click below
click below
Normal Size Small Size show me how
Identify Security
Term | Definition |
---|---|
Hacker (attacker) | Terms for individuals who have the skills to gain access to computer systems through unauthorized or unapproved means. |
Cracker | Refers to an individual who breaks encryption codes, defeats software copy protections, or specializes in breaking into systems. |
White hat | A hacker who discovers and exposes security flaws in applications and operating systems so that manufacturers can fix them before they become widespread problems. This is often done professionally |
Black hat | A hacker who discovers and exposes security vulnerabilities for financial gain or for some malicious purpose. |
Malware | Any unwanted software that has the potential to damage a system, impede performance, or create a nuisance condition. The software might be introduced deliberately or inadvertently and might or might not be able to propagate itself to other systems. |
Virus | A piece of code that spreads from one computer to another by attaching itself to other files. The code executes when the file it is attached to is opened. |
Worm | A piece of code that spreads from one computer to another on its own, not by attaching itself to another file. |
Trojan horse | A malicious computer program which misrepresents itself to appear useful, routine, or interesting in order to persuade a victim to install it. |
Logic bomb | A piece of code that sits dormant on a target computer until it is triggered by a specific event, such as a specific date. |
Spyware | Secretly installed malicious software with a keylogger that is intended to track and report the usage of a target system, or to collect other data the author wishes to obtain. |
Adware | Software that automatically displays or downloads advertisements when it is used. Although not all adware is malicious, many adware programs have been associated with spyware and other types of malicious software. |
Rootkit | Code that is intended to take full or partial control of a system at the lowest levels. Rootkits often attempt to hide themselves from monitoring or detection, and modify low-level system files when integrating themselves into a system. |
Spam | An email-based threat that presents various advertising materials, promotional content, or get-rich-quick schemes to users. The messages can quickly fill a user's inbox and cause storage issues. |
Ransomware | Malicious software that prevents you from using your computer. It usually displays a message stating that you must pay a fee or face some other penalty before you can access your files and computer again. |
Social engineering attack | A type of attack that uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines. Social engineering is often a precursor to another type of attack. |
Shoulder surfing | A human-based attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN. |
Spoofing | A human-based or software-based attack where the goal is to pretend to be someone else for the purpose of identity concealment. Spoofing can occur in Internet Protocol (IP) addresses |
Impersonation | This is a human-based attack where an attacker pretends to be someone he is not. |
Hoax | An email-based or web-based attack that is intended to trick the user into performing undesired actions, such as deleting important system files in an attempt to remove a virus. |
Phishing | A common type of email-based social engineering attack. The attacker sends an email that seems to come from a respected bank or other financial institution. The email claims that the recipient needs to provide an account number, |
Vishing | A human-based attack where the goal is to extract personal, financial, or confidential information from the victim by using services such as the telephone system and IP-based voice messaging services |
Whaling | This is a form of phishing that targets individuals who are known to possess a good deal of wealth. It is also known as spear phishing. |
Spim | An Internet messaging (IM)-based attack similar to spam that is propagated through IM instead of through email. |
Dumpster diving | A term that can refer to physically going through trash cans and dumpsters to look for passwords, or access codes written on paper, but is often used in the context of a physical method a hacker might use to gain information about a computer network. |
Password attack | Any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately. The attacker can guess or steal passwords or crack encrypted password files. |
Guessing | A guessing attack is the simplest type of password attack and involves an individual making repeated attempts to guess a password by entering different common password values, such as the user's name, a spouse's name, or a significant date. |
Stealing | Passwords can be stolen by various means, including sniffing network communications, reading handwritten password notes, or observing a user in the act of entering the password. |
Dictionary attack | A dictionary attack automates password guessing by comparing encrypted passwords against a predetermined list of possible password values. |
Brute force attack | A type of attack in which the attacker uses password-cracking software to attempt every possible alphanumeric password combination. |
Hybrid password attack | Utilizes multiple attack vectors including dictionary, brute-force, and other attack methodologies when trying to crack a password. |