Study the 25 vocabulary terms below. Then continue to the activities.
- Backdoor
- Black hat
- Bypass
- Cryptography
- DoS attack (denial of service attack)
- Grey hat
- Intention
- Keylogger
- Malicious
- Malware
- Obfuscate
- OTP (one-time password)
- OAuth (Open Authentication)
- Pen test (penetration test)
- Pop-up blocker
- Public and private keys
- Rootkit
- Security policy
- Session ID (session identifier)
- Social engineering
- Spyware
- Surveillance
- Vigilant
- Vulnerability
- White hat
Noun (thing)
a secret entrance to a server, OS, or app which bypasses normal authentication and and/or logging procedures
Before the criminal-minded programmer quit his job at the bank, he programmed a backdoor into the server so he could later install a ransomware virus.
Noun (person)
malicious and/or criminal hacker
Black hat hackers exploit vulnerable computer systems for some combination of money, notoriety, revenge, and fun.
Verb (infinitive)
to go around or avoid something
The hacker bypassed all the expensive security measures by borrowing an employees laptop at a cafe and then quickly installing a zero-day exploit.
Noun (thing)
the study of protocols and techniques relating to secure communication
Using his extensive knowledge of cryptography and a highly experimental quantum computer, the secret agent determined the nuclear reactor's HMAC key to be none other than: "ilovemymother".
Noun (thing)
a hacking technique where a computer server is rendered inoperable due to a flood of fake traffic
Although WAFs (web application firewalls) have come a long way, DoS attacks are still one of the main benefits of running a botnet
Noun (person)
a type of hacker who has neither particularly good nor evil intentions
Grey hat hackers often enjoy seeking out new vulnerabilities and exploits, but they don't always ask permission first, report them to the proper people, or offer to fix them for free.
Noun (concept)
an overall purpose or goal
It was not the hacker's intention to delete his own bank account, but unfortunately that is what happened.
Noun (thing)
a type of malware that records a user's input either for spying purposes or to perform a replay attack
The spy installed a hardware-based keylogger on the government computer, which worked without requiring any additional software to be installed.
Adjective
hurtful, or harmful.
The teacher said that the term "malware" comes from combining the two words "malicious" and "software".
Noun (thing)
software that is designed to damage or compromise a computer system
Some common types of malware include spyware, adware, rootkits, ransomware, worms and keyloggers.
Verb (infinitive)
to intentionally make something difficult to understand or detect
Cryptographers are often forced to obfuscate their source code in order to protect their algorithmic secrets.
Proper noun (thing)
often the final part of an MFA (multi-factor authentication) technique where a token is used and then immediately forgotten
OTP is a valuable security measure because it isn’t vulnerable against replay attacks.
Proper noun (thing)
a protocol which allows a service to access limited data about a user without actually sharing their credentials.
For reasons of convenience, and perhaps a bit of blind faith, many people choose to authenticate via OAuth services from Apple, Microsoft, or Google, instead of creating a separate account.
Noun (concept)
a legal and ethical method of evaluating the security of a PC or server by simulating an attack.
As a proactive move to increase overall security before launch, the Web agency hired an ITSEC specialist to run a series of pen tests on the new socal media application.
Noun (thing)
a software fix preventing unwanted windows from suddenly appearing onscreen
Pop-up blockers are effective at preventing unwanted or dangerous popups, but unfortunately they can also block some useful functionality as well.
Noun (thing)
pairs of asymmetric cryptography tokens used to secure most remote computer systems
The system administrator asked each student to create a set of public and private keys in order to access the remote system.
Noun (thing)
a type of malware which installs an unwanted backdoor into a system
The network administrator suspected a rootkit had been installed on a server when he noticed a sudden increase in network activity on the backup server.
Noun (thing)
a minimum set of rules, which apply to all network users
The network administrator had to upgrade the security policy after noticing spyware on some of the machines.
Proper noun (thing)
a unique token generated every time a user visits a website
The user's session ID was SID:ANON:www.w3.org:j6oAOxCWZh/CD723LGeXlf-01:34.
Noun (thing)
a technique wherein hackers exploit human weakness such as laziness, fear, or eagerness to please others, in order to to gain privileged access to a computer system
Unfortunately even the best IT security practices can be defeated by a single act of social engineering such as phishing or tailgating.
Noun (thing)
a general term for any type of malware which attempts to steal personal information such as credit cards, passwords, browser history, etc.
Some people consider social media websites such as Facebook, Youtube, and TikTok to be nothing more than a well-engineered combination of spyware and adware.
Noun (concept)
keeping watch over someone's activities, in order to log suspicious and/or criminal activity
After the security breach, the company implemented the following surveillance techniques: motion detectors, ID badges, and security cameras.
Adjective
watchful, careful, and alert
The company newsletter encouraged all employees to remain vigilant and to report all suspicious behavior.
Noun (concept)
any weak or exposed part of a system that can be successfully attacked
The network admin patched the critical OS vulnerabilities and then rebooted the server.
Noun (person)
a type of hacker engaged in ethical and/or professional system scanning, penetration, or protection
White hat hackers always get permission before they start cracking systems, and always report security holes they find along the way.