Authentication - The process of identifying a user's identity, making sure that they can
have access to the system and/or files. This can be accomplished either by a password,
retina scan, or fingerprint scan, sometimes even a combination of the above.
Botnet - A network of computers that ha...
Authentication - The process of identifying a user's identity, making sure that they can
have access to the system and/or files. This can be accomplished either by a password,
retina scan, or fingerprint scan, sometimes even a combination of the above.
Botnet - A network of computers that have been infected with a virus, and now are
working continuously in order to create security breaches.
DDoS - Using multiple hosts and users, hackers bombard a website with a tidal wave of
requests to such an extent that it locks up the system and forces it to temporarily shut
down.
Domain - A series of computers and associated peripherals (routers, printers,
scanners), that are all connected as one entity.
Encryption - Coding used to protect your information from hackers.
Malware - malicious software that damages or disables computer systems and gives
limited or full control of the systems to the creator for malicious activities such as theft or
fraud.
Spoofing - When a hacker changes the IP address of an email so that it seems to come
from a trusted source
Spyware - A type of malware that attackers install on a computer to secretly gather
information about its users without their knowledge.
Trojan Horse - A form of malware, this one a misleading computer program that looks
innocent, but in fact allows the hacker into your system via a back door, allowing them
to control your computer.
Virus - It infects a system by inserting itself into a file or executable program. Malware
which changes, corrupts, or destroys information, and is then passed on to other
systems, usually by otherwise benign means.
VPN - creates a safe and encrypted tunnel over a public network to securely send and
receive sensitive information. It creates a subnet by using key-based encryption for
secure communication between endpoints.
Worm - Malware that can reproduce itself for the purposes of spreading itself to other
computers in the network.
,Hack Value - The notion among hackers that something is worth doing or is interesting.
Vulnerability - An existence of a weakness, design, or implementation error that may
lead to compromising the security of the system.
Exploit - A breach of IT system security through vulnerabilities. It is the part the malware
that contains code or a sequence of commands that can take advantage of a bug or
vulnerability in a digital system or device.
Payload - Payload
Daisy Chaining - Gaining access to one network and/or computer to obtain information
that will enable them to gain access to multiple other computers and/or networks.
Doxing - Publishing personally identifiable information about an individual that was
obtain from public databases and social media.
Bot - A software application that can be remotely controlled to execute/automate
predefined tasks.
Information Security - A state of infrastructure and information well-being to keep the
possibility of theft, tampering, disruption of information and services kept tolerable and
low.
Confidentiality - The assurance that information is only accessible to authorized
individuals.
Integrity - The trustworthiness of preventing improper and unauthorized changes of data
or resources.
Availability - The assurance that the system which is responsible for the processing,
delivering and storing of information is accessible to the authorized users when
required.
Authenticity - Any data, communication or document characteristics which ensures the
quality of being genuine.
Non-Repudiation - Guarantees that an individual cannot later deny sending a message
and the recipient cannot deny receiving a message.
Cloud Computing - An on-demand delivery of IT capabilities where infrastructure and
applications are provided to subscribers as a metered service over a network.
Advanced Persistent Threats (APT) - An attack vector focuses on stealing data from a
victims machine without their knowledge.
,Cloud Computing Threats - An attack vector is a flaw in within a client's application
cloud which can enable attackers to access other client's data.
Insider Attacks - An attack is performed on a network or single computer by an
entrusted individual who has authorized access.
Web Application Threats - A security attack vector that threatens the performance of a
website and hampers its security to steal user credentials, set up a phishing site or
acquire private data by targeting web applications.
SHA-1 - A Secure Hashing Algorithm (SHA) that produces a 160-bit digest from a
message with a maximum length of (264 - 1) bits, and resembles the MD5 algorithm.
Software as a Service (SaaS) - Offers software to subscribers on-demand over the
internet.
Platform as a Service (PaaS) - Offers development tools, configuration management,
and deployment platforms on-demand that can be used by subscribers to develop
custom applications.
Infrastructure as a Service (IaaS) - Provides virtual machines and other abstracted
hardware and operating systems which may be controlled through a service API.
Identify as a Service (IDaaS) - Offers IAM services including SSO, MFA, IGA and
intelligence collection.
Security as a Service (SECaaS) - Provides Penetration testing, authentication, intrusion
detection, anti-malware, security incident, and event management services.
Container as a Service (CaaS) - Offers Virtualization of container engines, management
of containers, applications and clusters through a web portal or API.
Function as a Service (FaaS) - Provides a platform for developing, running and
managing application functionality for microservices.
Public Cloud - Services are rendered over a network that is open for public use.
Private Cloud - Cloud infrastructure is operated for a single organization only.
Community Cloud - Shared Infrastructure between several organizations from a specific
community with common concerns.
Hybrid Cloud - Combination of two or more clouds that remain unique entities but are
bound together, thereby offering the benefits of multiple deployment models.
, Multi Cloud - Dynamic heterogeneous environment that combines workloads across
multiple cloud vendors, managed via one proprietary interface to achieve long term
business goals.
Cloud Consumer - A person or organization that uses cloud computing services.
Cloud Provider - A person or organization that provides services to the interested
parties.
Cloud Carrier - Providing connectivity and transport services between cloud consumers
and providers.
Cloud Auditor - A party that can conduct independent assessment of cloud service
controls and taking an opinion thereon.
Cloud Broker - An entity that manages the use, performance and delivery of cloud
services, and maintains relationships between cloud providers and consumers.
Virtualization - The ability to run multiple operating systems on a single physical system.
or multiple instances of one operating system and share the underlining resources such
as a server, storage device or network.
Containers - Placed on the top of one physical server and host operating system, and
share the operating systems kernel binaries and libraries, thereby reducing the need for
reproducing the OS.
Docker - An open source technology used for developing, packaging and running
applications and all its dependencies in the form of containers, to ensure that the
application works in a seamless environment. It provides a PaaS through OS level
virtualization and delivers containerized software packages.
Kubernetes - An open source, portable, extensible, orchestration platform developed by
Google for managing containerized applications and microservices. It provides a
resilient framework for managing distributed containers, generating deployment
patterns, and performing failover and redundancy for the applications.
Network Sniffing - Interception and monitoring of network traffic which is being sent
between the two cloud nodes.
Packet Sniffers - Programs that capture data from information packets as they travel
over the Internet or company networks. Captured data is sifted to find confidential or
proprietary information.
Side Channel Attack - An attack where an attacker runs a virtual machine on the same
physical host as the victims virtual machine and takes advantage of the shared physical
resources (processor cache) to steal data ( cryptographic keys) from the victim.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller EvaTee. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.
