Skip to main content

Start from 0 to Zero Day in cyber security world | Cyber Security | Introduction

"Today I have read Hacker attacked the cyber security world with new attack. Who is Hacker? What is cyber security?"



These type of news is very common now-a-day and same question comes to your mind. So this article is for newbie like you or person who want to know cyber security from scratch and related words or terms used. (This list will be updated regularly)

APT- An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.

Authentication- Authentication is any process by which you verify that someone is who they claim they are. The identity of a person is assured by authentication. Eg- John is authenticated to login to his account on security.com

Authorization- Authorization is any process by which someone is allowed to be where they want to go, or to have information that they want to have. The authorization includes the permissions that a person has given. Eg- John authorized to login as manager user, he can't access the super admin pages/modules.

Cloud- The word "cloud" (also phrased as "the cloud") is used as a metaphor for "the Internet". Actually, it’s a collection of computers with large storage capabilities that remotely serve requests over the Internet and allows us to access our files and/or services through the internet from anywhere in the world(e.g.- AWS, Google Apps).

Cyber- The word Cyber(Origin.- κυβερνητικός means skilled in steering or governing) is derived from "cybernetic". The word is widely used by information technology(IT) sector which commonly used to describe rules, law and policies regarding computer systems, networks and related infrastructure.

Cyber Security- As the word explains everything, securing the cyber world from different types of attacks(blog on this) from the Hackers. Protecting computer systems, networks and related infrastructure from the theft and damage to their hardware, software and information. Also, ensuring that there in change, disruption or misdirection from there ususal working. The Cyber Security field is growing day-by-day because of the fact that the new computer technology, new Internet of Things(IoT)devices are coming in the cyber world.

DDoS- The word "DDoS" stands for distributed denial of service – a form of cyber attack. This attack aims to make a service such as a website unusable by “flooding” the victim with malicious incoming traffic or data originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.

DMZ- DeMilitarized Zone is a physical or a logical subnetwork that functions as a small, isolated network positioned between the Internet and the private network and exposes an organization's external-facing services to an untrusted network, usually a larger network such as the Internet. Sometimes referred to as a perimeter network or screened subnet.

Exploit- A malicious application or script that can be used to take advantage of a computer’s vulnerability.A security exploit is an unintended and unpatched flaw in software code that exposes it to potential exploitation by hackers or malicious software code such as viruses, worms and other forms of malware.

Firewall- A Firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Hacker- A Hacker is a technical knowledgeable person who can uses bugs or exploits to break into computer systems for multiple reasons, such as benefits, information gathering etc. A security hacker is someone who try to breach defenses and exploit weaknesses in a computer system or network to evaluate system weaknesses to assist in formulating defenses against potential hackers.

Penetration Test- A Penetration Test, shortly known as a PenTest, is an authorized simulated attack on a computer system, performed to evaluate the security of the system. Once the vulnerability is found in the computer system, networks or related infrastructure, PenTest is performed to check till which level the vulnerability can affect the system.

Phishing- Phishing is an online scam involving emails with a clickable link that appear to be from a trusted source. By clicking a phishing link, you may compromise your system or allow access to change your personal data with the attacker. You could also allow viruses or other malware to infect your computer.

Ransomware- These days, Ransomware are very active attack by cyber criminals. Understand and be ready for it. It  is malware that takes hold of your system and encrypts it, sometimes attacking individual files. If you Trying to access the encrypted files triggers a note that claims you are locked out until you make a payment(Ransom for your data). Example- very famous randsom ware attack was WannaCry.

Red Team- A red team in simple words is a group of people who find vulnerability/weakness in the applications, Network, etc and combine them all to find a loophole which can impact the organization very severely. Their motive is not to find all the vulnerability, but the vulnerability that can seriously and practically impacts the organization.

Vulnerability- A vulnerability is a weakness which can be exploited by a Hacker to perform unauthorised actions within a computer system, networks or related infrastructure. Vulnerabilities are the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. An attacker must have at least one applicable tool or technique that can connect to a system weakness to exploit a vulnerability. That's why, vulnerability is also known as the attack surface.

Virus-  A computer virus is a type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code aiming  to corrupt, erase or modify information on a computer before spreading to others. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.

Worm- A computer worm is self-replicating malware that duplicates itself to spread to uninfected computers. Worms often use parts of an operating system that are automatic and invisible to the user.

Zero Day- A zero-day exploit is an attack that exploits a previously unknown security vulnerability. A zero-day attack is also sometimes defined as an attack that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.