Asset
Any item that has value.
Botnet
A bunch of internet-connected computers under the control of a remote hacker.
Identity theft
When private data is used to impersonate an individual.
Organization's Assets
Customer Data
IT assets and network infrastructure
Intellectual property
Finances and financial data
Service accountability and productivity
Reputation
Armored virus
Virus with hardened code that makes it difficult to reverse-engineer and build an antivirus from the malware.
Ransomware
A new form of malware linked to a time clock, forcing the victim to pay a ransom to prevent their data from being deleted.
Cryptolocker
A specific form of ransomware that encrypts local files or data until the victim pays a ransom to obtain the decryption keys.
Polymorphic Malware
Malware that can morph, making it difficult to see and be remediated with antivirus or anti-malware applications.
Intellectual Property
An asset at the center of many organizations.
Downtime
The time during which a service is not available due to a failure or maintenance.
Opportunity cost
The amount of money a company loses during downtime.
True downtime cost
AKA opportunity cost. The amount lost during downtime.
Hacker
In the computing world, someone who enjoys exploring and learning how to modify something.
In the media, someone who breaks into a computer without permission.
Black-hat hacker
Will try to break IT security and gain access to systems with no authorization to prove technical prowess.
White-hat hacker
AKA an ethical hacker. An information security professional who has authorization to identify vulnerabilities and perform penetration testing.
Gray-hat hackers
A hacker with average abilities who may one day become a black or white hat hacker.
Cracker
A hacker with hostile intent, sophisticated skills, and interests in financial gain.
They represent the greatest threat to networks and information resources.
Protocol Analyzer
AKA a sniffer. Software program that enables a computer to monitor and capture network traffic, whether on a LAN or a wireless network.
Promiscuous mode
Sniffers operate in promiscuous mode, allowing every packet to be seen and captured by the sniffer.
Port scanner
A tool used to scan for open IP ports that have been enabled.
Operating System (OS) fingerprint scanner
Software that allows an attacker to send a variety of packets to an IP host device, hoping to determine the target device's operating system (OS) from the response.
Software vulnerability
A bug or weakness in the program.
Exploit
Something a hacker can do once a vulnerability is found.
Vulnerability scanner
Software program used to identify and verify vulnerabilities on an IP host device.
National Vulnerability Database (NVD)
The List of Common Vulnerabilities and Exposure (CVE), which is maintained by the U.S. Department of Homeland Security.
https://cve.mitre.org
Exploit software
An application that incorporates known software vulnerabilities, data, and scripted commands to exploit a weakness in a computer system or IP host device.
Intrusive penetration testing
Positively verifies the network by working to exploit it.
Wardialer
A computer that dials telephone numbers looking for a computer on the other end.
Password cracker
Software that performs one of two things:
Brute-force password attack to gain unauthorized access into the system or recover passwords in the system.
Cryptographic hash to convert a large amount of data into a single long number using an algorithm.
Keystroke logger
Surveillance software or hardware that can record to a log file every keystroke made with a keyboard.
Security breach
Any event that results in the violation of any of the confidentiality, integrity, or availability security tenets.
Denial of Service (DoS)
An attack that results in downtime or inability of a user to access a system by impacting the availability.
Logic attacks
Use software flaws to crash or hinder the performance of remote servers.
Flooding attacks
Overwhelm the victim's CPU, memory, or network resources by sending large numbers of useless requests to the machine.
SYN flood
Popular technique to launch a flood attack.
Smurfing
Use directed broadcasts to create a flood of network traffic for a victim computer.
Distributed denial of service (DDoS)
A type of DoS attack that also impacts a user's ability to access a system by overloading the computer and preventing legitimate users from gaining access.
Wiretapping
Can be active, where attacker makes modifications to a line, or passive, where the unauthorized user simply listens to the transmission without changing the contents.
Between-the-lines wiretapping
Does not alter the messages sent by legitimate users, but inserts additional messages into the communication line when the legitimate user pauses.
Piggyback-entry wiretapping
Intercepts and modifies the original message by breaking the communications line and routhing the message to another computer that acts like a host.
Backdoors
Hidden access methods left by developers so they can access the system again without struggling with security controls.
Netcat
A utility that is the most popular backdoor tools in use today.
Rootkits
Malicious software programs designed to be hidden from normal methods of detection. Installed by attackers once they obtain root or system administrator access privileges.
Spam
Unwanted email.
Spim
Unwanted IMs and chats.
Phishing
An email that is fake or bogus to trick the recipient into clicking on an embedded URL link or opening an email attachment.
Hoax
An act intended to deceive or trick the receiver. Usually an email.
Cookie
A text file containing details gleaned from past visits to a website. Stored in cleartext.
Risk
The probability that something bad is going to happen.
Vulnerability
A weakness in the design or software code itself. Can be exploited as a threat.
Disclosure threats
Occurs when unauthorized users access private or confidential information that is stored in a network resource while it is in transit between network resources.
Sabotage
The destruction of property or obstruction of normal operations.
Espionage
The act of spying to obtain secret information, typically to aid another nation state.
Information leak
Any instance of someone who purposely distributes information without proper authorization.
Attack
An attack on a system succeeds by exploiting a vulnerability in the system.
Fabrications
The creation of some deception to trick unsuspecting users.
Interceptions
Eavesdropping on transmissions and redirecting them for unauthorized use.
Interruptions
A break in the communication channel which blocks the transmission of data.
Modifications
The alteration of data contained in transmissions or files.
Birthday attacks
A type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.
Brute-force password attack
Attacker tries different passwords until one of them is successful.
Dictionary password attack
A simple attack that relies on users making poor passwords. A password-cracker program takes a dictionary file and attempts to log on by entering each dictionary entry as a password.
Spoofing
A person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.
Address resolution protocol (ARP) poisoning
When an attacker spoofs the MAC address of a targeted device by sending fake ARP resolution responses with a different MAC address.
Christmas (Xmas) attack
Sending advanced TCP packets with flags set to confuse IP routers and network border routers with TCP header bits set to 1, lighting the IP router up like a Christmas tree.
Man-in-the-middle hijacking
Attacker uses a program to take control of a connection by masquerading as each end of the connection.
Browser or URL hijacking
The user is directed to a different website than what they requested, usually a fake page the attacker created.
Session hijacking
Attacker tries to take over an existing connection between two network computers.
Replay attack
Capturing data packets from a network and retransmitting them to produce an unauthorized effect.
Masquerade attack
A user or computer pretends to be another user or computer.
Social engineering
Tricking authorized users into carrying out actions for unauthorized users.
Phreaking
Exploiting bugs and glitches in the telephone system.
Spear phishing
Using email or instant messages to target a specific organization, seeking unauthorized access to confidential data.
DNS poisoning
Pharming that poisons a domain name server.
Pharming
Domain spoofing.
Malware
Malicious software that infiltrates one or more target computers and follows the attackers instructions.
Virus
Software program that attaches itself to or copies itself to another program or a computer.
Worm
A self-contained program that replicates and sends copies of itself to other computers, generally across a network, without any input or action.
Trojan
Malware that masquerades as a useful program.
Rootkits
Modifies or replaces one or more existing programs to hide traces of attacks.
Spyware
Malware that specifically threatens the confidentiality of information.
Attack on availability
Impacts access or uptime to a critical system, application, or data.
Attack on people
Using deception to get another human to perform an action.
Attack on IT assets
Penetration testing, unauthorized access, stolen passwords, deletion of data, etc.
Wireless network attacks
Perform intrusive monitoring, packet capturing, and penetration tests on a wireless network.
User Domain
...
WAN Domain
...