Being an IT or cybersecurity professional is a very demanding job. Cyber-attackers get more and more skilled and are finding new ways to exploit system vulnerabilities you might not have known even existed.

Cybercrime has even surpassed drug trafficking as the more profitable, according to Cisco.

These threats can come in many forms and some of them you probably already know, but it’s a good idea to familiarize yourself with some others. That’s why we created this glossary of 45 security terms every IT professional should know:

1. 0-Day Vulnerability Exploit

0-day or zero-day is a software, firmware or hardware flaw unknown yet to company that makes the software or the one responsible for patching or fixing it.

Very often, these vulnerabilities are detected by “ethical hackers” (more on them later), who notify the company about it.

2. 2-Factor Authentication

2-factor authentication is a way of adding extra security to an account (and make it more difficult for hackers to breach into it).

Usually SMS 2-factor authentication consists of something you know such as a security question (name of your high-school) and something you have (fingerprint, PIN).

3. Adware

Anyone that’s ever searched or downloaded “free” software likely encountered adware. This is a type of malware that generates online ads either on the screen during the installation process or on the interface of the software itself.

It usually comes with the “hey we’re giving you the software for free, it’s the least you can do for us” explanation, but it’s far more malign that it looks. Typically, if you have adware installed on your computer, there’s a good chance that a malware will be a part of the package in the back end.

4. Antivirus

Antivirus is the type of software that detects viruses and blocks them from infecting your computer or system.

5. Backup

Backup is the process of backing up data to prevent data loss and enable easier recovery in case of data loss.

6. Black-Hat Hacker

Although there are really two types of hackers, White-Hat and Black-Hat, this is what people generally think when they hear the word “hacker”. A Black-Hat Hacker is someone who exploits system and computer vulnerabilities for criminal purposes.

7. Botnet

Botnet is a group of devices on the Internet that are controlled by malware. Typically, the owner of an infected computer doesn’t even know that his device is a part of a botnet.

8. Click Fraud

Used by more unscrupulous Pay-per-Click (PPC) advertisers who don’t want to wait to get payable clicks, but instead want to increase their revenue faster.

9. Cyber Espionage

Cyber espionage is the practice of spying on a victim to gain confidential information and data about them, their plans or their customers for instance.

Typically, this targets governments and large corporations, so it’s usually another country or rival company that’s conducting this type of espionage.

10. Data Breach

When a hacker successfully penetrates the system and gains control of the network, this is called a “Data Breach”.

11. DoS Attack

In a DoS or Denial-of-Service attack, the attacker disrupts the services from the host to the victim usually by flooding traffic and overloading the system with illegitimate requests that prevent legitimate ones from being resolved.

12. DDoS Attack

DDoS or Distributed-Denial-of-Service is a type of DoS attack in which the perpetrator uses more than one source from which to flood the traffic.

13. Dark Web

Dark web is the layer of Internet that can be accessed only through “overlay networks. Since most of it is encrypted, it requires special software such as Tor browser to access it.

Although not necessarily, dark web is often used for different criminal activities like selling drugs, pornography and so on.

14. Deep Web

Although Deep and Dark webs are often mistaken for one and the same, the deep web is simply a part of the World Wide Web that is not indexed by search engines.

For instance, this can refer to the content on the website that’s behind a paywall, online banking information or hidden Wikis or private forums and networks.

15. Defense-in-Depth

Since no single security mechanism is 100% secure, Defense-in-Depth or DiD is used to protect information and valuable data by creating multiple layers of security. So, if one layer fails, the attacker has to deal with the next one and so on.

16. Demilitarized Zone

This military-sounding term refers to a firewall setting that separates the company’s LAN from the external network.

DMZ is used to allow employees to access the external network and Internet, while keeping the internal network secure from outside threats.

17. Detection Deficit

The deficit or gap between the Data Breach “Discovery” and “Compromise” is called a “Detection Gap”.

18. End-to-End Encryption

End-to-End encryption is a way of securing communication between two parties (“ends) and prevent any 3rd-party (hacker) from eavesdropping or accessing the transferred data or communication.

19. Evil Twin (News - Alert)

An Evil Twin is a fake WiFi hotspot that is set up to snoop on a wireless network.

20. Exploit Kit

An exploit Kit is a package of automated threats that a cyber-attacker can use to launch attacks against vulnerable systems and programs.

21. Ethical Hacker

An Ethical or White-Hat hacker works either for the cybersecurity company or independently to discover threats and vulnerabilities that the software company didn’t know about, before a Black-Hat hacker is able to.

22. Firewall

A Firewall is used to filter the incoming and outgoing traffic to and from the network. A typical type of firewall is Windows Firewall that’s built-in every Windows PC.

23. FTP

FTP is short for File Transfer Protocol and is used to upload and download files.

24. Gateway (News - Alert)

A Gateway is a bridge between networks that use different protocols to connect.

25. Guessing Entropy

This refers to how difficult it is for a cyber-attacker to guess or crack a password.

It is usually stated in Bits, with the higher number indicating a more difficult-to-guess password.

26. Hashing

A hashing is an encryption algorithm that converts a plain text into a hashed text.

How does hashing work? When a user sends a message, a hashing algorithm generates a hash and encrypts it. The encrypted message is then sent to the receiver who has the other key that allows him to decrypt the hash and read the message.

27. Handshake

When two information systems establish a communication, that’s called a “Handshake”. This begins when one device sends something to the other for syncing or authentication.

28. Identity Fraud

Identity Fraud is the act of unauthorized theft of someone’s personal possession or information (like username) and then using that to gain illicit benefits.

29. Intrusion (News - Alert) Detection System

Intrusion Detection System or IDS is a software that monitors network traffic for any malicious activity and report it.

30. Intrusion Prevention

IP is a way to detect and deal with identified threats. For instance, an IPS can identify a packet as harmful and block it from accessing the network.

31. IP Address

An IP or Internet Protocol Address is a numerical, 32-bit (IPv4) or 128-bit (IPv6) label that gets assigned to a device connected to the network.

32. IP Address Forgery

IP Address Forgery or IP Spoofing is a method by which an attacker pretends to be a legit host to hijack a browser and gain access to a network.

In itself, IP Spoofing is not illegal if you just want to be anonymous online, if you’re disguising as someone else to gain illegal benefits, it is.

33. Keylogger

A Keylogger is a computer program that logs the user’s keystrokes and saves them into a log file.

This log file can then be used for illegal activities, like stealing sensitive information like someone’s PIN, or passwords.

34. Malware

A Malware is any type of malicious or bad software that is created to infect and damage a system.

It is typically delivered by spam email and includes viruses, trojans, worms, ransomware and so on.

35. Man-in-the-Middle Attack

A man-in-the-middle attack targets the “middleman” or WiFi (News - Alert) system that connects the user to the Internet in order to allow a hacker to gain access to a system.

36. One-Way Encryption

A One-Way Encryption is an irreversible (one-way) process of transmitting data between one point (sender) and the other (receiver).

Hashing is a typical one-way encryption as there’s no way to un-hash the string once it reaches the receiver back to the sender.

37. Phishing

Phishing is a method often used by cyber-criminals in which they pose as a trusted company (like a bank) and attempt to steal information from unsuspecting users.

Typically, the victim receives the fake email from the scammer to “update” some information and is provided with a link that leads to the fake website.

38. Ransomware

We already mentioned Ransomware as a type of malware, This is a malicious software that encrypts data it finds on the infected system and allows the attacker to demand money from the victim to “release” the system.

39. Reverse Engineering

This is a mechanism used to detect software bugs and vulnerabilities by analyzing a block of code. For instance, a hacker can use Reverse Engineering to identify OS vulnerabilities.

40. RootKit

RootKit is a collection of malicious software created to allow access to a computer or a part of its software that is not regularly allowed.

41. Script Kiddie

A “Script Kiddie” is someone who is new to hacking. Typically, this is someone who uses someone else’s script to conduct attacks instead of using their own.

42. Social Engineering

Social Engineering is a method of manipulating individuals to reveal personal and confidential information about themselves that can be used for fraud.

43. Spam

Spam is any type of unwanted online content. This typically refers to spam email, messages that can be harmless, but often contain a link to a harmful website.

44. Threat Intelligence

According to Gartner (News - Alert), Threat Intelligence is:

“Evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard.”

45. Trojan

A Trojan is a malicious program that acts as a backdoor for the hacker that allows him to gain control of the host system and infect it.

46. Virus

Probably the best-known term for even non-IT experts. It refers to a malware that has the capacity to infect other files.

Conclusion

With a yearly damage from cyber-crime coming up to $6 trillion in 2021, according to Cybercrime Magazin, the job of an IT and cyber-security professional is evidently important.

With TextMagic’s IT & Hardware Monitoring Text Notifications, your IT company can send SMS notifications to inform their customers of any security breaches, outages or other security emergencies.

About the author

Jennifer Houghton is a head writer at TextMagic. She writes about the latest marketing trends and shares useful tips for practical mobile marketing and building customer relationship.