CIS 375 Cyber Sceurity Cyber Security Basics Terms

CIS 375 Cyber. Sceurity

Cyber Security Basics Terms � Blackhat - is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain". [ Whitehat - hacker who hacks protectively by drawing attention to vulnerabilities in computer systems that require repair. Script Kiddie – A non-elite hacker that uses preprogrammed/configured tools to hack but possesses little detailed knowledge of computer security systems. Virus - is a specific type of malware by itself. It is a contagious piece of code that infects the other software on the host system and spreads itself once it is run. It is mostly known to spread when software is shared between computers (like a parasite). Malware - is software written specifically to harm and infect the host system. Malware includes viruses along with other types of software such as trojan horses, worms, spyware, and adware.

Cyber Security Basics � Terms (continued) Air Gap - a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. Backdoor - any method that acts as a way to access a computer system without going through normal authentication. Bot - compromised computer which is part of a botnet. An individual bot may be used for specific purposes in the botnet, but more than likely will just be an additional muscle in the swarm of a distributed denial of service attack or other illicit activity

Cyber Security Basics �Terms (continued) Algorithm - an unambiguous specification of how to solve a class of problems. Algorithms can perform calculation, dataprocessing and automat ed reasoning tasks. (MD 5) Encryption - the process of encoding a message or information in such a way that only authorized parties can access it. (AES https: //en. wikipedia. org/wiki/Advanced_Encryptio n_Standard)

Cyber Security Basics � Terms (continued) Firewalls – a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. Network Segmentation - the act or profession of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security. (https: //en. wikipedia. org/wiki/Network_segmentation)

Cyber Security Basics �Terms (continued) Phishing - a method of social engineering which relies on deception to fool unsuspecting users into giving account information, financial information, and other information which is useful to the attacker. Root Kit - a software suite, most often malicious in nature, which is designed to allow an unauthorized user to have root privileges on a system. Zero-Day - refers to the length of time that a patch has been available, or zero days, in the case of the zero day exploit (usually pretty major security holes). Additional Hacking Terms: https: //hacked. com/wiki/List_of_Hacking_Terms

Cyber Security best practices � Segment Network and use Firewalls (managed network/dc) � Educate users, Establish policies & procedures � Change passwords often & Backup! � Use VPN � Update software and anit-virus/malware. � Encrypt Sensitive information (at all times) � Scan for exploits/weaknesses and keep up with news (https: //googleprojectzero. blogspot. com/) � Additional Information and recommendations: https: //www. observeit. com/blog/10 -best-practices-cyber- security-2017/ https: //www. computerworld. com/article/2547589/networking/1 0 -tips-to-secure-your-small-business-network. html

HB Gary Hack � � � Detailed breakdown of the HB Gary hack: https: //www. youtube. com/watch? v=Va. JSSVQUfaw SQL – Injection Rainbowtable/ Strong Passwords Social Engineering (Pride/Bragging)

Additional Hacking cases/examples �Target (Documentary) https: //krebsonsecurity. com/2014/02/targethackers-broke-in-via-hvac-company/ �Iran/Stuxnet (Documentary) https: //www. wired. com/2014/11/countdownto-zero-day-stuxnet/ �Equifax https: //www. theverge. com/2017/9/22/163455 80/equifax-data-breach-credit-identity-theftupdates

Additional Information � 7 Most Notorious hackers: https: //www. youtube. com/watch? v=Dx 0 HT 1 z 7 q. JE � Corporate espionage – Dell Bad Motherboards: https: //www. cnet. com/news/pcs-plagued-by-bad-capacitors/ � Origins of Hacking/History – WW 2 Code Breakers: https: //en. wikipedia. org/wiki/Bletchley_Park http: //www. bbc. co. uk/history/code_breaking/ https: //www. youtube. com/watch? v=BAA 7 nk. Gco. Iw � Snowden https: //www. youtube. com/watch? v=n. X 8 g. NBFYe. X 8 https: //www. youtube. com/watch? v=_Wq. Xr. QRNxp. M