The A-Z of IT Security

Have you ever read or seen a piece of IT Security terminology and wondered what it meant? Check out our A-Z guide of some of the most popular terms that you might come across.

A = Antivirus – Software design to protect devices against conventional viruses, spyware, ransomeware and other threats.

B = Brute Force Attack – A cyber attack method where attackers attempt to gain access to systems by trying all possible combinations of usernames and passwords until the correct one is found.

C = Cyber Attack – An intentional act of attacking and compromising IT systems. This can be via a number of methods including, unauthorised access, disruption via things like DDOS attacks, stealing of data via hacking or a multitide of other attack types.

D = Denial of Service (DDOS) – A cyber attack where attackers attempt to overwhelm a system by flooding it with requests or traffic to stop genuine and legitimate traffic getting to the system. Typically no data is at risk with these types of attacks.

E= Encryption – Encryption is a way of scrambling data so that only authorized parties can understand the information. In technical terms, it is the process of converting human-readable plaintext to incomprehensible text, also known as ciphertext.

F = Firewall – A network device or piece of software the effectively puts a wall up in front of network and systems that can then control incoming and outgoing traffic to prevent cyber attacks and unauthorised access.

G = GDPR – The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area

H = Hacker – A term for an individual with often advanced skills in attempting to gain access to systems they are not authorised to do so. They do so by eploiting back door vulnerabilities and weaknesses in system code to gain this access.

I = Identity and Access Management – Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations.

J = Javascript – A popular programming language used by most web apps. JS is often used by hackers to discover vulnerabilities, read cookies, create scripts, and spread/reproduce malware.

K = Key Logger – The practice of covertly recording what someone types on their keyboard, including login credentials and other sensitive information. Most keystroke logging is achieved through a Trojan Horse—malware that hides on your computer and runs without your knowledge.

L = Local Area Network – Typically situated in businesses and organisations, a local area network is a network of devices limited to a building or small area that allows for the sharing of resources such as data and emails.

M = Malware – An umbrella term for malicious software. It refers to a wide range of programs that a hacker can use to damage, steal from, or take control of individual devices or whole networks. Trojans, ransomeware and adware are all types of malware.

N = Network Resilience – The ability of a network to provide continuous operation, despite disruptions or damage; to recover effectively if a failure does occur; and to scale to meet rapid or unpredictable demands.

O = Operating System – The operating system (or OS), such as Microsoft Windows, Apple OS, is the core system that allows any devices to perform it’s most basic functions.

P = Phishing Emails disguised as legitimate communications designed to trick you into divulging sensitive information or compromising your system, often through bad links or infected attachments. 

R = Ransomware – A type of malware that denies access to a computer system or its files by encrypting the data. The hacker only decrypts the files after a ransom has been paid.

S = Spoofing – An element of Phishing, spoofing is where the criminal attempts to make their communication appear to be from real sources. Typically email addresses and names can be spoofed.

T = Trojan Horse – a computer program that has been deliberately designed to destroy information, or allow someone to steal it. Typically the trojan horse will look like a legitimate piece of software but will have been maliciously setup to fool the end user to inflict damage on your system or network.

U = Unified Threat Management – Unified threat management (UTM) refers to when multiple security features or services are combined into a single device within your network. Using UTM, your network’s users are protected with several different features, including antivirus, content filtering, email and web filtering, anti-spam, and more

V = VPN – A VPN, or Virtual Private Network, is a tool that encrypts your internet traffic and hides your IP (Internet Protocol) address to ensure a secure and private connection to the internet. This hides your online activities from third parties snooping around and collecting data. VPNs can help you keep your online activity private, block ads, trackers, and malware, and protect all your devices at the same time.

W = Worm – A standalone malware program that self-replicates and propagates itself so it can spread to other computers. Unlike viruses, they do not need to be triggered by activity of the user.

X = XSSXSS (Cross-Site Scripting): A security vulnerability found in web apps that enables attackers to inject client-side scripts into pages viewed by others. XSS attacks may be used to bypass access controls.

Z = Zero Day Exploit – A computer attack that takes advantage of a security hole before the vulnerability is realized. Because the security issue is not known until the attack happens, the developer has no time to prepare for the breach and must work quickly to develop a fix to limit damage. It is called a Zero Day Exploit because the developer has zero days to prepare for it.

Please contact me at [email protected] or on 01473 345321 and I’d be happy to have a discussion about anything in this area.