously transmits corrupted or meaningless data onto a network.

QR code

Quick response code, a matrix code (or 2-dimensional bar code) created by Japanese corporation Denso-Wave in 1994.

Pharming

A scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent.