Cyber Security

Encryption is the process of converting data (called “plaintext) into a code (called “ciphertext”) to prevent unauthorized access.

Data encryption is a form of data security in which data is encoded and can be accessed or decrypted only by a user who has the correct encryption key. Encrypted data, also called ciphertext, appears scrambled or unreadable to an unauthorized person or entity.

  •  Symmetric encryption needs only one (the same) key for encryption and decryption. It is preferable to transfer huge amounts of data because it is quicker.
  •   Asymmetric encryption needs a public and a private (different) key for data encryption and decryption. It is used to transfer small data and is slower compared to symmetric encryption.
Following are some examples of symmetric encryption algorithm.
  1.  RCx
  2.  Blowfish
  3.  Rijndael (AES)
  4.  DES
 A firewall is a security system that prevents hackers, viruses and malware from intruding into a network. It is typically the first line of defense against a cyber attack.
It is a security system designed for the network. A firewall is set on the boundaries of any system or network which
monitors and controls network traxic. Firewalls are mostly used to protect the system or network from malware,
worms, and viruses. Firewalls can also prevent content filtering and remote access.
 A firewall is a software program or hardware device that analyses incoming and outgoing network traffic and, using predefined rules, builds a barrier to prevent viruses and attackers from entering. It uses filters to stop any incoming data that it recognizes as suspicious. It also flags suspicious traffic leaving a network, alerting IT Professionals to the possibility of a hack.
A gateway joins two networks so that devices on them can communicate with each other. Gateways allow you to access the internet.
 HTTPS means Hypertext Transfer Protocol Secure. It is used for secure communication over a computer network and is widely used on the internet. The communication protocol is encrypted using Transport Layer Security.
This is the spoofing or forgery of IP addresses and it is a technique used by hackers to impersonate a trusted source.
Jamming is the deliberate blocking or interference with authorized wireless communications, including cellphone signals.
A keylogger is a program that records (logs) keys struck on a keyboard. Some antivirus offeres protection against keylogger.
A keylogger is a computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information.
A logic bomb is a piece of code that triggers a malicious program. They can execute viruses and worms at a certain specified date.
It is a piece of malicious code intentionally inserted into a software that will set off a malicious function when specified conditions are met e.g. a programmer may hide a piece of code that starts deleting files, should they ever be terminated from the company.

Malware is the short form of malicious software and it is any software that is intended to disrupt computer operations, damage, gather sensitive information or gain access to (files on) a computer systems with a malicious intent.

A Malware is any software that is intentionally designed to cause disruption to a computer server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive users access to information or which unknowingly interferes with the user’s computer security and privacy

A network is a connection of two or more computers or devices that share resources.
 Outsider threats are threats that come from outside the organizations or outside the network. They could be nation sponsored attackers, hacktivists or other forms of cyber criminals.
This is the process of storing files containing malware in isolation for future disinfection or examination.

Social Engineering is the practice of manipulating or deceiving individuals into divulging personal or confidential information which may be used for fraudulent purposes. Phishing and other scams are types of social engineering.

It is the psychological manipulation of people into performing actions or divulging confidential information.

 There are mainly three types of social engineering attacks:
 1) Human-based attack: They may pretend like a genuine user who requests higher authority to reveal private and confidential information of the organization.

2) Computer-based attack: In this attack, attackers send fake emails to harm the computer. They ask people to forward such email.

3) Mobile-based attack: Attacker may send SMS to others and collect important information. If any user downloads a malicious app, then it can be misused to access authentication information.

 This is a type of malware that is disguised as something else, such as useful software.
 It is any malware that misleads it’s users of its true intent.
URL means “Uniform Resource Locator.”
The URL, aka web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it.
 Vishing is Voice Phishing.
 Vishing is the telephone equivalent of phishing. It is the fraudulent practice where scammers call or leave voice messages for their victims in attempts to make them release private information used for identity theft.
 Worms are malicious programs that can run independently and are designed to infect other computers while remaining active on infected machines.
 Worms are malwares whose primary function is to self-replicate and infect other computers while remaining active on the infected machines.
 XML is Extensible Markup Language
XML is an application programming interface or markup language and file format that is used for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules that is used for encoding documents in a format that is both human-readable and machine-readable.
 XML Encryption is a type of encrypion that is used with Web Security Service (WSS) that helps protect you from cross-site scripting attacks.
 XML Encryption is the process of encrypting and decrypting digital XML content using certain syntax and algorithms.
 XML Encryption is a specification that defines how to encrypt the contents of an extensible markup language element which is used in website development.
 A Yottabyte is the single largest recognized value used with data storage. One yottabyte is equal to one septillion bytes or 1E+24 Bytes.
 A Yottabyte us a unit of information that us equal to one septillion (10^24) bytes.
 A Zombie Machine is a computer that is connected to the internet and is compromised by a hacker via a computer virus, worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hacker.
 A packet is a small segment of a larger message. Data sent over computer networks such as the internet are divided into packets. These packets are then recombined by the computer or device that receives them.

  A VPN is a virtual Private Network. It is an encrypted link between a device and a network via the internet. The encrypted connection helps secure the safe transmission of critical data. It protects against illegal eavesdropping on traffic and enables users to work remotely.

 A VPN is an arrangement whereby a secure, apparently private network is achieved using encryption over a public network, typically the internet.

 MFA means Multi-Factor Authentication. It is a type of authentication that requires the user to give two or more verification factors in order to get access to a resource, such as an application, an online account, or a VPN. 
 A computer Agent is a program that collects information or performs tasks or various actions continuously and autonomously (in the background) on behalf of an individual or organization. E.g. a software agent may archive various computer files or retrieve electronic messages on a regular schedule.
 A target server is the name for a backend URL (Note that you can have different unique URL for each environment) that can be referenced when deploying API (Application Programming Interfaces) in multiple environments.

 TCP means Transmission Control Protocol and it is a standard that defines how to establish and maintain a network conversation by which applications can exchange data. TCP works with Internet Protocol (IP) which defines how computers send packets of data to each other.

TCP is a connection-oriented communications protocol that enables the transmission of messages between computing devices connected to a network. It is the most often used protocol in networks that employ the Internet Protocol (IP). The two are ocassionally referred to as TCP/IP.

 It is a process used in a network to make a connection between a local host and server. This method requires the client and server to negotiate synchronization (SYN) and acknowledgment (ACK) packets before starting communication.

  1.  Client sends a segment with a SYN to inform the Server about the client. With that should be the sequence number. The Client initiates connection with the Server and this starts the communication.
  2. Server responds to the Client’s request with SYN-ACK singal set. ACK helps to signify the response of segment that is received and SYN signifies what sequence number it should be able to start with the segments.
  3. Client acknowledges (ACK) the response of the Server and they both create a stable connection to begin the actual data transfer process.
 Internet Protocol (IP) is a data transmission protocol for computers connected to a network (most notably the internet), that specifies the format of addresses and data units transferred.
Internet Protocol (IP) is the set of rules governing the format of data sent via the internet or local network. It provides the standard set of rules for sending and receiving data over the internet. IP Addresses are the identifiers that allow information to be sent between devices on a network. They contain location information and make devices accessible for communication.
Simple Mail Transfer Protocol (SMTP) is a network protocol that is used to send and receive emails. It is a collection of rules and regulations that govern the exchange of data within a computer network.
Simple Mail Transfer Protocol (SMTP) is an internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages.
 An Intrusion Detection System (IDS) is a device or software application that monitors a network for malicious activitiy or policy violations, enabling analysts at security operations centers (SOCs) or incident responders to investigate and respond to the potential issue.
The difference between an IDS and a firewall is that an IDS does not safeguard the endpoint or network in any way while a firewall seeks to do that.
 Intrusion Detection Systems (IDS) monitors a network for malicious activities and policy violations so that analysts or incident responders can investigate or respond to potential issues but it does not not safeguard an endpoint or network. The Firewall analyses incoming and outgoing network traffic and builds a barrier to prevent viruses and attackers that it identifies from entering the network or device.
 Intrusion Protection System (IPS) is a network security that monitors for and prevents the occurrence of specified threats. Intrusion prevention systems continuously monitors your network, seeking for and logging possible hostile incidents.
The IPS notifies system administrators of these events and takes precautionary actions such as shutting down access points and installing firewalls to ward off further attacks.
 A Security Information and Event Management (SIEM) software enables next generation detection, analytics, and response for enterprises. SIEM software combines Security Information Management (SIM) and Security Event Management (SEM) to analyze security alarms generated by applications and network devices in real time.
SIEM software compares events to rules and analytics engines and indexes them for sub-second search, allowing sophisticated threats to be detected and analyzed utilizing globally gathered intelligence. By offering data analysis, event correlation, aggregation, reporting and log management, security teams gain insight into and a record of activities within their IT environment.

 Vulnerability management is the process of identifying, evaluating, treating, and reporting security vulnerabilities in systems and software that run on them.

 Vulnerability management is the ongoing, regular process of identifying, assessing, reporting on, managing, and remediating cyber vulnerabilities across endpoints, workloads, and systems.

Vulnerability management is the cyclical practice of identifying, classifying, prioritizing, remediating and mitigating software vulnerabilities.

 Security Vulnerabilities are technological weaknesses that allow attackers to compromise a product or network and the information it holds.
 According to the International Organization for Standardization (ISO 27002), Security Vulnerability is a weakness of an asset or group of assets that can be exploited by one or more threats.
 Network Segmentation is an architectural technique that separates a network into many segments or subnets, each of which functions as a separate small network. This enables the network managers to manage traffic flow between subnets using granular policies. Segmentation enables organizations to improve monitoring, increase performance, pintoint technical faults, and increase security.
 The principle of least privilege dictates that no user should have access to system resources beyond what is required to perform a specific task. This means enforcing the bare minimum level of user rights, or lowest clearance level necessary for the user to perform his or her role.