Air Gap
a security measure often taken for computers and computer networks that must be extraordinarily secure
Antispyware
Software used to detect spyware
Asymmetric Key
2 keys (1 is public and 1 is private). They are nonreversable. The public key only to enrypt. ( 1 way) The private key decrypts the data. Protect the private key!!!!
Authentication
The act of establishing or confirming something
Authenticity
Ensuring that data, transaction, communications, or documents are genuine
Availability
The information must be available when it is needed.
Backdoor
A longon not using normal program
Biometrics
Methods used to uniquly recognize people (fingerpringts)
BIOS
Basic Input Output System
Boot Sector Virus
A virus that affects the boot sector (a portion of storage set aside for start up)
Botnet
A collection of zombies which launch a DDOS
Brute Force
Trying to hack a password by trying every possible combination of symbols
Certificate Authority
An entity that issues digital certificates
Chain of custody
documentation showing a seizure, custody, control, transfer, analysis, and disposition of evidence
Chief Information Security Officer (CISO)
a high level security officer
Cipher
transformations of plaintext.A cipher is a an algorithm for performing encryption or decryption.
Confdentiality
Term used to prevent the disclosure of information to unauthorize individuals or systems/
cookie
A piece of text stored by a user's web browser
crawler
Goes and checks every web server. It is an automatci software.
Cryptography
the practing and stuyd of hiding information
Data Encryption Standard (DES)
A block cipher that uses shared secret encryption
Data Leakage
the loss or control over data
Data Theft
stealing data
DHCP
Assigns the IP address
Distrubted Denial of Service Attacks (DDOS)
When hackers send tons of pings to a server so that legitimate users can not access the service (website)
Ditigal Certificates
An electronic document which uses a digital signature to bind together a public key with an identity
Domain Name System (DNS)
A naming system for computer services
Dongle
Hardware that connects to for copy protection
DOS (Disk Operating System)
An Operating System
Dynamic Host Configuration Protocol (DHCP)
An auto configuration protocol used on IP networks
End-to end
Information can go from client to webserver securely
Exploit
The means of the attack
Failover
the capability to switch over automatically to redudant or standby computer server, system,or nework upon failure
Failsafe
In the event of failure, the minimal amount of harm is done
Filter
A computer program to process a data stream
firewall
A part of a computer or network that is desigend dto bloc unauthorized access while permitting authorized communications
handshaking
the process of establishes the parameters of communications between two devices
Hardware
The physical components of a computers
Hash
values used in computer security in order to encrypt text.
Hypertext Transfer Protocol
A networking protocol for distibuted, collaborative, hypermedia information
Hypertext Transfer Protocol Secure (HTTPS)
A combination of HTTP with the SSL/TLS protocol to provide encrypted communication and secure indentification of a network web server
Identity Based Access Controls (IBAC)
cotnrols set up for individual users
Identity Theft
stealing personal identifiers
Information System
Hardware, Software, Information, People, Procedure
Integrity
Data cannot be modified undetectably
Internet Protcol
The principla communications protocol used for relaying packets across an intenetwork.
Intrusion Detection System
software and/or hardward design to detect unwanted attempts at accessing, manipulating, and/or disabling of a computer system, mainly through a newtwork, such as the Internet
IP address
A numerical label assigned to each device participating in network
Keylogger
the action of tracking (or loggin) he key struck on a keyboard, typically in a covert manner
Logic Bombs
Malware executed under a given condition
MAC Address
A unique number that belongs to the NIC
Malware
software designed to secretly access your computer. Malware includes viruses, worms, Trojans, rootkits, spyware, ect.
Man in the middle Attack
An attack in which the hacker obtains information when it is being transmitted
Mandatory Access Controls
Set up controls
MD5
Hashes are numerical code that encrypts data.
Media Access Control (MAC)
A Unique identifier assigned to network interfaces for communciation on the physical network segment
NAT
Network Address Translation
netstat
a command line tool that displace network connections
networks
A collection of coputers
Non-repudiation
One party cannot deny having received a transaction or can they deny the other party having sent the transaction.
Operating System
Programs of data that runs on computers and manages the computer hardware and provides common services for efficient execution of various application software
Packet sniffers
intercept and log traffic passing over a network
Packet switching
a method that groups all transmitted da
Passive Scanning
War driving is an example of war driving
Passphrase
A sequence that makes sense to you and no one else
PAT
Port Address Translation (share 1 external IP)
payload
malware caused by a virus or other malicious code executed by the exploit on the target computer. It may move, alter, overwrite, delete file, or commit othe destructive activity.
Personal Identifiers
DOB, SSN, DL #, unique identifiers for people
PGP (Pretty Good Privacy)
Sottware for encryption
Phishing
The act of getting data by asking for it
Ports
a physical interface between a computer and other computers or device
Privledge Escalation
Coming into a network under a restriction and gaining higher priviledges
Public Key Encryption
Scrabbles the algorithm with RSA. It is a key
Public Key Infrastructure (PKI)
A set of hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
Rainbow Table
list of passwords up to a certain length
Redundancy
Saving the same information in multiple places
Risk Management
The identification, assesment, and priotitization of risks
Role Bases Access Controls (RBAC)
controls set up for user groups
Root Kits
Change the system software, making the attack invisible
Router
An electronic device that interconnects two or more computer networks
Safe Mode
Booting up a computer in a minimal amount of devices
Sandboxing
A security mechanism for separatingi running programs
script
Program language that allows control of one or more software application
SDK (software development kit)
Used to write software
Secure Sockets Layer (SSL)
cryptographic protolcol that provides secure communication
Sidejacking
An attack in which an attacker uses packet sniffing to read networking between two parties to steal the session cokies
SMS
Short Message Service
Social Engineering
Talking people into giving away information
Software
Collection of computer programs and related data that provides the instructions telling a computer what to do
Spam
Unwanted emails sent to solicated information indiscriminately
Spoofing
falsying network information
Spyware
A type of malware that can be installed on computers and collects little bits of information at a time about the users without their knowledge
SSID
The beacon broadcast by public service providers (a public establishment)
Standard Operating Procedures(SOP)
Establishes guidelines to follow
Symmetric key cipher
Can be hacked by brute force attacks. To make is safe, make it a long number. Good for stored information.
System Analysis
Solving a problem for business with IT
Telnet
A network protocol used on the internet
Threat Agents
Cause of the threat (attack)
Time Bombs
Malware triggered by a date
Time to Live (TTL)
packets is a limit on the period of time or number of iterations or transmissions in a computer and computer network technology that a unit of data (a packet) can experience before it should be discarded.
Tokens
A device that authorizes a user
Tracert (tracing route)
used to show the route taken by packets across an IP network.
Transmission Control Protocol (TCP)
corrects the errors and Internet Protocol (IP) finds the address
Trojans
malware, often sent through email/web links that offer attractive objects, then infect the computer with a virus (software)
Virtual Private Network
Made private by encryption (tunnel)
Virus
A self-copying program that overwrites storage
War Driving
Roaming around looking for vulnerable access points
Web browser
A software application fro retrieving, presenting, and traversing information resources on the world wide web
Web Server
Hardware or softear that helps to deliver content that can be accessed through the internet
Whalling
The target (phising) of a CISO
Wired Equivelent Privacy (WEP
an attempt to make a private network
Wireless Access Point (WAP)
A device that allows wired communication devices to connect to a wireless network using Wi-Fi.
Worm
Spreads across networks automatically
Zero-Day Exploit
Brand new, signiture of that has not been detected
Zombie
Takes remote control of a victim PC