/ #Ethical Hacking #Terminology 

Introduction to Hacking and Some Terminology

Cybersecurity is a great umbrella term for protecting the:

  • Confidentiality
  • Integrity
  • Availability

of computing devices and networks, hardware or software and most importantly, data and information.

Cybersecurity involves times when data or information is in transit, being processed and at rest.

Cybersecurity is achieved through:

  • Procedure
  • Products
  • People

The security mindset involves thinking about things that can be made to fail. However, you don’t have to exploit the vulnerabilities you find, but if you don’t see the world that way, you’ll never notice most security problems.

Some Hacking Essential Terminology

Confidentiality - Integrity - Availability (CIA) Triangle

CIA Triangle Image

Confidentiality: You must be authorized to see and access the system or data. Only certain people, devices, or processes should be permitted from seeing the data, files, and items like username, and password combinations.

The main way confidentiality is concerned is accomplished is through “encryption”.

Integrity: No single bit has changed either accidentally or maliciously. If one bit of a message is changed the whole message could change.

Integrity

Integrity is accomplished through “hashing”.

Availability: The data, system, or information must be available to use for authorized user whenever needed.

Vulnerability: A vulnerability is a weakness in design or implementation.

Threat: A threat that could be a person or a group or people, mother nature that could take advantage of a weakness.

Risk: It is the probability that a threat could take advantage of a weakness or vulnerability. When we talk about risk, we are talking about probability and impact. So, when we do risk analysis, we question What is the probability of this happening. And, what is the impact if it does happen.

Non-repudiation: A term that means you can’t deny that you did something. We shall learn more in a cryptography chapter what is and how is enforced using digital signature.

Control: A control could be a policy. Whether is a physical, logical or administrative if you could put in place somehow to try to minimize the risk that’s a control.

Mitigation: It means minimizing or reducing the risk. You can never be risk free. You just have to bring the risk to an acceptable level by implementing cost-effective mitigation controls.

Hack Value: What’s the value of this target to someone.

Exploit: Breaching of system using vulnerabilities.

Payload: Part of the exploit code.

Zero-Day Attack: An attack that occurs before patch is available.

Daisy Chain: Gaining access using the same information for multiple networks.

Doxing: Publishing personal identity information

Bot: An application that can be controlled remotely and can be used for malicious purposes like a DDoS attack.

Security, Functionality, and Usability Triangle

It is no good to have a system that nobody can use. So, it is a balancing act.

  • Combination defines level of security:

    • Functionality: Available features
    • Usability: Easy to use
    • Security: Restriction from unauthorized users.
  • Balance is necessary

  • More Security = Less Usability and Less Functionality

In this post we learned what is the goal of cyber security and some key terminology that can be helpful in the journey.

Please feel free to share with your friends and enemies. I’d always appreicate it.

Author

Bablu Kumar

He writes about Python, Cloud Computing and Linux. He is an open-source advocate and a cyber-security enthusiast. His Twitter handle: @hacback17