Wednesday, July 3, 2013

Important Terms related to Information Security - Random Wednesday

Hey all! :) How are you all doing? I hope everyone's great! :)



Welcome here at this Random Wednesday. I thought to share with you all some terms that I think everyone should know. These are related to security, hacking, and similar stuff. So have fun skimming thorugh these! :) I am using Wikipedia as the source to deliver this information, some added tweaks from my own side. Though I know all these terms, I don't want to be wrong anywhere, so using Wikipedia, else the list of terms are from my own knowledge! :D

CERT


CERT stands for Computer Emergency Response Team. CERT is now a registered service mark of Carnegie Mellon University that is licensed to other teams around the world. Some teams took on the more generic name of CSIRT (Computer Security Incident Response Team) to point out the task of handling computer security incidents instead of other tech support work. Because CERT is a registered trademark owned by Carnegie Mellon University, it should not be used interchangeably with CSIRT.

It is recommended that every country has their own CERT, like my country India has CERT-IN.


Information Security


Information security (sometimes shortened to InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc.)


Cryptography


Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and which are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

Computer Security


Computer security (Also known as IT Security) is information security as applied to computers and networks.

The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. Computer security also includes protection from unplanned events and natural disasters.

Incident Management


Incident management (IcM) is a term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence. These incidents within a structured organization are normally dealt with by a either an Incident Response Team (IRT), or an Incident Management Team (IMT). These are often designated before hand, or during the event and are placed in control of the organization whilst the incident is dealt with, to restore normal functions.

Vulnerability


In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.
Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.

Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities" This practice generally refers to software vulnerabilities in computing systems. A security risk may be classified as a vulnerability.

Security Bug


A security bug or security defect is a software bug that benefits someone other than intended beneficiaries in the intended ways.

Security bugs introduce security vulnerabilities by compromising one or more of:
  • Authentication of users and other entities
  • Authorization of access rights and privileges
  • Data confidentiality
  • Data integrity

Security bugs need not be identified, surfaced nor exploited to qualify as such.

Zero Day

A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.

For example, a Virus named Stuxnet is said to have exploited around 20 Zero Days in one attack on Iranian Nuclear Facility!

Eavesdropping


Eavesdropping is the act of secretly listening to the private conversation of others without their consent, as defined by Black's Law Dictionary. This is commonly thought to be unethical and there is an old adage that "eavesdroppers seldom hear anything good of themselves...eavesdroppers always try to listen to matters that concern them."

Exploit


An exploit (from the verb to exploit, in the meaning of using something to one’s own advantage) is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behaviour to occur on computer software, hardware, or something electronic (usually computerised). Such behavior frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial-of-service attack.

Denial of Service(DoS)


In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games such as Minecraft. Increasingly, DoS attacks have also been used as a form of resistance. DoS they say is a tool for registering dissent. Richard Stallman has stated that DoS is a form of 'Internet Street Protests’. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.

Trojan Horse


Thinking about the Troy one? No this one is the friendly backdoor virus. A Trojan horse, or Trojan, is a non-self-replicating type of malware which gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often including a backdoor allowing unauthorized access to the target's computer. These backdoors tend to be invisible to average users. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan horses may steal information, or harm their host computer systems. Trojans may use drive-by downloads or install via online games or internet-driven applications in order to reach target computers. The term is derived from the Trojan Horse story in Greek mythology because Trojan horses employ a form of “social engineering,” presenting themselves as harmless, useful gifts, in order to persuade victims to install them on their computers.

Computing Virus


A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously, used to refer to other types of malware, including but not limited to adware and spyware programs that do not have a reproductive ability.

Malware includes computer viruses, computer worms, ransomware, trojan horses, keyloggers, most rootkits, spyware, dishonest adware, malicious BHOs and other malicious software. The majority of active malware threats are usually trojans or worms rather than viruses. Malware such as trojan horses and worms is sometimes confused with viruses, which are technically different: a worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a trojan horse is a program that appears harmless but hides malicious functions. Worms and trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves.

Computer Worm


A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Morris Worm is the first Worm created. It was created by Robert Tappan Morris.

Payload


Payload in computing (sometimes referred to as the actual or body data) is the cargo of a data transmission. It is the part of the transmitted data which is the fundamental purpose of the transmission, to the exclusion of information sent with it (such as headers or metadata, sometimes referred to as overhead data) solely to facilitate delivery.

In the analysis of malicious software such as worms, viruses and Trojans, it refers to the software's harmful results. Examples of payloads include data destruction, messages with insulting text or spurious e-mail messages sent to a large number of people.

In computer security, payload refers to the part of a computer virus which performs a malicious action.

Rootkit


A rootkit is a stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware.

Rootkit installation can be automated, or an attacker can install it once they've obtained root or Administrator access. Obtaining this access is a result of direct attack on a system (i.e. exploiting a known vulnerability, password (either by cracking, privilege escalation, or social engineering). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. The key is the root/Administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.

Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative and trusted operating system, behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem. When dealing with firmware rootkits, removal may require hardware replacement, or specialized equipment.

Keylogger


Keystroke logging, often referred to as keylogging, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. It also has very legitimate uses in studies of human-computer interaction. There are numerous keylogging methods, ranging from hardware and software-based approaches to acoustic analysis. Thus Keylogger is the software or hardware(or both) used for Keylogging.

Spyware


Spyware is a software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.

"Spyware" is mostly classified into four types: system monitors, trojans, adware, and tracking cookies. Spyware is mostly used for the purposes such as; tracking and storing internet users' movements on the web; serving up pop-up ads to internet users.

Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users.

While the term spyware suggests software that monitors a user's computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like Internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, which can result in slow Internet connection speeds, un-authorized changes in browser settings, or changes to software settings.

2 comments:

  1. Superb blog post, extremely informative and interesting. Well written! Thank you.
    IT Managed Services Columbus

    ReplyDelete

Kindly keep the comments clean and make quality comments that would be worthy in making this blog better! :)