The AWD Glossary of Basic IT Security Terms and Concepts



For those in the IT industry, the issue of network security is paramount and pressing. However, for the average Australian business owner, the concept of network security is often a vague, nebulous concept characterised by technical jargon and fear mongering over threats which seem far removed from our shores. This disconnect is in part due to the kind of technical language used in the IT industry, which can often alienate business owners seeking to better understand their network security needs. If you are a business owner struggling to understand what network security is all about and what the defining issues surrounding it are, this glossary is an invaluable resource.

Access management (data management)

The process of managing data access within a network. Network management plays an important role in minimising damage if a network is compromised because of social engineering. Data access should look like a pyramid, with the majority if users at the bottom, given access to only what they need to do their jobs. Only a handful of the most senior users should be able to access all data assets.

 

Anti-Spam

A collection of software products, techniques and policies designed to detect, block and mitigate the effects of spam (unsolicited bulk emails used for spreading malware or advertising). To be robust, a company’s anti-spam should include a whitelist/blacklist feature, auto-spam detection, subject and content filters, virus detection, email recovery and quarantine. However, anti-spam technology can never be 100% foolproof (otherwise no emails would ever get through), so anti-spam platforms need to be paired with user education.

anti_virus.png

Anti-Virus

Software designed to detect, remove, search for and prevent software viruses as well as malware. A quality anti-virus product (AWD recommend Webroot) should offer comprehensive scanning features (auto protection, compressed file scanning, emergency diskettes, task based scanning, download and email scanning, heuristic scanning, scheduling, boot sector scanning, setup scanning), be able to recover infected files, detect compressed and uncompressed viruses and produce scan reports as well as logs.

 

Backup

A copy of your data stored on a second medium to be used as an alternate in case your network is compromised and the data is damaged or wiped. Backup is either onsite (hard disk, CD, hard drive, magnetic tapes) or remote (an offsite server- ‘cloud’). For business continuity purposes, it’s crucial to have a backup of your network configuration as well as your data, to minimise downtime.

 

Blacklist

A basic access control mechanism that blocks specified elements (email addresses, passwords, URLs. IP addresses, file hashes, domain names and users). Blacklists are used by several different types of IT security architecture including email servers, firewalls, application authentication gateways, directory servers, DNS servers, web proxies and hosts.

 

Bot/zombie

A computer connected to the network that has been secretly compromised by a software robot device which performs malicious activities under the command of a remote administrator (known as a bot herder or botmaster). Networks that have been infiltrated by a bot will rarely show signs of its presence.

 

Botnet

Many compromised computers used to either send spam and viruses, or instigate a DDoS attack.

 

Business continuity plan

A disaster recovery plan encompassing emergency response, backup retrieval, and recovery steps to ensure business critical resources are made available and business operations are resumed quickly in the wake of a network failure.

 

Business grade network devices

Products such as firewall, anti-spam, network switches etc. which are designed to service the complex operational needs of a multi user, multi device network.

 

Cloud

A platform for delivering information technology tools through hosted services. Cloud has revolutionised the way IT services are delivered, not the features of the services themselves. Using cloud vs. using a server is like paying a utility company for electricity as opposed to owning a generator, it changes where the electricity comes from, not necessarily the quality or consistency of the electricity itself. Contrary to popular belief, the cloud is not inherently secure and needs to be proactively protected.

 

Cybercrime (both internal and external)

Any criminal activities carried out using computers or the internet. Once solely the realm of highly skilled hackers targeting specific organisations, cybercrime has become ‘democratised’ over the past decade and is increasingly affecting small to medium sized businesses. In addition to this, malware has never been so easy to access, quick to spread, or difficult to get rid of and it’s being used by hackers and disgruntled employees alike.

 

Data integrity

The accuracy and confidentiality of a company’s data assets. Aside from stealing sensitive information, cyber criminals are now also covertly sabotaging confidential data to cause reputational and financial damage, this is known as a data integrity breach.

 

Data breach/leak

The unauthorised movement or disclosure of sensitive information to a party who is not authorised to see or possess it. Traditionally, data breaches are instigated by outside threats, but in recent years the proliferation of freely available malware and instances of hackers paying or inciting employees to steal data means this is no longer the norm.

 

Denial of service (DOS)

An attack designed to stop a network from functioning by flooding it with useless traffic. These attacks generally exploit the limitations of a TCP/IP protocol and is done by one computer and one internet connection.

 

Distributed denial of service

A type of DOS attack where multiple comprised systems (sometimes hundreds or thousands) are used to attack a single system or resource. In this type of attack, both the systems the hacker has hijacked as well as the end targeted system.

 

Encryption

Encryption refers to the process of translating data into a complex code which can only be unlocked with a certain key. There are different types and levels of encryption with different strengths and weaknesses. Many major data leaks come about because a company fails to use sophisticated enough encryption to protect their data.

 

Endpoint security/protection

The protection of a corporate security network remotely linked to client devices. It refers specifically to the securing of every endpoint connected to the network including computers, mobile devices, and client devices. Endpoint protection is a broad term which encompasses various kinds of IT security architecture (firewall) as well as software (anti-virus) and management policies.

 

Exploit

A tool (usually a script) developed by hackers to exploit software or network vulnerabilities.

Firewall.png

Firewall

A barrier between the secure company network and other outside networks which controls and monitors both incoming and outgoing traffic. A firewall will allow or block specific traffic based on a defined set of rules. Firewalls are a crucial network security device that play a frontline role in protecting an organisation’s data assets.

 

Hacker

A computer expert who uses a combination of technical knowledge, exploits or bugs to break into a computer system. Although in popular culture, the hacker is characterised by a criminal who uses their technical skills for malicious purposes or personal gain, there are other ways that hackers can apply their skills. An ethical hacker uses their skills to test or evaluate network security, and is an invaluable resource to businesses.

 

IoT

Internet of things is a term that refers to any device connected to the network which collects and exchanges data. Any device connected to the internet is vulnerable. IoT devices like printers, security cameras, locks and climate control often cannot be patched and are generally forgotten once installed, making them an easy access point for hackers or malware.

 

Insider threat

A malicious threat that comes from within the organisation (i.e. current and former employees, contractors, business associates). Data leaks and attacks have become increasingly common because of DDoS, malware and ransomware as a service business models being launched by cyber-criminal groups as well as the increasing practice of hackers contracting inside sources to steal or compromise data in exchange for a fee.

 

ISMS (Information Security Management System)

The ISMS is a framework of policies and procedures designed to encompass all the control features of information risk management at an organisational level.

 

ISO 27001

The international standard of operation for building and maintaining information security management system (ISMS).

 

Intrusion Detection System (IDS)

Software used to detect any attempts at unauthorised access to a network.

 

Intrusion Prevention System (IPS)

Same as an IDS but with the ability to block unauthorised access once detected.

 

Keylogger

Malicious software or a physical device used to log keystrokes to capture sensitive information.

 

Macro virus

A type of virus that infects an application such as Excel and then causes a sequence of actions to be performed through that application’s macro capabilities.

 

Malware

Abbreviation of ‘malicious software’, malware is a type of hostile or intrusive software. Malware is a tool used by hackers to target specific networks, but is often spread indiscriminately through mass spam emails (phishing).

MDM.png

Mobile device management

If your employees use smart phones or iPads for work purposes, these are vulnerable and need to be properly secured in line with company policy. An effective mobile device management system will include centralised control that allows administrators to manage and monitor all network connected devices, tracking, passcode enforcement, jailbreaking alerts, application restrictions, cloud backup and geofencing.

 

Network

A collective term for all the different interconnected systems used to transmit, receive and exchange data. A company network includes computers, mobile devices, shared drives, servers, internet connected devices and users. A network cannot be secure unless all the individual systems are protected.

 

Offsite backup

The storing of backup data, applications and configurations separately from the core IT environment. Because it is separate from the network, offsite backup is immune to the security vulnerabilities of that network.

 

Patch

A piece of software used to update a program or it’s supporting data, usually for the purposes of fixing a flaw or improving performance.

 

Penetration testing (pen testing)

The practice of evaluating or testing a network to identify potential vulnerabilities that a hacker could exploit. Penetration testing is usually undertaken by an ethical hacker.

 

Phishing

Disguising a malicious program, link, file, or website as a trustworthy entity to obtain confidential information or spread malware. Phishing is a technique commonly coupled with spam emailing.

Proxy.png

Proxy server

An intermediary between a client application and the real server, the proxy server intercepts all requests and can fulfil some requests itself. Its primary purpose is to filter and improve server performance.

 

Ransomware

A type of malware which locks a user’s system or encrypts its files and then demands a Bitcoin ransom be paid before the system is unlocked or the files are restored. Ransomware is most commonly spread via phishing scams or hacked/malicious websites. Over the past five years, ransomware has exploded in popularity amongst cyber criminals and the proliferation of ransomware as a service (RaaS) has made strains of the malware available to amateur hackers who wouldn’t ordinarily have the skills to develop it. Once ransomware infects a network, it usually can’t be removed and there is no guarantee that paying the ransom will result in the restoration of your system or files. Functionality can only be restored by offsite backup in these instances.

 

Resilience

The ability to maintain service levels despite challenges to normal operation.

 

Risk assessment

A process whereby risks and their potential impact are identified.

Rootkit.png

Router

A device that directs data packages between or within networks. The router is the device that connects your office to the internet. In a commercial IT setup a business grade router is the best choice as it is the most effective at filtering information in and out of the office.

 

Rootkit

A set of software tools which hackers use to mask their presence in a network as well as gain administrator level access.

 

Security information and event management (SIEM)

A set of network security tools designed to automatically respond to and resolve security issues as well as manage multiple security applications.

 

Server

A device that manages network resources and responds to requests from other network entities.

 

Social engineering

A tactic used by hackers to gain network access that involves deceiving or manipulating a user of that network.  Users are the weakest point of any network and are increasingly being used either a complicit or unwitting entry point for hackers.

 

Software assurance/software quality assurance (SQA)

An assurance that the software is free of vulnerabilities for the duration of its lifecycle and that it will perform in the intended manner. SQAs are standard amongst reputable security vendors as they are essential to business IT.

 

Spyware

Software that covertly gathers network information, usually for the purposes of advertising. Like a Trojan horse, spyware is often unwittingly installed by the user when they think they are installing something else and is often bundled in with freeware, shareware, or peer to peer file swapping.

Trojan_horse.png

Trojan horse

A malicious program that is hidden inside useful or legitimate software.

 

Two factor authentication

The use of two different types of evidence (usually knowledge, possession or inheritance) to confirm a user’s identity. This extra layer of security is a highly effective way to reduce instances of data theft.

 

Virtual Private Network (VPN)

A secure, encrypted connection which uses a public network (the internet) to connect to a private network (i.e. a company’s internal network). VPNs enable data to be transmitted between a remote network and a company network via a kind of secured ‘tunnel’ which makes it impossible other than the intended recipient to intercept the data. A VPN is crucial for any company using VoIP telephony as a mode of communication as well as organisations with multiple locations and remote workers.

 

Virus

A malicious piece of self-replicating software which inserts itself into another program to activate and spread.

 

Vulnerability

A network weakness which could potentially be exploited.

 

If you’re seeking to gain a better understanding of IT security at the business level, or are concerned about the current level of protection that your company has, get in touch with a network engineer from AWD. We are more than happy to answer any questions as part of a free consultation and can help you identify vulnerabilities and flaws in your existing network with a security audit. Get in touch with us today by calling 1300 855 651.