Bluesnarfing, Bluejacking, Typosquatting and Other Cyber Terms You Need to Know Now
April 17, 2018
Developed by the PSA Cybsecurity Committee as a section of newly released whitepaper, CSC Controls. The full whitepaper is available in the Cybersecurity Committee section of PSAEducation.com.Cybersecurity can be complicated to talk about, with new terminology popping up about as often as a big data breach. Ask yourself: Do I know the difference between bluejacking and bluesnarfing? What would I say if my client asked about the dangers of typosquatting? Check out this key terms glossary to familiarize yourself with the language of cybersecurity and be prepared to answer the tough questions.
Active interception - normally refers to placing a computer between a sender and receiver and an effort to capture and possibly modify informationAd filtering - ways of blocking and filtering out unwanted advertisements pop-up blockers and content filters are considered to be at filtering methodsAdware - type of spyware that pops up advertisements based on what it has learned about youApplication whitelisting - a method of restricting users to specific applicationsAttack vector - the path or means by which an attacker gains access to a computerBack doors - used in computer programs to bypass a normal authentication and other security mechanisms in placeBluejacking - the sending of unsolicited messages to Bluetooth enabled devices such as mobile phones and tabletsBluesnarfing - the unauthorized access of information from a wireless device through a Bluetooth connectionBotnet - a group of compromised computers used to distribute malware across the internet the members are usually zombiesBusiness Impact Analysis (BIA) – a systematic process aimed at predicting and evaluating the potential impact and loss of critical business operations as a result of disaster, accident or emergencyCIA Traid – Confidentiality, Integrity, and Availability (CIA)is a model designed to guide strategy and policy governance over the security of information systems within an organization. Confidentiality aims at a set of rules that limits access to information, integrity is the assurance information is trustworthy and accurate, and availability is a guarantee system resources will be available upon request by authorized usersContent filters - individual computer programs that block external files that use JavaScript or images from loading into the browserEaster egg - a platonic extra added to an OS where application as a sort of joke the harmless cousin of the logic bombGrayware - a general term used to describe applications that are behaving improperly but without serious consequences often describes types of spywareHardware security module - a physical device that deals with the encryption of authentication processes digital signings and payment processesHost based intrusion detection system - a type of system loaded on an individual computer and analyzes and monitors what happens inside that computerInformation & Communication Technology (ICT) – the infrastructure, network components, applications and information systems that enable modern networking and computingLogic bomb - code that has, in some way, been inserted into software it is meant to initiate some type of malicious function if specific criteria are metMalware - software designed to infiltrate a computer system and possibly damage it without the user's knowledge or consentMobile device management - is centralized software solution that allows for the control configuration of mobile devicesOpen mail relay - also known as an SMTP open relay, enables anyone on the internet to send an email through an SMTP serverPersonal firewall - an application that protects an individual computer from unwanted internet traffic it does so by way of rules and policiesPop-up blocker - an application or add onto a web browser the blocks pop-up windows that you see contain advertisementsPrivilege escalation - the act of exploding a bug or design flaw in a software or firmware application to gain access to resources that normally would have been protected from an application or userRansomware - a type of malware that restricts access to a computer system and Demands a ransom be paidRisk-Based Security (RBS) – security model that attempts to deliver the most effective security in the most efficient manner by steering resources and assets to the highest areas of security risk and vulnerabilityRootkit - a type of software design to gain administrator level control over a computer system without being detectedSocial Engineering Attacks – the psychological manipulation of organizational employees to attain confidential information for the purposes of fraud, gathering information or systems access. This type of activity aims at using human interaction in an attempt to trick employees to break organizational security procedures to gain access to buildings, systems, or organizationalSpam - the abuse of electronic messaging systems such as email broadcast media and instant messagingSpyware - a type of malicious software either downloaded unwittingly from a website or installed along with some other third-party softwareStorage segmentation - a clear separation of organizational and personal information applications and other contentThreat Vector - the method of threat uses to gain access to a target computerTime bomb - a Trojan set off on a certain dateTrojan Horse - an application that appears to perform desired functions but is actually performing malicious functions behind the scenesTyposquatting - a method used by attackers that takes advantage of user’s typos when accessing websites. Instead of the expected website the user ends up at a website with a similar name but often malicious contentVirus - code that runs on a computer without the user's knowledge it infects the computer when the code is accessed and executedWorm - code that runs on a computer without the user's knowledge a worm self-replicates whereas a virus does notZombie - an individual compromised computer in a botnet
Find more from PSA Committees on PSAEducation.com. Create a free account today to get started!
Source: Prowse, D.L. (2015). CompTIA Security SY0-401 (3rd ed.) Indianapolis, IN: Pearson.