Dictionary
common cybersecurity terms and definitions
Cybersecurity :
Using a combination of technologies, tools, and policies, cybersecurity is the practice of protecting systems, networks, and data from digital attacks, theft, or damage.
Hacker :
Originally, hacker was a positive term to describe someone who was skilled in learning how computers work by using them unconventionally and experimenting to do things that they weren’t necessarily made to do. Most people now think of a hacker as someone who uses computers to perform illegal or unethical activities.
Hackers are now classified as either white hat, grey hat, or black hat. White hat hackers are ethical, probing a system for weaknesses with the owner’s permission to help their security. A grey hat hacker breaks into systems without permission but usually without harmful intent, often to point out security weaknesses. A black hat hacker violates computer security for personal gain or to cause harm.
User :
Anyone that accesses a network, computer, or application. Used generically for whoever is using a device or service.
Attacker :
A person or group that attempts to access, steal, or damage a system, network, or data without authorization. Attackers exploit vulnerabilities in systems to achieve malicious goals.
Vulnerability :
A weakness in a system’s hardware, software, or usage that an attacker can exploit to gain unauthorized access, steal data, or cause damage.
Exploit :
Any technique (piece of code, set of commands, online tool, etc.) used to take advantage of a vulnerability in a computer system, application, or network to perform illicit actions.
Authentication :
The process of verifying a user’s identity to prevent unauthorized access to systems and sensitive data. This can be done with username and password, physical token, or biometrics (like a fingerprint), which the system then checks against the stored information to make sure it’s you.
Social Engineering :
The psychological manipulation of people to trick them into divulging sensitive information or performing actions that compromise security.
Multi-Factor Authentication (MFA) :
A more secure version of authentication which requires at least two “factors” from the user to prove their identity. Authentication factors include password, fingerprint, eye scan, PIN, physical card, security token, and more.
Phishing :
An email or web announcement that falsely claims to be from a legitimate source in an attempt to trick the user into surrendering private information or taking action.
Malware :
Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
Hardware Security Key :
A small physical device used for MFA that acts as a second layer of security. During login you’ll enter your username and password, then either plug the security key into a USB port or tap it if it has that funcitonality.
Virus :
A form of malware that can replicate itself by inserting its code into other programs.
Virtual Private Network (VPN) :
A tool that creates a secure, private connection between your device and whatever it’s communicating with over the public internet. A VPN encrypts all web traffic, which means nobody can see your IP address, the websites you visit, or any of the data you’re sending/requesting.
Password Cracking :
An umbrella term for any form of guessing or retrieving passwords to gain unauthorized access to a computer system or digital information.
Brute-Force Attack :
A trial and error method used to guess passwords or other credentials by trying all possible combinations until the correct one is found. These attacks are often aided by automated tools.
Credentials :
The information, like usernames, passwords, or keys, used to verify a person’s identity when accessing a system.
Dictionary Attack :
A password cracking technique that uses a list of common words and their variations (like those in a dictionary or leaked password lists) to guess a user’s crednetials.
Remote Access :
The ability to connect and use a computer or network from a different physical location. This can be a handy feature for remote work, but it’s also a security risk if the wrong person is able to use it against you.
Credential Stuffing :
A cyberattack where attackers use stolen username and password combinations from a data breach on one site to gain unauthorized access to other, unrelated websites. People who reuse the same passwords across multiple sites are vulnerable to this.
Remote Access Trojan (RAT) :
A type of malware that secretly lets an attacker control someone’s computer remotely. They can potentially spy, steal data, or manipulate the device without the user knowing. This can get onto a computer by downloading or opening a malicious file, link, or software disguised as something safe.
Worm :
A type of malware that can replicate itself and spread across computers or networks without the user needing to trigger it by opening a file. It often exploits security weaknesses to infect devices.
Payload :
The part of malware that performs harmful action, such as stealing data, deleting files, or encrypting a system. It’s delivered to a target after the malware successfully infects the device.
Software :
Any programs and applications that run on computers/devices. This includes operating systems, files, browsers, apps, and much more. Software is written in various computer languages that are interpreted by the computer , translating instructions into actions that the hardware can perform.
Firmware :
Software that is permanently programmed into a device’s hardware to control its basic functions. It acts as a bridge between a computer’s hardware and other software applications.
Encryption :
The process of converting data into unreadable code to prevent anyone/anything from seeing the data who shouldn’t be. Only someone with the correct encryption key can decode and read the original information, usually done automatically by the computer or program.
Software Patch :
An update that fixes bugs, security vulnerabilities, or other issues in the software of a program. Patches are created and issued by the owner of the software, and it’s up to the user to install them. You can opt to install patches automatically.
Plaintext :
Data or information that is in its original, human-readable form. It hasn’t been encrypted, so anyone who accesses it can easily understand it.
Software Suite :
A collection of programs frequently sold as a single product that share a similar user interface and may have related functionality.
Hashing :
An algorithm that turns the original data into a fixed-size string of characters (called a hash). It’s a one way process, the hash can never be converted back into the original data. Hashing is used to protect passwords, verify data integrity, and confirm that data comes from a legitimate source.
Dark web :
A hidden part of the internet that isn’t indexed by search engines and requires special software (like Tor) to access. It’s often used for anonymity and can host both legal and illegal activities.
Reconnaissance :
The process of gathering information about a target system, network, or organization to identify vulnerabilities. This is often the first step in a cyberattack.
Salt :
A random string of data added to a password before it is hashed to make each hash unique. This prevents attackers from using precomputed tables or guessing common passwords to crack multiple passwords at once.
Open-Source Intelligence (OSINT):
Information collected from publicly available sources, like websites, social media, news, and public records. It’s used in cybersecurity to analyze targets, assess risks, and support investigations.
Attack Vector :
The method an attacker uses to gain unauthorized access to a system. Some common attack vectors are phishing, malicious websites, infected USB drives, and unsecured Wi-Fi networks.
Data Dump :
A large release or leak of sensitive information, such as passwords or files, often obtained illegally.
Proxy :
An intermediary server that routes internet traffic between a user’s device and the internet. These can be used to hide the user’s IP address and improve privacy.
Escalation :
The process of an attacker extending their reach into the computer or network that they have already compromised. Escalation helps the intruder explore to find what they’re looking for.
Persistence :
The ability of malware or an attacker to maintain unauthorized access to the target even after reboots and updates. They do it by installing backdoors or making system changes to let them regain access at any time.
Data Backups :
Copies of important files and information stored separately from the original system. The purpose is to have a duplicate of what to want to keep safe in case it’s lost on the home device for whatever reason.
Backdoor :
A hidden method that allows an attacker to bypass normal authentication and gain access to a system. Backdoors are installed secretly through malware or exploits.
Log Files :
Records of activity done on computers and networks. They’re used to monitor systems, detect suspicious behavior, and investigate security incidents. Logging can be heavily configured, choosing what to log, when to log it, where it’s stored on the computer, and so on. Logs can notify the administrator depending on the set level of the alert.
Spoofed Domain :
A fake website address designed to look like a real domain to trick users. Attackers use it to steal information and spread malware once a user visits the site.
Cookies :
Small pieces of data stored on a user’s device by a website to remember information like login details, preferences, and browsing activity. They can help sites give a more personalized experience, but also pose a question of privacy.
Ransomware :
Malicious software that locks files on the target computer (usually by encrypting them) and demands payment from the user to unlock them. It’s advised never to pay a ransom and to protect yourself by keeping a backup to recover the lost data. There’s no guarantee the files will be unlocked after paying.
Computer Code :
A set of instructions written in programming language that tells a computer how to perform specific tasks or actions. There are many programming languages for various uses, all of which are human-readable and translated by the computer when run.
Spyware :
Software that secretly monitors a user’s activities on a device. Spyware can be used to take screenshots, record keystrokes, use the webcam and microphone, and view web traffic without the user knowing.
Operating System (OS) :
Software that manages a computer’s hardware and software resources, providing a platform for other software to run on. It handles tasks like memory management, file operations, and startup.
Trojans :
A class of malware that is disguised as something legitimate to trick people into installing it, giving attackers a way in.
Cryptocurrency :
A digital form of money that uses cryptography for security and allows online payments to be sent directly between users without the need for a central authority like a bank. Transactions are harder to track and offer anonymity.
Rainbow Table :
A massive table of passwords and their corresponding hashes used to crack passwords. If an attacker obtains a database of hashed passwords, they can quickly find the plaintext password using a rainbow table.
Keylogger :
A type of spyware that records every key that a user presses on the device. This information can then been seen by whoever controls that keylogger.
Rootkit :
A type of malware designed to hide its presence and give an attacker unauthorized, persistent access to a computer or network. It often operates deeply within the system, making it hard to detect and remove.
Adware :
Software that automatically displays or downloads advertisements on a user’s device, often without consent. While sometimes harmless, it can slow down systems and compromise privacy.
Botnet :
A network of infected computers (potentially millions) controlled remotely by an attacker, often without the user’s knowledge. Commonly used to launch cyberattacks where the entire botnet is coordinated against a single target.
Commands :
Instructions given to a computer to perform specific tasks like opening files, running programs, or managing system settings. You can use these commands through a command line, where you type text-based instructions in a terminal. On a graphical user interface (GUI) which is what most people use, when you click buttons or icons on the screen, the same commands that you’d use in a terminal are run.
Evil Twin Attack :
A cyberattack in which an attacker sets up a fake Wi-Fi network that looks identical to a real one to trick users into connecting. Once connected, the attacker can intercept data, steal credentials, or monitor the victim’s activity.
Man-in-the-Middle Attack :
A cyberattack where the attacker intercepts and possibly alters communication between two parties without their knowledge.
Plugins :
Additional software components that add features or functionality to an existing program. Some plugins can be useful, like adblockers, but poorly designed plugins can create vulnerabilities.
Linux :
Linux is an open-source operating system, meaning its code is made available for anyone to use and modify to their liking. It’s known for its stability, flexibility, and security. There are a vast amount of forms of Linux created for different purposes, called distributions.
Firewall :
A security device, hardware or software-based, that is placed between your local network and the wider internet. It monitors network traffic going into and out of the network, blocking traffic deemed unnecessary or dangerous through rules setup by the admin who configured the firewall.
Corporate Espionage :
The use of digital tools and techniques (hacking, phishing, malware, etc.) to steal sensitive data from a company.
Implicit Deny :
A security principle in firewall rules where any network traffic that is not explicitly allowed is automatically blocked. A common application of implicit deny is to create firewall rules allowing your regular network traffic (like email and web browsing) and deny everything else.
Attack Surface :
The total set of areas in a system, network, or application where an attacker could try to gain unauthorized access. A larger attack surface increases the potential risk of cyberattacks.
Injection Attack :
A cyberattack where the attacker inserts malicious code or commands into a vulnerable website or program to gain unauthorized access. On a vulnerable website, the attacker would do something like enter code into the login box instead of a username, and that code would execute within the site.
IP Address :
Short for internet protocol, the IP address is a unique numerical identifier assigned to each device on a network. It allows communication to be addressed to the correct individual computer(s) over the local network and internet.
SIM Swapping :
A type of fraud where an attacker tricks a mobile carrier into transferring a victim’s phone number to a new SIM card. This allows the attacker to intercept phone calls, messages, and authentication codes to access accounts.
Internet of Things (IoT) :
In a broad sense, this describes anything connected to the internet. The term is often used in reference to smart devices like lights, fridges, TVs, and everything else that has recently been given network functionality.
Data Packets :
Small chunks of data that store the information being sent in the body of the packet and source/destination info in the header. This is how information is transported online. They allow large amounts of data to be broken down into manageable pieces which are reassembled when they get to the destination.
DNS Spoofing :
An attack where DNS records are altered to redirect users from a legitimate website to a malicious one. DNS (short for domain name system) is the method used to translate human-readable web addresses (like www.example.com) into IP addresses that computers use to identify and communicate with each other over the internet.
Server :
A computer that provides resources and services to other computers that request it. For example, web servers are used to hold website data, so when you click the link on your browser, a request is sent to the server that holds the information and it is provided back to your computer.
Intrusion Detection / Intrusion Prevention System (IDS/IPS) :
A security tool that monitors network or system activity for suspicious behavior and alerts administrators when a potential threat is found. IPS goes a step further by actively blocking malicious activity in real time to prevent an attack from succeeding. The drawback of IPS is that legitimate activity may sometimes be blocked (a false positive), interfering with regular work.
HTTP / HTTPS :
Hypertext Transfer Protocol is used for transferring data between a web server and a browser, but it isn’t encrypted, leaving traffic very vulnerable. HTTPS, where the S stands for secure, is now the standard and much more secure because it uses encryption as well as other security features. You should avoid visiting websites that don’t use HTTPS.
Switch :
A networking device that connects multiple devices within the same network and directs data only to the specific device it’s intended for. Switches are wired devices, meaning they use physical Ethernet cables to connect computers and other equipment within a network.
Modem :
Short for modulator-demodulator, a modem converts digital data from a computer into signals that can travel over telephone, cable, or fiber lines, and then converts incoming signals back into digital data. It serves as the gateway that connects your home or business to your internet service provider.
Router :
A networking device that directs data packets between different networks, ensuring they reach the correct destination. It connects devices to the internet and manages traffic to keep communication efficient and secure.
Ethernet Cable :
A physical cable used to connect devices in a wired network, allowing them to send and receive data. Ethernet cables transport data as electrical pulses between devices and are faster and more reliable than wireless alternatives. The conductor inside most of these cables is copper.
Fiber Optic Cable :
A high-speed data transmission cable that uses thin strands of glass or plastic fiber to carry light signals over long distances. It enables faster, more reliable communication than traditional metal cables because light travels with minimal signal loss and interference.
Local Area Network (LAN) :
A network that connects computers and other devices within a limited geographic area (home, office, building, etc.)
A network setup that logically groups devices into separate networks, even if they’re connected to the same physical switch. It functions as a subnetwork that administrators can use to segment a single physical network into multiple isolated areas.
Virtual Local Area Network (VLAN) :
Wireless Local Area Network (WLAN) :
A type of LAN that connects devices within a limited area using wireless technology, such as Wi-Fi, instead of cables. It allows devices to communicate and access network resources without physical connections.
Wireless Access Point (WAP) :
A device that allows wireless devices to connect to a wired network using Wi-Fi. It extends network coverage and lets devices like laptops, phones, and tablets to access the internet without plugging in directly.
Bandwidth :
The maximum amount of data that can be transmitted over a network in a given amount of time, usually measured in bits per second. Higher bandwidth allows more data to flow, improving speed and performance.
The Cloud :
A network of remote servers accessed over the internet that store, manage, and process data instead of using a local computer. It allows users to access their resources, applications, and storage from anywhere.
Wi-Fi :
Short for wireless fidelity, it’s a networking technology that allows devices to connect to the internet or local network without cables. It uses radio waves to transmit data between devices and a wireless access point.
Password Manager :
A software tool that securely stores, generates, and organizes your passwords in an encrypted vault. It helps you use strong, unique passwords for every account while only needing to remember one master password.
Passphrase :
A string of words that is typically longer and more secure than a traditional password. It’s designed to be easier to remember while providing strong protection against attacks.
Data :
Refers to any digital information stored, processed, or transmitted by a computer. Protecting this data is a primary focus of cybersecurity.
Web Traffic :
The flow of data between users’ devices and websites or web applications over the internet. It includes all requests, responses, and interactions that occur when people browse, download, or use online services.
Defense in Depth :
A strategy that uses multiple layers of security measures to protect systems and data. If one layer fails, the others continue to provide protection, reducing the risk of a successful attack.
Security Certificate :
A digital document used to verify the identity of a website, server, or device. It’s issued by a trusted Certificate Authority (CA) and helps ensure data is exchanged securely.
