Cyber Security Terms
Packets – Data being sent through a network (or the Internet) doesn’t get sent as one ‘lump’. The information is broken into ‘packets’ and all the packets are sent separately and then disassembled and reassembled at routers.
IP Address – Systems on the internet need to know where a request originated and where the response is going to. Just like a mailed package has a send and return address, packets need to know where they have been sent to and where the information is to be returned to. Every computer or device connecting to the internet requires its own unique IP address.
Router – A router looks for information in the packets and determines where the data should be routed. If you attempt to share information between two computers in your house, the router decides it does not need to pass that data through the internet and
instead routes the data through the house to the other computer.
Network Address Translation (NAT) – When you set up a router, it gets assigned a unique IP address. Each computer in your house then gets another individual IP address. When a request is sent to the internet, the router uses NAT to convert the from IP address to the one assigned to you by the ISP and makes a note of which of your three computers requested information from that internet address. Then when the response is received, the router knows which of your three computers should get the data back.
Trojan – A seemingly harmless program such as a free game or tool that hides or installs and then launches malware. A Trojan is often propagated in the form of an email attachment.
Backdoor – A program or feature that allows full access to a computer or device and/or opens network connections through your router to the internet.
Virus – A small program that can erase or corrupt files, erase your hard disk or simply replicate itself. A variant is the email virus which replicates itself by emailing copies of itself as an attachment to contacts found in your email application. The recipient then assumes that the attachment came from you and opens it, thus repeating the cycle.
Worm – A program that quickly spreads through a computer network. An example is the SQL Slammer worm. The worm infected over 75,000 hosts — 90 percent of those hosts within 10 minutes. It and caused major network outages, canceled airline flights, interfered with
elections and ATM failures before it was brought under control.
Malware – malicious software downloaded to a target computer that can do anything from steal data to encrypt files and demand ransom
Phishing – Emails that are crafted to fool victims into giving up passwords or taking some other harmful action
Denial of Service (DOS) – Attacks, which overwhelm a web server with bogus traffic.
DDoS attack – A persistent, distributed denial of service event against the same target (e.g., IP address or domain). A single attack is preceded by a quiet (attack free) period of at least a sixty minutes, and followed by another quiet period of the same duration or longer.
Man in the middle – An attack which fools the target computer into joining a compromised network
Attacks – Attacks can be categorized in two types:
1. Outside In Attacks/ Network Hacking
Network hacking is the easiest way for a hacker to gain access to information on a computer. Using simple software tools readily available from the internet, a hacker can attempt to break in to your network from virtually anywhere in the world.
2. Inside Out – where the attacker is able to access the data on your computer with the help of a program running on your computer. With very few exceptions, these programs cannot be activated without human interaction; you must choose to run the infected program before it can cause damage. The problems they cause can range from annoying to catastrophic. The most benign will simple make copies of itself and continue spreading, while the most dangerous can randomly email confidential information, destroy all the data on your disk drive or even allow complete access to your computer through the internet.
An antivirus program looks at each file and compares the data inside the file to a list of patterns that are common in the viruses. Once this pattern is detected, the antivirus program will delete, repair or isolate the file to render it harmless. Since new viruses are constantly appearing, antivirus programs download a list of new virus patterns daily.
Botnet – A cluster of compromised, malware-infected devices remotely controlled by an offender. Device owners are unaware of their system participation.
DDoS bot – A malicious software application (script) used by a perpetrator. They typically masquerade as browsers (human visitors) or legitimate bots (e.g., search engine crawlers) to bypass security solutions
Payload – In the context of this study, a payload is a packet type used in a network layer assault. It’s fabricated by an attack script and can often be altered on the fly. In many cases, multiple payload types are used simultaneously during the course of a single event.