Things you must know before diving into information security

 

Ever thought of starting your career in the security field??

Or Let’s say you want to attend a workshop or a meetup or an information security event then I recommend that you must go through the following list of basic terms that will help you understand better so that you don’t get confused or get completely blank during a meetup or workshop.

You can also go through my first post “Introduction to Security 101” before proceeding with this article where I have given a small introduction or insight into Cybersecurity.

 

WWW:

Its a short abbreviation of World Wide Web, The web. All the users using HTTP and are globally connected to each other. The WWW is one of many applications of the network.
It is based on the following technologies:

• Web server
• HTML
• HTTP
• and a Web Browser

HTTP & HTTPS:

HTTP is Hyper Text Transfer Protocol and HTTPS stands for HyperText TransferProtocol Secure which are nothing but are application protocols that direct the network to decide how the documents should be displayed to you. HTTPS sends the data in an encrypted form which means the data is not sent in plain text. These protocols need a web browser to display the files. HyperText is text with a link directing to another text or document with its web address. There are many other protocols so here I am sharing a small list of protocols if you are further interested in.

SSL:

SSL is Secure Socket Layer which is a cryptographic protocol that makes sure that the data is transferred from a browser to the destination server without any data manipulation and remains integral. To know about the working of SSL do check this link.

Kernel:

A kernel is a computer program which manages the hardware and conveys the process to be performed for the OS. Here you can find Linux kernel Archive as Linux is Open Source you can find its kernel
Every OS has its own kernel. Modding a kernel in a correct way can add some new features to your OS.

Linux:

Linux is an operating system created by Linus Torvalds. He evolved Linux from a kernel because a kernel by itself gets you nowhere. To get a working system you need a shell, compilers, a library etc.
Linux is open source and is distributed under GNUv2 and GPL licensing.

Shell:

A shell is a user interface which is/was used to interact with your operating system. It needs particular commands to interact. There are many types of shells like Cshell, the Bourne shell, and the Korn shell. It is a part of command processor which runs based on the given input by the user. It verifies that the command is valid or not. If valid it sends the commands to another part of the process.

Linux Distributions:

Linux distributions also called as Linux Distro are different Linux Os based on different DE(Desktop Environment) loaded with software’s and own built Linux kernel. Kali, SamuraiSTF, and Blackbuntu are some of the penetration testing Linux distros.

Vulnerability:

A vulnerability is a weakness in a web application or in a network protocol or a cartography algorithm or a lock or a safe.

Exploit:

Taking advantage of that vulnerability is called exploitation. Using that vulnerability with actually breaking into the system or anything is called Exploitation. It is not always necessary that a vulnerability is exploitable. Exploitation can be in any form, like any programming language or can be a video or step by step procedure. This is Exploit or generally called a POC(Procedure Of Conduct).

Payload:

Things done after exploiting a system is called payload. A payload is again a code which is with exploit code so, as soon as an exploit is successful the payload takes the charge and start its work like connecting the system back to the attacker or executing a Malware or simply fetch the credentials. The Payload completely depends on the attacker what he/she wants to do.

Penetration Testing:

It is a way to test the security of a web application or a network or a system methodically validating
and verifying security mechanism implemented on it.
This doesn’t include only the above but also a proper reporting is to be done.

CVE:
CVE stands for “Common Vulnerabilities and Exposure” which maintains the list of Vulnerability reported and maintained it with a specific ID that would help in recognizing the vulnerability.
The main aim is to standardize the names of the publicly known vulnerabilities.

You can get further information about lots and lots of terms related to security I am sharing:
OUSPG
NIST[PDF]
Sans Glossary

This post was cited from http://securedose.blogspot.com whose original author is Bhashit Pandya

Do Follow:

http://securedose.blogspot.com/2015/04/things-you-must-know-before-you-dive.html

So that’s for now. See you next time. Goodbye

Loved what you read?

If so, then kindly follow and share our website for much more interesting stuff? ?

For any queries please send a Hi to my Linkedin Handle: Here

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *