Get smart and stay safe.
Internet security is a complex topic even for experts in the field, and for average people the terminology can be downright confusing. While you may not need to know every technical term out there, having a working vocabulary of basic terms can help you stay informed enough to protect yourself against major threats.
If you know what a phishing email is, for example, you can be on the lookout and avoid this common danger. This lexicon of the most important security terms will help you make sense of security alerts and help equip you to take appropriate steps to protect your home network and computers.
Key security terms
Computer systems and networks employ a variety of techniques to protect you and your data from unauthorized access. Here are the most common terms that describe ways of protecting your data.
2FA: Short for “Two-Factor Authentication,” it’s a method to secure online accounts by adding an additional “factor” beyond a password. It could be a text-message confirmation or a code generated by a trusted app for this purpose. If 2FA is available for your accounts, start using this feature.
Authentication: Confirms authorized access to a platform or account, typically by password, biometrics, or code confirmation.
Biometrics: The use of physical characteristics such as facial geometry or fingerprints as a means of secure authentication. Fingerprint sensors on laptops and Windows Hello cameras are common biometric security features that make logging in easier and more secure than a password.
Certificate Authentication: Using a record digitally signed by a trusted authority to validate the authenticity of a website, file, or system.
Encryption: A method to obscure or hide sensitive information by scrambling it in a predetermined way. Encrypting hard drives and other storage devices can help protect your data if your device falls into the wrong hands, while encryption on network connections protects against data from being intercepted by a third party as it travels over the network.
Risk and exploit terms
These important terms describe common dangers and tactics used by hackers and criminals. When shopping for security software, look for options that protect against all threat types and alert you when your information appears on the dark web.
Backdoor: A security exploit in which an attacker creates a covert way of accessing a system—that is, they exploit a “back door” that’s been left open on your PC.
Boot Record Infector: Also known as an MBR (Master Boot Record) infector, it’s a form of virus that targets a portion of the hard drive that is loaded as the computer system boots. It can be exploited to potentially bypass the operating system’s security features.
Botnet: Short for “robot network,” it’s the use of large numbers of infected computers by criminals, usually to overwhelm the security or infrastructure of a target system.
Brute Force: The use of large numbers of combinations of letters and numbers in an attempt to eventually hit upon a username and password combination.
Crimeware: Malware used by cybercriminals to perform criminal acts, such as trojan horse viruses that add infected computers to botnets.
Dark Web: A type of shadow network for the internet that uses specific software to anonymize traffic. The dark web is often used for the transmission of illegal or stolen data, including stolen passwords. Security services that monitor the dark web search these networks and alert users if their information is discovered.
Data Mining: The use of large data sets to find correlations about a specific target. By discovering data elements about an individual across multiple websites or databases, attackers can gather enough information to carry out an attack or commit identity theft.
Denial of Service: An attack in which the target system is deliberately overwhelmed by traffic in order to prevent its normal operation. Often carried out by botnets.
Dictionary Attack: A form of automated brute force attack in which a large set of common terms is used to arrive at a user’s password.
Fault Attack: A method used by hackers to gain access to a system by introducing errors into some part of it, such as by sending intentionally malformed data packets to a server or web browser in order to bypass its normal functioning.
Hijack: To gain control of a compromised computer or network connection, with the ability to use it for nefarious purposes.
IP Spoofing: A method of altering a signal to appear to come from an IP address other than its own, usually in order to conceal its actual origin or to impersonate another system. Can be used to bypass international content access restrictions, such as for media streaming.
Kernel Attack: A security exploit that modifies the operating system’s core code (known as the kernel) to create channels for stealing information or gaining control access to the system.
Malware: Software that performs malicious acts on a computer system. Examples: a virus, trojan horse, or a key-logger that records what you type to capture passwords and other information.
Man-in-the-Middle Attack: An attack in which traffic between two systems is intercepted and potentially modified by the attacker. It can be used to steal intercepted data or to insert corrupted information for other purposes.
Masquerade Attack: A method of gaining access to a system by impersonating, or using the credentials of, a legitimate user or system.
Password Cracking: The practice of accessing a system by discovering a working password, such as by a dictionary attack.
Password Sniffing: A method of discovering user credentials by monitoring network traffic for unencrypted passwords.
Pharming: A method of stealing users’ data by redirecting traffic to a spoofed website where users might enter their login credentials or other identifying information, believing they are on the valid site. Often used in conjunction with phishing attacks.
Phishing: A form of social engineering attack intended to lure victims into revealing sensitive data such as usernames and passwords, usually by email or text message. Phishing messages typically include content and images designed to look as though they come from trusted brands, such as a bank or online retailer.
Port Scan: A method used by attackers to discover entry points for a computer system. By scanning for ports on a network or computer, hackers can discover which ports are available, what types of services are running on the computers within the network, and other details that can enable access into systems.
Ransomware: A type of malware intended to lock the user out of their system or steal sensitive or embarrassing data, with the intention of extorting users into paying to regain access or prevent the release of information.
Session Hijacking: A means of gaining access to a user’s online account by taking control of an established connection, such as by duplicating active cookie data from the user’s session. Website connections are secured within sessions, which expire after a predetermined period of time. By presenting a copy of an unexpired session’s cookie to a website, attackers can impersonate the user and gain access.
Sniffing: Any method of detecting and collecting data over a network transmission. Often used to discover passwords over wireless networks.
Social Engineering: A variety of methods that may be used to exploit human social vulnerabilities to gather sensitive information or gain access to systems. Can include phishing, phone scams, impersonation of trusted people, and other techniques.
Spoof: Any deceptive method of modifying a system or account to appear to be something that it is not, such as by modifying a computer’s IP address to gain access to restricted content or making a phishing email or fake website appear to belong to a trusted brand in order to fool visitors.
Trojan Horse: A type of malware hidden within an apparently safe application in order to place malicious code onto the computer.