Glossary of Security Terms
To better understand security measures and recommendations, you should know some related terminology.
Digital document issued by an independent entity that guarantees the identity of systems and people on the Internet.
An electronic certificate serves to:
• Authenticate the username identity to third parties electronically.
• Sign electronically in a way that guarantees the integrity of the data transmitted and its origin.
• Encrypt data so that only the recipient of the document can access its contents.
Encryption is a method for increasing the security of a message or a file by encoding the content so that only the person who has the appropriate encryption key can decrypt it.
Malware (malicious software), also called badware, malicious code, malicious software or malicious programs, is a type of software that aims to infiltrate or damage a computer or information system without the consent of its owner.
Includes viruses, worms, trojans and backdoors. Malware often spreads using popular communication tools, such as email and instant messaging, as well removable magnetic media, such as USB devices. It also spreads through inadvertent downloads and attacks to security vulnerabilities in software.
This is a form of authentication that uses secret information to control access to a resource. The password must be kept secret to those who are not allowed access. In order for passwords to be effective they must be chosen in a way that is difficult for an attacker to discover.
Information sent by a website and stored in the user's browser, so that the website can query the user's previous activity.
Emails that ask that the message be sent to more people for these people to also forward them. They often carry fake news, can contain viruses, etc.
A computer tool designed to block unauthorized access in a network.
It can be a specialized system or an installed program (personal firewall). A personal firewall is a program that runs on your computer on a continuous basis and monitors the connections that enter and exit from the computer and is capable of distinguishing those that are legitimate from those made by intruders. In the latter case, it blocks and notifies computer users.
Protocols and systems that are used to protect information and provide security to communications and communicating entities.
Refers to a program designed to control what content is allowed to be displayed, especially to restrict access to certain materials on the web. The content filter determines what content will be available on a particular machine or network. Content filtering is used to block viruses sent by email, to control Internet access to minors, etc.
Digital information associated with a particular operation carried out on the Internet which, together with the certificates, enables guaranteeing the identity of participants in a transaction.
Worms are malicious programs that reproduce from one system to another without using a host file, which contrasts with viruses, since they require the propagation of an infected host file.
Method used by attackers to deceive computer users, to perform an action that will normally produce negative consequences, such as downloading malware or disclosing personal information.
A computer attack in which the attacker manages to obtain complete control over the machine. The attacker can obtain and alter all the computer's data, change its functioning and even attack new machines.
Phishing or identity theft is an IT term that refers to a type of computer abuse and is committed by using a type of social engineering characterized by a fraudulent attempt to acquire confidential information (such as a password or detailed information about credit cards or other banking information).
The cybercriminal, known as a phisher, pretends to be a trusted person or company in a supposedly official electronic communication, usually an email, or an instant messaging system, or even by making telephone calls.
The emails or SMSes redirect to a fraudulent website that imitates the appearance of the original page. On this page, users are asked to enter their personal data and passwords, such as their card number, PIN or passwords.
PROXY OR INTERMEDIARY SERVER
Computer system whose mission is to act as an intermediary between one system and another via the internet. Among the purposes of a proxy server is to accelerate your login to the Internet, filter the contents that have been accessed and protect the systems, avoiding their direct communication.
SMiShing is a variant of traditional phishing, which instead of sending emails, uses SMS messages.
Also known as junk mail, which involves almost identical messages sent to numerous recipients.
Malicious or misleading application that is installed in a hidden manner with other programs that the user has downloaded
Software package that tracks and sends personally identifiable information or confidential information to other people. Personally identifiable information is information that can be attributed to a specific person, such as a full name. Confidential information includes data that most people would not be willing to share with anyone, including bank details, credit card account numbers, and passwords. Recipients of this information may be remote systems or parties with local access.
TROJANS OR TROJAN HORSES
Malicious code that is presented to the user as a supposedly legitimate and harmless program, but which, when executed, gives an attacker remote access to the infected computer.
Trojans do not infect other files and are not automatically spread. Trojan horses have malicious code that when enabled cause losses, including data theft. They usually also have a backdoor component, which allows the attacker to download additional threats on an infected computer. They typically are spread through inadvertent downloads, e-mail attachments, or when downloading or voluntarily executing an Internet file, usually after an attacker has used social engineering to persuade the user to do so.
Computer viruses are programs that are installed on the computer, usually hidden from the owner, for malicious purposes. For example, they destroy files, or the hard disk, spread to other computers or cause the computer to malfunction.