Sometimes training for cyber defense is like learning a new secret language. Good thing Maya keeps this encyclopedia of cyber defense terms handy:
Source: The Carnegie Cyber Academy
Digital Marketing & SEO Glossary Of Terms
Source: Matthew Woodward
Tech Target IT Encylopedia
Adware and spyware are perhaps the most common type of computer infections. Both of these infections are usually picked up by browsing malicious websites or downloading software from an untrusted source. Adware’s purpose is to show advertisements to you at all times, even when you aren’t online. This can be very annoying, and it will slow down your computer, as well.
Adware is easily added to your computer by downloading free trials, music, games and such from untrusted sites. More annoying than damaging other than slowing down your computer Salon
Adware programs are program that covertly gather personal information of online users and relay it to another computer, often for advertising objectives. This kind of information gathering is often done by tracking information related to Internet browser habits.
Adware downloaded from Websites, usually in the form of freeware. Thus, a user wanting freeware may unknowingly trigger adware by accepting the terms found in an End-User Licensing Agreement from a software program that just happens to be linked to the adware. Your Dictionary
The new software paradigm is apps. Apps are applications that run on cell phones, tablets, and computers, such as the Chromebook. There’s an app for everything. Many are free. Some free ones give you the capability to purchase add-ons through in-app dialogs. Apps are what we used to call programs or applications. These days they’re just apps.
Apps aren’t simply an annoying buzzword, they’re here to stay. Apps are the new method of interacting with your computing devices. Most apps require very little prior knowledge and are designed to be extremely intuitive and user friendly. Users interact with apps using gestures, which are swipes, taps, and press and holds. Most gestures are one hand capable meaning that you use one hand to hold the device and the other to interact with it.
Apps are a reality. Learn them. Live with them. ZDNet
Backdoors are much like Trojans, in that they are seemingly normal programs at first. When a computer user runs it, a “door” is opened to the user’s computer. Then, the backdoor creator can use this door to take control of the computer in any desired way. Backdoor users have full control of the system, so they can delete entire drives or steal personal data.
Worms are a lot like viruses, since they too can reproduce themselves. But unlike viruses, worms can reproduce without infecting other files. Worms sometimes function as backdoor openers, and they also tend to infect entire networks. Salon
A backdoor in an Operating System or a complex application is a method of bypassing normal authentication and gain access. During the development of the Operating System or application, programmers add back doors for different purposes. The backdoors are removed when the product is ready for shipping or production. When a backdoor is detected, which is not removed, the vendor releases a maintenance upgrade or patch to close the back door.
Another type of a back door can be an installed program or could be a modification to an existing program. The installed program may allow a user log on to the computer without a password with administrative privileges.
Data drives everything that we do. If you think about it, data has always been big. We’ve always fretted about data storage, since the beginning of the computer age. As far back as I can remember, data has always been a problem, but not always a popular buzzword. It simply means huge amounts of data flowing into and out of a computing environment.
The handling of big data comes with its pain points. First, you have to have the capacity to store it. Second, you have to be able to transport it securely and quickly. Third, you have to figure out what to do with it—retain, archive, or delete. Finally, there’s the problem of using “big” data. How do you efficiently store and retrieve the data you need when there’s so much of it? That’s the problem that companies such as IBM, HP, Dell, and others attempt to solve for you.
Data has always been big and there’s no sign of it shrinking. People love data. We can’t get enough of it. We consume it faster than we consume oil. We spend a lot of time with data. Data is our life. It’s not big data, it’s just data. ZDNet
A bot, also known as Zombies, is short for a robot or cyber-robot, almost exclusively used on the internet. These are simple computer programs used to perform highly repetitive operations; both legal and illegal e.g. trawling websites to collect email addresses or a form of malware attack
A ‘bot’ is a type of malware which allows an attacker to gain complete control over the affected computer. There are literally tens of thousands of computers on the Internet, which are infected with some type of ‘bot’ and don’t even realize it.
Attackers are able to access lists of ‘zombie’ PC’s and activate them to help execute DoS (denial-of-service) attacks against Web sites, host phishing attack Web sites or send out thousands of spam email messages. Should anyone trace the attack back to its source, they will find an unwitting victim rather than the true attacker? About
Our computer systems and networks used to be the targets of bot, now they are a resource for bot armies or botnets
Browser hijacking is a type of online fraud. Scammers use malicious software to take control of your computer’s Internet browser and change how and what it displays when you’re surfing the web.
How Do I Know If My Browser Has Been Hijacked?
- Home page or other settings change on your computer. Links are added that point to websites that you’d usually avoid.
- You can’t navigate to certain web pages, such as antispyware and other security software sites.
- A seemingly endless barrage of ads pops up on your screen.
- New toolbars or Favorites are installed that give you icons and links to web pages that you don’t want.
- Your computer runs sluggishly. Malicious software can slow down your computer. Microsoft
What buzzword dictionary or analysis would be complete without including the term, Cloud? The answer is none. Cloud is one of those terms tossed around by everyone and unfortunately few really understand what it is. Cloud is a generic term for commoditized services, such as storage or workload computing power. Under the layers of other related buzzwords, there is hardware—computers with memory, storage, operating systems, and network connections running it all. I think that a lot of people forget that there’s actually computers and software running the Cloud and cloud services. There are also people who maintain and manage those services.
Cloud is an overused, but necessary term. The Cloud does exist, but there are private clouds, public clouds, and hybrid clouds that combine the attributes of both of the other two to provide services to employees and to customers. Cloud security is a real concern for users and for businesses. The Cloud isn’t inherently unsecure, but its sheer size creates a larger and more prominent attack vector for those with malicious intent.
The Cloud and cloud-related services are worth learning about and exploring. It isn’t a buzzword that’s going to disappear anytime soon. Learn to live with it and embrace what it brings to you and your business. ZDNet
Crack tools giving unauthorized access to another’s computer, as with a keystroke logger, a software program capable of tracking and recording a user’s keystrokes and then sending this data to the cracker. Your Dictionary
Dark Net, Deep Web
The so-called “deep web” describes websites that aren’t cataloged in any of the Internet’s surface search engines, such as Google and Yahoo!. These sites typically are controlled by those who wish to remain anonymous in some way, although, if they were truly anonymous, no one would know about them and there’d be no point at all to their existence. Fans of these sites access them with an allegedly anonymous browser called Tor.
Deep web sites are famous for scams, porn, file sharing, illegal activities (use your imagination), and bitcoin exchanges. The truth is that there is no deep web. But what’s known as the deep web, you don’t want any part of it, unless you’re into illegal activities under the guise of desired anonymity that you won’t actually have. ZDNet
Since the NSA’s alledged spying was brought to light by overpaid, underqualified, trained-as-a-spy Edward Snowden, much has been said and written about data privacy. Here, in a nutshell, is what data privacy is: Nonexistent. You know what’s private? Only the thoughts in your head. And that’s only if aliens aren’t tapping into your brainwaves (cue to don your tinfoil hats). There is no such thing as data privacy.
If you write it down, it can be stolen. If you email it, someone can hijack it and read it. Everything you do, say, and write is recorded. Your email isn’t private. Your browsing history isn’t private, even in Incognito mode. And not even if you use Tor and Bitcoin. Sorry foil hat wearers, there’s nowhere to hide. And unless you’re doing something illegal, there’s no reason to hide.
The same people who are so concerned about data privacy still use cell phones in public, still post to Facebook, still tweet, still blog, still pontificate at local coffee shops and oxygen bars. If you really want to keep your precious privacy, shut up, unplug, burn your social security card, and stop using computers, credit cards, and public WiFi. Otherwise, you have no privacy. You’re not anonymous. ZDNet
Denial of Service (DoS)
Denial-of-service or a DoS attack is an attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like viruses, new DoS attacks are constantly being dreamed up by hackers. Webopedia
Distributed Denial of Service (DDoS)
Distributed denial of service or a DDoS is a type of DOS attack where multiple compromised systems — which are usually infected with a Trojan — are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.
According to eSecurityPlanet, in a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack only by blocking a single IP address, plus it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin. Webopedia
Attacks can be classified as either being active or passive. Active attacks involve modification of the transmission or attempts to gain unauthorized access to the system, while passive attacks involve monitoring transmissions. Either form can be used to obtain information about the user, which can later be used to steal that user’s identity.
Network attacks include Denial of Service (Dos) and Distributed Denial of Service (DDoS), Man-in-the-middle attack, packet sniffing, TCP SYN Flood, ICMP Flood, IP spoofing, and even simple web defacement. Wikipedia
A fabrication is the creation of some deception in order to deceive some unsuspecting user
Gamification – Companies have started using what they call “gamification” to foster more user input and to create an air of creative competition to help improve services, engage users, gather more customer input, and a range of other reasons. Gamification attempts to use competition toward a goal through point systems, rewards, and other incentives to participate and to excel inside the gamified environment.
Whatever you call it, gamification can be a positive business model when applied appropriately and thoughtfully. Many marketing groups use it, software communities use it, and some technology support collectives use it to boost morale and to prevent burnout. It’s a concept worth knowing and employing.
Companies have started using what they call “gamification” to foster more user input and to create an air of creative competition to help improve services, engage users, gather more customer input, and a range of other reasons. Gamification attempts to use competition toward a goal through point systems, rewards, and other incentives to participate and to excel inside the gamified environment.
Whatever you call it, gamification can be a positive business model when applied appropriately and thoughtfully. Many marketing groups use it, software communities use it, and some technology support collectives use it to boost morale and to prevent burnout. It’s a concept worth knowing and employing. ZDNet
Hacking is a broad term that describes all attempts to access or harm information assets without or in excess of authorization by thwarting logical security mechanisms. The three methods of hacking utilized most commonly in hacking breaches were exploitation of back doors or command/control functionality, exploitation of default or guessable credentials, and brute force and dictionary attacks, at 73 percent, 67 percent, and 52 percent, respectively.
With the back door installed, an attacker can bypass security mechanisms and obtain access without using legitimate channels. Regarding the other two methods, an attacker tries a few well-known combinations of default credentials used on various types of systems and, if necessary, then runs a brute force attack to crack the system. IRMI Risk Insurance
Hoaxes or emails sent along the Internet in a chain-letter fashion with the purpose of trying to scare users by describing a devastating (but unlikely) virus that has infected their machine, a form of extortion.
The term has gone through several iterations over the years, but it began life as “Integrated”. I suppose that the word integrated is too trite for today’s tastes. But it means integrated. Generally speaking, hyperconverged means a system that combines storage, networking, and compute in a small footprint. It refers to infrastructure. You’ll hear industry types using the term hyperconverged infrastructure. It means that the system is integrated with all of the necessary “stuff” required to provide a service. You know, like an enterprise class server or small cluster of servers. It is now, hyperconverged.
Repeatedly identified as the most worrisome threat is the “insider” — someone legitimately authorized access to the system or network. Other malefactors may make use of insiders, such as organized crime or terrorist group suborning a willing insider (a disgruntled employee, for example,) or making use of an unwitting insider (by getting someone with authorized network access to insert a disk containing hidden code, for example). ITLAW
An interception is the process of intruding into some transmission and redirecting it for some unauthorized use
Internet of Things (IoT)
If there was ever a bandwagon to jump on, this is it. IoT is the hot new thing. The problem is that most people, even technology people, have no clue what IoT really means. Sure they might know the definition, but they don’t know what it really means to them, to the economy, or to data volumes. The Internet of Things means simply that you can gather data on just about everything using small sensors and WiFi connectivity.
The data gathered can be complex, such as weather data or as simple as an ON/OFF signal from an actuator opening and closing. The Internet of Things has yet to really catch on, but it’s just as likely to catch on in your home as in your business. For example, you can setup an alarm system in your home that you control with an app. (See how all of these things relate to one another?) So-called smart homes aren’t new. In fact, a company called X10 has been using this technology for almost 40 years. They waited a long time to become new again.
Watch for companies moving into IoT in a big way over the next couple of years. A word of caution for would-be get rich quick investors: Invest with brands you know. They’re in for the long haul. ZDNet
An interruption is the break in a communication channel, which inhibits the transmission of data
Joke programs altering or disrupting the normal activities of a computer by harmlessly creating a nuisance, such as putting on some unexpected screen saver. Your Dictionary
A computer monitor (known as a keylogger) is an invisible tool that records every keystroke to an encrypted and hidden log file. The log file can be sent secretly via email, or uploaded to a website via FTP, or sent to another PC on the same network. Keystroke recorders also monitor internet activity by logging the addresses of all visited websites. Keyloggers monitor the time and title of the active applications, and captures all texts in edit boxes and message boxes. WideStep Software
Legal usage of keyloggers includes monitoring your children’s use of the computer; while others find them useful for monitoring their spouses.
Computer hackers use keylogging software to retrieve information from unsuspecting computer users; if the system does not have adequate firewall, spyware or virus protection, the hackers can break into computers. Passwords and account numbers can be recorded using keylogging software. Commonly used for Identity Theft and credit card fraud eHow
Malicious Code also known as Malware installs on your computer through the clicking action of the user; clicking the wrong link. A likely indicator that your computer is infected is that it stops working properly or becomes sluggish. Most computers naturally slowdown from regular usage and need routine defragmentation correct the problem. A malware infected computer requires removal by malware detection software.
Malware infections range from a nuisance to serious
Periodic defragmentation and malware detection removal should become part of your routine
A spoof where the MITM assume the identify of one while communicating with the other
May be found in CallerID, email, network IP, etc
A modification is the alteration of the data contained in the transmissions.
A network attack is considered to be any action taken to disrupt, deny, degrade, or destroy information residing on a computer and computer networks.
Remote access tools permitting another system to gather data or to attack or alter someone’s computer or the files contained therein, usually over the Internet. Your Dictionary
A rootkit is a program or a program kit that hides the presence of malware in the system. A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover, it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”). Kaspersky
Breaking the term rootkit into the two component words, root and kit, is a useful way to define it. Root is a UNIX/Linux term that’s the equivalent of Administrator in Windows. The word kit denotes programs that allow someone to obtain root/admin-level access to the computer by executing the programs in the kit — all of which is done without end-user consent or knowledge.
Rootkits have two primary functions: remote command/control (back door) and software eavesdropping. Rootkits allow someone, legitimate or otherwise, to control a computer. This means executing files, accessing logs, monitoring user activity, and even changing the computer’s configuration. Therefore, in the strictest sense, even versions of VNC are rootkits. This surprises most people, as they consider rootkits to be solely malware, but in of themselves they aren’t malicious at all. TechRepublic
Also known as Internet Sabotage is the practice of flooding an internet site with false requests for information causing it to freeze
Service-oriented Architecture (SOA) – So few people have a grasp on what this one means, it’s almost laughable, that is if it wasn’t so sad. I won’t even use my own words to describe this one, when IBM does a much better job of it:
- A set of services that a business wants to provide to their customers, partners, or other areas of an organization
- An architectural style that requires a service provider, mediation, and service requestor with a service description
- A set of architectural principles, patterns and criteria that address characteristics such as modularity, encapsulation, loose coupling, separation of concerns, reuse and composability
- A programming model complete with standards, tools and technologies that supports web services, REST services or other kinds of services
- A middleware solution optimized for service assembly, orchestration, monitoring, and management
Now that you have the IBM definition, do you know what SOA is? I didn’t think so. The bottom line is that SOA is a buzzword that could use an overhaul or deletion. Someone once asked me snarkily what SOA is. It was clearly a trap. I answered in kind with, “Do you?” ZDNet
Spoofing is a trick or deception that assumes the identity of another, a false identity of a user, system or network
Malicious code also includes spyware, which are deceptive programs, installed without authorization, “that monitor a consumer’s activities without their consent.” Spyware can be used to send users unwanted pop up ads, to usurp the control of the user’s Internet browser, or to monitor a user’s online habits.
However, spyware is usually installed along with something that the user actually wishes to install. The user consents to the installation, but does not consent to the monitoring tactics of the spyware. The consent for spyware is usually found in the end-user license agreement. Wikipedia
Spyware is a stand-alone program that monitors the system’s activities, detecting passwords and other confidential information without being detected, and sends this information to another computer. Your Dictionary
Trojans are named after the Trojan Horse, where an army of Greeks hid inside what seemed to be present to the city of Troy. Once inside the city, they climbed out of the horse and destroyed their foes. Computer Trojans operate in the same way. They get on your computer by disguising themselves as what looks like a normal program, then do damage once they’ve been downloaded. Trojans are often used to get other, more damaging, files onto your computer. They may also delete or destroy your files. Salon
Trojan horses, software programs (often arriving in a joke program) that do not replicate or copy themselves but can and often do cause significant system damage or compromise the system’s security. Your Dictionary
Virus is a code that not only replicates itself, but also infects another program, a boot sector, a partition sector, or a document with executable instructions (such as macros) by attaching itself or inserting itself into that medium.
Although most viruses just replicate and do little more, others can cause a significant amount of damage. Your Dictionary
Watches and “smart” bands make up the bulk of what’s known as wearable computing. These devices perform such basic functions as cell phone service, health monitoring (heartbeat, body temperature, pulse), music streaming, GPS location, and a few other non-essential services. Wearable devices are where cell phones were 15 to 20 years ago in that they have limited functionality, high prices, and few adopters. Wearable computing is in its infancy, but is expected to grow over the next few years, and like cell phones, such devices will be part of our regular lives.
A note of caution to early adopters of wearable computing: You’re going to spend a lot of money to purchase a device that won’t be supported in two years or less. The reasons are simple. Most of the companies creating wearable devices will be out of business or technology will have surpassed the devices so significantly that they’re virtually unusable. Think about the Palm Pilot and other PDAs before you delve into your bank account for these devices.
Think about it. People don’t wear watches because you have clocks on your cell phones, tablets, and computers. There’s really no need for a wristwatch type device. The health applications are somewhat interesting, but if you want to know your pulse rate, you can just check it yourself with your index finger and your wrist. ZDNet
Worms are programs that make copies of themselves and infect other computer systems, typically without the user’s action, exploiting vulnerabilities in operating system or application software.
Worms can compromise the security of the computer and cause significant damage. Your Dictionary