Z is for …

Zero Day

The time taken between a vulnerability existing and a patch being released to fix it can be several weeks, months or even years. An exploit written to take advantage of this gap is known as a Zero Day.

The bad guys are particularly interested in carrying out attacks against systems with vulnerabilities but no patches, for obvious reasons: it’s very difficult to defend agaisnt them.

Depending on the level of access the zero day can provide, or the damage a bad actor can cause with it, will have an effect on the value of each zero day attack on the Dark Web. Some may sell for “only” a few thousands of pounds, but some can fetch well into five figures, if not more.

A very famous attack carried out using zero days is explained in the film of the same name. It tells the story of an attempt to disrupt the Iranian nuclear programme some years ago, and is well worth watching.

X is for …

X-rated

It’s well known that the internet hosts a wide variety of pornography sites, from the legal on the surface web to the illegal on the dark web.

But what of other adult only material, which is also x-rated and may be illegal. Sites showing gore, mutilation, torture and worse? Again, they’re split between the legal and illegal, and hosted on the surface and dark webs.

Many companies use a technology called content filtering to prevent access to this sort of material. Automated tools trawl the surface web and categorise the websites they come across. Companies block access to certain categories, to help protect their employees.

You can usually do something similar at home. Service providers often allow you to add parental controls, which prevent access to sites showing adult material. Some antimalware providers also have add-ons for web browsers which can alert on or block access to potentially adult rated material.

P is for …

Password

There has been much written about passwords, but for this entry I thought it worth defining what a password actually is. It’s a code, phrase or sequence of letters and numbers which is used to validate that you are who you say you are. It’s often used in conjunction with a username or when you login to a device or system.

You’re advised to keep your password secret, known only to you, because this helps with non-repudiation.

Patching

Pretty much all software has vulnerabilities in it. The more complex the software, the more likely it is to have vulnerabilities. Patches are pieces of code written by software developers to fix those vulnerabilities once the manufacturers become aware of them.

Patching is the process of applying these bespoke pieces of code. Typically patches are given a severity based on the risk the vulnerability contains. Urgent patches should be applied as soon as possible, whereas low risk patches don’t need to be applied so quickly.

When applying patches in a work environment, it is advisable to test the patch on several machines first, before applying it to every device, just in case there are any issues or conflicts which the patch causes with existing software.

Payload

Viruses often contain malware, some of which contains special code to try to compromise a device. This is typically called a payload. Different viruses carry different payloads, and some carry multiple different payloads.

An analogy which might explain this is where you have bomber aircraft, the bombs they carry are referred to as the payload.

Penetration test

A common way of testing web sites and web applications is to run a penetration test. This is where ethical hackers i.e. people with prior permission from an organisation, run tests to see if they can find vulnerabilities, and find out what would happen if those vulnerabilities are exploited.

Typically, the testers will provide a report documenting their findings, and the organisation being tested will then fix any issues found by the testers.

This should be run on a regular basis, because new vulnerabilities, including zero day threats, are constantly being discovered.

There are also physical penetration tests, where people are hired to try to access a business. This is called a red team test.

Phishing

Phishing is a form of attack where the bad guys send email to a list of email addresses (which they’ve often bought on the dark web). The email typically either has an infected attachment or a link to an infected website, or it contains a message asking you to help someone release money from their bank account or some equally ridiculous plea for help.

These messages are indiscriminate and are not targeted at specific individuals. Those which are specifically targeted are known as spear phishing or whaling.

Principle of Least Privilege

A key feature of cyber security is making sure that users only have access to the programs or data they need access to for their job. This is known as the principle of least privilege.

For example, there’s generally no reason why someone working in the accounts department needs access to personnel records, or someone working in HR probably doesn’t need access to files for a specific project. Access would normally be restricted to help protect data.

D is for…

Dark Web

Most of us are familiar with the Internet, and using search engines such as Google and Bing to find information we need. Those operate in a part of the World Wide Web that is often called the Surface Web. It seems like we can find a huge amount of data on the surface web, but in actual fact it’s only about 5% of all material that is available online. A large portion of the remaining data is found on the Deep Web – see below – but there’s a very murky area which is hidden away and can only be accessed by using special web browser software, the most well known being The Onion Router, or ToR. Most users will never have cause to visit this area, because it’s where various illegal web sites / services are found, including drugs, stolen goods, child abuse, false identity documents, counterfeit money etc. It’s therefore an area where criminals globally congregate to deal in and share their services.

Data Centre

A data centre is typically a large room – or set of rooms – with multiple servers in it. It can vary in size from one room with a few racks of servers, to a site with many thousands of servers. Typically they will have redundant power supplies, some form of backup solution, and will often provide services to multiple companies at the same time. Some organisations will run their own data centres, some will outsource their services to a Third Party, and some will operate a mix.

Data centres are typically where cloud services live. Companies such as Microsoft, Google and Amazon offer multiple data centres across most of the continents.

DDoS

Distributed Denial of Services (DDoS) are a method of attack on a company’s services (typically internet based, like web sites or file sharing). They are carried out by multiple internet connected devices including PCs, laptops and IoT machines, often using botnets. The word Distributed is used to signify that the devices are spreads around, possibly even al over the globe.

When a DDoS attack is carried out, the target is overwhelmed by multiple messages being sent from all the devices in the botnet, to the extent that it is rendered unusable.

A way of thinking of this is if you have a crowd of people trying to get through a door. If they move one at a time through the door, there’s no problem. If everyone tries to get through the door at the same time, it will become blocked and take time to become unblocked.

Deep Web

As mentioned above in Dark Web, the Deep Web makes up a huge proportion of the World Wide Web. The sites in this area are not indexed, which means they can’t be found by search engines like Google and Bing, but that doesn’t mean that they are providing illegal services.

Deep Web sites are typically where you can find information that isn’t really for public consumption, but which is used by special interest groups. This will include research groups, academic communities, file sharing sites etc. Users access the sites only if they know the exact address, but can use standard browsers such as Internet Explorer and Chrome – other browsers are available.

Decryption

Decryption is how cryptography makes messages readable again after they have been encrypted. Depending on how data is encrypted, decryption may happen automatically, or you may have to carry out a specific routine using special software.

Disaster Recovery

Disaster Recovery (DR) is most commonly seen as the provision of the IT part of a Business Continuity Plan. It’s about getting your IT systems back up and running within set timescales in order to enable key resources to work as normal.

For example, if you’ve planned to move to an alternate location in the event of an outage with your business, your DR solution will probably include appropriate network connections, having enough desktop or laptop devices available and having the relevant data and software available from the alternate location.

It’s not uncommon for businesses to run tabletop exercises to work out who would do what in the event of a problem, but it’s also a good idea to actually test that the plan works. For example, if your DR plan is to have 20 people up and running within 4 hours at the alternate site, but there are only 10 devices available for them to use at the site, then your plan will fail.

It’s important to note that when testing your plan, things not working are good things to find. It’s better to find that out during a test than when you actually need it.

DOS

Denial of Service (DOS) is similar to DDoS, but instead of being based on multiple devices acting concurrently, is based on a single device. That single device will send multiple messages consecutively at a very high rate, with the aim of overloading the target device.