In an increasingly interconnected world where societies depend on digital infrastructure, cyber security is becoming increasingly relevant. The fact that data breaches are becoming increasingly frequent and hacker attacks on power suppliers are successful shows the impact that insufficient cyber security can cause. In this glossary you will find a condensed overview of the most important terms you should know! Reading time 5 minutes.
A generic term covering the confidentiality, integrity and availability of devices, networks, hardware, software and, most importantly, data and information. Cybersecurity refers to different states of data and information – in transit, while processed in a CPU, and while resting on a storage medium. Cybersecurity can also be understood as a subset of information security, the very general generic term. In addition to digital data, this also includes physically stored data.
Here are two well-known models of cybersecurity. They are a helpful guide for the design and validation of applications and IT services
Also an American authority, but in this case the three most important goals of cybersecurity – confidentiality, integrity, availability. This model serves as a verification scheme for the protection goal of information security in cyberspace.
C – Confidentiality: Authorized persons, devices or processes should be allowed to access data, others should not have access. User names, password combinations, source code, personal identifiable information and more must be protected. Mainly, encryption ensures confidentiality.
I – Integrity: Cybersecurity means that we can be sure that the data has not been modified in its original form during transmission, whether accidentally or maliciously. Changing a bit of a message can change the entire message. Hashing ensures integrity.
A – Availability: Data and information, as well as devices should be reliably accessible when needed. For example, in a DDoS attack, a webserver is intentionally flooded with traffic to such an extent that it becomes unavailable to anyone. Fault tolerance and load balancing ensure availability.
Enables the “C” of the CIA model. In the context of cybersecurity, this refers to the encryption of sensitive data and information. The original application file or message is called the plain text. Algorithm or cipher, a mathematical function that transforms the plain text into an unreadable salad of characters, the cipher text. In addition, there is the key, which in combination with the algorithm encrypts and decrypts the message. Encryption algorithms such as AES or RSA are known and public. Only in combination with the key will they become a tool for confidentiality.
Enables the “I” of the CIA model. Hashing allows to check if bits in a message have been changed. Checksums are created using hash functions: The mathematical function converts a variable lenght input into a fixed lenght output. A newspaper article and your first name would generate a hash of the same length. Changes of only one input character result in a entirely different hash. In this way, the integrity of transmitted data packets can be verified and ensured. Therefore, hashing also plays an important role for block chain technology.
A Distributed Denial of Service, an attack on the “A” of the CIA model. Denial of Service is the unavailability of an online service. There are several reasons for this. A DDoS defines the downtimes as a result of server requests whose number exceeds the capacity of the service. These attacks are becoming increasingly large; the current record of a single attack is 1.2 Tbps. Tens of thousands of unprotected computers are often exploited. They receive instructions as part of a botnet. For example, adding traffic to the company’s X website. Recently, insecure IoT devices have also been integrated into these attacks on a large scale. Internet-capable TVs, webcams and refrigerators often have poor security configurations, making them simple recruits for a DDoS attack.
The AAA Model
The second important model of cybersecurity.
A – Authentication
The process of proving that you’re who you pretend to be. If you claim to be someone, you identify yourself. If you can prove it, this is authentication. Authentication requires a proof in one of three forms:
- Something you know, e. g. a password
- Something you have, e. g. a key
- Something you are – biometrics
If you combine more than one of these categories, this is called multi-factor authentication.
A – Authorization
Authorization means that you grant a user certain rights, while you do not grant it to others. This is linked to the principle of the least privilege. Users, devices, programs and processes should only get the absolutely sufficient permissions and not a single bit more.
A – Accounting
Anonymous recording of user actions is very important. Logged events that lead to incidents can prove very valuable for an investigation. Let’s take unauthorized failed login attempts as an example.
Firewalls filter network traffic based on rules. These rules can be source or target IP addresses, specific protocols or ports. Certain data packets are not allowed into a network, while others are not let out of the network.
The two most common types of firewalls: hardware-based and software-based. A hardware-based is usually a machine that sits between the internal network and the edge router. Internal network — firewall — edge router– Internet provider (ISP) It separates the large unknown from the internal, trusted network. The software-based is a program on the client, such as the Microsoft Windows Firewall. It separates the known (the client itself) from the unknown, for example a public WiFi.
Packet filtering is further divided into stateless and stateful. Filtering is stateless if each data packet is considered an isolated communication piece. Some packages seem to be unsuspicious in isolation. However, if you see the overall communication from several packages and understand the context, it is possible to detect a threat. Therefore, we have stateful filtering.
Intrusion Detection Systems vs. Intrusion Prevention Systems
Not to be confused with firewalls. Think of an airport. Imagine a firewall like the security staff before entering the gate. Personal details and bags are checked. IDS and IPS are the security personnel behind the controls where passengers enter their aircraft. IDS and IPS therefore take care of troublemakers in this area. For example, an aggressive and noisy passenger who is upset about the delay of his flight. In addition, IDS and IPS must also make decisions in the event of incidents in the internal network.
Intrusion Detection System: Runs connected to a switch in the network and receives copies of the network traffic. Therefore there is no latency for the traffic. Alerts administrators on specific events or can communicate with the firewall to customize rules. Has above all visibility function for the traffic.
Intrusion Prevention System: Runs inline. The actual traffic has to pass the IPS. This increases the latency of the traffic due to live processing. Alerts administrators on specific events or can communicate with the firewall to customize rules. Can also block traffic itself. Has above all control function for the traffic.
Virus vs. Worm vs. Trojan
All of them fall under the generic term Malware (short for Malicious Software), but are easily confused.
Like a biological virus, the computer virus injects itself into a file or program on the computer of the person affected. This file contains malicious commands that are executed by the CPU when a file or program is opened. Viruses can spread and replicate themselves on the host. However, in order to replicate to other devices on the network, human action is required. The classic case: An email attachment. Viruses always have malicious content.
Malware known as a worm does not infect files. It is an independent file. Worms can spread themselves through networks all over the world. They can put themselves on email lists or write their own emails and attach themselves. A worm does not necessarily have malicious content. If a worm sends one, ten or a thousand files to a webserver, nothing will happen. However, replicating the worm to 10,000 other computers that collectively fill this webserver with traffic as a botnet can cause an overload of the server. See also DDoS.
A Trojan or Trojan horse can be either a virus or a worm. The term Trojan describes the appearance of malware. It seems to be a harmless program, which is provided as freeware for example. However, a virus or worm is hidden under the cover of the program or file. Once it is inserted into the PC, it unfolds its effect. In addition to the above-mentioned harmful effects, these can also share sensitive data unnoticed with third parties or give hackers access via a backdoor.
This software family is designed to encrypt data and files. The data is impossible to decrypt without having the private key that is usually stored on the attacker’s server until the ransom is paid. Read more about Cryptolockers in our blog article.
Cyberthreat Real Time Maps
Several security software vendors offer real-time cyber attack maps. You can get a good impression of the extent to which cyber attacks are taking place.