Sometimes, it feels like there’s a language barrier between technical and non-technical people. Terms like backdoor, rootkit, or zero-day, which may be commonplace to a security professional, often leave users in the dark.
At OpenDNS, we #SpeakSecurity every day – and you can too! In this post, we define 20 key terms everyone should know:
Threats
Backdoor: A backdoor is an access point designed to allow quick and undetected entrance to a program or system, usually for malevolent purposes.
Botnet: A botnet is a robot network – think hivemind – a collection of infected machines that are used for any number of nefarious activities, from bitcoin mining to DDoS attacks. (Looking for more details? Our Community Moderator, Vinny, recently published a fantastic blog all about botnets.)
Denial of Service (DoS) Attack: This attack consumes all resources of a target so that it can no longer be used or reached, effectively taking it down. DoS attacks are designed to take a website or server offline, whether for monetary, political, or other reasons. (A DDoS, or Distributed Denial of Service attack, is carried out using two or more hosts.)
Drive-by download: A drive-by download often installs malware and happens invisibly in the background, when the user visits a malicious webpage, without the user’s knowledge or consent. Often, drive-by downloads take advantage of browser or browser plug-in vulnerabilities that accept the download under the assumption that it’s a benign activity.
Exploit: An exploit is an attack that takes advantage of a weakness in your system, utilizing software, bits of data, and even social engineering. To minimize exploits, it’s important to keep your software up-to-date and to be aware of social engineering attempts.
Malware: Malware is a general term for any program installed on a system with the intent to corrupt, damage, or disable that system. STUXNET, Conficker, and Flashback are a few famous examples. Common types of malware include:
Rootkits: A rootkit is a malicious piece of code that hides itself, prevents detection, and enables bad actors continued access to your system. If attackers gain full access to your system, they can use rootkits to continue that access over a long period of time.
Trojans: A trojan is a seemingly innocuous program that acts as a front for malicious code hiding within. Trojans can do any number of things, from stealing data to allowing remote system control. These malignant programs take their name from the famous Grecian “Trojan Horse”.
Viruses: Often used as a blanket term, a virus is a piece of code – a form of malware that attaches itself to files, such as email attachments or random things you download online. The purpose of a virus is to mess with your system, whether that means deleting files or corrupting your data. Computer viruses also replicate – just like viruses in the physical world.
Worms: A worm is a type of malware that clones itself in order to spread to other computers, performing various damaging actions on whatever system it infects. Unlike a virus, a worm exists as a standalone entity.
Spyware: Malicious code that gathers information about you and your browsing habits, and then sends that information to a third party.
MitM or Man-in-the-Middle Attack: A MitM attack is pretty much what it sounds like. An attacker will intercept, relay, and potentially change messages between two parties without their knowledge.
Phishing: Phishing is is a technique that uses a trustworthy-looking communication to steal sensitive information. Like fishermen with a lure, attackers will attempt to take your personal information by phishing it from you through the use of falsified emails, forms, and web pages.
Spear phishing is a form of phishing that targets one specific individual. (Think you can spot a phish in the wild? Test yourself with our quiz!)
Social Engineering: A general term for any activity in which an attacker is trying to manipulate you into revealing information. Passwords, account credentials, social security numbers – we often don’t think twice about giving this information away, but who’s really on the other end of the line? Protect yourself, and think twice before sharing.
Zero-day (0day): A zero day attack is when a bad actor exploits a new, previously unknown software vulnerability, for which there is no patch. Security is a cat and mouse game, and it’s a constant struggle to stay ahead of attackers.
Solutions
Anti-malware: Anti-malware software is designed to block, root out, and destroy viruses, worms, and other nasty things that are described in this list. It’s important to remember that this isn’t set-it-and-forget-it; updating regularly will ensure that it remains effective against new threats.
Encryption: The process of scrambling messages so that they cannot be read until they are decrypted by the intended recipient.
Firewall: Imagine, if you dare, all the nasty, malicious stuff on the Internet. Now imagine it’s all in your network – yikes! A firewall stands between your trusted entities and whatever lies beyond, controlling access based on security rules.
Honeypot: A honeypot is essentially a trap for bad actors – a decoy machine seemingly connected to a network, just waiting to be accessed. These are monitored closely by security professionals, as they can collect valuable information about malicious activity.
SIEM: An acronym made by combining two acronyms, SIEM is an umbrella term for products that deal with security information management (SIM) and security event management (SEM). This allows for aggregation of information and events into a single “pane of glass” for security teams to use.