When we learn cybersecurity, there are many terms that can be really confusing. Even though I have been working in cybersecurity for the past two years, I still sometimes get confused. To bring clarity for upcoming blogs, today, let’s dive into understanding key cybersecurity terminology.

1. Authentication and Authorization

Authentication is the process of verifying your identity using methods such as passwords, biometrics, or security keys. For example, logging in with a username and password or unlocking your phone with a thumbprint are forms of authentication.

Authorization determines the privileges you have. In simple terms, it defines what permissions or resource access you have. For example, you might have read or write permissions for an article.

2. Malware

Malware refers to malicious software designed to damage or exploit your systems. The main types of malware include:

  • Virus: Virus attaches itself to a legitimate program or file and spreads from one system to another. When the infected file or program is opened, the virus executes and performs its intended actions, which might include data corruption, file deletion, or even system crashes. Viruses typically require human intervention to spread, such as downloading an infected attachment, running a malicious program, or sharing infected files. Examples: ILOVEYOU, Melissa, CryptoLocker. 
  •   Worm: It is a Self-replicating malware that spreads across networks without user intervention. Worms can overload systems, causing denial of service and severe network slowdowns.
  • Trojan Horse (Trojan): A Trojan disguises itself as original software to trick users into downloading or executing it., Trojans create backdoors for unauthorized access, allowing attackers to steal data, install additional malware, or take control of the system.
  • Ransomware: Encrypt files on a user’s system and demands a ransom for decryption. Ransomware attacks can cost affected organizations millions of dollars.
  • Spyware: It secretly monitors user activities, collecting sensitive information such as passwords, credit card numbers, and browsing habits. Often used for data theft and identity fraud.
  • Rootkit: It is designed to gain unauthorized access to a computer or network while remaining hidden from detection. Rootkits can be used to maintain privileged access to a system, allowing attackers to execute commands, manipulate files, and control the system without the user’s knowledge.

3. Phishing

Phishing is a type of cyber attack in which attackers attempt to deceive individuals into revealing sensitive information, such as usernames, passwords, credit card numbers, and other personal data. Phishing attacks typically occur through deceptive emails, messages, or websites that appear legitimate.

4. Zero-Day Vulnerability

A zero-day vulnerability refers to a security flaw in software or hardware that is unknown to the vendor and, therefore, has not yet been patched or fixed. Attackers can use zero-day vulnerabilities to deliver malware to a system, allowing them to gain unauthorized access or control.

5. Encryption and Hashing

Encryption is the process of converting plaintext (readable data) into ciphertext (encoded data) to protect the information from unauthorized access. It ensures that even if data is intercepted, it cannot be read without the appropriate decryption key.

Hashing is the process of transforming data of any size into a fixed-size string of characters, typically represented as a hexadecimal number. It is a one-way process, meaning the original data cannot be retrieved from the hashed value. The main goal of hashing is data integrity. It ensures that the data has not been altered or tampered with during transmission or storage.

Terminology of cyber security
Authentication & Authorization
Authentication is the process of verifying your identity, while Authorization determines the privileges you have
Malware
Malware refers to malicious software designed to damage or exploit your system Ex. Virus, Worm, Trojan Ransomware etc
Phishing
Phishing is a type of cyber attack in which attackers attempt to deceive individuals into revealing sensitive information, such as usernames, passwords etc
Zero-Day Vulnerability
A vulnerabilityhas been disclosed but is not yet patched. An exploit that attacks a zero-day vulnerability is called a zero-day exploit.
Encryption
Encryption is the process of converting readable data (plaintext) into encoded data (ciphertext) to protect it from unauthorized access
Hashing
Hashing transforms data of any size into a fixed-size string, typically in hexadecimal format. It is a one-way process, meaning the original data cannot be retrieved from the hash.
Click Here
Previous slide
Next slide

6. Botnet

A botnet is a network of compromised computers, devices, or “bots” that are controlled remotely by a cybercriminal, often without the owners’ knowledge. Botnets are used to perform various malicious activities, including sending spam, stealing data, or launching distributed denial-of-service (DDoS) attacks.

Picture of Raghav Rajput

Raghav Rajput

With a strong academic background, including an MCA and CEH certification, I bring over two years of hands-on experience in cybersecurity. In my role, I focus on Android, iOS, and web penetration testing, consistently applying advanced skills to safeguard digital landscapes. Outside of work, I enjoy the intellectual challenge of chess and find relaxation in listening to music, which balances my passion for cybersecurity with personal growth and creativity.

Ad

Categorized in:

Cyber Security,

Last Update: November 7, 2024

Tagged in:

, , , , ,