Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
A to Z
This is F-Secure Labs.
A remote administration utility that bypasses normal security mechanisms to secretly
An incident that involves data
leaking from an organization
as the result of a successful...
The use of a cipher or algorithm to transform data, such
as a program’s code, into an unin...
A program or hardware component that surreptitiously monitors and stores all the stroke...
Aprogramor pieceofcodeissuedbya program
vendor tofix issuesina programor operating
An isolated, tightly controlled virtual environment that
replicates a normal computer system...
A type of attack that exploits poor user-input filtering to inject and run executable
Control Protocol,
the most commonly
used networking
protocol used to send
packages th...
Copyright © 2014-2015 F-Secure – All rights reserved.
Learn more about
F-Secure Labs
on our website.
Business Security Ins...
Nächste SlideShare
Wird geladen in …5

Security A to Z: Glossary of the most important terms

2.557 Aufrufe

Veröffentlicht am

We hope to demystify cyber security for you. Learn to speak like a pro and check out the most important security terms with our official explanations from F-Secure Labs.
Article Link: https://business.f-secure.com/security-a-to-z-glossary-of-the-most-important-terms

Veröffentlicht in: Internet
  • Als Erste(r) kommentieren

Security A to Z: Glossary of the most important terms

  1. 1. Security AtoZ themost important terms A to Z
  2. 2. 2SWITCH ON FREEDOM UNDERSTAND THEOFFICIAL TERMINOLOGY. This is F-Secure Labs. Learnmoreaboutthemostimportantsecuritytermswith ourofficialexplanationsfromF-SecureLabs. A to Z
  3. 3. 3SWITCH ON FREEDOM B BACKDOOR A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network. These utilities may be legitimate, and may be used for legitimate reasons by authorized administrators, but they may also be misused by attackers. A backdoor is usually able to gain control of a system because it exploits vulnerabilities, bugs or undocumented processes in the system’s code. BANKING FRAUD / TROJAN Malware that attackers use to access their victim’s online banking. BOTNET Anetwork ofdevicesinfectedwith a specializedformofmalwareknownas a botthatcanberemotelycontrolledbyan attacker,usuallyvia a command-and-control (C&C) server.Eachinfectedcomputer may beknownasa bot,a zombiecomputer,or a zombie.Anattacker,or groupofattackers, canharnessthecollectiveresourcesof a botnettoperformmajor maliciousactions, suchassendingmillionsofspamemails, launchinga distributeddenial-of-service (DDoS),attack andmuchmore. BRUTE-FORCE ATTACK Atypeofattackthattypicallytargets authenticationmechanismssuchas passwords.Abrute-forceattackisan exhaustive,trial-and-errorattemptthat involvesrapidlycyclingthrough acomprehensivelistofpossiblepasswords ordecryptionkeys,untilthecorrectone isentered.Brute-forceattackscommonly succeedduetoweakpasswordsand/or humanerrororlaxness.Often,abrute-force attackiscombinedwithadictionaryattack, whichusesalonglistofwordstakenfrom dictionariesandpopularculturereferences. Unlikeastandardbrute-forceattack, adictionaryattackuseswordsthatare thoughttobethemostlikelytosucceed. A ADWARE AdwareisF-Secure’sclassificationnameforsoftwarethat displaysadvertisementsonthecomputersordevices. Theadvertisementsmaybedisplayedonthedesktopor duringawebbrowsingsession.Adwareisoftenbundled withfreesoftwarethatprovidessomefunctionalityto theuser.Revenuefromtheadvertisingisusedtooffset thecostofdevelopingthesoftware,whichistherefore knownas‘ad-supported’. ATTACK SURFACE Codethatisactiveinatargetsystemandsomehow involvedinprocessinginputthatcanbeusedinattacks. Anyvulnerabilitiesthatcanbeexploitedarepartof attacksurface.Thebasicidea insecurityistodisableall unnecessaryfeaturesinsoftware,andthuslimitattack surfaces.Disablingcodeinthismanner preventsitfrom beingexploited-evenifitcontainsa vulnerability. ATTACK VECTOR Method of contact used to attack victims. Examples of typical attack vectors include email, the web, and USB media.
  4. 4. 4SWITCH ON FREEDOM CYBER ATTACK Cyberattackstargetcomputerized infrastructure,andcanthereforeproduce affectsoutsideofthecomputingdomain. Effectsarewhatdefinecyberattacks,not methods.Ifadenial-of-serviceattackagainst abankwebsitecrashespaymentprocessing servers,andpreventspeoplefrompayingfor thingswithcreditcardsorwithdrawingmoney fromanATM,itisacyberattack.Anattack againstahobbygameservermaybetechnically identical,butifitonlyaffectsthatparticular game,itwouldnotbeconsideredacyberattack. CYBER SECURITY Security that focuses on preventing cyber attacks. Basically the same as information security, except that one should also consider the effects that attackers can produce once they have control of corporate systems and build custom security mechanisms for critical resources. A typical example would be restricting the network connections for workstations with access to a corporate bank account, or a production line controller computer, etc. Cyber security is also used by less honest consultants as a way to rename everything that used to be called information security in order to charge bigger fees from customers. CYBER ESPIONAGE Espionage using computers as tools for espionage. It typically involves hacking or using malware to break into corporate computers and stealing information. C CLIENT / ENDPOINT PC/Mac workstation or laptop, or a mobile phone. Basically anything that runs code, and capable of running security software. The basic definition of a client is a device that can run independent applications, while a terminal is just a screen that input access to computer that is somewhere else. CLOUD SECURITY Security that is provided from a remote server. The benefit of cloud security is that a remote server receives information from multiple sources, so it can make better decisions. Another security benefit of cloud security is that attackers cannot reverse engineer security features that are implemented at remote cloud server. COMMAND AND CONTROL / C2 The command and control(C&C, or CC) server of a botnet is the main control point for the entire network of enslaved computers.
  5. 5. 5SWITCH ON FREEDOM D DATA BREACH An incident that involves data leaking from an organization as the result of a successful attack. DDOS AtypeofattackconductedovertheInternet,using thecombinedresourcesofmanycomputersto bombard,andfrequentlycrash,atargetedcomputer systemorresource(e.g.,aprogram,websiteor network).Therearevarioustypesof distributed denial-of-service (DDoS) attacksthatcanbe conductedindifferentways basedonhowtheattack isconducted.DDoSattacksaresometimesincluded aspartofawormortrojan’spayload-allinfected computersaredirectedtoattacktheselectedtarget. DDoSattacksarealsooftenperformedbybotnets, asthecombinedresourcesofallthecomputersin thebotnetcangenerateaterrificamountofdata, enoughtooverwhelmmosttarget’sdefenseswithin seconds.DDoSattackshavebecomeoneofthemore dangerousmenacesofthemodernInternet. DLP Data Leakage Prevention - a software or service used to detect and possibly prevent information/ data breaches. DOMAIN A domain name (e.g. www.f-secure.com) is a human-friendly text string given to identify a specific resource on the Internet – in most cases, a website. Each domain name maps to a specific IP address. Domain names are used because IP addresses, which are what the computers use to identify common resources, aren’t easy for humans to remember. Domain names are a part of the hierarchical Domain Name System (DNS) used to organize all resources on the Internet. DRIVE-BY DOWNLOAD The automatic download of a program from a visited website onto a user’s computer, almost always without their knowledge or authorization. Drive-by downloads are often used in conjunction with Search Engine Optimization (SEO) attacks, in which search engine results are poisoned in order to redirect users to a malicious site where the drive-by attack can take place. The term ‘drive-by download’ is most frequently used to describe the situation of a website forcibly and silently downloading malware on to a visitor’s system, but clicking on pop-up ads or viewing an email message may also result in the user being subjected to this attack.
  6. 6. 6SWITCH ON FREEDOM E ENCRYPTION The use of a cipher or algorithm to transform data, such as a program’s code, into an unintelligible form. There are many different ways to perform encryption, based on the algorithm or cipher used. Some examples of encryption algorithms include ROT13 and the Vigenere cipher. Encryption usually requires a specific piece of information (a ‘key’) in order to transform the encrypted information back to a usable state when necessary. The simplest form of encryption uses a static unchanging key; more sophisticated encryption may involve changes in the key itself as well as the code to be transformed. Virus writers use encryption to create encrypted viruses, which are harder for antivirus programs to detect. Once installed, the encrypted virus uses the key to decrypt its own code and execute it. HACKING Act of breaking into workstations, servers or mobile phones through a network or other connection. A typical example of hacking would be someone finding a vulnerability in a server and then using an exploit against that vulnerability to access the system. HEURISTICS Reasoning based automation that is used to detect malware or other attacks. Both clients and servers in security clouds use heuristics. Basically, heuristics model human decisions for computer programs, allowing those programs to automate decision making processes. F-Secure uses heuristics to detect malware and other types of attacks. EXPLOIT VS EXPLOIT KIT Exploit: An object - a program, a section of code, even a string of characters - that takes advantage of a vulnerability in a program or operating system to perform various actions. An exploit is almost always used in a malicious context. If successfully used, exploits can provide an attacker with a wide range of possible actions, from viewing data on a restricted- user database to almost complete control of a compromised system. Exploit kit: A server which has a selection of exploits targeting vulnerabilities in several softwares or versions, and a capability to analyze the client and select proper exploit. Typical exploit kit has a selection of exploits for different web browsers and plugins. HACKTIVISM Type of activism which uses hacking in order to push some agenda. Most typical cases of hacktivism involve website defacement in which attackers gain control of a web page and change it to show political or other messages. Twitter, Facebook and other social media accounts are often seized for hacktivism purposes. HARDENING Improving the security of a server or workstation by modifying security, server or application settings. A typical example of hardening would be to reduce an attack surface by disabling features that are not needed by a client or server application. For example, disabling JavaScript from a PDF reader will break most PDF exploits. H
  7. 7. 7SWITCH ON FREEDOM K L M KEYLOGGER A program or hardware component that surreptitiously monitors and stores all the strokes typed into a device’s keyboard. Some keylogger programs will also forward the stored information to an external server for easier retrieval by the attacker. Keyloggers are typically used by attackers to steal vital information such as personal details, credit card details, online account login credentials, and so on. The stolen information can then be used to perpetrate crimes such as identity theft, online fraud, monetary theft, and so on. Keylogger programs are typically installed on a device by other malware, though they may also be manually installed by an attacker with physical access to a device. Hardware components must be manually installed. MAN-IN-THE-MIDDLE ATTACK A type of attack that involves an undetected third-party actively eavesdropping and controlling communications between two systems. The specific technical details of how the attack is performed depends on the type of communication being intercepted (wireless, Internet, mail, etc.), but for it to be successful, the attacker must be able to impersonate each side of the dialogue and convince them that the communication is private and authentic. MITM attacks are usually done in order to intercept or modify messages sent between the two systems, or to inject false information. LAYERED PROTECTION A protection principle in which multiple methods are used to protect against attacks. Layered protection is based on the reality that it is almost impossible to make one security solution that can stop 100% of attacks. Providing layered protection requires the use of multiple technologies in security solutions. ONLINE SCAMS = PHISHING A type of social engineering attack in which fraudulent communications are used to trick the user into giving out sensitive information, such as passwords, account information, and other details. Phishing is a criminal activity in many jurisdictions. A phishing attack usually involves a fake communication, often supposedly from a trusted corporation or institution that requires some kind of response from the user. Usually, the subject matter is enticing or alarming, to motivate the user into complying. Victims are then directed to a specific (usually fraudulent) website in order to trick them into providing information to the attackers. Phishing attempts are most commonly done via email, but attempts made by instant messages, SMS messages, and even voicemail are also known. Malware may also drop phishing communications as part of their payload. Phishing can often be executed using spam emails, but targeted phishing attacks can also occur. The information stolen can have considerable value to a criminal, but its loss can be even more significant to the victim. Such information theft is rapidly becoming a major concern for law enforcement agencies and web service operators worldwide.O
  8. 8. 8SWITCH ON FREEDOM P PATCHING Aprogramor pieceofcodeissuedbya program vendor tofix issuesina programor operating system.Patchesareusuallyissuedtofix bugs, vulnerabilitiesor usabilityissues.Agoodsecurity practiceistoinstallpatchesassoonaspossibleafter theyarereleased.Unfortunately,for manybusinesses andhomeusers,theremaybea significantdelay betweenthetimea patchisreleasedandwhen itisinstalledonanaffectedapplication or machine,leavingthemvulnerabletoattacks. RANSOMWARE Amaliciousapplicationthatstealsor encryptsa user’s dataorsystem,thendemandsa ransompaymentto restorethedataornormalsystemaccess.Ransomware programstypicallyencryptfilesona computer or device, thendisplaysamessagestatingthattheuser needsto payacertainsuminaspecifiedmanner.Thespecifics ofhowtheencryptionisdone,thekindofmessage displayed,andthepaymentmethodtobeusedusually differbasedontheransomwarefamilyinvolved.Thisform ofextortionworksontheassumptionthattheuser values thedataenoughtopayforitsrecovery.However,there isnoguaranteeofactualrecovery,evenafter a payment ismade.Asencryptionisusuallyextremelydifficultto break,thebestsafeguardagainstlosingaccesstocritical datathiswayistokeepup-to-datebackupsofyour files inaseparate,unconnectedlocationor device. Up-to-dateantivirusprotectionanduser cautionarealso keyinavoidingunintentional contactwithransomware.R REMOTE CODE EXECUTION In computer security, remote code execution means that an outside party being able to run arbitrary commands on a target machine or in a target process, almost always with malicious intent. Remote code execution is usually the goal of a system or program exploit, as it essentially means an attacker can take complete control of the compromised machine. REPUTATION Information about whether an application, URL or some object is malicious, known to be clean, or unknown. Reputation is the information that is used for whitelisting or blacklisting applications.
  9. 9. 9SWITCH ON FREEDOM SANDBOXING An isolated, tightly controlled virtual environment that replicates a normal computer system. Sandboxes are usually virtual machines installed as a completely contained entity on a host, or ‘real’ machine. Security researchers often use sandboxes to run and examine suspect, untested or malicious code without risking damage to their actual systems. Modern antivirus programs also use sandboxes to run suspicious programs found on a device, which allows the program to be scanned in order to examine its behavior. If the suspect program performs a harmful routine within the sandbox, it can be identified as malicious without affecting the actual machine. As malware evolves constantly, some sophisticated threats are now ‘VM-aware’. They first check for the presence of a virtual machine or sandbox on the system. If found, the malware can refuse to run, or even uninstall itself as a precaution against detection. S SOCIAL ENGINEERING A general term used to describe attacks that leverage psychological or social pressures to dupe an unsuspecting victim into providing sensitive information such as passwords, account details and so on. Social engineering attacks can take place both online and offline. Online social engineering attacks usually take the form of phishing or pharming attempts, which present unsuspecting users with legitimate looking emails or websites in order to convince potential victims to part with important information or money. Another form of online social engineering involves convincing a user to download a file, usually in the guise of a security or application update, game or other desired program. However, once downloaded and run, the file turns out to be something entirely different, and almost always malicious. Social engineering attacks tend to be effective in spite of their simplicity, as they exploit natural human tendencies based on trust, desire and curiosity. SPEAR-PHISHING Phishing in which the attacker has studied the target and is able to personalize the attack to make it more credible. Spearphishing is also used for sending malicious documents with customized content, while conventional phishing attacks are used to describe attacks which rely for scams rather than malware or exploits.
  10. 10. 10SWITCH ON FREEDOM SQL INJECTION A type of attack that exploits poor user-input filtering to inject and run executable commands in improperly configured Structured Query Language (SQL) databases. Technically, a few types of SQL injection attacks are possible, but the end result of all successful SQL injection attacks is that an attacker can manipulate or gain total control over the database. SQL databases are a common feature of many applications. Often, companies will use such databases for vital operations such as payrolls and customer records. The most commonly reported attacks are launched against databases that can be accessed via a website, simply because these databases are much easier for a hacker to reach. SQL databases are commonly used on websites with dynamic content, making them popular targets for hackers. SQL injection attacks only work against databases that don’t sanitize user input properly. Whenever a user interacts with a database, such as by trying to log into a “Members Only” section of a website, any input they provide should be ‘sanitized’, or checked to make sure it doesn’t contain invalid characters. Poor or improper checking of the data input may cause programming errors, which an alert or malicious user can then exploit. SPYWARE Aprogramdesignedtocompromisepersonalor confidential information.Spywarecanbe installedona systemwithouta user’s authorizationorknowledge.Spywarecanvarywidelyinthekinds ofactionstheyperform.Somecommonactionsincludedisplaying unsolicitedpop-ups,hijackinga browser’shomeor searchpages, redirectingbrowsingresults,andmonitoringuser activities.These actionsmayborderon,orbeoutrightconsidered,asmalicious. Spywareissometimesconsidereda grayarea intermsofethics andlegality.Dependingonthespecific action,contextofuseand applicablelaws,spywaremay belegalandacceptable,dubious butunlegislated,oroutrightillegalandunethical.Complicating theissueisthatsomespywareisnotintentionallydesignedas such.Instead,programmingerrorsmayresultinthemperforming actionsthatmakethembehavelikespyware.Oncetheflawsare corrected,theprogrammaythenbereclassified. S SPOOFING The act of falsifying characteristics or data. Spoofing is usually done in order to conduct malicious activities. For example, if a spam email’s header is replaced with a false sender address in order to hide the actual source of the spam, the email header is said to be ‘spoofed’. An attack can also involve elements of spoofing, as it prevents or complicates the process of identifying the correct source of the attack. There are many kinds of such ‘spoofing attacks’: email spoofing, Internet Protocol spoofing, URL spoofing, and so on.
  11. 11. 11SWITCH ON FREEDOM TCP Transmission Control Protocol, the most commonly used networking protocol used to send packages through the Internet. UNWANTED SOFTWARE/APP Software that is not malware, but has annoying or intrusive features that make it something most people would prefer not to run. A typical example would be adware that focuses only on information gathering, and does not display advertisements by itself. T U TROJAN This is a deceptive program that performs additional actions without the user’s knowledge or permission. It does not replicate itself. Trojans were named after the Trojan Horse of Greek legend, and are sometimes referred to as Trojan Horse programs. Quite often, the Trojan will have, or pretend to have, a functionality that offers a useful service to the user - a screensaver, a utility program, a service pack or application update and so on - in order to encourage the user to run the file. While the legitimate action is executing, the Trojan silently performs its unauthorized routines in the background. The effects of a Trojan’s payload on a computer system can range from mildly annoying pranks (like changing desktop icon positions) to serious, user-inhibiting functions (like disabling the keyboard or mouse). They can even produce critically destructive actions (like erasing files or stealing data). Trojans can cause significant damage by stealing financially sensitive data such as bank account credentials, or personal information that can be used for identity theft. There are numerous types of Trojans, and they can be categorized based on the malicious action(s) they perform. TWO-FACTOR AUTHENTICATION User login method that requires information in addition to a username and password. A typical example of two-factor authentication would be verification through an SMS. VULNERABILITY A flaw or security loophole in a program, web service, network, or operating system that allows a user or attacker to perform unintended actions, or gain unauthorized access. A vulnerability can be a flaw in a program’s fundamental design, a bug in its code that allows improper usage of the program, or simply weak security practices that allow attackers to access the program without directly affecting its code. Fixing a vulnerability requires the program vendor to create a patch (adding or changing the source code to rectify the flaw or loophole) and distribute it to all users of the vulnerable product to protect them from possible exploitation. A publicly announced vulnerability is often targeted by attackers, who attempt to exploit it before the vendor can create and release a patch (known as a zero-day attack). Unfortunately, there is often a significant time gap between when a patch is released, and when it is installed on a vulnerable machine. During that time, the machine remains exposed to attacks targeting the vulnerability. V
  12. 12. 12SWITCH ON FREEDOM ZOMBIE (IN CONNECTION TO BOTNETS) Acomputer,serverormobiledevicethathasbeeninfectedwithspecializedmalwareknown asabot,whichallowsanattacker tocontrolit.Azombiemachineisalsooftenknownasa bot. Zombieorbotmachinesareusuallyropedintoa network ofsimilarlyinfecteddevices,known asabotnet.Thiscollectivegroupofcontrolledmachinesisunder thecontroloftheattacker(s), whocanbereferredtoasthe botnetcontroller,operator or botherder.Instructionsfromthe botherdertoazombieinthebotnet- or toallofthem- areusuallysentvia a Commandand Control(CnC)server,whichrelaysthecommands.TheCnCserver couldbea server,a malicious orcompromisedwebsite,orevena hijackedsocialmedia account.Somebotnetsalsousea peer-to-peer(P2P)commandstructure,sothatinstructionsarerelayedbetweeninfected machines,makingitmuchharder totracetheattacker(s).Thecollectiveresourcesofallthe machinesinabotnetareoftenusedfor maliciousactivity,suchaslaunchingdistributeddenial ofservice(DDoS)attacks,sendingoutspam,andsoon.Often,thelegitimateowner or user ofazombiemachinehasnoidea thatthedevicehasbeenhijackedandputtonefarioususe. WORM A program that replicates by sending copies of itself from one infected system to other systems or devices accessible over a network. Though most worms only focus on self-propagating, some also include other malicious actions in their payload - for example, installing other malware, changing system settings, and so on. A worm is usually classified based on the type of network it uses to spread, such as the Internet, email, IRC chat channels, peer-to-peer networks, Bluetooth, SMS, or social media networks. A worm-infected machine can suffer from productivity and network issues if the malware’s propagation takes up too much of the system’s resources. If many machines in a network are simultaneously sending out worm copies, the entire network may be affected, causing significant disruption and inconvenience. WHALING Whaling is basically the same as spear-phishing, i.e. a type of social engineering attack in which fraudulent communications are used to trick the user into giving out sensitive information. The difference is, however, in the target. Whaling refers to specifically highly targeted attacks against the executives and other high profile targets. These targets hold business critical data, and are worth the extra effort of catching the “big phis”. ZERO-DAY Azero-dayvulnerabilityisa vulnerabilitythatisstillunknownto thevendor,andtherefore,unpatched.Attacksthatareperformed beforethevulnerabilityhasa publiclyavailablepatch,or even beforetheyareknowntothevendor arecalledzerodayattacks. Evenafter a patchbecomespubliclyavailable,thereisoftena timegapbeforemostcompaniesor homesuserscaninstallthe patchona vulnerablemachine,whichgivesattackersanadditional opportunitytoperforma successfulattack.Duetothehigh chanceofattackerstargetinga vulnerabilitythathasbeenrecently announced,manysecurityresearcherswillwork quietlywith vendorstocreateandreleasethepatchfor a vulnerabilitybefore publishingthenewstothegeneralpublic. W Z
  13. 13. Copyright © 2014-2015 F-Secure – All rights reserved. Learn more about F-Secure Labs on our website. Business Security Insider by F-Secure Your information source for the latest news and insights into cyber security and IT security for businesses. WEBLOG - LATEST FROM THE LABS Updates on research done by F-Secure Labs, and views on the latest developments in information security and digital technology. GET SOLUTIONS & GET INFORMED Find a solution for a security concern with one of our free tools, or learn more about threats and products in our descriptions and advisories. REMOVAL TOOLS Use these free tools to scan and remove malicious programs. THREAT DESCRIPTIONS Details of threats identified by F-Secure Labs. SECURITY ADVISORIES Details and fixes of all the vulnerabilities affecting F-Secure products. 1 2 3