Technical terms (VPN, SSL, digital certificate, firewall)

Certify and Increase Opportunity.
Be
Govt. Certified E-Commerce Professional

Technical terms (VPN, SSL, digital certificate, firewall)

Various technical terms related to web site security are listed below

• AntiSpam – A Software or service to help prevent unsolicited mail and to complicate a spammer’s method of collecting email addresses.
• Attack – An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures.
• Audit – The independent examination of records and activities to ensure compliance with established controls, policy, and operational procedures, and to recommend any indicated changes in controls, policy, or procedures.
• Authentication – To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system.
• Authorization – The means of granting or denying access to a network resource. It defines the access policy.
• Backdoor – A backdoor refers to a method in which a hacker can bypass normal authentication on a computer to gain remote access without the knowledge of the user. A backdoor is a general term that may refer to installed software or a modification to an existing program or hardware.
• Botnets – Bots, or robots, serve a command computer, carrying out automated functions at their master’s bidding. Common bot crimes include denial-of-service, extortion, identity theft, spam, and fraud. Multiple infected computers together form a botnet, with each individual computer also termed a zombie.
• Browser Cookies – Cookies are text retained on computers by browsers containing information filled into websites. A cookie may be used to remember a username, for example, so that the name will auto fill on the user’s next visit. Cookies may be disabled, or cookie options customized, due to privacy concerns.
• Buffer Overflow – This happens when more data is put into a buffer or holding area, then the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes. This can result in system crashes or the creation of a back door leading to system access.
• CGI – Common Gateway Interface – CGI is the method that Web servers use to allow interaction between servers and programs.
• Confidentiality (data privacy) – The means used to ensure that information is made available only to the users who are authorized to access it. For example, you can encrypt the data and send. The receiver who has the decrypting key alone would be able to read the data.
• Data integrity – The means used to prove that information has not been modified by a third party while in transit. For example, if you send a file and its checksum separately, the receiving party can compute the file’s checksum and match it with the received checksum to ensure the file’s contents were not tampered with along the way.
• Denial of Service (DoS) Attack – A denial-of-service (DoS) attack involves an attempt to disrupt the normal functioning of a website or web service. In a typical DoS attack, the attacker will overload a site’s server with requests for access far above the capacity of the site, meaning that legitimate requests cannot be processed.
• Exploit – An exploit is the use of software, data, or commands to “exploit” a weakness in a computer system or program to carry out some form of malicious intent, such as a denial-of-service attack. Patches are intended to remedy these vulnerabilities as soon as they are revealed.
• Hacker – The term “hacker” generally refers to any person who enjoys understanding, modifying, and exploring programmable systems, particularly computers and computer systems. “Hacker” has been used to describe individuals who bypass security measures for malicious purposes or criminal activity; however, most people within the hacker community refer to these individuals as “Crackers.”
• “In the Wild” – A virus is said to be “in the wild” if it is spreading uncontained among infected computers in the general public. A virus being studied in a controlled environment for research purposes would not be considered “in the wild.”
• Keylogger – A keylogger, also known as keystroke logging or keylogging, is a method of tracking the strokes on a keyboard without the knowledge of the user. This information is collected and used to access private accounts or collect personal information. Keyloggers can come in the form of software, hardware, or external monitoring such as acoustic analysis.
• Malware – Malware is an abbreviated term meaning “malicious software.” This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner. There are various types of malware including spyware, keyloggers, true viruses, worms, or any type of malicious code that infiltrates a computer. Generally, software is considered malware based on the intent of the creator rather than its actual features.
• Phishing – Phishing refers to an attempt by a hacker to obtain confidential information about a user through fraudulent means; specifically by pretending to be a legitimate communication from a credible source. In a typical phishing scheme, a spam email will direct a reader to an external website, often with a masked URL. When the user inputs his or her information, it falls into the hands of the cyber criminal.
• Ransomware – Ransomware is a category of malware that demands some form of compensation, a ransom, in return for data or functionality held hostage. For instance, ransomware might change Proxy settings in a browser to limit web use, making it difficult to find a solution to remove a computer virus.
• Rootkit – A rootkit is a type of software designed to hide the fact that an operating system has been compromised, sometimes by replacing vital executables. Rootkits allow viruses and malware to “hide in plain sight” by disguising as necessary files that your antivirus software will overlook. Rootkits themselves are not harmful; they are simply used to hide malware, bots and worms.
• Social Engineering – Social engineering involves deceiving victims into unwittingly disclosing confidential information or pursuing a fraudulent action. Phishing is a prime example.
• Trojan – A trojan horse, often shortened to trojan, is a type of malware designed to provide unauthorized access to a user’s computer. Trojans, unlike worms, are non-self-replicating, meaning they do not harm the computer, rather just provide a gateway for a remote hacker to access a computer to perform various actions based on the design of the trojan and the privileges of the user.
• Zero Day Attack – A zero day attack refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and races to fix it. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information.