| Air Gap |
a security measure often taken for computers and computer networks that must be extraordinarily secure |
| Antispyware |
Software used to detect spyware |
| Asymmetric Key |
2 keys (1 is public and 1 is private). They are nonreversable. The public key only to enrypt. ( 1 way) The private key decrypts the data. Protect the private key!!!! |
| Authentication |
The act of establishing or confirming something |
| Authenticity |
Ensuring that data, transaction, communications, or documents are genuine |
| Availability |
The information must be available when it is needed. |
| Backdoor |
A longon not using normal program |
| Biometrics |
Methods used to uniquly recognize people (fingerpringts) |
| BIOS |
Basic Input Output System |
| Boot Sector Virus |
A virus that affects the boot sector (a portion of storage set aside for start up) |
| Botnet |
A collection of zombies which launch a DDOS |
| Brute Force |
Trying to hack a password by trying every possible combination of symbols |
| Certificate Authority |
An entity that issues digital certificates |
| Chain of custody |
documentation showing a seizure, custody, control, transfer, analysis, and disposition of evidence |
| Chief Information Security Officer (CISO) |
a high level security officer |
| Cipher |
transformations of plaintext.A cipher is a an algorithm for performing encryption or decryption. |
| Confdentiality |
Term used to prevent the disclosure of information to unauthorize individuals or systems/ |
| cookie |
A piece of text stored by a user's web browser |
| crawler |
Goes and checks every web server. It is an automatci software. |
| Cryptography |
the practing and stuyd of hiding information |
| Data Encryption Standard (DES) |
A block cipher that uses shared secret encryption |
| Data Leakage |
the loss or control over data |
| Data Theft |
stealing data |
| DHCP |
Assigns the IP address |
| Distrubted Denial of Service Attacks (DDOS) |
When hackers send tons of pings to a server so that legitimate users can not access the service (website) |
| Ditigal Certificates |
An electronic document which uses a digital signature to bind together a public key with an identity |
| Domain Name System (DNS) |
A naming system for computer services |
| Dongle |
Hardware that connects to for copy protection |
| DOS (Disk Operating System) |
An Operating System |
| Dynamic Host Configuration Protocol (DHCP) |
An auto configuration protocol used on IP networks |
| End-to end |
Information can go from client to webserver securely |
| Exploit |
The means of the attack |
| Failover |
the capability to switch over automatically to redudant or standby computer server, system,or nework upon failure |
| Failsafe |
In the event of failure, the minimal amount of harm is done |
| Filter |
A computer program to process a data stream |
| firewall |
A part of a computer or network that is desigend dto bloc unauthorized access while permitting authorized communications |
| handshaking |
the process of establishes the parameters of communications between two devices |
| Hardware |
The physical components of a computers |
| Hash |
values used in computer security in order to encrypt text. |
| Hypertext Transfer Protocol |
A networking protocol for distibuted, collaborative, hypermedia information |
| Hypertext Transfer Protocol Secure (HTTPS) |
A combination of HTTP with the SSL/TLS protocol to provide encrypted communication and secure indentification of a network web server |
| Identity Based Access Controls (IBAC) |
cotnrols set up for individual users |
| Identity Theft |
stealing personal identifiers |
| Information System |
Hardware, Software, Information, People, Procedure |
| Integrity |
Data cannot be modified undetectably |
| Internet Protcol |
The principla communications protocol used for relaying packets across an intenetwork. |
| Intrusion Detection System |
software and/or hardward design to detect unwanted attempts at accessing, manipulating, and/or disabling of a computer system, mainly through a newtwork, such as the Internet |
| IP address |
A numerical label assigned to each device participating in network |
| Keylogger |
the action of tracking (or loggin) he key struck on a keyboard, typically in a covert manner |
| Logic Bombs |
Malware executed under a given condition |
| MAC Address |
A unique number that belongs to the NIC |
| Malware |
software designed to secretly access your computer. Malware includes viruses, worms, Trojans, rootkits, spyware, ect. |
| Man in the middle Attack |
An attack in which the hacker obtains information when it is being transmitted |
| Mandatory Access Controls |
Set up controls |
| MD5 |
Hashes are numerical code that encrypts data. |
| Media Access Control (MAC) |
A Unique identifier assigned to network interfaces for communciation on the physical network segment |
| NAT |
Network Address Translation |
| netstat |
a command line tool that displace network connections |
| networks |
A collection of coputers |
| Non-repudiation |
One party cannot deny having received a transaction or can they deny the other party having sent the transaction. |
| Operating System |
Programs of data that runs on computers and manages the computer hardware and provides common services for efficient execution of various application software |
| Packet sniffers |
intercept and log traffic passing over a network |
| Packet switching |
a method that groups all transmitted da |
| Passive Scanning |
War driving is an example of war driving |
| Passphrase |
A sequence that makes sense to you and no one else |
| PAT |
Port Address Translation (share 1 external IP) |
| payload |
malware caused by a virus or other malicious code executed by the exploit on the target computer. It may move, alter, overwrite, delete file, or commit othe destructive activity. |
| Personal Identifiers |
DOB, SSN, DL #, unique identifiers for people |
| PGP (Pretty Good Privacy) |
Sottware for encryption |
| Phishing |
The act of getting data by asking for it |
| Ports |
a physical interface between a computer and other computers or device |
| Privledge Escalation |
Coming into a network under a restriction and gaining higher priviledges |
| Public Key Encryption |
Scrabbles the algorithm with RSA. It is a key |
| Public Key Infrastructure (PKI) |
A set of hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates |
| Rainbow Table |
list of passwords up to a certain length |
| Redundancy |
Saving the same information in multiple places |
| Risk Management |
The identification, assesment, and priotitization of risks |
| Role Bases Access Controls (RBAC) |
controls set up for user groups |
| Root Kits |
Change the system software, making the attack invisible |
| Router |
An electronic device that interconnects two or more computer networks |
| Safe Mode |
Booting up a computer in a minimal amount of devices |
| Sandboxing |
A security mechanism for separatingi running programs |
| script |
Program language that allows control of one or more software application |
| SDK (software development kit) |
Used to write software |
| Secure Sockets Layer (SSL) |
cryptographic protolcol that provides secure communication |
| Sidejacking |
An attack in which an attacker uses packet sniffing to read networking between two parties to steal the session cokies |
| SMS |
Short Message Service |
| Social Engineering |
Talking people into giving away information |
| Software |
Collection of computer programs and related data that provides the instructions telling a computer what to do |
| Spam |
Unwanted emails sent to solicated information indiscriminately |
| Spoofing |
falsying network information |
| Spyware |
A type of malware that can be installed on computers and collects little bits of information at a time about the users without their knowledge |
| SSID |
The beacon broadcast by public service providers (a public establishment) |
| Standard Operating Procedures(SOP) |
Establishes guidelines to follow |
| Symmetric key cipher |
Can be hacked by brute force attacks. To make is safe, make it a long number. Good for stored information. |
| System Analysis |
Solving a problem for business with IT |
| Telnet |
A network protocol used on the internet |
| Threat Agents |
Cause of the threat (attack) |
| Time Bombs |
Malware triggered by a date |
| Time to Live (TTL) |
packets is a limit on the period of time or number of iterations or transmissions in a computer and computer network technology that a unit of data (a packet) can experience before it should be discarded. |
| Tokens |
A device that authorizes a user |
| Tracert (tracing route) |
used to show the route taken by packets across an IP network. |
| Transmission Control Protocol (TCP) |
corrects the errors and Internet Protocol (IP) finds the address |
| Trojans |
malware, often sent through email/web links that offer attractive objects, then infect the computer with a virus (software) |
| Virtual Private Network |
Made private by encryption (tunnel) |
| Virus |
A self-copying program that overwrites storage |
| War Driving |
Roaming around looking for vulnerable access points |
| Web browser |
A software application fro retrieving, presenting, and traversing information resources on the world wide web |
| Web Server |
Hardware or softear that helps to deliver content that can be accessed through the internet |
| Whalling |
The target (phising) of a CISO |
| Wired Equivelent Privacy (WEP |
an attempt to make a private network |
| Wireless Access Point (WAP) |
A device that allows wired communication devices to connect to a wireless network using Wi-Fi. |
| Worm |
Spreads across networks automatically |
| Zero-Day Exploit |
Brand new, signiture of that has not been detected |
| Zombie |
Takes remote control of a victim PC |
Loading...