The jargon-busting internet security technical glossary

Tips & tricks
66 mins
binary code falling out of a book

Spim? Spam? Spit? Stop feeling overwhelmed by internet security jargon. Use this handy glossary to figure out what’s what!

Jump to…



Access control

Access control refers to the ways in which organizations verify that users are who they claim to be and that they have the rights to the information that they’re trying to get a hold of. Access controls are a crucial part of the cybersecurity chain as they can guard against things like accidental leakage of sensitive information due to employee error as well as exposure of data through weak web server architecture.

Access control is split up into three broad categories. The first, Discretionary Access Control (DAC), uses access control lists to determine whether a user is to be granted (or denied) entry and what permissions they have when inside. The second, Mandatory Access Control (MAC), works by giving each user and software a clearance level label. Only those users with the same or superior clearance level are granted access. Role Base Access Control (RBAC) is the third category, which utilizes job labels to control permissions needed to finish specific tasks.

Advanced Persistent Threats

Advanced Persistent Threats (APTs) are a security breach whereby attackers are able to stay undetected inside systems over a long period of time, without system administrators catching the intrusion. Often, intrusive entities will take advantage of zero-day vulnerabilities to execute their nefarious designs.

Given its extremely clandestine nature, APTs are usually deployed against “high-value” targets such as government agencies, large corporations, banks, and financial institutions. That’s because there are massive volumes of data and information to steal; APTs act surreptitiously so that they can extract as much information as possible over a longer period of time. A quick entry and exit doesn’t serve the purpose in this case.


Adware, or advertising-supported software, displays advertisements on your computer in the form of banners and pop-up windows. These ads are a way for software companies to generate revenue. Some adware runs on your machine without your knowledge and consent, while others are intentionally downloaded. While adware is more of a pesky nuisance than a harmful threat to your cyber security, some adware might collect information about your browsing behavior and sell it to third parties.

How does adware work?

While adware is more of a pesky nuisance than a harmful threat to your cybersecurity, some adware might collect information about your browsing behavior and sell it to third parties. This information, such as websites visited and time spent on each one, is used to target you with more advertisements customized according to your viewing habits.

A device can be infected with adware via two main avenues. The first is that it is installed alongside other programs. This is most common with freeware and shareware. The second is by visiting an infected website. The adware takes advantage of a vulnerability in the user’s web browser to stealthily install itself. Once infected, the adware can collect more private information, redirect you to malicious websites, and insert more advertisements into your browser.


Allowlist is the opposite of denylist, and refers to granting access to specific users in order for them to have privileges on a certain network.


In the internet security lexicon, assets refer to anything that is necessary to finish a specific task. These can be both hardware and software resources, such as servers, switches, and computers to mission critical applications, information, and algorithms. The need to secure assets is a critical function of cybersecurity.

Asymmetric encryption

Asymmetric encryption, or public-key cryptography, is an encryption method that requires two keys to access a server: a public key for encryption, and a matching private key for decryption.

How does asymmetric encryption work?

Asymmetric encryption is commonly used on the internet as a means of privately communicating without either party necessarily knowing the other’s private encryption key in advance. Anyone can encrypt a message using the receiver’s public key, but only the receiver can decrypt it.

Asymmetric encryption is more computationally intensive than symmetric encryption. For this reason, it’s often used to establish a “handshake” wherein a private key is exchanged between the sender and receiver. That private key, known by both parties, is then used to communicate using symmetric encryption. This process is commonly used when visiting sites that have “https” at the beginning of their URL.

Attack vector

Attack vectors are the path used by a malicious entity to gain unauthorized access to a network in order to deliver its payload. Attack vectors could consist of things like malware, viruses, phishing attacks, or zero-day vulnerabilities.

Often, all hackers need is the solitary point of entry into a system in order to wreak havoc. And despite pre-existing safeguards and standard operating procedures, all it takes is one errant employee to click on a malicious link to start the cycle. Sophisticated hackers will often identify the most efficient attack vector and chip away at it until they’re finally able to crack the barrier.

Antivirus software

Anti-virus software, otherwise known as anti-malware software,  scans your computer or mobile device to detect and restrict the spread of malware on your machine. Since malware is constantly evolving, anti-virus software cannot always detect it, so your machine is always at risk of infection. Anti-virus software is also deployed at an administrative level; many email servers use it to scan emails.

How does antivirus software work?

Antivirus can protect a device from a wide range of threats, including: malware, malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraud tools, adware and spyware. Modern antivirus programs often include both real-time threat protection, which guards against possible vulnerabilities as they occur, as well as a system scan, which sifts through all of the device’s files looking for possible risks.

Several antivirus programs are available for almost every operating system, but none are perfect. Furthermore, more operating systems have begun pre-installing antivirus software, such as Windows Defender on Windows 10. You can install multiple antivirus programs on a single system, but users should be wary of compatibility and performance issues this could cause.


Authentication refers to the processes of proving that an individual is really who they claim to be. That’s important because you don’t want the wrong person gaining access to the network.

A common way of authenticating your account is through a regular username/ password. However, there are several additional methods too. Facial recognition software may be deployed in some cases, while others might use encryption, biometric authentication or MFA apps like Google Authenticator.


Authorization refers to the mechanisms that determine what authenticated users are allowed to do. See also access control.

Back to Menu



A backup is an extra copy of the files on your computer or mobile device. It is typically stored in a separate location from the original files, such as on another drive or in the cloud. If anything happens to your files, or if they go missing or get destroyed, then you will be very thankful you have a backup!

How does a backup work?

Note that a backup is an exact copy of whatever files and folder exist on the original. If a file is added to a backed up folder, then that file will appear in the backup. If that file is deleted, then it will be removed from the backup as well (although some backup programs allow recovery up to a certain period of time). This is the key distinguishing factor between backup and storage, wherein storage is a way to save files that may not exist in any other location (Dropbox and Google Drive are examples of storage).

Note that most backup software simply copies user files to another location–often an external hard drive or the cloud. User files include documents, photos, movies, downloads, and music. They do not back up the operating system, settings, or programs. For that, a “full system” or “bare bones” backup is required. Full system backups can be either clones or images, and they are most useful in the event of hard disk failure.


A backdoor opens a “backdoor” to your computer or mobile device through which hackers and other malicious individuals can connect to your machine and infect it with malware and spam.

How does a backdoor work?

Backdoors are used by hackers to gain access to a device by circumventing security mechanisms. Often times developers install backdoors as a means of troubleshooting their program, but this also leaves a gap for hackers to exploit. The term is often used to describe vulnerabilities put in place on purpose, for example, to allow government surveillance groups to access citizens’ smartphones and computers.

Perhaps the most common backdoor is the use of default passwords. If you’ve ever accessed a Wi-Fi router’s admin console by typing something like “admin” into the username and password fields, you’ve exploited a backdoor.

Behavior Monitoring

Behavior Monitoring is used to evaluate compliance with pre-existing security policy in order to uncover violations. It usually entails recording the events of a system including all those that used it in some manner.

Behavior monitoring includes tracking events, comparing them to thresholds, and establishing responses to incidents as and when they occur. Said tracking can help determine when technical support is needed, or when resources need to be enhanced to support production levels. It can also be used to identify abnormal events, which point to the presence of malicious code.


Bitcoin is the largest cryptocurrency by market capitalization and draws its origins from a whitepaper published in 2009 following the U.S. housing market crash. The creator of Bitcoin is still a mystery and goes by the pseudonym Satoshi Nakamoto.

The surging popularity of Bitcoin can be attributed to its decentralized nature which means it’s out of the control of any central bank or corporation. Only a certain number of Bitcoins can be mined, which means the currency cannot be manipulated by decisions such as printing more of it. Bitcoin has also directly contributed to the growth of other virtual currencies, known as Altcoins.

Blended threat

A blended threat is a combination of two or more “traditional” malware rolled into one truly pesky package. An example might be a combo of a Trojan horse, a keylogger, and a worm. Fighting off a blended threat requires a blend of security tools and protection layers.

How does a blended threat work?

Most sophisticated attacks used today are blended threats. They usually target and spread over networked computers, such as those connected to the internet.

Black-hat hackers

Black-hat hackers are the criminals of the cybersecurity world. They’re the ones coming up with malicious code, breaching defenses, and attempting to pilfer data or extort monetary gains. They could also be referred to as “hackers for hire.” Either way, they’re the ones you want to keep out of your system at all cost.

Up-to-date firewalls, antivirus, and security patches are the best methods to defend against blended threats.


A blog, short for “web log”, is a website where users publish content (known as posts) on a regular basis. Blog posts are typically displayed in reverse-chronological order, meaning that the newest content appears first.

How does a blog work?

Blogs have become commonplace on the internet due to the ease of publishing one. Several blogging platforms make creating a blog a relatively simple task, such as WordPress, Blogger, Tumblr, and many more.

Blogs cover a wide range of subjects and types of content. As the definition of blog has broadened significantly, the line between traditional mass media and blogging has blurred.

Bluetooth or IEEE 802.15.1

Bluetooth is a wireless technology standard for data exchange over short distances. Bluetooth enables short-range wireless communication between keyboards, mice, telephones, headsets, tablets, and other devices.

How does Bluetooth work?

Bluetooth can be used to “pair” a wide range of devices such as smartphones, headsets, keyboards, fitness trackers, speakers, printers, and car stereos.

Bluetooth is maintained by a private company that has released several versions of the technology. The latest major release, Bluetooth 5, promises to quadruple the range and double the speed of the previous generation’s Bluetooth 4.0.

Bot or web bot

A bot (from the word “robot”) is a software program that performs automated tasks on the internet. While bots have certain legitimate uses, like crawling and indexing the Web to make search engines more efficient, they can also be used for malware. Evil bots can take over computers, deploy malware attacks, and compromise user data.

How does a bot work?

While bots have certain legitimate uses, like crawling and indexing the Web to make search engines more efficient, they can also be used for malicious purposes. Evil bots can take over computers, deploy malware attacks, and compromise user data.

“Bot” has more recently become a term for artificial intelligence programs that communicate with users over chat channels like Facebook Messenger. Chat bots are becoming a common feature in e-commerce and customer service, among other industries.

Botnet or zombie armies

A botnet (also known as zombie army) is a cluster of computers whose systems have been seized and compromised by an individual with malicious intent. The individual uses these  machines to carry out acts of cyber malice, like sending spam and launching denial-of-service attacks.

How does a botnet work?

The word “botnet” is a combination of “robot” and “network”. Compromised machines are often unknowingly infected with malware or viruses. The bots that make up a botnet can remain dormant until activated to perform an attack.

While botnets are usually malicious, they have some legal applications as well. Distributed computing, for example, can use a botnet to take advantage of the idle resources on multiple devices to execute actions that would not be feasible on a single computer.

Bring Your Own Device

Bring Your Own Device (BYOD) is a specific corporate policy that states whether employees can bring their personal devices into the workplace, thereby connecting them to the enterprise network. BYOD opens up a plethora of security-related questions as personal devices are usually less secure than enterprise ones. Generally speaking, BYOD policies should cover things like asset patching and upgrades, security applications, legal concerns, and forensics.

Brute Force Attack

Brute Force Attacks utilize old fashioned trial-and-error methods to guess login passwords or encryption keys. When deploying brute force attacks, hackers use computing resources to guess various password combinations until they find the correct answer. This isn’t a particularly high-tech method of gaining access to a network, but it has proven to be effective in the past. Especially when you consider that “password” is one of the most common passwords out there.

Browser hijacker

A browser hijacker changes your browser’s settings without your permission by replacing your homepage, search page, and error page with pages of their own. A browser hijacker redirects your internet activity in order to collect advertising revenue from you, as well as your personal and browsing data.

How does a browser hijacker work?

Browser hijackers often infect computers through malicious websites and software bundles, particularly browser toolbars. They can usually be removed using antivirus software, but that might not be enough to undo the damage done to the host computer. A system restore is recommended.


Bugs are software flaws that cause the program to return inconsistent or unexpected outcomes. They’re usually a result of human error during the software development phase as opposed to malicious intent and may result in unstable software. They’re usually caught in the testing phase of the software development cycle, by quality assurance analysts but can go undetected until after moving into production.

Back to Menu



Captcha refers to “completely automated public turing test to tell computers and humans apart” and are used to determine whether incoming web traffic is really human and not a bot. You might have come across a Captcha if you’ve ever tried to log in to an encrypted site where you’re asked to identify letters or items in a grid of images.

The underlying idea behind Captcha is that a computer program will be unable to identify distorted letters or nuances in images while a human being is able to make the necessary distinctions. Hence, bots will fail the test and thereby barred from accessing said website or application.

Certificate authority

A certificate authority is a trusted third-party entity that issues digital certificates. A digital certificate verifies that a public key belongs to the individual whose digital signature is on that certificate.

How does a certificate authority work?

Certificate authorities are used in asymmetric encryption to prevent man-in-the-middle attacks, in which a malicious party intercepts traffic heading to a server and pretends to be the intended receiver.

Trusted CA certificates are usually stored on the client software, such as a web browser. There is no single provider of CA certificates, and the market is fragmented by country and region.

Chat room

A chat room is an area on the internet where individuals can communicate with one another in real time. Chat rooms are separated by topic. Many chat rooms are monitored by moderators, who ensure that users behave according to that chat room’s code of conduct. Since chat rooms allow users to participate anonymously, they can be frequented by predators, who disguise themselves to prey on vulnerable children and teenagers.

How does a chat room work?

Chat rooms can be public or private and include anywhere from two to hundreds of people. Online video games often integrate chat rooms as a means for players to communicate. Chat rooms are also common among remote teams of people who work together online. IRC chat rooms, largely considered the original, are far less common now.


Ciphertext is the seemingly random data that stems from cryptographic functions. Ciphertext can be converted back into its original form by using decryption processes and the same key used during encryption.


Clickjacking refers to a malicious attack whereby the offending party tricks a user into clicking an invisible element on top of another one. This causes an unwanted action, such as unknowingly downloading malware, visiting undesirable websites, forcing an online sale, or stealing login credentials. Also known as a UI redress attack, clickjacking relies on subterfuge to achieve its goals.

Cloud Computing

Cloud Computing is the delivery of IT resources such as servers, storage, and databases over the internet on an as-needed basis. Instead of investing large amounts of capital to buy physical computing infrastructure such as servers and data centers, cloud computing enables companies to rent said resources from a cloud services provider. This unshackles them from prohibitive upfront costs and helps streamline expenditures, including reducing complexities of ownership.

Cloud Security

Cloud Security can also be called cloud computing security. It encompasses a cross-section of policies, controls, procedures, and technologies aimed to secure cloud computing assets from malicious hackers and snoops. Cloud security protocols protect data stored on the cloud, enable regulatory compliance, determine authentication rules for individual users, and safeguard privacy.

Closed Source

Closed Source is software that’s distributed and sold under a licensing agreement, meaning users or any members of the public can’t look at or change the source code. Modifying, copying, and republishing the software is restricted and may result in legal action if attempted.

Closed source software is the opposite of open source. Think Microsoft vs Linux, for instance. Or to a certain extent, Apple vs Android.

Computer Network Defense

Computer Network Defense is cybersecurity specifically designed to guard against attacks on the military and government systems. It refers to the processes and protective measures put in place to disrupt any attempt at breaching networks. CNDs help minimize losses, service denials, and disruptions.

A cookie is a little piece of data stored in your web browser. When you visit a website, it sends a cookie to your computer to remember your surfing behavior, like what buttons you click and what items you add to your shopping cart, as well as your log-in information. Cookies are not software and cannot destroy your computer or mobile device, but they can track your browsing activity.

How does a cookie work?

Cookies exist in many forms and usually serve to improve the convenience of browsing the web. Normal cookies only remain active while the browser is on the website that created the cookie. In some countries, websites are required to disclose their use of cookies to users. In other countries this is not the case, including the United States.

Tracking cookies, however, remain active and collect information even after the user has navigated to another website. This information, which includes websites visited and time spent on each one, is often used to target the user with customized advertisement.


Cryptography is a method of safeguarding information and communication through the use of codes, so that the message is securely delivered only to those for whom it is intended. In computer science, cryptography is derived from mathematical concepts and algorithms to encrypt messages, making them extremely hard to decipher and unlock. Cryptographic algorithms are used for digital verification, data privacy, digital signage, and transmitting of confidential information such as credit card transactions.


Cryptocurrency is digital or virtual currency that is protected by cryptography, making it extremely hard to counterfeit or double-spend. Said currencies are based on decentralized blockchain networks, which means they’re out of the purview of any central bank or authority and can’t be manipulated by government forces.


Common Vulnerabilities and Exposures (CVE) is an initiative to identify and catalog known vulnerabilities in software into a readily-accessible list. This is to help organizations boost their security. CVE was launched in 1999 by non-profit MITRE and is sponsored by the U.S. federal government. It standardizes the way each known vulnerability is identified, with details that include technical information and other inputs.

Back to Menu


Data Breach

Data Breaches are incidents where data is stolen from networks without the knowledge of the system’s owner or administrator. Such data may include personally identifiable information such as details on a firm’s customers including credit card numbers, addresses, and cell phone information. Data breaches could also target proprietary information such as patents.

Data Integrity

Data Integrity refers to maintaining accuracy and completeness of data. It means complying with regulatory compliance requirements, for example GDPR, in order to protect the sanctity of data. Maintenance of data integrity can also be determined by predetermined processes and rules which ensure outside forces can’t tamper or manipulate it.

Data Loss Prevention

Data Loss Prevention is a number of processes undertaken by organizations to ensure that sensitive data isn’t misused or accessed by unauthorized individuals. DLP software makes sure that data is stored securely and in compliance with requirements such as HIPAA or GDPR. What’s more, it monitors and controls endpoint activity and maintains reporting requirements for forensics and incident response teams.

Data Mining

Data Mining uses statistics, artificial intelligence, and machine learning to find trends in data and discover connections that the untrained eye can’t see. Data mining enables researchers to utilize large datasets to uncover insights that benefit industries like banking, manufacturing, telecommunications, insurance, and more.

Defragment or defragging

Defragging, or the defragment of your computer, is the process  whereby information and files stored on your hard drive are reorganized into a more logical order. The actual defragment process can slow your computer down, but once it’s complete, your hard drive should be considerably quicker.

How does defragmentation work?

Defragging one’s hard drive should be done on an occasional schedule by PC and Mac owners. It can take anywhere from a few minutes to a few hours depending on the hard drive.

However, solid-state drives (SSDs) should NOT be defragged, as it will reduce their lifespan in return for a negligible performance uptick. Make sure you know which kind of hard drive your computer has before defragging.


Denylist refers to the security procedures that prevent the execution of malicious programs. This could be achieved by maintaining a list of IP addresses that are known by security researchers to launch payloads and denying them access to the system. Another example would be applications or programs that are unwanted and should not be allowed entry, under any circumstances.


DHCP stands for Dynamic Host Configuration Protocol. It is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers configured for a given network. DHCP assigns an IP address when a system with the DHCP client is started.

How does DHCP work?

DHCP assigns an IP address when a system with the DHCP client is started.

For the average user on a Wi-Fi network, DHCP settings can be accessed through the Wi-Fi router settings.


Decryption is the process of taking encrypted data and converting it back into a readable format. Usually this is done by applying the proper codes or keys, but special software may also be utilized to decrypt data if the keys aren’t available.

Digital Forensics

Digital Forensics is forensic science for the digital age. Much like forensics of yore, digital forensics deals with painstaking investigations and recovery of material. It’s almost always used in a cybercrime context, with an attempt to identify leaks in an organization or assessing damage that occurred during a breach. Digital forensics specialists can help in recovering lost or stolen data assets, such as hard drives that have been wiped clean after a breach.

Digital certificate

A digital certificate or identity key is normally issued by a web certificate authority and contains the sender’s public key verifying that the certificate is authentic and that the website in question is legitimate.

How does a digital certificate work?

Trusted certificates are usually stored on the client software, such as a web browser.

Certificate authorities and the digital certificates they issue are used to prevent man-in-the-middle attacks, in which a malicious party intercepts traffic heading to a server and pretends to be the intended receiver.

Digital signature

A digital signature is normally used in public key cryptography and validates the legitimacy of encrypted data. A digital signature is required to authenticate both the sender of the digital certificate and the authenticity of the certificate.

How does a digital signature work?

Whereas a digital certificate is used to verify the identity of the certificate holder, a digital signature is used to verify the authenticity of a document or message is authentic. A digital signature guarantees the message was not modified by a third party.

Distributed Denial of Service (DDOS)

Distributed Denial of Service attacks is an attempt to disrupt normal functionality by swarming servers and networks with a flood of web traffic. DDoS attacks attempt to overwhelm servers by utilizing botnets to send more connection requests than usual. As a result, regular traffic is stopped in its tracks too and the ensuing product or service goes offline. See also DoS.

Domain spoofing or Domain hijacking

When a domain is hijacked or spoofed, it redirects users to an external website which can infect their computer or device with malicious programs.

How does domain hijacking work?

Domain hijacking is often used to harm the original domain name holder who is cut off from income generated by the site. It can also be used in phishing attacks against visitors who believe they are viewing the original website, when in fact it is a duplicate designed to steal their personal details. Sometimes these stolen domains are sold to third parties.

Drive-by Download

A drive-by download is a download that a person either unwittingly downloads or downloads without understanding the consequences of downloading the file from a website, email, or pop-up window.

How does a drive-by download work?

In the former situation, malicious websites use different techniques to disguise harmful downloads from antivirus programs, such as hiding them in iframe elements.

In the latter situation, drive-by downloads often take the form of counterfeit software. Java, Flash Player, and ActiveX plugin updates are all common lures to trick people into downloading malicious executable files that will install malware and other harmful viruses onto a computer.


DNS stands for Domain Name System. It syncs up web domain names (e.g. with IP addresses (e.g., enabling users to use domain names to access IP addresses without needing to remember the IP addresses.

How does DNS work?

Think of DNS as a phone book for the internet associating phone numbers (IP addresses) with people (website URLs). DNS servers are maintained by a number of different entities, though most users default to the ones maintained by their internet service providers.

VPNs like ExpressVPN use their own DNS servers, which helps to hide user activity from the ISP and prevents websites from geographically restricting content.


DoS stands for Denial of Service. It’s a type of attack in which a website or network is overwhelmed with automated server requests, causing a shutdown of service to legitimate visitors.

How does DoS work?

If you picture internet traffic to be like real-world automobile traffic, then a DoS attack is a way to purposefully cause a traffic jam.

The biggest DoS attacks are actually DDoS attacks, which stands for Distributed Denial of Service. In this attack, the automated server requests are often sent from a botnet, or zombie computers infected with malware. The botnet attacks are “distributed” over thousands of computers around the world, wreaking havoc on the target servers when activated.


Dogecoin is a peer-to-peer cryptocurrency that was borne out of a popular internet meme of a quizzical Shiba Inu dog. While it literally started out as a joke in 2013, the cryptocurrency grew in popularity to the point that its market capitalization exceeded $20 million after just a year in operations. Against all odds, Dogecoin is still around and used to transfer value across the internet.

Back to Menu



Encryption is the process by which data is converted into another form which is unreadable without a separate key to decrypt it. See also public key, private key.

How does encryption work?

Encryption is a cryptographic way to hide the contents of files and network traffic using a cipher. Different types of encryption are called algorithms, each of varying strength and complexity against brute force attacks (guessing until you get the right key).

Encryption is the most common way to make files and communications on devices and the internet private. Individual files, internet traffic, and entire devices can be encrypted using widely available, open-source algorithms.

Ethical Hacking

Ethical hacking is the process of testing system defenses to understand and identify chinks in a corporation’s armor. Think of it as the opposite of black hat hacking; while you’re still aiming to force your way into the system, it’s to improve the quality of its defense and not to pilfer data. Companies regularly employ ethical hackers to get to the bottom of their defenses and engage in penetration testing. See also Black Hat Hacking


Ethereum is a public blockchain network developed by Canadian techie Vitalik Buterin. Miners can validate transactions on the Ethernet blockchain to earn Ether, which is now the second largest cryptocurrency by market volume.


An exploit refers to code that takes advantage of a known software vulnerability to gain unauthorized access to a system.

How does an exploit work?

An exploit could take advantage of a bug, a backdoor, or some other security gap in order to take advantage of an unintended system behavior. Exploits typically exist in a system’s design and were not created by a virus or malware.

Exploits are often kept secret by hackers who discover them. If an exploit is published, the entity responsible for maintaining the system or program is usually swift to patch it.

Back to Menu


File compression or data compression

To compress a file means to make it smaller by converting its data into a different format. Usually, it is put into an archive format such as .zip, .tar, or .jar. See also image compression.

How does file compression work?

Compression comes in two forms: lossy and lossless. Lossy compression removes bits it deems unnecessary to reduce file size, often resulting in lower quality music and video. Lossless keeps all the information of the original file, but usually can’t make files as small as lossy compression.

While compressed files are smaller, the stipulation that they must first be decompressed means they require more computing resources to use. A smaller video file that’s compressed requires more CPU power for a computer to play than a larger, uncompressed file, for example.


A firewall is a security system that regulates traffic into and out of a network. It can be used to block unauthorized entry from outsiders or to block insiders from accessing unauthorized content.

How does a firewall work?

Firewalls typically block or allow traffic based on the application being used and the device’s range of ports. A firewall can block specific programs or only allow a program to utilize certain ports to connect to the internet. A firewall can be a security measure or a means of censorship or both, depending on the intention of the administrator.


Firmware is a type of computer software that’s tailored to a specific hardware. It acts as the central operating system of the device, enabling it to carry out its routine functions. Without firmware, most devices wouldn’t be able to carry on as usual. Everyday devices such as televisions, cameras, traffic lights, and ATM machines run on firmware which controls most things about the device’s functionality.

Fileless Malware

Fileless Malware is a type of malware that uses non-malicious software to infect a device. It’s extremely difficult to detect due to its use of whitelisted programs to distribute its payload, thereby leaving behind no footprint of its own. Fileless infections are extremely insidious because they’re almost undetectable by antivirus programs and other traditional security solutions.

Flame Malware

Flame Malware is a highly sophisticated strain of malware that was first discovered by Kaspersky Lab in 2012. Targeting primarily Windows machines, the malware is able to record audio, keystrokes, network activity, Skype conversations, and eavesdrop on nearby Bluetooth devices. Flame started spreading in the Middle East with the majority of targets within Iran, but also impacted Israel, Syria, Saudi Arabia, and Egypt. Later traces were reported in Europe and North America too.


FTP stands for File Transfer Protocol, a set of rules for transferring files on the internet. Some web browsers have a built-in FTP client, but there are also separate apps dedicated to FTP.

How does FTP work?

FTP allows the transfer of files directly to and from a server. One party is the server while the other is considered the client (even if it’s another server).

Connecting to a server via FTP usually requires a username and password. Transfers are typically encoded using an SSL algorithm.

Back to Menu



GIF stands for Graphics Interchange Format, a bitmap image format. Limited to 256 colors, they are inconvenient for high-quality photos, but due to their support for animation GIFs have become a popular format for short, silent, looping videos on the internet.

How does a GIF work?

GIFs use lossless compression to reduce the file size of images, making them easy to share. Most GIF animations last no longer than a few seconds.

The pronunciation of the term is hotly debated, though the format’s creator (incorrectly) says the intended pronunciation uses the soft “J” sound instead of the hard “G”, so it sounds like “jif”.

Back to Menu



The term hacker is commonly used pejoratively to describe a malicious person who gains unauthorized access to computer systems with criminal intent, but is also used positively by the coding community as a term of respect for any highly skilled programmer.

What does a hacker do?

Under the computer security umbrella, hackers are divided into three subgroups: white hat, black hat, and grey hat. White hat hackers aim to fix bugs and security vulnerabilities. Black hat hackers exploit those vulnerabilities to gain unauthorized access to a system or cause unintended behavior. Grey hat hackers fall somewhere in between.

More generally, a hacker can describe a skilled enthusiast or expert in a particular field, such as art or business.


Hacktivism is derived from the words “hack” and “activism”, meaning it is hacking for purposes with a political or social slant, as opposed to financial or monetary purposes. The hacker group Anonymous could be viewed as an example of hacktivists, as they’re known to target government agencies, multinational corporations, and similar groups that might be deemed to have an anti-people agenda. Hacktivists aim to propagate a specific political ideology and aim to disrupt those that it believes are at odds with it.


Hash is the output of an algorithm, called hashing, that’s performed on datasets to verify that they haven’t been modified or tampered with at all. It’s a way of maintaining data integrity. Hashes are created at least twice so that they can be compared. As an example, imagine a software company is releasing a patch for an application that customers can download. They can calculate the hash of the patch and post both a link to the patch file and the hash on the company site.

Hashing is an algorithm performed on data such as a file or message to produce a number called a hash (sometimes called a checksum). The hash is used to verify that data is not modified, tampered with, or corrupted. In other words, you can verify the data has maintained integrity.

A key point about a hash is that no matter when and from where you execute the hashing algorithm against the data, the hash will always be the same if the data is the same.


Honeypots are decoy targets, designed to bait hackers away from the real prize. A sacrificial system of sorts, it’s intended to catch the eye of malicious parties, luring them into a different direction. Honeypot systems mimic actual networks, giving hackers the false impression that it contains the data they’re after. In the process, it’s possible to glean information about the criminals and their modes of operation.


HTML stands for HyperText Markup Language, the standard language for web pages on the internet. HTML is not a programming language like C++ or Python, but a markup language, meaning it defines the way text and other media is read by a web browser, i.e. which text is bold, which text is a heading, which text or which image is a hyperlink, and much more.

How does HTML work?

HTML is maintained by the Worldwide Web Consortium, which decides the standards and features of the language. HTML is currently in its fifth version, HTML5, though much of the content on the web was written in HTML4.

HTML is often combined with CSS and Javascript on web pages, used for styling and programming, respectively.

HTML tags

Tags are the elements of code that mark up text in an HTML file to be interpreted by the web browser into a web page. Examples include <p> for paragraphs, <h1> for headings, and <img> for images.

How do HTML tags work?

Tags should always be closed, denoted by a forward slash. At the end of a paragraph, for example, the closing tag in the HTML should be </p>. Some tags, such as images and line breaks, are often self-closing like so <br />. Failing to close a tag is considered poor style and can cause formatting issues.

Tags can contain attributes that contain more information about the text within them, such as the “alt” attribute for images and the “class” attribute that assists in CSS styling.


HTTP stands for HyperText Transfer Protocol, the set of rules that determine how web browsers and servers communicate with each other on the internet.

How does HTTP work?

HTTP is a request-response protocol. A client, such as a web browser, sends a request to a server, which responds with content such as a web page. This is an oversimplification, but gives a rough sketch of the core idea.

HyperText refers to text with references to other text or, put simply, links.


HTTPS is the secure version of HTTP. If a URL contains HTTPS instead of HTTP, it means that website uses encryption and/or authentication methods to secure its connection.

How does HTTPS work?

SSL/TLS, or secure sockets layer/transfer layer protocol, is the most common cryptographic protocol used to encrypt secure communications on the web.

Besides encrypting the information being sent between client and server, HTTPS also authenticates both parties using a public-key system to prevent imposters from intercepting communications.

A hyperlink (or just link) is a piece of text or image on a website that connects (or links) you to another page or file on the internet. Hyperlinks are conventionally distinguished from their context with an underline and/or a different color.

How does a hyperlink work?

Hyperlink derives its name from HyperText, the HT in HTTP. At its core, hypertext is text that references other text. The text that is linked is called “anchor text.”

Hyperlinks aren’t just used by humans. Web crawlers, such as the ones used by Google to index web pages, can follow hyperlinks to retrieve their documents and files.

Back to Menu



IM stands for Instant Message, a message sent over the internet via any number of real-time chat applications.

How does IM work?

The most popular instant messaging apps today are for mobile devices, including Facebook Messenger, WhatsApp, WeChat, Telegram, Viber, and Line. Instant messaging apps are primarily text-based but have evolved to include voice, video, images, links, stickers, and more.

Image compression

Image compression is the process of converting a raw image file (usually a photo) to a smaller format. JPEG and GIF are two such formats. See also file compression.

Learn more about how image compression works.


The internet is the global, publicly available network of smaller networks and computers within it. Not to be confused with the World Wide Web, which refers to the information space of pages and other content transferred over that network.

How does the internet work?

The internet is decentralized, meaning no one entity hosts or controls its distribution or content. About 40 percent of the world’s population has an internet connection. Any internet user can at any time, with permission, send and receive information and data from any other computer on the network.

IP address

An IP (or Internet Protocol) address is the numerical identifier for a computer on the internet. IP addresses are generally written as a string of digits punctuated by dots or colons as in (IPv4), and 2001:db8:0:1234:0:567:8:1 (IPv6). IP addresses are often linked to geographic areas, allowing a website to identify the country and/or city from which a user is accessing the site.

How does an IP address work?

Any device that connects to the internet is assigned an IP address. This IP address is often used by websites and other web services to help identify users, although a user’s IP address can change if they connect from a different location, device, or if they use a VPN. See also DHCP.

IPv4 was long the standard type of address assigned to a device, but due to the fast growing number of connected devices, the number of IPv4 addresses is soon running out. IPv6 was created to solve this problem, as it offers a much larger range of addresses, but adoption has been hampered by compatibility issues and general laziness.

What is my IP address?

Wondering what your IP address is? Visit ExpressVPN’s “What’s my IP Address?” page and find out!

IAAS (Infrastructure as a Service)

Infrastructure as a Service is a type of cloud service that delivers computing infrastructure over the internet. IAAS allows you to pay for what you use, unshackling you from expensive capital outlays on servers and data center infrastructure.

Identity Cloning

Identity cloning is a type of identity fraud to gain financial advantage or similar benefits by impersonating someone else. It’s usually driven by illicit gain of personally identifiable information such as social security numbers, passwords, bank account details, credit card numbers and more.

Intrusion Detection System

An Intrusion Detection System is a type of software that’s designed to monitor network traffic for malicious actions or violations of policy. Violations are collected using an event management system and escalated accordingly. The two broad types of an intrusion detection system are network intrusion detection systems and host-based intrusion detection systems.

Information Security Policy

Information Security Policies help define the rules that determine the behavior and acceptable limits of individuals who work with IT assets. It helps ensure that individuals follow security protocols and procedures. A robust information security policy will mitigate security breaches and help your company stay on top of new and emergent threats.

Insider Threat

Insider Threats are security risks that are internal to your company. This doesn’t necessarily signify an employee; an insider threat could also be a contractor, a partner, a board member, or a short-term hire who has access to your proprietary systems and data. Some estimates suggest that more than 30% of data breaches involve internal actors as they are harder to weed out and stop.

Internet of Things

The Internet of Things are the billions of devices around the world connected to the internet, unlocking a world of possibilities through data accumulation and aggregation. The internet connectivity allows them to communicate wirelessly with applications and respond to instructions with the need of a human interaction. Examples of internet-connected devices include smart TVs, fridges, traffic lights, and more.

Back to Menu



Javascript is a programming language that helps you deliver rich and interactive content on web pages. Things like interactive maps, animated graphics, scrolling quizzes, are all made possible by Javascript. The language is considered a fundamental part of standard web technologies, along with other mainstays such as HTML and CSS.


JPEG, which stands for Joint Photographic Experts Group, is an image file format popular on the internet for its ability to retain photo quality under compression. JPEGs are indicated by the file extensions .jpeg or .jpg.

How does a JPEG work?

JPEG is a lossy compression type, meaning it reduces the quality of the original image. JPEG is an ideal format for photos that feature smooth transitions of tone and color, but less apt for graphics, text, and drawings where contrast between pixels is sharp. JPEGs are also not the best format for repeated editing, as repeated compression will reduce image quality over time.

Back to Menu



A Kernel is the central module of an operating system, which means it’s one of the first things to load up. The kernel is a critical part of the operating system and is usually built into a protected area of the memory in order to prevent being overwritten by other parts of the OS. It’s responsible for things like process and task management, disk management, and memory management.


A keylogger is a piece of software that records a user’s keystrokes on a keyboard. Sometimes this is used for technical support, but other times it is used maliciously, without the knowledge of the user, to collect passwords and other personal data.

How does a keylogger work?

Keylogging is also known as keystroke logging or keyboard capturing. Most keyloggers are software based, meaning they run as covert applications on the target computer’s operating system. Some, however, are hardware-based, such as a circuit that’s attached between the keyboard and the USB input. A few are even firmware-based, installed into a computer’s BIOS.

Malicious software keyloggers are often distributed as trojans or as part of viruses. An up-to-date antivirus should be enough to prevent the vast majority of keyloggers from infecting a system.

Back to Menu



Local Area Networks (LANs) are devices that are connected to each other in one contiguous physical location, such as a building or office. LANs can be large in nature, such as a network with thousands of users, or smaller, consisting of a few devices.
Back to Menu


Machine Learning

Machine Learning is the use of artificial intelligence to help systems learn and improve functionality without the explicit use of code. It aims to enable computer programs to look for patterns in data and make decisions based on pre-populated algorithms. The point is to “train” machines to implement decisions without the need for human intervention or assistance.

Man-in-the-middle Attack

A Man-in-the-middle Attack is like eavesdropping. In this scenario, the hacker lies in between the victim and the system with which they’re trying to communicate. An example of this could be through a phishing attack, whereby the hacker sends you an email designed to impersonate a service you know and trust. After you click on the link, you proceed to enter your login information without realizing that the website you’re on is actually designed to steal data.


MP3, or Mpeg audio layer 3, is a popular compressed file format for audio recordings. MP3s are indicated by the file extension .mp3.

How does an MP3 work?

MP3 is a form of lossy compression, meaning it sacrifices some of the original quality to save space. An MP3 can reduce the size of a digital audio recording by a factor of 10 to 1 without most listeners noticing the difference.

MP3s are often used by streaming music services like Spotify due to the low bandwidth required to play them without buffering, and because individual frames of sound can be lost in transmission without affecting the successfully delivered frames.


Malware is malicious software, often installed and run without a user’s knowledge. Examples include keyloggers, viruses, exploits, adware, and spyware.

How does Malware work?

Malware is often embedded in or disguised as non-malicious files, and can run as a script, executable, active content, or some other form of software. The purpose of malware can be anything from a prank to a tool used to steal financial information.

Malware can be guarded against using up-to-date antivirus software, a firewall, and a VPN.

Mutual authentication

Also called two-way authentication, mutual authentication is when both sides of a transaction authenticate each other simultaneously. Online, this is often used to prevent fraud by requiring both the user’s web browser and a web site’s server to prove their identities to each other.

How does mutual authentication work?

Both parties must prove their identities before any application data is sent. Mutual authentication the default mode of authentication in some encrypted protocols like SSH and IKE, but is optional in others like SSL.

Multi-factor Authentication

Multi-factor Authentication is a security system that relies on multiple levels of verification to adequately determine a user’s identity. In addition to a username and password, MFA requires the user to authenticate themselves using biometrics, facial recognition, one-time code, and similar methods. It’s a way to provide enhanced security.
Back to Menu



In the context of computing, a network is a group of devices that communicate with each other, whether by physical cables or wirelessly. Networks range in scale from the connection between your computer and a wireless router, to the internet itself.

How does a network work?

When one device is able to exchange data with another device, they are said to be networked together. Connections between devices can be direct or indirect, with any number of nodes between two or more networked devices. A node can be any device on the network that sends, routes, or terminates data, including servers, routers, and computers.


The National Security Agency is a national security agency that falls under the U.S. Department of Defense. It’s tasked with global and domestic surveillance, monitoring, collection, and processing of data. It’s best known for the PRISM program, unveiled after 9/11 and one which involved heavy scrutiny of domestic residents.

Back to Menu


Outsider Threat

An Outsider Threat is someone or something external to a company that is not authorized to access its assets and may hold malicious intentions.

Open Source

Open Source software refers to a type of software where the copyright holder gives users the rights to alter, modify, and distribute the software to others. Considered to be the opposite of closed source software, open source software is usually developed in a collaborative manner and is done without a profit motive in mind.

Back to Menu


Packet Sniffing

Packet Sniffing refers to the gathering, collection, and logging of packets — or small nuggets of data — as they pass through a computer network. Network administrators use packet sniffing to monitor the bandwidth and traffic on the network. Packet sniffers can consist of both hardware and software versions.

Patch Management

Patch Management refers to the process of distributing and updating software to correct bugs and vulnerabilities in the code. Everything from the central operating system to individual apps require patches sometimes in order to fix problems. This helps shore up security, ensures that the software runs smoothly, adheres to compliance requirements, and more.

Payment Card Sniffing

Payment Card Sniffing, also known as credit card sniffing, is a method of stealing card and identity information for financial gain. Hackers rely on software or hardware assets to intercept traffic as it passes through a network. Also known as a network analyzer, this device enables a wiretap of sorts, capturing and interpreting data as it travels along.

Pen Testing

Penetration Testing is a test of your network defenses to see if it can withstand an actual cyberattack. It usually involves skilled professionals that simulate a cyber attack and check whether there are any vulnerabilities they can exploit. Insights are used to patch these holes and fine tune security parameters.

PKI (Public Key Infrastructure)

Public Key Infrastructure is a method to authenticate users and their devices in the digital world. When parties sign documents digitally, they have a key associated with their device. This then acts as an identifier for that user in digital networks. The purpose of a PKI is to associate a  key with an identity.


Plaintext refers to ordinary, human-readable text before it is encrypted into cipher text or after it is decrypted.


Plugins are software addons that help customize computer programs, apps, and browsers. They help boost the overall web experience as they can be used to display videos, customize fonts, or help your website rank.

Personally Identifiable Information (PII)

Personally Identifiable Information is data that can be used to identify specific individuals. This can consist of social security numbers, mailing addresses, IP addresses, geolocation data, as well as biometric identifiers.


A patch is a software update targeted to fix one or more vulnerabilities. Good software developers are constantly testing their code and issuing new patches to users.

How does a patch work?

A security patch is issued to close an exploit that can be taken advantage of to cause an unintended behavior in the software. Other types of patches fix bugs and add improvements. Most patches come from the original developer, but some are created by third parties.

Patches are often denoted by a software application’s version. For example, version 1.0 is the first complete version of a video game, but version 1.02 adds a patch to fix bugs and security holes. Patches can usually be downloaded and installed on top of an existing application, as opposed re-installing the entire application.


Phishing is the attempt to acquire personal information (such as a password or credit card number), generally for malicious purposes, by assuming the identity of a trusted authority. One common form of phishing is an email pretending to be from a user’s bank, asking the user to enter his/her online banking login information on another site.

How does phishing work?

Phishing is a homophone of fishing, a sport where bait is used to lure victims. Instead of using malware, a virus, or a hack to access private information, phishers rely on social engineering. That is, making someone believe something that is not true, usually by impersonating a trusted authority or an acquaintance in dire need of assistance.

Credit card information, usernames, and passwords are all common targets of phishing. Phishing can be guarded against by never giving up these types of information over unencrypted channels like email, non-HTTPS websites, and chat apps.


Pharming is the (generally malicious) attempt to redirect a user to an imposter website, either by altering a file on the user’s computer or by attacking the DNS server which converts URLs into IP addresses.

How does pharming work?

Users of eCommerce and banking sites are the most common targets of pharming. Users should look for a verified HTTPS certificate to authenticate the identity of a real website. This is often indicated by a green, closed lock icon and the letters HTTPS in the browser URL bar.

Antivirus and anti-malware can often protect against pharming attempts that alter host files on the local computer, but they cannot protect against compromised DNS servers. A “poisoned” DNS server has been altered to direct users to a pharming website.

Private key

A private key is the tool used to decrypt messages in an asymmetric encryption scheme. As its name suggests, this key is not made public, unlike the public key used to encrypt the message.

How do private keys work?

In asymmetric encryption, senders encrypt their files and messages using a public key, which can then only be decrypted using the private key. Private keys should be stored somewhere safe and hidden on the receiver’s device.

If a private key is lost or forgotten, anything encrypted using the paired public key can never be decrypted (at least not without considerable computing resources).


VPN Protocols are the methods by which your device connects to a VPN server. Some common protocols are UDP, TCP, SSTP, L2TP, and PPTP. Learn more about protocols.


A proxy is an intermediary server that allows the user to make indirect network connections to other network services.

How do proxies work?

Users can use the proxy server to request resources from other servers (files, web pages, etc.) as they would without one. However, requesting these resources via a proxy allows the user to remain anonymous online and helps them access restricted content if their actual IP is blocked by the content provider. This is because the request will appear to be from the proxy server’s IP instead of the user’s actual IP.

Public key

A public key is the key used to encrypt a message in asymmetric encryption. Unlike the private key, the public key can safely be shared with anyone without compromising the security of the message.

How does a public key work?

Public keys encrypt messages and files in one direction, meaning the public key used to scramble a file or message cannot be used to unscramble it. Decryption can only be accomplished by the receiver who holds the private key.

Public keys are often stored on local machines and on publicly accessible key servers. MIT, for example, hosts a searchable PGP key server used to encrypt email.

Back to Menu


Risk Assessment

Risk Assessment refers to the type and nature of assets that could be affected by a cyber attack. These could include things like hardware assets, software, data, intellectual property, customer information, and more. Cyber security risk assessments entail estimation and evaluation of the current risk environment as well as the necessary controls to manage them.


A ReCaptcha is a Google-specific service that’s designed to work in a similar manner to Captcha.

Rogue security software

Rogue security software is malware that poses as anti-malware software, often in an attempt to install additional malware or solicit money for its false services.

How does rogue security software work?

Both a form of scareware and ransomware, rogue security software manipulates victims through fear. Malicious websites often display popups or alerts that ask users to download trojan horses disguised as browser plugins, multimedia codecs, or a free service. Once downloaded, the trojan installs the rogue security software.


Ransomware describes malware that prevents a user from accessing normal functions of a system unless a ransom is paid to its creator.

How does ransomware work?

A typical scheme is for the ransomware to encrypt all of the data on a hard drive or server. The ransomware will display a message that says the data cannot be decrypted until the victim has paid a ransom in Bitcoin to a given Bitcoin wallet address. Once the payment is made, the victim will be sent a password to decrypt the data.


Data recovery is the process of using backups, e.g., from a hard drive or online storage, to restore lost data.

How does data recovery work?

The data could be lost due to hardware failure, file corruption, or accidental deletion. The process can restore data either onto the original storage device or onto a separate one.

Recovery can also refer to the process of regaining access to an online account. For example, a user might reset their password after forgetting it in order to log into their email account.


A router is a piece of hardware that directs traffic between networks, most commonly between a computer and the rest of the internet. Practically, the word “router” is often used as shorthand for “wireless router”, a type of router that also functions as a wireless access point.

How does a router work?

Routers use the DHCP protocol to assign IP addresses to each of the devices on their network. They are typically embedded directly on the device’s firmware and don’t employ software. The most popular router firmware brands are DD-WRT and Tomato.

How can I use a router to protect my devices?

ExpressVPN users can set up their VPN connection directly on a router’s firmware, which allows every device connected to automatically route their internet traffic through the VPN server.


RSS stands for Really Simple Syndication, and is a popular method for publishing regularly updated content on the internet. Instead of repeatedly checking a website for new content, a user can subscribe to an RSS feed using a feed reader or aggregator to receive automatic updates from that and other sites.

How does RSS work?

Information published through RSS can be text, audio, video, and images. This information is sent using an XML format that contains both the information itself as well as metadata such as author name and timestamp.

RSS readers can aggregate RSS feeds using web apps, native desktop clients, or mobile apps. Subscribing to an RSS feed is free and usually only requires the user to copy and paste the feed’s URI or searching for it in their preferred app.


A rootkit is a type of stealth malware designed to hide its own existence from detection. Because of this, rootkits are often extremely difficult to remove, and often necessitate completely wiping the hard drive and reinstalling the operating system.

How does a rootkit work?

The “root” in rootkit refers to the top level of administrative privileges that can be granted on a computer. Rootkits attempt to escalate its own privileges to root so there is effectively no higher level account that can remove them.

Once a rootkit has gained root privileges, it can access, modify, delete, and install software and files.

Back to Menu


SaaS (Software as a service)

SaaS is computing services delivered over the internet, usually with a subscription model that allows the user to pay as they go. Examples of SaaS software include ExpressVPN, Microsoft Office 365, Google Drive, and more. SaaS providers are responsible for the infrastructure and upkeep of the apps; reducing the reliance on things like clunky CDs or other local storage units to install the software.


Sandboxing is the establishment of an isolated environment on a network that’s designed to replicate an end-user operating environment. They’re used for several purposes; the end-user operating environment will give researchers a sense of how suspicious code works in the wild and whether defenses are strong enough to quell the attack. Sandboxes can also be used for advanced malware detection, particularly against zero-day vulnerabilities.

Security control

Security Controls are countermeasures that are implemented to avoid, detect, and quell security risks to computer systems and related assets. They’re designed to protect the integrity and confidentiality of information and can include physical controls (for protecting hardware assets), procedural controls (for incident response), and technical controls (such as authentication and antivirus).


Spoofing is when a hacker tries to hide malicious information, masking it as being from a known and trusted source. This can apply to emails, websites, even IP addresses and DNS servers. Spoofing is used to gain access to personal information, spread malware, or successfully execute a man-in-the-middle attack.

Symmetric encryption

As opposed to asymmetric encryption, symmetric encryption requires the same key to encrypt and decrypt a message. Therefore both keys must be private in order to keep the message secure, unlike asymmetric encryption in which the key for encryption can be public.

How does symmetric encryption work?

The key must be exchanged between both parties. Symmetric encryption requires less computational power than asymmetric encryption but isn’t always as practical. For that reason, asymmetric encryption is often used to verify both parties, and symmetric encryption is used for actual communication and transfer of data.

Symmetric encryption can either encrypt the digits of a message one at a time as they are sent (stream ciphers), or encrypt the digits in blocks and send them as a single unit (block ciphers)


SMTP stands for Simple Mail Transfer Protocol, a standard set of rules for sending email through the internet. At the user level, it is generally used only as a sending protocol. For receiving, applications generally prefer other protocols like POP3 or IMAP.

How does SMTP work?

While not used by employed by user-level email clients, SMTP is often utilized by email servers and mail transfer agents.

SMTP connections can be secured by SSL, known as SMTPS.

Social engineering

Social engineering is the umbrella term covering scams like phishing, pharming, spam, and scams. Unlike other forms of malicious hacking that exploit a user’s software, social engineering exploits our natural tendency to trust each other.

How does social engineering work?

Social engineering is often employed by fraudsters to impersonate a trusted authority. The goal is to manipulate a victim into performing a certain action or giving up private information, such as a password or credit card number.


Spam is unwanted email, also known as junk mail. Modern email clients like Gmail automatically detect messages likely to be spam and sort it into a separate folder.

How does spam work?

Spam is often sent unsolicited to hundreds or thousands of people at once. Lists of email addresses are acquired by spammers through both legal and illegal means.

Spam mail often contains links disguised as a familiar website but actually lead to phishing sites and malicious sites infected with malware.


Spim is spam in instant message (IM) form.


Spit is spam over VoIP, e.g. Skype or Viber.

Split tunneling

Split Tunneling is the process of allowing a VPN user to access a public network while also allowing the user to access resources on the VPN.

How does split tunneling work?

Practically, split tunneling allows you to access the internet while also accessing devices on a remote network, such as a network printer.

How does ExpressVPN use split tunneling?

The ExpressVPN App for Routers has split-tunneling capabilities, through our feature called Device Groups, allowing users to select which devices are connected to which VPN server locations.

ExpressVPN apps use split tunneling to give you the best of security and accessibility. Learn more about ExpressVPN’s Split Tunneling feature.


Spyware is malware that logs data from a user’s computer and secretly sends it to someone else. This data can be anything from a user’s browsing history to login names and passwords.

How does spyware work?

Most spyware, like Predator spyware, is designed to monitor user activity, then serving them pop-ups and other targeted ads using the stolen information. Other types of spyware can take control of a computer and direct them to certain websites or installing additional software.

Most spyware can be guarded against using up-to-date antivirus.

Spear phishing

Spear phishing refers to phishing targeted at a specific user or organization. Because of this targeting, spear phishing more likely to appear authentic to its victims, and is generally more effective at deceiving them.

How does spear phishing work?

Spear phishing attacks often impersonate someone acquainted with the victim. The goal is to manipulate the victim into divulging private information such as a password or credit card number.

Spear phishing is by far the most successful type of phishing attack, accounting for nine out of 10 successful attacks.

Learn more about phishing and spear phishing.


SSL stands for Secure Sockets Layer. It is the standard security technology for establishing an encrypted link between a web server and a browser, ensuring that all data passed between the web server and browser remains private and secure.

How does SSL work?

When a browser is connected to a site through SSL, the URL is prepended by HTTPS. SSL is the most common secure transfer protocol on the internet.

SSL is also built into the OpenVPN protocol, which is a VPN protocol used by ExpressVPN and many other VPN clients.

Back to Menu


Trojan horse

A Trojan horse, or simply Trojan, is malware masquerading as legitimate software, named after the famous Trojan horse in which ancient Greek soldiers smuggled themselves into Troy. Trojans often act as a backdoor to give an attacker remote access to a user’s computer.

How does a trojan horse work?

Unlike viruses and worms, trojans generally do not spread themselves. Trojan’s are often spread through some sort of social engineering, such as phishing.

The purpose of a trojan can range from destroying the victim’s system to using their resources as part of a botnet, extorting money, and stealing data. Up-to-date antivirus software and vigilance on the part of the user are the best defenses against trojans.


Trialware is software that has a limited shelf life, meaning it can only run for a certain amount of time before it expires. For users to continue with it, they must purchase a key in order to upgrade to a version that won’t expire.

Two-factor authentication

Two-factor authentication is a second layer of security, after the traditional username / password combination. See also: Multi-factor authentication.

Back to Menu



URL stands for Uniform Resource Locator. A URL is a web address, like When a user types a URL into a web browser, the URL is then translated into an IP address by a DNS server.

How does a URL work?

URLs are usually displayed in a web browser’s address bar. Most URLs point to web pages, but they can also direct users to email addresses, FTP servers, downloads, and more.

URLs often contain two to three parts appended together: a protocol (https://), a host name (, and a file (/what-is-vpn).

URL spoofing

URL spoofing is the attempt to mislead a user to a different (often malicious) website by imitating or “spoofing” a legitimate URL.

How does URL spoofing work?

The website for a spoof URL looks exactly like the original, but it often contains malicious software or a phishing scam.

Sometimes spoofed URLs are accessed due to a bug in web browsers that lack the latest security updates. Other spoof URLs simply look similar to the original. For instance, the URL could transpose two letters in the hopes that the user won’t notice:
Back to Menu



A computer virus is malware that replicates itself and infects computer data, files, programs, and systems, similar to its namesake that infects human bodies.

How does a virus work?

Viruses always attach themselves to other programs. A virus can make a computer slower, steal private information, take up disk space, corrupt data, display messages, spam the user’s contacts, and log their keystrokes.

Viruses can be guarded against using up-to-date antivirus software.


Vishing is a phone scam, that aims to impersonate people you know and trust in order to fork over personal information. The term refers to a combination of ‘voice’ and ‘phishing’, and relies on social engineering tactics to get you to share things like account numbers and passwords. The end goal is to siphon you from cash or other liquid assets.


VPN stands for Virtual Private Network. It is an encrypted tunnel between two devices which allows you to access every website and online service privately and securely.

How does a VPN work?

A VPN routes all the internet traffic from a device through a server in a remote location, which is often chosen by the user. From there, the traffic arrives at the intended destination, masking the true IP address and location of the user.

Encryption is also a key distinguisher of most VPNs from other types of proxies. VPN traffic is encrypted so third parties cannot decipher it. These parties might include hackers, the user’s ISP, and government agencies.

Learn more about VPNs.


In the context of computing, a vulnerability refers to a known weakness in a piece of software that could potentially be exploited by an attacker. Software developers generally test for vulnerabilities and release patches to fix them.

How does a vulnerability work?

Vulnerabilities often lead to security risks. If a hacker exploits a vulnerability, this is called a breach. However, not all vulnerabilities have exploits.

Vulnerabilities exist as a result of the design, implementation, or operation of the developer or admin, and are not created by the attacker.


VoIP stands for Voice over IP (Internet Protocol). VoIP is the internet equivalent of a telephone service, most commonly implemented by Skype and Google Hangouts.

How does VoIP work?

VoIP technology allows audio to be digitized and then sent over the internet so two or more parties can have a conversation in real time. It is a feature now built into most computers and smartphones.

Learn more about how ExpressVPN helps you use VoIP.

VPN client

ExpressVPN is a premier VPN client that offers best in class security with easy-to-use software.

How does a VPN client work?

A VPN client allows the user to choose the server location and often the protocol used, among other settings.

Back to Menu


Web page

A web page is a file on a server that can be accessed by someone via the internet. Generally, this file is written in HTML and includes text, images or other media, and links to other web pages.

How does a web page work?

A web page differs from a website. A website is made up of multiple web pages, at the bare minimum an index page (more often called a home page). Each web page is stored as a single file on a web server, though it may integrate content from multiple sources.

Besides HTML, web pages can include code written in PHP, ASP, and Perl. Web page design, formatting, and style is usually governed by a separate CSS file.

Web server

A web server is a computer that stores, processes, and delivers web pages to clients who request them. This is usually done through a web browser which then displays the page to the user.

How does a web server work?

Web servers always use the HTTP or HTTPS protocol to communicate with clients. The term web server can refer to the server software or the entire host system, including the physical server and firmware.

Web servers primarily serve content, but they can also receive input from online forms and user uploads.


WEP stands for Wired Equivalent Privacy, and is a security protocol for wireless networks. Due to known security flaws, WEP has since been superseded by WPA and WPA2.

The goal of WEP was to implement confidentiality on par with a wired network. WEP was once the most common type of security used on Wi-Fi networks and is still very common despite its well-documented flaws. As a result, many devices–routers, computers, and smartphones–still support the deprecated algorithm.


Wi-Fi (a play on “Hi-Fi”) is a local area wireless technology that lets devices network with each other over radio frequencies.

Learn more about how Wi-Fi works.

Wi-Fi hotspot

A Wi-Fi hotspot is a physical location where you can connect your Wi-Fi-enabled device to the internet over a public wireless network. Be careful, though! While many Wi-Fi hotspots use WEP or WPA security protocols to encrypt your connection, others have no such security features, leaving you and your data vulnerable to malicious third parties.

Learn more about how Wi-Fi hotspots.

White-hat hacking

See also: Ethical hacking and Black-hat hacking.


Like a virus, a worm is self-replicating malware. Unlike a virus, a worm is a standalone program and does not need to be part of another program to function.

How does a worm work?

Some worms are only created to replicate themselves and not do harm, though they all at least consume some bandwidth and disk space. More malicious worms carry “payloads,” which can destroy files, install backdoors, encrypt files, and install malware.

Worms are often spread through spam attachments. They can be protected against by not opening untrusted email attachments, keeping your device’s operating system and programs up to date, and installing up-to-date antivirus software.


WPA stands for Wi-Fi Protected Access. WPA is a wireless security protocol designed to replace WEP with better encryption and authentication. In turn, WPA2 is a replacement for WPA.

How does WPA work?

WPA2 is the recommended security protocol for Wi-Fi networks. Devices can connect to a WPA-protected network with a password, security code, or using a Wi-Fi protected setup (WPS). However, routers that allow devices to connect using WPS enable a flaw that allows WPA and WPA2 to be bypassed.

WPA2 certification is mandatory for all devices that carry the Wi-Fi trademark.

Back to Menu



XML stands for Extensible Markup Language and like HTML, is used to format and present information on web pages. However, unlike HTML it does not have a fixed set of formatted tags but instead acts as a meta-language. This flexibility allows webmasters to be able to construct their own markups.

How does XML work?

XML is used to structure data in a way that both machines and humans can easily read it. Several types of documents use the XML syntax, including RSS feeds, Microsoft Office’s latest document formats, and Apple iWork.

XML is extremely flexible, allowing users to create and nest their own tags and attributes. Developers create and develop many interfaces to help easily process XML data.

Back to Menu


Zero-day vulnerability

Zero-day vulnerability is a critical security flaw that’s been identified and flagged by the software vendor, but without an existing fix or solution. Zero-day vulnerabilities can be exploited by cybercriminals for financial gain.

Phone protected by ExpressVPN.
Protect your online privacy and security

30-day money-back guarantee

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.