TJ1 Glossary - Shadowsarespooky/TechJournal GitHub Wiki

Cybersecurity Basics

Glossary

  • Domain - Domain is the location of a website, www.google.com has an IP address of 216.58.216.164. The domain name being google.com.
  • NIST - National Institute of Standards and Technology, manages and sets standards and guidelines for security in cyber security, and understanding and framing the potential risks, and how to protect networks.
  • DDoS - Denial of service attack, a method used to disable a network or online servers for regular users trying to connect to a host.
  • Trojans - When software is presented with a misleading purpose, and is actually hiding malware that the user downloaded.
  • FTC Stats - A statistics report for cybersecurity, detailing attacks and techniques happening in the field.
  • SQL Injection - When an attacker gets access to the database, and uses malicious SQL code to get access for data that is not meant to be displayed.

Keywords

  • FW Firewall controls the traffic going in and out a computer online
    • Blocks access to websites that are malicious
    • Controls what websites users may access in a workplace
  • AV Antivirus software vs Antivirus suite
  • DID Defense system In Depth
    • Different levels of regulations of defense/access
    • Out on the web is not regulated
    • Personal documents on your computer and can only be accessed by you

Types of Attackers

  • Cybercriminals - Generic name for people who attack different kinds of users, individuals and groups, personal computers and servers
  • Script kiddies - Attackers who do not have the knowledge to perform their own attack
  • Brokers - Attackers that sell knowledge of vulnerabilities to other attacks or governments
  • Insiders - A group's own employees, users, contractors, partners
  • Cyberterrorists - Attacks are performed because of ideology. However attacks are used to cause panic
  • Hacktivists - Politically motivated attacks
  • State-sponsored - Attacks by the government on own citizens or foreign governments

Comprehensive Security Strategy

Four Key Elements:

  • Block Attacks
  • Update Defenses
  • Minimize Losses
  • Stay Alert

Cybersecurity is Complex

Good Programming Practices

  • Document the progress of the work
  • Make note of the exceptions and errors encountered - GIGO - will remove previous data
  • SQL injection - Purposeful entering data to get data from the database

Malware Online

  • Ransomware - Attackers seal files and ask for money
  • Cryptocurrency Mining - See above but with crypto