Common Security Terms
SANS Common Security Terms
Anti-Virus
A security program that can run on a computer or mobile device and protects you by
identifying and stopping the spread of malware on your system. Anti-virus cannot detect
all malware, so even if it is active, your system might still get infected. Anti-virus
can also be used at the organizational level. For example, email servers may have
anti-virus integrated with it to scan incoming or outgoing email. Sometimes anti-virus
tools are called 'anti-malware', because these products are designed to defend against
various types of malicious software.
Drive-by Download
These attacks exploit vulnerabilities in your browser or its plug-ins and helper applications
when you simply surf to an attacker-controlled website. Some computer attackers set
up their own evil websites that are designed to automatically attack and exploit anyone
that visits the website. Other attackers compromise trusted websites such as e-commerce
sites and deploy their exploit software there. Often these attacks occur without the
victims realizing that they are under attack.
Exploit
Code that is designed to take advantage of a vulnerability. An exploit is designed
to give an attacker the ability to execute additional malicious programs on the compromised
system or to provide unauthorized access to affected data or application.
Firewall
A security program that filters inbound and outbound network connections. In some
ways you can think of firewalls as a virtual traffic cop, determining which traffic
can go through the firewall. Almost all computers today come with firewall software
installed. In addition, firewalls can be implemented as network devices to filter
traffic that traverses through them.
Malware - Virus, Worm, Trojan, Spyware
Malware stands for 'malicious software'. It is any type of code or program cyber attackers
use to perform malicious actions. Traditionally there have been different types of
malware based on their capabilities and means of propagation, as we have listed below.
However these technical distinctions are no longer relevant as modern malware combines
the characteristics from each of these in a single program.
Virus: A type of malware that spreads by infecting other files, rather than existing in a standalone manner. Viruses often, though not always, usually spread through human interaction, such as opening an infected file or application.)
Worm: A type of malware that can propagate automatically, typically without requiring any human interaction for it to spread. Worms often spread across networks, though can also infect systems through other means, such as USB keys. An example of a worm is Conficker, which infected millions of computer systems starting in 2008 and is still active today.
Trojan: A shortened form of "Trojan Horse", this type of malware appears to have a legitimate or at least benign use, but masks a hidden sinister function. For example, you may download and install a free screensaver which actually works well as a screensaver. But that software could also be malicious, it will infect your computer once you install it.
Spyware: A type of malware that is designed to spy on the victim's activities, capturing sensitive data such as the person's passwords, online shopping, and screen contents. One popular type of spyware, a keylogger, is optimized for logging the victim's keyboard activity and transmitting the captured information to the remote attacker.
Patch
A patch is an update to a vulnerable program or system. A common practice to keep
your computer and mobile devices secure is installing the latest vendor's patches
in a timely fashion. Some vendors release patches on a monthly or quarterly basis.
Therefore, having a computer that is unpatched for even a few weeks could leave it
vulnerable.
Phishing
Phishing is a social engineering technique where cyber attackers attempt to fool you
into taking an action in response to an email. Phishing was a term originally used
to describe a specific attack scenario. Attackers would send out emails pretending
to be a trusted bank or financial institution, their goal was to fool victims into
clicking on a link in the email. Once clicked, victims were taken to a website that
pretended to be the bank, but was really created and controlled by the attacker. If
the victim attempted to login thinking they were at their bank, their login and password
would then be stolen by the attacker. The term has evolved and often means not just
attacks designed to steal your password, but emails designed to send you to websites
that hack into your browser, or even emails with infected attachments.
Social Engineering
A psychological attack used by cyber attackers to deceive their victims into taking
an action that will place the victim at risk. For example, cyber attackers may trick
you into revealing your password or fool you into installing malicious software on
your computer. They often do this by pretending to be someone you know or trust, such
as a bank, company or even a friend.
Spam
Unwanted or unsolicited emails, typically sent to numerous recipients with the hope
of enticing people to read the embedded advertisements, click on a link or open an
attachment. Spam is often used to convince recipients to purchase illegal or questionable
products and services, such as pharmaceuticals from fake companies. Spam is also often
used to distribute malware to potential victims.
Spear Phishing
Spear phishing describes a type of phishing attack that targets specific victims.
But instead of sending out an email to millions of email addresses, cyber attackers
send out a very small number of crafted emails to very specific individuals, usually
all at the same organization. Because of the targeted nature of this attack, spear
phishing attacks are often harder to detect and usually more effective at fooling
the victims.
Vulnerability
This is any weakness that attackers or their malicious programs may be able to exploit.
For example it can be a bug in a computer program or a misconfigured webserver. An
attacker or malware may be able to take advantage of the vulnerability to gain unauthorized
access to the affected system. However, vulnerabilities can also be a weakness in
people or organizational processes.
Source: http://securingthehuman.sans.org/resources/security-terms