top of page
Frequently Asked Questions
-
What is cybersecurity?Cybersecurity (a.k.a. cyber security, computer network security) refers to the specialization of computer network security that consists of technologies, policies, and procedures that protect networked computer systems from unauthorized use or harm. Broadly speaking, cybersecurity topics can be subdivided into two complementary areas: cyber attacks, which are essentially offensive and emphasize network penetration techniques; and cyber defenses, which are essentially protective and emphasize counter-measures intended to eliminate or mitigate cyber attacks.
-
Why do I need cybersecurity?The increasing reliance of our information-age economies and governments on cyber (computer-based) infrastructure makes them progressively more vulnerable to cyber attacks on our computer systems, networks, and data. Both the volume and sophistication of cyber threats (cyber warfare, cyber terrorism, cyber espionage and malicious hacking) are monotonically increasing, and pose potent threats to our enterprise, government, military, or other infrastructural assets. Knowing that to be forewarned is to be forearmed, we are well advised to effect strong cybersecurity defenses that will thwart rapidly evolving cyber threats. Recent newsworthy cyber attacks on critical cyber infrastructure (e.g., Target data breach, Mt. Gox bitcoin hacker attacks, NSA data leaks and subsequent PRISM revelations) demonstrate the urgent need for improved cybersecurity. As cyber threats grow, so must our abilities to neutralize them.
-
What is a cyber-attack?A cyber-attack is an offensive action by a malicious actor that is intended to undermine the functions of networked computers and their related resources, including unauthorized access, unapproved changes, and malicious destruction. Examples of cyber attacks include Distributed Denial of Service attacks: cyber-attacks in which the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source; and Man-in-the-Middle attacks: cyber-attacks where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within the reception range of an unencrypted Wi-Fi access point could insert themselves as a man-in-the-middle
-
What is a cyber threat?A cyber threat is a potential cyber attack, which may be assigned a probability of occurrence that can be used for cyber risk assessment.
-
What are the differences among the terms cyber attack, cyer threat and cyber risk?"The terms cyber attack, cyber threat, and cyber risk are interrelated as follows. A cyber attack is an offensive action, whereas a cyber threat is the possibility that a particular attack may occur, and the cyber risk associated with the subject threat estimates the probability of potential losses that may result. For example, a Distributed Denial of Service (DDoS) cyber attack by a botnet is a cyber threat for many enterprises with online retail websites, where the associated cyber risk is a function of lost revenues due to website downtime and the probability that a DDoS cyber attack will occur.
-
What are the differences among the terms cyber attack, cyber warfare, cyber crime and cyber terrorism?"The differences among the terms cyber attack, cyber warfare, cyber crime, and cyber terrorism are best explained in terms of their actor (perpetrator) and attack effect (equivalent result) characteristics, as shown in the following table.
-
What is malware?Malware is an umbrella term derived from "malicious software", and refers to any software that is intrusive (unauthorized access), disruptive, or destructive to computer systems and networks. Malware may take many forms (executable code, data files) and includes, but is not limited to, computer viruses, worms, trojan horses (trojans), bots (botnets), spyware (system monitors, adware, tracking cookies), rogueware (scareware, ransomware), and other malicious programs. The majority of active malware threats are usually worms or trojans rather than viruses. The following table summarizes the similarities and differences among selected common malware types.
-
What is cyber hygiene?Cyber hygiene (a.k.a., cybersecurity hygiene, cyber security hygiene) is a colloquial term that refers to best practices and other activities that computer system administrators and users can undertake to improve their cybersecurity while engaging in common online activities, such as web browsing, emailing, texting, etc.
-
What are the best practices for cyber hygiene?The best practices for effective cyber hygiene should include and extend the following: Protect your computer network with secure routers with robust firewalls. While traveling, use a Virtual Private Network (VPN) and/or software firewall.The 1st line of cyber defense in computer network security is to install and maintain a secure Internet Protocol (IP) router and a robust firewall that prevents unauthorized users from accessing data, email, applications, web browsers, etc. If you are a computer system administrator: install and configure a secure commerical IP router, white list all approved users, black list all unknown users, and ensure that the wireless (WiFi) communications use WPA2/WPA3 encryption for wireless comunications. If you are traveling away from your business or home computer network, ensure that you are using a secure Virtual Private Network (VPN) and/or your Operating System (OS) has a secure software firewall turned on. Install dependable anti-virus (AV) and anti-malware software that continuously scans your computer/mobile phone, and update it frequentlyThe 2nd line of cyber defense in computer network security is to install and maintain robust anti-virus (AV) and anti-malware software that scans and terminates computer viruses and other kinds of malicious sofware (malware). If you are a computer system administrator install a robust commericial Intrusion Protection Device/Intrusion Protection Device product; if you are a home computer user ensure that you install either a commercial or FOSS (Free & Open Source Software) AV software product. Update all OS, Web Browser and Application software with security patches in a timely manner.The 3rd line of cyber defense in computer network security is to update all Operating System (OS), web browser, and application software regularly to ensure that security patches are properly installed in a timely manner. These security patches are essential to make sure that all currently-known cybersecurity vulnerabilities have been closed. Define strong passwords and use Multi-Factor Authentication (MFA) whenever available Define strong passwords that are unique and complex: 12+ characters, combo of lower case letters, upper case letters, numbers, and special chars (e.g., !@#$%^&*). Do not share passwords, change them regularly (say every 3 months), and do not share the same passwords. Use 2-Factor Authentication (2FA) or Multi-Factor Authentication (MFA), which adds an additional layer of security to passwords, whereever practical, especially to financial, health, and other confidential accounts. 2FA and MFA greatly increases security by corroborating your password with additional information such as a unique pin, biometrics (facial or fingerprint recognition), secondary device (e.g., a personal mobile phone can corroborate web browser password login on a desktop computer). Practice safe web browsing habitsSince many commercial companies seek to harvest personal data it is essential that you practice safe web browing habits which include, but are not limited to, the following: Configure your web browsers' privacy and security settings to block third party cookies, not save passwords, not autocomplete, and not save search histories. (If there is no configuration to not save search histories, purge these and all other saved information, regularly. Set your default web browser search engine to a choice that does not track your query content and habits, for example, DuckDuckGo. Set your default web browse to a choice that fully complies with current W3C standards and supports security plugins. For example, Free & Open Source Software (FOSS) FireFox fully complies with W3C web standards and supports the following security plugins: HTTPS Everywhere The Electronic Frontier Foundation (EFF) and The Tor Project jointly developed this Firefox, Chrome, and Opera extension to support the secure HTTPS communications protocol vs. the standard HTTP protocol, which is more widely used but less secure. (The ‘S’ in HTTPS stands for ‘secure.’) HTTPS Everywhere encrypts communications with many major websites to help secure your browsing experience. Web of Trust (a.k.a. WOT). This extension for FireFox, Internet Explorer, Chrome, Safari, and Opera helps determine if a website is safe to surf. The extension displays traffic signal icons next to URLs and links. Green means the site is reliable; yellow indicates you should proceed with caution; red translates to “steer clear.” The ratings are crowdsourced from WOT’s global user base and are supported by trusted third-party sources, such as up-to-date directories of malware sites. Check out shortened links from a non-trusted source prior to clicking on them, since they have been known to mask malicious links. Check out via ExpandURL or CheckShort URL online utilities. Only visit web sites with via HTTPS (= HTTP Secure) protocol and ensure that the web site's SSL Certificate is valid. (Typically the web URL will begin with "https://…" and the web browser will show a "padlock" icon if the site's SSL certificate is valid. Beware when installing web browser plugins from unknown/untrusted sources. All plugins should be simple and single-purpose in nature; complex, multi-function plugins that are not properly maintained can increase cyber attack surfaces to exploit. For more detailed information about safe web browsing habits check out the Department of Homeland Security’s (DHS) Securing Your Web Browser guide, which explains web browser features and associated risks (e.g., ActiveX, Java, JavaScript, cookies, certain plug-ins, cookies, etc.). Practice safe email habitsConsider that most free commerical email services (GMail, Outlook.com, iCloud Mail, Yahoo Mail, GMX Mail etc.) compromise your privacy to serve targeted ads or otherwise exploit your personal data, it is essential that you practice safe email habits, which include, but are not limited to, the following: Beware of spear fishing emails from unknown/untrusted sources that may link to or contain mailware! Do not click on a link or open an attachment from an unknown/untrusted source. Delete and purge subject email and blacklist the sender. Do not include sensitive or confidential information (e.g., financial, health) in your email subject, content or plaintext (unencrypted text, a.k.a. clear text) attachment. If you need to send sensitive or secure information via email, encrypt it as an attachment, and send the password via an alternative mechanism (e.g., voice communication, SMS/MMS text message, separate unassociated email). Consider a secure email service, with end-to-end encryption to ensure that your email content remains private. Check out: The 5 Best Secure Email Services for 2019: Encrypted email services keep your messages private. Keep your user data separate from applications, and apply strong encryption to all sensitive and confidential dataKeep all user data separate from user applications, and keep personal data separate from business data. Apply strong encryption (AES-256 bit or higher) with strong passwords (see #4 above) to all sensive and confidential data including, but not limited to, financial and health data. Keep your user data separate from applications, and back up data regularlyKeep all user data separate from user applications (see #6 above) and back up data to another network node (computer or server) frequently (weekly if not daily), and offsite (cloud-based and/or bank deposit box) regularly (monthly if not bi-weekly). Be wary and selective when buying goods or services online.You should be specially wary when buying goods or services online, especially when it is a unknown/untrusted source. In general you should: Check the website is secure. Check that the website URL starts with the letters “HTTPS://” and has an image of a small "padlock", usually in the top left-hand corner (see #5 above) Select your item(s) you wish to purchase, add them to your Shopping Cart temporary storage, and proceed to the Check Out page to pay. Enter your credit card details (name, address, phone number, email, credit card#, CVV#, etc.) as needed. Verify that shipping and billing information are correct. Confirm payment and keep a soft copy of the payment information. When selling and disposing of computers and storage devices securely erase all persistent storage.When selling or disposing of your desktop, laptop, tablet, smartphone or USB drive, it’s critical that you securely wipe (erase) all personal, sensitive and confidential data. Deleting files alone is insufficient, since they frequently can be recovered by hackers and forensic specialists. Conequently, you should securely erase as explained in the following PC World article How to securely erase your hard drive. Check out Scientific American's How to Destroy a Hard Drive—Permanently article. Keep in mind that, like human hygiene, you need to practice cyber hygiene on a regular, systematic basis for it to be effective. Don't worry above implementing all ten of the best practices listed above immediately; you will be better served by implementing them incrementally and opportunistically as you become more cyber aware!
-
How does cybersecurity work?Cybersecurity technologies and processes are most effective when organizations diligently practice good cyber hygiene habits while concurrently checking their cyber defense vulnerabilities defenses via aggressive white hat" (a.k.a. "ethical hacking") Penetration Testing.
-
What does the prefix "cyber" mean?"The cyber-prefix generally denotes something to do with cyberspace, the virtual environment that consists of all networked computers, whose interconnections comprise the Internet-of-Things (IoT). For example, in the context of cybersecurity (= cyber + security) it is common to speak of cyber threats, cyber attacks, cyber defenses, and cyber countermeasures.
-
What is cyberspace?Cyberspace is the virtual environment that consists of computer systems and networks, where all computers communicate via networks and all networks are connected. The term originated in science fiction during the 1980s and became popular during the 1990s. More recently computer vendors are attempting to brand cyberspace as the "Internet of Things" (IoT).
-
What is cyber threat mitigation?In the context of cyber threats, mitigation refers to reducing the severity or damage caused by cyber attacks.
-
What is cyber threat remediation?In the context of cyber threats, remediation refers to reversing or stopping the damage caused by cyber attacks.
-
Why is cyber warfare considered to be a kind of asymmetric warfare?The term asymmetric warfare describes war between belligerents whose relative military powers differ significantly, or whose strategies or tactics differ significantly. The weaker belligerents in asymmetrical warfare frequently apply the strategies and tactics of unconventional warfare (a.k.a., guerrilla warfare) to offset their deficiencies in military quantity and quality. Compare with symmetric warfare, where the belligerents possess comparable military powers and apply similar strategies and tactics. Cyber warfare is considered to be a kind of asymmetric warfare because it potentially allows for significantly weaker actors (including nation states, terrorist organizations, criminal organizations, and “lone wolf” individuals) to wreak substantial financial and infrastructure damage on vastly more powerful nation states.
-
What is cyber defense?The term cyber defense, along with the related term cyber countermeasure, are defined as follows: Cyber defense: Activites intended to eliminate or mitigate the effects of a cyber attack. Cyber defense is based on the following core principles: Confidentiality: Information that is secret, classified, private or otherwise sensitive must remain so and be shared only with appropriate users. Integrity: Information must retain its wholeness and not be altered from its original state. Availability: Information must be accessible to those who are authorized with a "need to know". For example, in a cybersecure computing environment, personal medical records that are classified as confidential should be protected so that they are only available to those who are authorized (e.g., subject patient, doctors, hospitals, insurance organizations, government agencies), and their integrity cannot be changed without proper authorization and documentation (e.g., a hospital corrects and documents a mistaken entry at the behest of a patient's authorized doctor). Cyber countermeasure: A cyber defense activity that is aimed to eliminate or mitigate the effects of a specific cyber attack (e.g., Anti-Virus software is designed to act as a cyber counter-measure for a computer virus attack).
-
What is a firewall, and how does it work?"In general usage, a firewall is a fire-resistant barrier that is used to prevent the spread of fire for a prescribed period of time. Fire walls are built between or within buildings, or within an aircraft or vehicle. In the context of computer networks, a firewall is a network security system that monitors incoming and outgoing network message traffic and prevents the transmission of malicious messages based on an updatable rule set. In effect, a firewall establishes a barrier between a trusted, secure internal network and external networks (e.g., the Internet) that are assumed to be untrustworthy and non-secure. Firewalls can be implemented as software that runs on general-purpose hardware (e.g., an open source firewall on a Windows PC or Mac OS X computer) or a dedicated hardware device (appliance). How does a firewall work? In essence, firewalls function as a filter between a trusted, secure internal network and external networks (e.g., the Internet) that are assumed to be untrustworthy and non-secure. The firewall filter may be flexibly programmed to control what information packets are allowed and blocked.
-
What is anti-virus software, and how does it work?"Anti-virus software, a.k.a anti-malware software, is computer software used to scan files to identify and eliminate malicious software (malware). Although anti-virus software was originally developed to detect and remove computer viruses (hence its name), it has been broadened in scope to detect other malware, such as worms, Trojan horses, adware, spyware, ransomware, etc. How does anti-virus software work? Anti-virus software typically uses two different techniques to identify and eliminate malware: Virus dictionary approach: The anti-virus software scans a file while referring to a dictionary of known virus signatures that have been previously identified. If a code segment in the file matches any virus signature in the virus dictionary, then the anti-virus software performs one or more of the following operations: deletes the file; quarantines the file so that it is unable to spread; or attempts to repair the file by removing the virus from the file. Suspicious behavior approach: The anti-virus software monitors the behavior of all programs, flagging suspicious behavior, such as one executing program attempting to write date to another executable program. The user is alerted to all suspicious behavior, and is queried regarding how the suspicious behavior should be handled. An advantage of the suspicious behavior approach over the virus dictionary approach is that the former can provide protection against new viruses whose signatures have not yet been incorporated into the latter’s virus dictionary. The two approaches are complementary and can be synergistically combined.
-
What is a Next Generation FireWall?A Next-Generation FireWall (NGFW) is the 3rd-generation of firewall technology that extends a traditional stateful network firewall with additional network device filtering functions. Stateful (2nd-generation) firewalls track the operating state of a computer network and the characteristics of network connections that traverse it. Stateful firewalls filter network packets, so that only packets matching a known, active connection are allowed to pass the firewall. In addition to packet filtering, other functions of stateful firewalls include Network—and port—Address Translation (NAT) and Virtual Private Network (VPN) support. Additional NGFW network device filtering functions may include, but are not limited to, Anti-Virus (AV) inspection, Deep Packet Inspection (DPI), Intrusion Prevention System (IPS) filtering, TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, etc.
-
What is a cybersecurity architecture?Cybersecurity architecture (a.k.a. cyber security architecture, network security architecture, or cyber architecture for short) specifies the organizational structure, functional behavior, standards, and policies of a computer network that includes both network and security features. The collective features of a cybersecurity architecture include, but are not limited to, the following: Network Elements network nodes (computers, NICs, repeaters, hubs, bridges, switches, routers, modems, gateways, etc.) network communication protocols (TCP/IP, DHCP, DNS, FTP, HTTP, HTTPS, IMAP, etc.) network connections between nodes using specific protocols network topologies among nodes (point-to-point, bus, star, ring or circular, mesh, tree, daisy chain, hybrid) Security Elements cybersecurity devices (firewalls, Intrusion Detection/Protection Systems [IDS/IPS], encryption/decryption devices, etc.) cybersecurity software (Anti-Virus (AV) software, spamware software, anti-malware software, etc.) secure network communication protocols (TCP/IP, DHCP, DNS, FTP, HTTP, HTTPS, IMAP, etc.) strong encryption techniques (end-to-end encryption, zero-knowledge privacy, blockchain, etc.) Security Frameworks & Standards cybersecurity framework standards technology standards for cybersecurity software choices Security Policies & Procedures security policies and procedures that are customized and enforced for your organization and/or project. Ideally, a cybersecurity architecture should be definable and simulatable using an industry-standard architecture modeling language (e.g., SysML, UML2).
-
What is the purpose of a cybersecurity architecture?The purpose of precisely and comprehensively specifying a cybersecurity architecture is to ensure that the underlying network architecture, including its crown jewel sensitive data and critical applications, are fully protected against current and future cyber adversaries. Just as a competent military commander needs to fully understand different kinds of terrain and the weakpoints of his forces to effectively defend her troops and territory, a savvy cybersecurity architect needs to thoroughly understand different network topologies and cyber attack surface vulnerabilities to effectively defend her crown jewel sensitive data and critical applications. The primary goals of a bona fide cybersecurity architecture are to ensure that: All cyber attack surfaces are minimized, hidden, and dynamic. All cyber attack surfaces should be relatively small in size, covertly stored, and constantly changing so that they are stealthy moving targets that are difficult for cyber adversaries to detect and penetrate; All crown jewel sensitive/confidential/classified data is strongly encrypted at rest. In addition, it should be subject to end-to-end encryption techniques during transit; All cyber attacks are aggressively detected, mitigated, and countered. Moving-Target Defenses (MTD) with aggressive counter-measures are strongly encouraged.
-
What’s the difference between cybersecurity architecture and network architecture?Consider the following definition of a computer network architecture: Network architecture (computer network architecture, or net architecture for short) specifies the organizational structure, functional behavior, standards, and policies of a computer network including, but not limited to: network nodes (computers, NICs, repeaters, hubs, bridges, switches, routers, modems, gateways, etc.); network communication protocols (TCP/IP, DHCP, DNS, FTP, HTTP, HTTPS, IMAP, etc.); network connections between nodes using specific protocols; network topologies among nodes (point-to-point, bus, star, ring or circular, mesh, tree, daisy chain, hybrid); network technology choices; network policies and procedures. Ideally, a network architecture should be definable and simulatable using an industry-standard architecture modeling language (e.g., SysML, UML2). It is sometimes useful to consider a cybersecurity architecture to be a specialization of computer network architecture that emphasizes security features and capabilities. Stated otherwise, a cybersecurity architecture elements can be considered a superset of a network architecture elements.
-
What is cryptography?Cryptography (a.k.a. cryptology) is the practice of techniques for secure (confidential or private) communication in the presence of third parties, referred to as adversaries in this context, because the latter may intercept and compromise (usually by decoding or deciphering) the secure communication for nefarious purposes. In general practice, cryptography is concerned about designing and analyzing secure communication protocols that thwart adversaries. Cryptographic techniques tend to be multi-disciplinary, and involve the disciplines of mathematics, computer science, and electrical engineering. Common applications of cryptography include computer passwords, ATM cards, smart credit cards, and electronic commerce transactions. Usage Note: The term cryptography is sometimes conflated with the term cryptology, where the former is the practical application of secure communication techniques, whereas the latter is the formal study of these techniques.
-
What is the relation between cybersecurity and cryptography?Since cybersecurity defenses are typically based on strong authentication and encryption techniques, which the latter are based on cryptography techniques, cryptography is a key enabling technology for cybersecurity.
-
What is encryption?Encryption is the process of encoding messages or other information, referred to as plaintext, into ciphertext, in a manner in which only the encoder or other authorized parties can convert the ciphertext back to plaintext.
-
What is decryption?Decryption is the inverse process of encryption, in which encoded messages, referred to as ciphertext, are decoded into plaintext, so that their original unencrypted content may be read.
bottom of page