Information Security Specialist Denis Gamayunov on the basic concepts of this area. Post-Science continues to talk about modern technologies and competencies of the future in the project “ Knowledge Bank ”, prepared jointly with Sberbank Corporate University .
Cybersphere, cyberspace (an undefined term) is a context of human interaction, established in digital signal flows. To interact with other people and machines in this digital environment, people must express their thoughts in writing codes and graphic images without using gestures, contacts, or physical presence. Thus, cyberspace is best understood as virtual space or medium.
Internet of things
The Internet of things is a term that means a large and ever-increasing set of digital devices operating on networks with global potential. The concept of the Internet of things describes a computer network of physical objects (“things”) equipped with built-in technologies for interacting with each other or with the external environment. In contrast to the conventional Internet, which is also called the Internet of people, the Internet of things is formed exclusively by intelligent sensors and other similar devices that may be susceptible to cyber attacks.
Cybersecurity is a set of tools, strategies, security principles, security guarantees, risk management approaches, training, practical experience, insurance and technologies that can be used to protect the cyber sphere, Organization user resources include connected computer devices, personnel, infrastructure, applications, services, telecommunication systems, and the entire set of transmit and / or stored information in cyber sphere.
A hacker is skilled programmer who can find quick and elegant ways to fix bugs or make changes to software. Interestingly, in the Russian-speaking environment, the word “hacker” is often used as a synonym for the word “attacker”: a person committing various kinds of illegal actions in the field of computer science. It’s more correct to call cybercriminals the word “blackjacker” (from English blackhat ).
Computer attack – targeted unauthorized influence on information, on the resource of an automated information system or gaining unauthorized access to them using software or hardware and software. As a rule, an attack exploits one or another vulnerability in the attacked information system or a combination of vulnerabilities.
Vulnerability – a flaw in the computer system, the use of which leads to a violation of the integrity of the system and incorrect operation. The vulnerability arises as a result of programming errors, flaws that were allowed when designing the system, weak passwords, malware, and so on.
Hardware tab – a device in an electronic circuit, covertly embedded to other elements that can interfere with the work of a computer system. The result of the hardware bookmark can be either a complete disabling of the system, or a violation of its normal functioning, for example, unauthorized access to information, modification or blocking. A hardware bookmark can be used to covertly collect data from the system and transmit it to an attacker, and the introduction of such a bookmark is possible both in production and throughout the supply chain from the manufacturer to the end user.
Compromise (hacking) is the result of a successful attack on a system vulnerability. In cryptography, this term is used to indicate the fact of access by an unauthorized person to the protected information, as well as suspicion of it. Most often they consider the compromise of a private key, a private algorithm, a digital certificate, accounts (passwords), subscribers, or other secured elements, allowing to verify the identity of the participant in the exchange of information. They often talk about getting a shell (remote access to the system with user or administrator rights) as a result of successful compromise.
Detection of attacks is the process of constant monitoring of an information system in order to detect and block computer attacks on it. The process can be carried out using special software or hardware, cybersecurity specialists, cloud monitoring centers (the so-called SOC – Security Operations Center ), and even government services. For example, in Russia there is GosSOPKA – a distributed system for detecting and preventing computer attacks, which is supervised by the FSB.
Vulnerability Detection – the process of analyzing an information system in order to detect possible problems in the security system, assess and eliminate vulnerabilities. Vulnerability detection can include research and reverse engineering of the software and hardware components of the system, analysis of program code using special methods to detect previously unknown flaws – this is done by hackers and security researchers, and if successful, they talk about detecting a “zero day vulnerability” (0 day) . Vulnerability detection may also involve analyzing the system for the presence of known flaws, and then we can talk about “penetration testing” or security analysis using the “black box”, “gray box,” “transparent box” methods. In this case, special safety scanners can be used in combination with manual analysis.
Protected software (safe software) – it is customary to talk about software development methodologies that developers can or should use to minimize the likelihood of vulnerabilities in their programs and, as a result, reduce the possible consequences of attacks on these programs. Many large companies have already moved or are actively transitioning to the secure software development cycle, in which hackers play one of the key roles.
An encryption key is secret information (a set of numbers and letters) that is used by the algorithm to encrypt and decrypt information. There are symmetric ciphers (in this case, one key is used for encryption and decryption) and asymmetric, in which each participant has their own key pair: public and private. The public (public key) is accessible to everyone and is often used to encrypt data when the browser accesses the server using the SSL / TLS protocol. Private (secret key) is known only to the owner of the site. Used to decrypt data sent by the browser. In practice, public and private key encryption is used to negotiate a symmetric cipher key between the browser and the server at the very beginning of HTTPS interaction