A program that prevents other malicious programs from entering a computer or a network for the purpose of unauthorized data collection or other malicious purposes.
Glossary
The process of verifying that an entity (e.g. a user) is who they say they are. Authentication allows systems to be kept secure by ensuring that only authenticated users or processes can access them. There are several authentication methods. For general users, one of the most common is a username-password combination called single-factor authentication, but nowadays more and more services use two-factor authentication, which requires additional information (e.g. code sent via SMS) for authentication. Authentication precedes authorisation.
The process of assigning process or access rights to an identified user or device. During authorisation, the appropriate permissions are continuously checked. For computer systems, administrators can specify in detail what a particular user can access and at what level, and also what actions they can perform. Logically, authorization comes after authentication.
A type of malware, usually invisible to the user, which, once installed, gives access to the computer to an unauthorised remote party. An attacker can then take full control of the computer, download data, make copies, etc. without the user's permission.
A bot is a program that executes automatisms, either autonomously or based on remote commands. It is often used for malicious purposes. They can often be part of botnets.
Bots can check the backend of computers, looking for confidential information. They often run in the background, without the user's knowledge, using the device's resources for malicious purposes.
A hacked network of IT devices controlled by a 3rd party (hacker) and used to cause damage. The most common forms of malicious activity are: sending bulk spam, launching Denial of Service (DoS) attacks, phishing, etc. Botnets are often rented out by cybercriminals for various purposes.
A login, password, or encryption key hacking method where attackers go through all possible combinations hoping to guess correctly. A relatively old attack method, but still effective and popular with hackers. Depending on the length and complexity of the password, cracking it can take anywhere from a few seconds to years.
Pieces of data that are stored on your computer or, more specifically, in your browser software (Google Chrome, Mozilla Firefox, Microsoft Edge, etc.) by the websites you visit. Cookies allow you, for example, to return to a webshop page and see the product you viewed on your last visit first, or to keep products you have previously added to your shopping cart. They help websites to provide a personalised experience. Cookies are essential for the convenient functioning of the internet, but they can also be a source of security concerns, most notably in the case of 3rd party cookies (notably zombie cookies, of which multiple copies are stored in the browser and therefore "resurrect" even after deletion), which are used by marketers to track users' activity.
A domain name is a unique, easily remembered address used to access websites, such as "cert.hu" or "google.com". Users can connect to websites using domain names through the DNS system.
The DNS system is basically the internet's "phone book", a database in which domain names are assigned to IP addresses. It is a distributed system, i.e. there is not a single DNS database, but countless DNS servers around the world, which are in a hierarchical relationship and are able to communicate with each other. Its primary task is to translate a domain name that humans can understand into an IP address that network devices can understand, or vice versa (reverse DNS), so that a given resource can be found on the network.
A network security system that prevents unauthorised access to a computer via the network (e.g. the internet). Programs/devices that monitor and filter network traffic according to specified rules, blocking anything deemed harmful.
An IT security tool connected to a network that mimics likely targets of cyber attacks (e.g. vulnerable networks) in order to attract attempted attacks. When cybercriminals gain access to these 'decoy' systems, security professionals can gather information about the method of intrusion, the purpose of the intrusion and the perpetrators, which helps to thwart attack attempts on real targets.
Any computer (personal computer, workstation, mainframe computer) or other device connected to a network.
IMAP (Internet Message Access Protocol) is a standard e-mail retrieval protocol. It stores email messages on a mail server, allowing you to access your email from anywhere and on any device.
An IP (Internet Protocol) address is a unique numeric identifier for devices connected to the Internet, which allows them to be found on the network. Every computer connected to the Internet has an IP address, but one address can be associated with several devices (e.g. NAT or proxy) and one device can have several addresses (e.g. to identify different network devices on a computer). The IP address is usually assigned by the Internet Service Provider (ISP) and can be static or dynamic. A distinction is made between IPv4 (earlier system, a series of numbers separated by 4 dots) and IPv6 (later system, a series of numbers in hexadecimal format, divided into eight groups of four, separated by a colon).
Unsolicited e-mail (spam) that contains links or attachments to malicious content, such as viruses or malicious programs.
Any malicious software that is intentionally designed to steal data or damage computers or entire systems. Examples include viruses, Trojans, ransomware, etc.
The deceptive practice of fraudsters posing as a known organisation, company or other trusted source in an attempt to obtain personal information (e.g. user IDs, passwords, credit cards, etc.) from others via websites, emails or other messages.
POP3 (Post Office Protocol Version 3) is a standard e-mail retrieval protocol. It works by downloading emails from a server to a single computer and then deleting them from the server. The downloaded emails will then only be accessible from that device. If you wish to access the emails from another device, the previously downloaded emails will not be available.
This malicious software installs itself on the user's computer or network and encrypts or locks sensitive files. The attacker demands a ransom from the user to recover the files or system, setting a time limit. The softwares may enter via suspicious email attachments or downloaded files, or by exploiting vulnerabilities.
This software displays intrusive advertisements on the user's computer that can interfere with the browsing experience and also pose a security risk. It is usually bundled with free applications or installed as part of software downloaded from suspicious sources, often without the user's awareness. Some adware may behave aggressively, for example, redirecting the browser to suspicious sites or changing browser settings.
This software secretly collects sensitive information about the user's computer or device, such as browsing habits, passwords or banking details. It is usually installed without the user's knowledge, often together with other applications or software downloaded from suspicious sources. They can also often display advertisements, collect data on user behaviour or even take control of the computer.
A user identification method that requires two forms of identification to access resources and data. In addition to the usual username and password pair, some additional information is required to verify that the user is indeed the one trying to access the resource. This could be a fingerprint, a one-time use code sent by email or SMS, a USB or NFC key, etc. It is an additional layer of protection for user accounts, preventing unauthorised access in case of password leakage.
A computer program that can copy itself and infect a computer without the user's permission or knowledge.
Short for virtual private network. It provides a secure connection to the internet through a private channel. The VPN encrypts the user's data and hides their IP address.t.
This software can reproduce and spread itself through computers and networks, exploiting their vulnerabilities and lack of security settings. No user interaction is required to spread it after infection. It can cause data loss, system crashes, network performance slowdowns, and even connect to botnets.