A Comprehensive List Of IT Terminology Business Owners Should Know
From the first rudimentary, hand-made tools, to the world’s fastest supercomputers – technology has never stopped evolving, and it never will.
And it isn’t supposed to either, right? I mean, the day we develop a computer so advanced that it can’t theoretically be improved upon is the day I wander off into the woods to build myself a log cabin.
We’ll have reached the peak of human invention. No need or way to improve, just replicate and enjoy.
But that day will never come, so instead we have to accept the fact that the overall knowledge base when it comes to technology is infinite. This is alright with us, because it keeps us employed!
But an ever-evolving, infinitely-expandable knowledge base does pose a lot of issues. The biggest and most obvious one being: how the heck do you get started!?
I mean, there’s literally an infinite amount of information. What do you need to know? How do you learn what you need to know? Who do you ask? What if you know so little you’re afraid of asking!?
That’s where we come in. We’re well aware of how difficult it is to stay in the know. We’re constantly educating ourselves on the tech world’s latest advancements so that we can serve as the knowledge hub our customers need.
And frankly, it’s difficult enough for us to keep up with all of the changes, so I can’t imagine how daunting it must be for someone who doesn’t work in the industry.
We’re finding that, day-after-day, the knowledge gap between IT experts and IT laymen is growing larger, and we think that’s a problem. So, to try and bridge that divide, we’ve decided to write a series of articles designed to help someone develop a base level of IT related knowledge.
Continuing after last week’s article: A Comprehensive List Of All The Keyboard Shortcuts You’ll Ever Need. (we highly recommend you read that first if you haven’t already), here is A Comprehensive List Of IT Terminology Business Owners Should Know.
APT (Advanced Persistent Threat)
The first piece of IT terminology, in alphabetical order that is, is Advanced Persistent Threat. ATP is a type of cyberattack where the attacker(s) infiltrates a system or a network and remains inside for as long as possible. The ultimate goal of an APT is to steal critical information over a long period of time. APTs require a lot of effort and skill, so they’re usually used on high-value targets such as governments and large corporations. As a business owner, knowing this term can help you avoid them.
A backup is a duplicate copy of your data that can be used to recover the original in the event of data loss. Backups can be kept on a separate, physical storage device or on an online/cloud storage solution. Backups should be created on a regular basis as the amount of data you have saved grows. We recommend the 3-2-1 strategy, meaning you keep 3 copies of your data overall – the original and at least 2 backups. Additionally, we recommend you keep at least one physical and one digital (in the cloud) copy. Never store multiple physical backup devices in the same location.
A bot is a program automated to perform a repeated action to reach a pursued goal. Bots can be either malicious or beneficial.
A botnet is a collection of computers which have been compromised by malicious code, granting the attacker the ability to remotely control the system’s resources in order to perform illicit or criminal activities. Botnets can comprise dozens to millions of individual computers. The term botnet is short for: robotic network.
Brute Force Attack
A brute force attack is a method for cracking an account’s password using software that persistently and automatically tries different variations of letters, numbers, and symbols until the correct password is discovered. Brute force attacks typically rely on context and information such as previously known passwords revealed through data breaches to more accurately hone in on the password.
BYOD (Bring Your Own Device)
Here is IT Terminology that you may not even know that you know. A BYOD is a security policy that dictates whether or not employees can/should bring their own devices into the work environment. A BYOD policy can range from complete prohibition of personal devices, to allowing any device to be connected to the company network with full access to company resources. Generally, BYOD policies put reasonable security limitations on which devices can be used on company property, while severely limiting access to sensitive network resources.
Catfishing is the practice of using fake social network accounts or online profiles to impersonate an identity for the purposes of deceiving a real person online. Perhaps this piece of IT terminology is more relevant in your social life.
Cloud is defined as computing resources made available for access through the internet from any point in the world, through any internet-connected device.
A cookie refers to small data files stored on your computer after visiting a website. Cookies are how websites track personal details, preferences, and web history, allowing them to offer their users certain benefits, such as faster access, and the auto-filling of credentials for quicker check-outs and logins. But cookies are predominantly used to strengthen an advertisers ability to offer relevant ads based on specific interests and browsing history. Your marketing team is definitely aware of this IT terminology. Browsers allow you to limit how much information cookies can collect as they affect your privacy and disclose your online habits.
The Dark Web uses the same infrastructure as any other online service, but in a way that masks its websites, marketplaces, and visitors from being traced. The Dark Web isn’t a cohesive whole, instead different parts that require different protocols or software to access. Routing on the Dark Web makes it very difficult to trace individuals, giving its users near total anonymity. Because of that anonymity, the Dark Web has become synonymous with illegal activities. But the Dark Web is also very useful for legal, beneficial purposes that require anonymity. Newspapers, for instance, often have Dark Web portals where whistle-blowers and confidential informants can safely and anonymously leave information.
A data breach is the disclosure of confidential information, or the unauthorized access to confidential information. Generally, a data breach results in internal data being made accessible to external entities without authorization. You do not want to encounter a data breach as a business owner.
DDoS Attack (Distributed Denial-of-Service)
A DDoS attack attempts to disrupt the normal traffic of a server, service, or network resource by flooding it with increased traffic from multiple sources to ultimately crash or stall it. These are often carried out through control of malware infected devices around the Internet. The purpose of a DDoS attack is to significantly amplify the level of the attack beyond that which can be generated by any single system in order to overload a larger and more protected target. DDoS attacks are often waged using botnets.
A deepfake is a video clip of an individual that has been digitally altered to make them appear to be someone else. Deepfakes are typically used maliciously to spread false information, and individuals impersonated are usually politicians and world leaders.
Decrypting is the act of transforming ciphertext (i.e. the unintelligible and seemingly random data that is produced by an encryption) back into its original plaintext or cleartext form. Data is transformed into ciphertext by a symmetric encryption algorithm using a selected key. Ciphertext can be converted back into its original form by performing the decryption process using the same symmetric encryption algorithm and the same key used during the encryption process.
DNS (Domain Name System)
The DNS is the translation system that converts text-based domain addresses into numerical IP addresses that computers can use to communicate with and locate one another. Every IP address has its corresponding human-readable name. When you type in a web address in your web browser (www.jaydien.com), that request goes through the DNS. It receives the domain name and looks up its corresponding IP address. Once the domain name and IP address are matched, your computer can communicate with the webserver and retrieve the web page you requested.
A domain, in the context of networking, refers to any group of users, workstations, devices, printers, computers, workgroups, and database servers that share different types of data via network resources. A domain controller governs all basic domain functions and manages network security. Thus, a domain is used to manage all user functions, including username/password, shared system resources. Domains are also used to assign specific resource privileges, such as user accounts.
Encryption is the process of encoding data to prevent theft by ensuring the data can only be accessed with an encryption key.
The encryption key is a secret number value used by a symmetric encryption algorithm to control the encryption and decryption process. Generally, the longer the key length, the more security it provides. Keep this in mind when protecting your business’ data.
An exploit is a general term for any technique used by a threat actor to leverage a vulnerability in order to compromise a system. An exploit could be simple to carry out (trying the default password on a router hoping it was never changed), or it could require top-tier technical knowledge or custom software.
Here’s a more common example of IT Terminology: a firewall is a commsecurity tool – which may be a hardware or software solution – that is used to filter network traffic. A firewall is based on an implicit deny stance where all traffic is blocked by default. Rules, filters, and access control lists can be defined to indicate which traffic is allowed to cross the firewall. Advanced firewalls can set allow/deny limits based on user authentication, protocol, and even payload content.
A honeypot is a false system created and configured to look and function like a production system, designed to distract attackers in order to prevent them from attacking actual production systems. Honeypots are typically positioned where they would be encountered by an intruder looking for a backdoor connection or attack point. They often contain false data in order to trick attackers into spending considerable time and effort attacking the false system, and are often able to collect enough information in the process to ultimately identify the attackers, or their location.
An Internet Protocol (IP) address is a very important example of IT terminology. It is a numerical identifier for each device connected to a network. It’s how data gets correctly routed from computer to computer. Data is split into packets, and each packet has an address label called the packet header. The packet header holds the IP address of the device the packet is being sent to and the IP address of the device the packet was sent from. This allows routing equipment to know where the packet needs to go. If the device cannot be found, the sender’s IP address in the header is used to notify the sender that the transmission failed.
We’re running out of version 4 (IPv4) addresses, which necessitated the design of version 6 (IPv6) addresses.
An IPv4 address looks like: 192.168.4.1.
An IPv6 address looks like: fe80::d725:2d9a:bdf5:2f5f.
A keylogger can be a software solution or a hardware device used to record anything that the user types on the keyboard. Keyloggers are typically installed covertly so that a user would be unaware that their keystrokes are being recorded. Data such as passwords and login information can then be retrieved by the person operating the logging program.
LAN (Local Area Network)
A LAN is an interconnection of devices (i.e. a network) that is contained within a limited geographic area (typically a single building). For a typical LAN, all of the network cables or interconnected media is owned and controlled by the organization.
Machine learning is the use of artificial intelligence (AI) to help systems process vast amounts of data to learn and adapt without following explicit instructions, instead relying on algorithms and statistical models to analyze and draw inferences from patterns in that data. You may want to consider implementing this IT terminology into your business.
Malware (Malicious Software)
Malware is any code written for the specific purpose of causing harm, disclosing private information or otherwise violating the security or stability of a system. Malware is an “umbrella term” for malicious software and can refer to: viruses, worms, Trojan horses, backdoors, rootkits, ransomware/spyware/adware, etc.
MFA (Multi-factor Authentication)
Multi-factor authentication relies on more than one authentication factor. There are only three recognized authentication factors:
Something you know — like a password, PIN, or the answer to a security question.
Something you have — like a physical token or a virtual token attached to your cell phone.
Something you are — which covers biometrics like fingerprints and retinal scans.
When you need to use more than one of these factors (like a password AND a token) that is MFA. Using two examples from one factor (password and a security question) is not MFA.
2FA (Two-factor Authentication)
Two-factor authentication is a means of proving one’s identity using two authentication factors. A form of multi-factor authentication.
Open source refers to software for which the original source code is made freely available and may be redistributed and modified.
A patch is an update or change to an operating system or application. A patch is often used to repair flaws or bugs, as well as introduce new features.
Penetration Testing (Ethical Hacking or Pen Testing)
Penetration testing is an advanced form of security assessment where security experts use tools and exploits to discover flaws in a network with the view of ultimately securing it. These should only be performed by experts, and only on environments with mature security infrastructures. Penetration tests use the same tools, techniques, and methodologies as criminal hackers, and thus, they can cause downtime and system damage.
Phishing is another piece of IT terminology that you and your employees need to know. It refers to the fraudulent practice of sending emails purported to be from reputable companies or individuals in order to trick victims into revealing personal information, such as passwords and credit card numbers.
Ransomware is a form of malware that holds a victim’s data hostage on their computer through robust encryption, typically followed by a demand for payment in the form of crypto currency (an untraceable digital currency) in order to release control of the captured data back to the user.
ReCAPTCHA or CAPTCHA
reCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a turing test designed to tell humans and bots apart. They are easy for humans to solve, but hard for “bots” or software programs to solve. (Source: Google)
Rootkits allow a threat actor to remotely connect to your computer and to control it when you are not present. They can upload and download files, documents, inject more malware, and just about anything else as if they were sitting directly in front of it. What makes rootkits so insidious is that they are very difficult to detect and very difficult to remove once detected. Rootkits can be distributed in phishing attacks, by visiting infected websites, or by downloading files from file-sharing sites.
Sandboxing is the means of isolating applications, code, or entire operating systems in order to perform testing or safety evaluations. Sandboxing limits the actions and resources available to the isolated item. This allows for the isolated item to be evaluated while preventing any harm or damage to be caused to the host system or its related data. Threats are often purposefully activated in sandboxed environments, so that they can be evaluated, and ultimately resolved.
Social engineering is an attack that focuses on people rather than technology. This type of attack is psychological and aims to either grant access to information or to a digital or physical environment. A social engineering attack example would be impersonating technical support staff to trick a user into revealing their account credentials.
Spoofing is the act of falsifying the identity of the source of a communication or interaction. It is possible to spoof an IP address, MAC address and email address.
Spyware is a form of malware that monitors user activities and reports them to an external third party. Spyware can be legitimate in that it is operated by an advertising and marketing agency for the purpose of gathering customer demographics. However, spyware can also be operated by attackers using the data gathering tool to steal an identity or learn enough about a victim to impersonate them.
A trojan horse is a form of malware where a malicious payload is embedded inside of a benign host file. The victim is tricked into believing that the only file being retrieved is the benign host. When the victim uses the host file, the malicious payload is automatically deposited onto their computer system.
Virtual Private Network (VPN)
This bit of IT terminology is one you’re probably already familiar with. A virtual private network encrypts your network traffic so that it cannot be monitored or accessed. Typically, VPNs are used to provide secure and private connections across the internet, and to connect remote workers to company servers from remote locations.
VPNs are actually programs that must be run on both ends of the connection, one side having the client software and the other running the VPN server software.
A vulnerability is any weakness in an asset or security protection which would allow for a threat to cause harm. A vulnerability could be a coding flaw, a mistake in configuration, a limitation of scope, an error in architecture / design, or a clever abuse of valid systems and their functions.
A worm is a form of malware that focuses on replication and distribution. A worm is a self-contained malicious program that attempts to duplicate itself and spread to other systems. A worm can also be used to deposit other forms of malware on each system it encounters.
The term “zero day” refers to a vulnerability that exists without the security software manufacturer’s knowledge, leaving users who rely on that security software open to attack. For example, if you use AVG Antivirus, an AVG zero-day vulnerability would be a vulnerability that the AVG software does not know to scan your computer for, because its developers have not yet resolved and released its resolution in the form of an update. Once the problem is discovered, manufacturers have “zero days” to resolve the vulnerability. Security software firm Kaspersky, perhaps you use them for your business, offers this distinction between 3 notable zero-day terms :
Zero-day Vulnerability: A software weakness that can be exploited and is found by attackers before the manufacturer knows about it.
Zero-day Exploit: The method an attacker uses to gain access to the system using that zero-day vulnerability.
Zero-day Attack: When bad actors use a zero-day exploit to get into a system to steal data or cause damage.
So the vulnerability is the weakness, the exploit is the method bad actors use to get in, and the attack is the result of those bad actors using that vulnerability to cause damage. The terms are sometimes used interchangeably, but they’re not quite the same.
And That’s All of Them!
We know how intimidating the world of technology can seem, especially for anyone who feels like they aren’t meant to understand it, or were left behind a long time ago. Hopefully this list of relevant IT terms helps you grow a little more familiar with the industry, and boosts your businesses’ capabilities in addition to your confidence next time you’re at the watercooler and the subject comes up.
We recommend bookmarking this article so that you can quickly access it next time you need it.
And don’t forget, the keyboard shortcut for bookmarking a tab is CTRL + D.
Ready to Utilize Your New IT Terminology?
Whether you’re looking for robust, automated backup software, or you want to learn more about structured networking cabling for businesses, Jaydien Network Solutions is here to help! If you need any assistance or have a general IT related question you need answered, contact our team today!
We have the tech know-how you need to take your work to the next level! Whether you’re looking for wireless solutions or you’re setting up a business phone system, we have the tools and expertise you need to get started! Reach out today and let us make IT work for you!