Cybersecurity Terminologies Flashcards
Is the activity or process, ability or capability, or state whereby information and communication systems and the information contained therein are protected from and/or defended against damage, unauthorized use for modification or exploitation.
Is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.
Cybersecurity
Is a security solution that helps organizations recognize and address potential security threats and vulnerabilities before they have a chance to disrupt business operations.
They play a crucial role in modern cybersecurity by helping organizations detect, investigate, and respond to security threats more efficiently and effectively. They are a key component of a comprehensive cybersecurity strategy for businesses of all sizes.
SIEM
Security Information and Event Management
A technology that helps coordinate, execute and automate tasks between various people and tools all within a single platform. This allows organizations to not only quickly respond to cybersecurity attacks but also observe, understand and prevent future incidents, thus improving their overall security posture.
They play a critical role in enhancing the efficiency, scalability, and effectiveness of security operations by combining orchestration, automation, and response capabilities into a single integrated solution. They enable organizations to better detect, investigate, and respond to security threats while reducing the workload on security teams.
SOAR
Security Orchestration, Automation, and Response
It refers to a sophisticated, targeted cyber attack conducted by a well-funded and highly skilled group of threat actors, such as nation-state-sponsored hackers, organized crime groups, or advanced cybercriminal organizations.
Is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time.
APT
Advanced Persistent Threat
Is a distinctive pattern or characteristic associated with a specific type of cyber attack or malicious activity.
Is a unique arrangement of information that can be used to identify an attacker’s attempt to exploit a known operating system or application vulnerability.
Attack Signature
It is a mechanism used to control access to resources, such as files, folders, network services, or system resources, based on predefined rules or policies.
Is a list of rules that specifies which users or systems are granted or denied access to a particular object or system resource.
They are also installed in routers or switches, where they act as filters, managing which traffic can access the network.
ACL
Access Control List
It’s a way to map multiple private addresses inside a local network to a public IP address before transferring the information onto the internet. Organizations that want multiple devices to employ a single IP address uses this, as do most home routers. If you’re connecting from your home right now, chances are your cable modem or DSL router is already providing this to your home.
Is a fundamental technique used in network security to enable communication between private and public networks while providing security, scalability, and efficient use of IP address resources.
NAT
Network Address Translation
Is an intermediary server that sits between a client device, such as a computer or smartphone, and a destination server or resource on the internet. When a client device sends a request to access a web page, file, or other online resource, the request is first routed through this, which then forwards the request to the destination server on behalf of the client.
Is a system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network. It is a server, referred to as an “intermediary” because it goes between end-users and the web pages they visit online.
Proxy Server
Is a technology that enables secure and encrypted communication over a public network, typically the internet.
Is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.
VPN
Virtual Private Network
Refers to a logical endpoint or communication channel in a networked environment.
It’s a virtual point where network connections start and end. They are software-based and managed by a computer’s operating system. Each of these are associated with a specific process or service. They allow computers to easily differentiate between different kinds of traffic: emails go to a different (blank) than webpages, for instance, even though both reach a computer over the same Internet connection.
They play a critical role in facilitating communication and data exchange between devices and services in a networked environment. Understanding and properly managing these is essential for ensuring the security and integrity of networked systems and applications.
Port
Is an established set of rules that determine how data is transmitted between different devices in the same network. Essentially, it allows connected devices to communicate with each other. Regardless of any differences in their internal processes, structure or design.
Network Protocol
Is a network security device or software application that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Its primary purpose is to protect a network or device from unauthorized access, malicious attacks, and other security threats.
Is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewall
Is a strategy that leverages multiple security measures to protect an organization’s assets. The thinking is that if one line of defense is compromised, additional layers exist as a backup to ensure that threats are stopped along the way.
This strategy helps minimize the likelihood of successful security breaches, mitigate the impact of security incidents, and protect sensitive information and assets from unauthorized access, theft, or compromise.
Defense In-Depth
This ensures that users can connect to the right IP address when they type in a URL, such as Google.com
Is the phone book of the internet. It’s the system that converts website hostnames into numerical values (IP address) so they can be found and loaded into your web browser.
DNS
Domain Name System
A device that channels incoming data from any of multiple input ports to the specific output port that will take the data toward its intended destination.
Are used to connect computers and servers into a single network. They perform the function of a controller and allows the devices within a network to communicate with each other.
Switch
An interface between two systems at which (a) they are not connected physically and (b) any logical connection is not automated (i.e., data is transferred through the interface only manually, under human control).
Refers to a security measure used to isolate and protect sensitive or critical systems from external threats by physically or logically disconnecting them from unsecured networks, such as the internet or other interconnected networks.
Air Gap
Is malicious code that works directly within a computer’s memory instead of the hard drive. It uses legitimate, otherwise benevolent programs to compromise your computer instead of malicious files.
Fileless Malware
Is a type of malware that downloads onto a computer disguised as a legitimate program. The delivery method typically sees an attacker social engineering to hide malicious code within the legitimate software to try and gain user’s system access within their software.
They represent a significant threat to cybersecurity due to their ability to evade detection, steal sensitive information, and compromise system security. Organizations and individuals must remain vigilant and adopt proactive measures to protect against this attacks and minimize the risk of infection.
Trojan Horse
Is a type of malware program that enables cyber criminals to gain access to and infiltrate data from machines without being detected. It covers software toolboxes designed to infect computers, give the attacker remote control, and remain hidden for a long period of time.
Rootkit
Is the approach of restricting the usage of any tools or applications only to those that are already vetted and approved. Organizations adopt this approach by delegating a system administrator or third-party application to manage the list of applications and enforce these restrictions.
They uses the Zero Trust principle, which holds that no resources within an organization may interact with the system without strict authorization.
Application Whitelisting
Is the process of implementing security measures that prevent particular software from being installed on a company’s network and devices.Application Blacklisting
Is a cybersecurity strategy used to prevent the execution or installation of specific applications or software programs that are considered high-risk, malicious, or unauthorized. Organizations maintain a list of prohibited applications, and any attempts to run or install these applications are blocked or restricted.
Application Blacklisting
Is a network of internet-connected devices, often compromised by malware, that are remotely controlled by attackers, typically without the knowledge or consent of the device owners.
Is a piece of malware that infects a computer to carry out commands under the remote control of the attacker.
Botnet
This is a type of online attack used to prevent normal users from accessing an online location. In this case, a cybercriminal can prevent legitimate users from accessing a website by targeting its network resources and flooding the website with a huge number of information requests.
Legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.
DoS
Denial-of-Service
Is a cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites.
Is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of illegitimate traffic, requests, or data from multiple sources.
DDoS
Distributed Denial-Of-Service
Is a method of trying to gain unauthorized access to a system, application, or account by systematically attempting all possible combinations of passwords or encryption keys until the correct one is found. This type of attack relies on the sheer computational power of the attacker’s hardware or software to guess passwords or keys, often without any prior knowledge of the target.
Is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations’ systems and networks.
Brute Force Attack
DNS Cache Poisoning
Buffer Overflow
Ransomware
Worm
Zero-Day
SQL Injection
Code Injection
Fuzzing
Keylogging
XSS
HOAX
Malvertisement
Spyware
Social Engineering
Phishing
