Terminology
- Access Rights – The set of permissions that are granted to a user account, to read, write and erase files, and to use specific functions within a system, application, network or hardware device . Access rights can be tied to a particular client or server, to folders within that machine or to specific programs and data files.
- ACH – Automatic Clearing House – an electronic network in the United States for financial transactions such as direct deposits, payroll and vendor payments.
- APT – Advanced persistent Threat (APT) refers to prolonged, stealthy attacks that are generally difficult to detect and may go on for a long time before they are discovered. An APT is a threat that is targeted, persistent, evasive and advanced. A key difference between most malware and an APT is the APT’s ability to persist – that is, to evade detection by network security controls while still collecting and extracting data. The objectives of APT typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of stealing confidential information without being noticed, extorting money, and undermining or impeding critical aspects of a program or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.
- Adware – any software which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive that can be used by cyber criminals to steal confidential information.
- Attack surface – The “attack surface” of a software environment is all the points (the “attack vectors”) where an attacker can try to penetrate the network. An organization’s “phishing attack surface” is all the email addresses of that domain that can be found by hackers.
- Attack vector – An “attack vector” in simple terms is any way, direction or method to get into a network. Some examples of attack vectors can be un-patched software, badly written code that allows for buffer overflows, or social engineering using infected phishing attachments.
- Authentication – A process that provides proof that the person or application that is trying to log on is in fact valid and authorized to access the network.
- Backdoor – A backdoor in a digital device is a method of bypassing normal authentication, obtaining remote access to the digital device, while attempting to remain undetected. The backdoor may take the form of an installed program, or malware that modifies existing software on the digital device, creating a backdoor that way.
- Banker Trojan – Banker Trojans, designed to steal financial information entered into browser-based online forms are the cybercriminals’ answer to the crackdown on keylogging. In addition to snatching form input, Banker Trojans are also designed to trick users into visiting web sites designed to look authentic. Once there, users are prompted for personal information causing identity theft.
- Bitcoin – A decentralized, virtual digital currency that provides high degree of anonymity. This made it the currency of choice for cyber criminals.
- Black list – A list of known bad files, bad domains or bad email addresses you do not want mail from. The first two are blocked by firewalls or antivirus software when the user tries to access them. Bad email addresses (senders) can be blocked in a variety of ways.
- Bogus Redirection – A process that captures traffic addressed to a legitimate website and sends (redirects) it to a different website instead. Some malware does automatic redirection to fool users into thinking they’re interacting with a valid and legitimate site rather than a malicious one.
- Boot Virus – A virus that infects the Master Boot Record (MBR) of a hard disk drive.
- Bot – A computer program designed to perform specific tasks.
- Botnet – Shortened version of robotic network. It is a collection of infected computers that are remotely controlled by a hacker. Once a computer is infected with a bot, the hacker can control the computer remotely via the internet. From then on, the computer is a “zombie,” doing the bidding of the hacker, although the user is completely unaware of it. Collectively, such computers are called a botnet. The hacker can share or sell access to control the botnet, allowing others to use it for malicious purposes. While botnets are often named after the malicious software they are part of, there are typically multiple botnets in operation using the same malicious software families, but operated by different criminal entities. Botnets do many bad things, like spew out spam, attack other PCs or web servers, or send back confidential data to the botnet command-and-control (C&C) servers. They are managed by a “Bot Herder”
- Brute force attack – A Brute Force Attack is a relatively simple, automated method to gain access to a system. The brute force software tries usernames and passwords, over and over again, until it gets in. It’s not very sophisticated, but when users have passwords like ‘123456’ and usernames like ‘admin’, it’s very effective. They are an attack on the weakest link in IT security: the user. It is an attack in which hackers try a large number of possible password combinations to gain unauthorized access to a system, network or file.
- Buffer overflow – It occurs when a program stores excess data by overwriting other parts of the computer’s memory, causing errors or crashes. Also called “buffer overrun”. Simplified, it’s a case of sloppy coding which allows an attacker to write data to a memory buffer, overruns that buffer’s boundary, and overwrites the memory next to it with executable code that they can then use to hack into the system.
- BYOD – Bring Your Own Device. It indicates that employees and other authorized people are allowed to bring their own digital devices such as phones and tablets and use them for work purposes. Mobile devices are a great way for hackers to penetrate the network using social engineering techniques. Mobile device security has not kept up with mobile device malware and if hackers can infect a mobile device, it’s an easy way to hack into the network.
- C3 – The FBI’s Internet Crime Complaint Center – www.ic3.gov.
- CEO Fraud – Spear phishing attacks focusing on people in Accounting, claiming they are the CEO and to urgently transfer large amounts of money. A form of social engineering that took flight during 2015.
- CIA – No, not the Langley guys. Information Security term meaning Confidentiality, Integrity, and Availability. It is a model designed to guide policies for information security within an organization. Confidentiality is a set of rules that limits access to information. Integrity is the assurance that the information is relevant, accurate and trustworthy. Availability is a guarantee of ready access to the information by authorized people.
- CSO – Chief Security Officer.
- Ciphertext – Data that has been encrypted and cannot be read by a human, as opposed to cleartext.
- Cleartext – Data that has not been encrypted and can be read by a human, as opposed to cyphertext. Sending credit card data over the Internet in cleartext is an invitation to disaster. Storing confidential information on hard disk without encrypting it is making a hacker’s life easy.
- Clickbait – An eye catching link or controversial story on a website which encourages people to read on. Can also be used to get users to click on links to malware.
- Cloud computing – A computing model where a company does not have its own servers, but rents server space in large datacenters. The name ‘cloud computing’ was inspired by the cloud symbol that is often used to represent the Internet in flow charts and diagrams. It means using applications that live on the Internet instead of on your PC or your corporate server. The advantage is that someone else takes care of the hardware and software.
- Code Signing Certificate – When a software company releases a software product they should sign the application with a code signing certificate that identifies the application as created by them and that the application has not been modified by anyone else. Antivirus companies use this for whitelisting of good applications by the company that signed the application, for example DELL, Microsoft, Apple, IBM, Google, etc. They also use this for blacklisting all applications from certain companies that are known to create unsafe software.
- Compliance – Having an IT environment that is up to the standards of the regulations of the industry one is in. Many industries are regulated by one law or another and need to comply with that law. For instance HIPAA for Health Care organizations, Sarbanes-Oxley for public companies and many others. It is also applicable to PCI compliance for credit card transactions which are rules laid down by the Payment Card Industry Data Security Standard (PCI DSS).
- Conficker – Also known as Downup, Downadup and Kido, is a computer worm targeting the Windows operating system, and was first detected in November 2008. It uses flaws in Windows software to make PCs into zombies and link them into a botnet that can be commanded remotely by its criminal owners. Conficker at its peak had more than seven million computers under its control. The worm uses a combination of advanced malware techniques which has made it difficult to counter, and has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer.
- Cookie – In its basic form, a short line of text that a web site puts on a computer’s hard drive when it accesses that web site. It is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember important information such as items added in the shopping cart, or to record the user’s browsing activity and history. They can also be used to remember information that the user previously entered into form fields such as names & addresses.
- Crimeware – Malware intended to steal money from an individual or a financial institution.
- Cryptography – Constructing and analyzing protocols that prevent third parties or the public from reading private and confidential messages. It uses ciphers, which is an algorithm for performing encryption or decryption.
- Cybercrime – The term Cyber or Computer crime encompass a broad range of potentially illegal activities, such as Ransomware, Malware and Denial-of-Service attacks, via Botnets, Advanced persistent Threats & Spear Phishing scams, resulting in identity theft, wire transfers & data breaches.
- Cyberheist – Organized crime penetrating the network of an organization and emptying their bank accounts via the Internet.
- DoS – A type of cyber-attack that denies legitimate users access to a server or services by consuming sufficient system resources or network bandwidth, or by rendering a service unavailable.
- DDoS – Distributed Denial of Service attack. An attempt to make a computer resources unavailable to its intended users. Done in various ways, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all. It is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resources, and causes a denial of service for users of the targeted resource.
- DHCP – Dynamic Host Control Protocol. It’s a standardized protocol that dynamically provides IP address assignment from a pool of available IP addresses from an ISP or a network router. A “DHCP lease” is the lease of an IP address to a network user. DHCP is part of the Internet’s TCP/IP protocol suite.
- DLP – Data Loss Prevention is a computer security term referring to systems that identify, monitor, and protect corporate data. The systems are designed to detect and prevent the unauthorized use and transmission of confidential information.
- DMZ – Demilitarized Zone. A separate computer host or even a small network placed as a “neutral zone” between an organization’s secure private network and the outside insecure Internet. The DMZ does two things: 1) prevents outside users from getting direct access to a system which has confidential information, and 2) provides Internet access to users in that organization.
- DPI – Deep Packet Inspection. A form of computer network packet filtering. DPI is performed as the packet passes an inspection point, searching for non-compliance, viruses, spam, intrusions or predefined criteria to decide what actions to take on the packet, including collecting statistical information. This is in contrast to shallow packet inspection (usually called Stateful Packet Inspection) which just checks the header portion of a packet.
- Data Breach – A data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill.
- Data Leakage – The unauthorized transfer of classified information from a computer or datacenter to the outside world. Data leakage can be accomplished by simply mentally remembering what was seen, by physical removal of tapes, disks and reports, or when sensitive data is flowing between an organizations’ critical systems of records such as ERP, CRM or HR. While safeguards can be assumed to be in place in the “system of record”, data leakage can occur when data is cascaded to complimentary systems unless the same level of data protection is enforced.
- Decryption – The process of changing (encrypted) ciphertext back into cleartext.
- Defense-in-Depth – The use of multiple layers of security controls are placed throughout the Information Technology infrastructure to help reduce the chance of a successful cyber-attack. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical security for the duration of the system’s life cycle.
- Dictionary Attack – An automated attack on a password that uses common words from dictionaries and compares these to the password being attacked. If you use a common word from a dictionary as your (very weak) password it’s an invitation to be hacked.
- Digital Certificate – A digital stamp or electronic document that verifies the identity of a person or organization. The certificate includes a very secure password issued by a reputable certificate authority.
- Disinfection – Cleaning up a PC that is infected with malware. Disinfection can be done automatically by Antivirus, but sometimes needs to be done manually by the Security Response Team.
- Domain Name Servers (DNS) – The Internet’s equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses.
- Drive-by-download, also called Drive-by-install – It is a transfer of malicious software from a web server to an unsuspecting user’s computer. It occurs in the background, with no notification, when a user visits a particular web page. A user needs only access the web page to be subject to the download.
- Dumpster diving – Involves looking in the trash for any valuable information, like data written on pieces of paper or computer printouts. The hacker can often find passwords, filenames, or other pieces of confidential information.
- EFT – Electronic Funds Transfer.
- EULA – End-User License Agreement. A software license agreement is a contract between the “licensor” and purchaser of the right to use computer software. The license may define ways under which the copy can be used, in addition to the automatic rights of the buyer. Many EULAs are only presented to a user as a click-through where the user must “accept” and is then allowed to install the software.
- Email Antivirus Scanning – Scanning enterprise email for antivirus can be done in four different spots: 1. At an email hosting company, where enterprise email is outsourced. 2. At the perimeter by a dedicated gateway product. 3. On the Exchange or Linux mailserver itself – Antivirus Email Security products do this and scan the Exchange Store for malware. 4. On the workstation, where Antivirus Enterprise Agents can scan incoming email for malware.
- Encryption – Encoding documents or messages so if they are intercepted by an unauthorized party, they can’t be read unless the encoding mechanism is deciphered. Encryption Algorithm is the mathematical formula or method used to scramble information before it is transmitted over unsecured media.
- Endpoint – An electronic device in an organization’s network such as a computer, laptop, tablet and smartphone.
- Exchange – Short for ‘Microsoft Exchange Server’ which handles corporate email, contacts and calendars.
- Exfiltrate – The unauthorized transfer of data from a computer to another device. Data exfiltration is sometimes referred to as data extrusion or data theft. It can be conducted manually by an individual with physical access to a computer or network, or performed by a cyber criminal over the Internet or a network.
- Exploit, sometimes called zero-day exploit – Taking advantage of a weakness in a computer system or a program to carry out some form of malicious intent, such as denial-of-service, demand ransomware or theft of data. The weakness in the system can be a bug, weak passwords, a glitch or simply a design vulnerability .
- Exploit Kit (EK) – A software kit designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it, and discovering and exploiting vulnerabilities to upload and execute malicious code on the client (such as a computer, laptop or tablet). EKs are used in the first stages of a cyber-attack because they have the ability to download malicious files and feed the attacked client with malicious code after infiltrating it.
- False Positive – In the antivirus world this means a file is flagged as malicious (and possibly quarantined) when it isn’t. This can cause the computer to malfunction. In the antispam world a False Positive means that a legitimate email was flagged as spam and quarantined.
- Firewall – A device or software product that can block attacks by filtering data packets. It is designed to block unauthorized access while permitting authorized communications. Either hardware or software, it is configured to permit or deny all (in and out) computer traffic based upon a set of rules and other criteria (called firewall policy). Usually deployed at the perimeter of each network and on some devices.
- GLBA – The Gramm-Leach-Bliley Act (GLBA, pronounced “glibba”), also known as the Financial Modernization Act of 1999, is a U.S. federal law that requires banks and financial institutions to protect private information of individuals, to safeguard sensitive data, and to explain their information-sharing practices to their customers .
- Gateway – Device or software that is between the internal network and the external network, a location that is a key target for cyber-attacks and therefore network level defenses.
- Governance – Methods used by executives to keep their organizations on track with management goals, which are usually achieved by establishing procedures, controls and policies that match the organization’s mission statement & strategy.
- HIPAA – The Health Insurance Portability and Accountability Act, was enacted by the United States Congress in 1996. It requires healthcare organizations to protect personal health information (PHI). It has five Titles that describe laws for medical insurance, taxes, health insurance reforms and life insurance. Title II directs the U.S. Department of Health and Human Services (HHS) to establish national standards for processing electronic healthcare transactions. It also requires healthcare organizations to implement secure electronic access to health data and to remain in compliance with privacy regulations set by HHS – www.hhs.gov/hipaa.
- HIPS – Host Intrusion Prevention System. Intrusion prevention systems (IPS) are a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities.
- Hacker – Anyone who breaks into or tries to break into networks and/or devices. Depending on the person’s intent, it can be a white hat (ethical) or black hat (unethical) hacker.
- Heuristics – From the Greek for “find” or “discover”. They are experience-based techniques that help in problem solving. Heuristics are “rules of thumb”, or educated guesses. Antivirus uses heuristics to determine if a code sample is malware. Most antivirus programs that utilize heuristic analysis perform this function by executing the programming commands of a questionable program or script within a specialized virtual machine, thereby allowing the anti-virus program to internally simulate what would happen if the suspicious file were to be executed while keeping the suspicious code isolated from the real-world machine. It then analyzes the commands as they are performed, monitoring for common viral activities such as replication, file overwrites, and attempts to hide the existence of the suspicious file. If one or more virus-like actions are detected, the suspicious file is flagged as a potential virus, and the user is alerted.
- Hijacker, also called ‘Homepage hijacking’ – Spyware that changes the default homepage in a browser to a site that displays ads, a different search engine, or a specific web page. They are very hard to get rid of for the average consumer.
- Honeydoc – A file on a PC or server that sits equipped with a beacon, waiting to be stolen and then calls home to tell its owner where it is and who stole it.
- Honeypot – A computer security mechanism set to detect, deflect or counteract attempts at unauthorized use of information systems. Designed to trap would-be attackers, it looks like a real part of the attack surface, but contains nothing of real value.
- Hotfix – A new version of a software application that fixes a bug or adds a new feature.
- Hypertext Transfer Protocol (HTTP) – The foundation of data communication and the standard method for sending information such as files, images and other data over the web. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTPS or SHTTP is the secure version of this protocol and is used when the connection needs to be secured.
- ICSA Labs – ICSA Labs provides vendor-neutral testing and certification for security products and solutions – www.icsalabs.com.
- IDAM – Identity and Access Management. It is processes and technologies used to manage, monitor, confirm and control access to systems and networks. It ensures that each person and computer services is who they claim to be, and it details their individual permissions.
- IP address – Abbreviation of Internet Protocol address. It is an identifier assigned to each computer and other devices such as routers, mobile devices & printers that are connected to a TCP/IP network. It is used to locate and identify the node in communications with other nodes on the network. Users can find their IP address by accessing www.whatismyipaddress.com on their browser
- ISO 27001 – The ISO/IEC 27000 family of standards helps organizations keep information assets secure. Using this family of standards help organizations manage the security of assets such as financial information, intellectual property, employee details and other confidential information. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure.
- ISP – Internet Service Provider.
- Identity Theft – Taking someone else’s Social Security Number, Address and other important personal information to establish false credentials and commit fraud. A good example is the creation of fraudulent credit card accounts, racking up charges which are then left unpaid, leaving the identity theft victim with the credit card debt and a ruined credit rating.
- Incident Response (IR) – A prepared and tested set of processes that are triggered in case of a Cybersecurity event when the security of a system or network has been compromised. It is the responsibility of the security team to respond to the problem quickly and effectively. An example would be a security team’s actions against a hacker who has penetrated a firewall and is currently trying to extract confidential information. The incident is the breach of security. The response depends upon how the security team reacts, what they do to minimize damages, and when they restore resources, all while attempting to guarantee data integrity.
- Information Security – The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
- Injection – A type of cyber attack that sends unauthorized command, instruction or other data into a software program through a route or process that should be blocked.
- Intrusion Detection System (IDS) – A network security device (or software) that monitors network and/or system activities for malicious or unwanted behavior.
- Intrusion Prevention System (IPS) – A preemptive approach to network security used to identify potential threats and respond to them swiftly. It is computer programs that monitor and inspect electronic communications that pass through them and block unwanted traffic base on rules and instructions.
- Java – A fully developed programming language which can be used to create standalone applications. Java Applet is a separate program that you see inside a browser adding special functionality to a website (HTML page). JavaScript is a programming language specifically created to add features to HTML pages. Note that JavaScript is different from Java.
- Kernel Level – The foundation and core of the Operating System is called the Kernel. It provides basic, low-level services like hardware-software interaction and memory management, and it handles peripherals like keyboards, monitors, printers, and speakers. It has complete control over everything in the system and is the first program loaded on start-up. It handles the rest of start-up as well as input/output requests from software, translating them into data-processing instructions for the central processing unit (CPU).
- Keylogging – a form of malicious software that is used to record keyboard entries on a digital device.
- Kill Chain – A cyber defense model that uses the structure of an attack as a model for creating a cyber defense strategy. Actively defending across the cyber kill chain may enable a company to detect an attack sooner and potentially disrupt or block it before the real damage occurs. The model identifies what the adversaries must complete in order to achieve their objective. Stopping adversaries at any stage breaks the chain of attack.
- LDAP – Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard protocol to access and maintain directory information services like Windows Server Active Directory. If you want to have your own software communicate with Active Directory, you use the so called “Lightweight Directory Access Protocol”.
- Linux – A popular open-source Unix operating system variant. It comes in many flavors.
- Logic Bomb – A malicious computer program (or part of a program) that is asleep until it gets woken up by a specific logical event. Examples are pieces of software code hidden in a power plant that can disable the plant at a certain time. Or a sleeper ransomware strain that infected workstations but only woke up at a certain time.
- MBR – Master Boot Record. Specifically designated area on a hard disk drive where the instructions sit for the PC to start up and describes how the drive is set up. It is the information in the first sector of any hard disk or diskette that identifies how and where an operating system is located so that it can be boot (loaded) into the computer’s main storage or random access memory. The Master Boot Record is also sometimes called the “partition sector” or the “master partition table” because it includes a table that locates each partition that the hard disk has been formatted into.
- MTBF – Short for Mean Time Between Failures, the average time a device will function before failing. MTBF ratings are measured in hours and indicate the sturdiness of hard disk drives and printers. Typical disk drives for personal computers have MTBF ratings of about 500,000 hours. This means that of all the drives tested, one failure occurred every 500,000 hours of testing.
- Macro – A list of (usually text-based) commands and/or instructions that are grouped together and can be run as a single command.
- Macro Virus – A virus that was written in a scripting language like JavaScript.
- Malware – Malware is a shorter version of the term “Malicious Software”. It is an umbrella term used to refer to a wide range of viruses, worms, Trojans and other programs that a hacker can use to damage, steal from, or take control of endpoints and servers. Most malware is installed without the infected person ever realizing it.
- Malvertising – malicious advertising that contains active scripts designed to download malware or force unwanted content onto a user’s computer. Exploits in Adobe PDF and Flash are the most common methods used in malvertisements. It involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and web pages.
- Managed Service – A Service Provider (MSP) that maintains all the computers and networks for a company, often via the Internet.
- Man-in-the-middle attack – An attack in which data sent and received between two parties in an ongoing connection is intercepted. The attacker can record, read, or even alter the contents of that traffic.
- Media Drop – Technique used by hackers who load malware on a USB drive, CD/DVD, or other readable form of media, and then leave the infected media where it can easily be found. In some cases, thieves actually give the media away at public venues or trade shows. Once the victim loads the drive or disk, the malware does its work and will allow the hacker to do a number of things, including take remote control of the victim’s computer.
- Metadata – Data that describes and provides information about other data. Example: records of what cell phone number calls what other number and at what time. Or the author, date created and date modified are examples of basic document metadata.
- Metamorphic Virus – Malware that is able to shape-shift to avoid being detected by antivirus products
- Milware – Malicious software (aka warware) created by the military and/or an intelligence agency to cause damage to an adversary’s infrastructure. Milware is stealthy to the extreme and often is not get detected for years.
- Money Mules – A person recruited by a criminal or criminal organization to quickly receive and turn around funds involved in scams. The scams are often related to ACH, credit cards, or similar online transactions. The money mule is often unaware of his or her actual role. Mules recruited online are typically used to transfer the proceeds from online fraud, such as phishing scams, malware scams or scams that operate around auction sites such as eBay. After money or merchandise has been stolen, the criminal employs a mule to transfer the money or goods, hiding the criminal’s true identity and location from the victim of the crime and the authorities. By using instant payment mechanisms such as Western Union, the mule allows the thief to transform a reversible and traceable transaction into an irreversible and untraceable one.
- Multi-factor authentication – A method of validating the identity of a user by using two or more security mechanisms. For example, a valid user name and password combination along with a fingerprint scan, or a code sent to a smartphone, are both forms of multi-factor authentication. Modern cybercrime has developed malware to evade some forms of multi-factor authentication.
- NAT – Network Address Translation. A security technology that hides all IP addresses in a network so attackers cannot get to specific machines.
- NAS – Network Attached Storage. A network hardware technology that uses a stand-alone storage device that is dedicated to centralized disk storage.
- NAC – Network Access Control. A piece of technology that controls access to a network.
- NAP – Network Access Protection is a Microsoft technology for controlling network access of a computer host based on the system health of that computer. With NAP, system admins can define policies for system health requirements. I.e. are the most recent operating system updates installed? Are the anti-virus software definitions updated? Does the computer have a firewall installed and enabled? Computers not in compliance with system health requirements have restricted or no access to the network.
- NIPS – Network Intrusion Prevention System. It is a network security device that monitors network traffic and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities.
- NIST – The U.S. National Institute of Standards and Technology has many security related publications – www.nist.gov.
- OEM – Original Equipment Manufacturer. An OEM manufactures products or components which are purchased by another company and sold under the purchasing company’s brand name.
- ON-ACCESS Scanning – Malware scans that are monitoring the system in real-time for any changes and will prevent immediate infection.
- ON-DEMAND Scanning, also called ‘drive scan’ – Malware scans that are set to run on a scheduled basis, like 3:00 AM every night.
- Open Web Application Security Project (OWASP) – an online community that creates free public resource to help improve security of software, including maintaining lists of major vulnerabilities – www.owasp.org.
- ORGANIZATIONAL UNIT (OU) – A subdivision within an Windows Server Active Directory into which you can place users, groups, computers, and other organizational units. You can create organizational units to mirror your organization’s functional or business structure.
- Packet – A Network Packet is a formatted unit of data carried by a network. A packet consists of control information and user data, which is also known as the payload. Control information provides data for delivering the payload, for example: source and destination network addresses & error detection codes. Typically, control information is found in packet headers and trailers.
- PCI – Payment Card Industry.
- PCI Security Standards Council – Organization that publishes standards (rules) on how to securely handle credit card processing – www.pcisecuritystandards.org.
- PCI-DSS – The PCI Data Security Standard – a document published by the Payment Card Industry. It lists all the requirements for securely handling credit cards and credit card information. Organizations that accept credit cards need to be PCI compliant. This includes Security Awareness Training and many other requirements.
- PHI – Protected Health Information. PHI is all recorded information about an identifiable individual that relates to that person’s health, health care history, provision of health care to an individual, or payment to health care providers. The U.S. Health Insurance Portability and Accountability Act (HIPAA) governs the protection of Private Health Information – www.hhs.gov/hipaa.
- PII – Personally Identifiable Information is any data that could potentially identify a specific individual, such as first and last name, social security number, date and place of birth and mother’s maiden name.
- Patch – A patch is a piece of software designed to update a computer program or its supporting data, to repair or improve it. Patching against new security vulnerabilities is critical in order to protect against malware. Many high-profile threats take advantage of security vulnerabilities in software. It is recommended to patch all software as soon possible in order not to risk leaving systems open to hackers.
- Payload – Malware often comes in different parts. That is where the term ‘blended malware’ originates. An example is an email claiming to be from the ‘Better Business Bureau’ having a complaint for you about your company. Attached is a PDF. The PDF is the payload and has malware in it, or downloads malware from a compromised server somewhere.
- Perimeter (security) – Perimeter security refers to routers, firewalls, and intrusion detection systems implemented to tightly control access to networks from outside sources.
- Phishing – Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering. Typically, you receive an email that appears to come from a reputable organization, such as a bank or a bog company. The email includes what appears to be a link to the organization’s website. However, if you follow the link, you are connected to a replica of the website that is controlled by the hacker. Any details you enter, such as account numbers, SSNs, PINs or passwords, can be stolen and used by the hackers who created the bogus web site.
- Phishing Attack Surface – Some of the email addresses of employees at certain organizations are exposed on the Internet and are easy for cybercriminals to find. With these addresses, along with information found on web sites such as LinkedIn & Facebook, they can launch spear phishing attacks on the organization. IT Security specialists call it the ‘phishing attack surface‘. The more email addresses that are exposed, the bigger the attack footprint is, and the higher the risk.
- Point Release – A minor software release that increments with a decimal point. I.e. from V3.0 to V3.1.
- Pretexting – Social Engineering act of creating an invented scenario in order to persuade a targeted victim to release information or perform some action. Pretexting can also be used to impersonate people in certain jobs and roles, such as technical support or law enforcement, to obtain information. Pretexting often involves a scam where the liar pretends to need information in order to confirm the identity of the person he is talking to.
- Policy – A set of rules that specify what requirements must be met. A security policy is a written document that states how an organization plans to protect its physical assets and information.
- Privacy Policy – A privacy policy is a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer’s data.
- Polymorphic virus – Malware that shape-shifts to avoid detection and also encrypts its own content differently all the time.
- POP – Post Office Protocol is the email protocol that handles incoming email. POP works by contacting the email service and downloading all of the new messages from it. Once they are downloaded onto the user’s computer, they are deleted from the email service.
- Popup – Small web browser Window that literally pops up over the browser window. It can be blocked in the Browser Settings.
- Principle of least privilege – Giving users the least amount of access required for them to complete their jobs. Also referred to as separation of duties.
- Privilege escalation – A privilege escalation cyber-attack is a type of network intrusion that takes advantage of programming errors, design flaws or configuration oversight, to grant the attacker elevated access to the network and its associated data and applications that are normally protected from an application or user.
- Proxy server – A proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. Mostly used in the context of using a proxy server to connect to the Internet.
- PROM – Programmable Read Only Memory. A computer chip with content that can be re-written from the outside.
- Protocol – A set of standards to get a specific function done. In telecommunications, a communication protocol is a system of rules that allow two or more entities of a communications system to transmit information. These are the rules or standards that defines the syntax, semantics and synchronization of communication and possible error recovery methods. Protocols may be implemented by hardware, software, or a combination of both. Example: TCP/IP.
- Pwned – In hacker jargon, ‘pwn’ means to compromise or control another computer, server, web site, gateway device or application software. It’s ‘own’ with a typo in it. It is synonymous with one of the definitions of hacking or cracking. The Pwnie Awards are awarded by a group of security researchers.
- Quality Control (QA) – The operational techniques and procedures used to achieve quality requirements in software. This is typically handled during the development process. It includes monitoring the software engineering processes and methods used to ensure quality. The methods by which this is accomplished are many and varied, and may include ensuring conformance to one or more standards, such as ISO 9000.
- Quarantine – Antivirus, after it detects malware, can move that malware to a protected space on disk where it cannot do any further harm, and from where it can either be deleted or restored in case it was a false positive.
- RBL – Real-time Blackhole Listing. A list of domains that are blocked because they are a source of spam.
- RTM – Released To Manufacturing. The day that the final code is shipped out the door to the factory to be duplicated. RTM versions are typically released to manufacturers before they are released to the general public so that the manufacturers can work out any bugs the software may encounter with hardware devices.
- Rainbow Tables – A password attack that uses a really large set of hashes that were generated from almost every possible password. A hash function is any function that can be used to map data of arbitrary size to data of fixed size.
- Ransomware – It denies access to a device or files until a ransom has been paid, usually with Bitcoins, such as CryptoLocker, CryptoWall, CTB-Locker, TorrentLocker & WannaCry. Many more exist and new ransomware strains are released regularly. Ransomware for PC’s is malware that gets installed on a user’s workstation using a social engineering attack where the user gets tricked into clicking on a link, opening an attachment, or clicking on malvertising. Once the malware is on the machine, it starts to encrypt all the data files it can find on the PC itself and on any network shares the PC has access to. Next, when a user wants to access one of these files they are blocked and the system admin finds two files in the directory that indicate the files are taken ransom, and how to pay the ransom to decrypt the files. There are a number of free ransomware decryptors available, however it’s a constant battle with hackers that are upgrading strains to get past decryption methods.
- Real Time Protection – Automatic protection provided by most antivirus, antispyware, and other antimalware programs, which is arguably their most important feature. It monitors computer systems for suspicious activity such as computer viruses , spyware, adware, and other malicious objects in ‘real-time’ while data is coming into the computer.
- Regression Testing – Rerunning test cases which a program has previously executed correctly in order to detect errors spawned by changes or corrections made during software development and maintenance.
- Remote Console – System Administrators sometimes manage several geographically dispersed sites. In those cases, they need software to be able to manage the remote site as if they were physically present. For that, they use what is called a ‘remote console’. For instance, a remote console allows them to manage a machine or a whole network when they are in New York and the physical network being managed is in Atlanta.
- Resident Virus – Malware that is loaded in random access memory and is able to interrupt an Operating System function and alter it to do damage.
- Rogue security software – A form of computer malware that deceives or misleads users into believing there is a virus on their computer and paying for the fake or simulated removal of malware. It may actually introduces malware to the computer. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing. It is a very popular social engineering tactic and there are literally dozens of these programs.
- Rootkit – A rootkit is software that consists of one or more programs designed to gain privileged access and control of the core (root) of the target device and also obscure the fact that a PC or Server has been compromised. It is often used to conceal computer misuse or data theft. A significant proportion of current malware installs rootkits upon infection to hide that activity. A rootkit can hide keylogging or password sniffers, which capture confidential information and send it to hackers via the internet. It can also allow hackers to use the computer for illicit purposes (e.g., launching a denial-of-service attacks against other computers, or sending out spam email) without the user’s knowledge.
- Router – A hardware device used to connect two or more computers, or other devices, to each other, and usually to the Internet. It is a device used to define the path of data packets (electronic information) to follow when they flow between networks.
- SAQ – ‘Self-Assessment Questionnaire’. A form that merchants which accept credit cards complete to evaluate their compliance with PCI Security Standards Council rules. There are different SAQs, depending on the ways in which the merchant processes transactions and the transaction volume. The SAQ includes a series of yes-or-no questions for each applicable PCI Data Security Standard requirement.
- SCORM – Sharable Content Object Reference Model (SCORM) is a collection of Department of Defense created standards and specifications for web-based e-learning – https://scorm.com.
- SDK – Software Development Kit. A set of development tools that allows a software engineer to create an application. An Antivirus SDK allows someone to create their own antimalware software product, and pay the developer for the use of the SDK.
- SMTP – Simple Mail Transfer Protocol (SMTP) is an Internet standard for e-mail transmission, and is the number one protocol in use today. E-mail servers and other e-mail transfer agents use SMTP to send email.
- Sandbox – In the computer security world, a ‘Sandbox’ means a safe space where malware can be analyzed. You could call it a virtual container in which untrusted programs can be safely run. Sometimes this is a separate computer that is kept off production networks, sometimes this is software that creates a safe space inside a computer. The Sandbox keeps the malware away from all other resources.
- Scareware – Malicious computer programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection. It is scam software, often with limited or no benefit, sold to consumers via unethical marketing practices such as causing shock, anxiety, or the perception of a threat.
- Script Kiddie – A relatively unskilled hacker who downloads and uses “point-and-click” attack software.
- Scrum – A method intended for management of software development projects, it can also be used to run software maintenance teams, or as a general project/program management approach.
- Session hijacking – An attack method that captures the attributes of a website session from one of the parties involved (usually on the client or user end). It then takes over (hijacks) the session from the legitimate user. The attacker keeps the session going and impersonates the user.
- Security Vulnerability – The term vulnerability means a weakness which allows an attacker to penetrate a network. It’s also called ‘attack surface’. A Vulnerability has three elements: A flaw in the network, Attacker access to the flaw and Attacker capability to exploit that flaw. A vulnerability with a known, working, implemented attack is called an exploit. Attackers have a limited window of exploiting the vulnerability: until their access was removed, or a security fix was deployed.
- Sensitive Information – Privileged or proprietary information which, if compromised through alteration, corruption, loss, misuse, or unauthorized disclosure, could cause serious harm to the organization owning it. The words sensitive, confidential, and private all mean essentially the same thing.
- Shoulder surfing – A visual technique of gathering passwords by watching over a person’s shoulder while they log in to the system. With some training, a hacker can observe a user log in and then use that password to gain access to the system.
- Signature-Based Detection – Antivirus detects malware using signatures, heuristics and behavior. The signature-based method is built on proprietary threat information, using multiple sources for the threat definition updates. A virus signature is a string of characters or numbers that makes up the signature that anti-virus programs are designed to detect.
- Smishing – Phishing conducted via Short Message Service (SMS), a telephone-based text messaging service. A smishing text, for example, attempts to entice a victim into revealing personal information.
- Sniffer – Jargon for packet analyzer software that looks at (sniffs) data packets in a network and shows what is inside the packets. Can be used to troubleshoot networks but also to hack into the network.
- Social Engineering – The act of manipulating people into performing actions such as clicking on an attachment or on an Internet link, or divulging confidential information. The term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access. In most cases the attacker never comes face-to-face with the victim.
- Spam Email – Also known as junk email is unsolicited, unwanted Email.
- Spear-Phishing – A focused, targeted attack via email on a particular person or organization that pretends to come from a legitimate source with the goal to penetrate their defenses. The spear-phishing attack is done after research on the target and has a specific personalized component designed to make the target do something against their own interest.
- Spoofing – Tricking or deceiving computer systems or other computer users. This is typically done by hiding one’s identity or faking the identity of another user on the Internet. E-mail spoofing involves sending messages from a bogus e-mail address or faking the e-mail address of another user. Since people are much more likely to read a message from an address they know, hackers will often spoof addresses to trick the recipient into taking action they would not normally take.
- Spyware – A form of malware which covertly sends a computer user’s confidential data back to cyber criminals. Some examples of spyware are Trojans, Adware, malicious toolbars, and many others.
- SQL Injection Attack – SQL injection is a hacker technique that exploits a security vulnerability occurring in the database of an application. The vulnerability is present when user input fields are not checked well. It is an unauthorized command, instruction or data being sent into a software program.
- Secure Shell (SSH) – A cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users. SSH was designed as a replacement for Telnet and for unsecured remote shell protocol.
- SQL Slammer – A 2003 computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. It spread rapidly, infecting most of its 75,000 victims within ten minutes.
- SSL Certificates – Small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. After the secure connection is made, the session key is used to encrypt all transmitted data between the web site and the browser.
- Stuxnet – Milware created by the U.S and Israel with the express goal to destroy Iran’s uranium enrichment facility in Natanz. It escaped and is now used by bad actors to attack sites.
- TCP/IP – Transmission Control Protocol/Internet Protocol. This is the communication protocol that the Internet uses to transport data packets from one computer to another.
- Tabnabbing – Uses browser tabs to impersonate legitimate websites and create fake login pages that trick victims into revealing private information. It works when you have two or more tabs open in a web browser. When a tab is left unattended for several minutes, a tabnabber can redirect the site in the unattended tab to a different, malicious login site. It is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine.
- Tailgating – A method used by social engineers to gain access to a building or other protected area. A tailgater waits for an authorized user to open and pass through a secure entry and then follows right behind.
- TELNET – Telnet was developed in 1969 and one of the first Internet standards. The name stands for “teletype network”. Telnet is a communications protocol for applications that use 2-way interactive text, using what is called a “virtual terminal” connection. Telnet runs on top of the Transmission Control Protocol (TCP).It has been replaced by Secure Shell (SSH).
- Trigger – A condition that causes a virus payload to be executed, usually occurring through user interaction (e.g., opening a file, running a program, clicking on an e-mail file attachment).
- Trojan – A type of malware that appears to perform a desirable function for the user but instead facilitates unauthorized access to the user’s computer system. The term is derived from the Trojan Horse story in Greek mythology. Trojan downloader, also called ‘Trojan dropper’ is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware onto a victim’s computer. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.
- Typo Generator – A software tool to generate a list of typos and common misspellings, for instance for domain names (i.e. www.goofle.com instead of www.google.com). These domain names are then used to create a perfect copy of the original, and users tricked into leaving confidential information. This is only one example of typo generator use, many more are possible, such as for words used in Internet Searches..
- Typosquatting – Purchasing web domains that are a character or two different from a legitimate and well-known social or company website. When a person mistypes the web address, a website appears that looks very much like the intended site. Typosquatting is usually done for fraudulent purposes. Also called URL hijacking. For example: www.faccebook.com, www.goofle.com, www.ebbay.com, etc.
- Unified Endpoint Management (UEM) – An approach to securing and controlling computers, laptops, tablets & smartphones in a connected, cohesive manner from a single console. Unified endpoint management typically relies on the mobile device management (MDM) application program interfaces (APIs) in desktop and mobile operating systems.
- URL shortening – A method of reducing the size and complexity of web URLs, mainly for ease of use. However, URL shortening also disguises a website’s real domain name, and hinders detection of known malicious sites or destinations.
- USB-Stick – A USB memory stick often used for penetration tests, with malware on it that exposes the network to the attacker. Also called Thumb-drive. The drive is left at common areas like a parking lot or the rest room, and usually has a label that make the user want to know more, e.g. “Company Salary Information”.
- Update – A software ‘update’ is usually a patch. A patch is a piece of software designed to fix problems with a computer program or its supporting data. It can include fixing security vulnerabilities and other bugs, and also improving the usability or performance.
- VB100 – This stands for “Virus Bulletin 100% Pass”. It means an Antivirus product catches all the malware that is on the WildList and also has no False Positives – www.virusbulletin.com. Getting awarded the VB100 is important in the industry and shows a product has attained a certain quality level. It does not mean it catches 100% of the viruses – no antivirus product does.
- Virtual Private Network (VPN) – A popular technology that supports reasonably secure, logical, private network links across some unsecure public networks such as the Internet. VPNs are more secure than traditional remote access because they can be encrypted and because they support tunneling (the hiding of numerous types of protocols and sessions within a single host-to-host connection).
- Virus, also called ‘File Infector’, or ‘File Virus’ – A virus is a malicious software program that when executed, replicates itself by modifying other computer programs and inserting its own code. The term “virus” is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. Since 2009, viruses in their traditional form are less than 10% of total malware. A true virus can only spread from one computer to another in some form of executable code when its infected file is taken to the target computer. Viruses can increase their chances of spreading to other computers by infecting files on a network file system.
- Virus Definitions, abbreviated to ‘Defs’, also called ‘Patterns’ or ‘Signatures’ – The database of virus signatures (detections, patterns) that allows an antivirus product to recognize and disinfect viruses. These definitions are created by an AV Lab team and send to PC’s running that Antivirus very regularly. A Virus Definition is a unique string of bits, or the binary pattern, of the machine code of a virus. The term “virus definitions” typically refers to the database of all current virus signature files used by a particular anti-virus software for virus detection.
- Vishing – A phishing attack conducted by telephone, usually targeting voice over IP (VoIP) users, such as Skype users. Vishing is the phone equivalent of a phishing attack. There are two forms of this, human and automated. In the human example a scam artist uses the anonymity of a phone call and pretends to be a representative of their target’s bank or credit card company. They manipulate the victim to enter their PIN, credit card number, or bank routing number and account with the phone keypad. This allows the scammer to get instant access to another person’s bank credentials. It’s also known as rogue “IVR” (Interactive Voice Response) and that is where it gets automated. The bad guys use an IVR system to impersonate a real-sounding financial institution’s IVR system. Using a phishing email, the victim is told to call “the bank” using their toll free number, so that the fake bank can “verify” some information. A normal trick is that the system is configured to throw fake error messages so that the victim will try several passwords to get in. More sophisticated scams even have a live body impersonating customer service in case the victim presses “0” for an operator.
- Vulnerability Assessment / Vulnerability Scan – A scan through the whole network that looks for and reports on known vulnerabilities in endpoints and all other network devices. There are two types of scans: internal and external. Internal is run inside the network by an administrator or by a bad guy that has penetrated the network and looks for more ways to get and stay inside the network. External scans the company from the outside in and looks at the networks, devices, website and software applications.
- Web Filtering – Stand-alone software or an appliance (hardware+software) that blocks access to specific Internet websites. It is used for a few reasons: Block access to malware sites; Block access to inappropriate or damaging sites; Keep users “on task” to increase productivity; Adding another layer of defense second to Antivirus; Reduce network bandwidth; Keeping HR happy.
- Whaling – Phishing attacks that target high-ranking executives at major organizations or other highly visible public figures. Also known as CEO Fraud.
- White List (also abbreviated as WL) – The list of known good files that Antivirus knows do not have to be scanned and should not be quarantined. Can also apply to domain names, which are known to be good and allowed access to. Also, a list of known-good executable files that are allowed to continue to run in an environment that has Application Control enabled.
- WildList – An organization that provides accurate, timely and comprehensive information about “In the Wild” computer viruses to both users and product developers. It is a list of computer viruses found in the wild and reported by a diverse group of over 55 qualified volunteers, and is made available free of charge by the organization – www.wildlist.org.
- Windows System Files – Windows Resource Protection (WRP) prevents the replacement of essential system files, folders, and registry keys that are installed as part of the operating system.
- Windows Update – A free service from Microsoft that regularly updates your PC with the latest bugfixes and security patches and then reboots the PC. For consumers it is highly recommendable to have this set on automatic. Microsoft does this on the second Tuesday of the month, called Patch Tuesday. Businesses should use their own centralized update server, after they tested the patches in their environment for compatibility issues.
- Worm – A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other devices on the network, and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing file. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Worms can spread with lightning speed. One worm was able to infect hundreds of thousands of servers worldwide in less than 10 minutes. It is a special type of virus designed primarily to reproduce and replicate itself on as many computer systems as possible. It normally does not alter files but rather remains resident in a computer’s memory. They usually rely on access to operating systems capabilities that are invisible to users.
- Zero-day Attack or Zero-day Threat – A computer threat that tries to exploit vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is yet available. Hackers have a field day with zero-day attacks, as there is very little defense against them. There are many of these vulnerabilities for each software product, and there is a lively trade in zero-day vulnerabilities. Both governments spy agencies and cybercrime buy these exploits often for tens of thousands of dollars.
- Zero-day Exploits – Actual code that can use a security hole to carry out an attack. Used or shared by attackers before the software vendor knows about the vulnerability.
- Zombie, also called ‘drone’ – A PC that has been taken over by malware and is ‘owned’ by hackers. The PC is now part of a botnet and spews out spam, tries to infect other computers, attacks websites or does other nefarious things. Government spy agencies like the NSA also use this tactic and have tens of thousands of machines infected and they basically own them.