The novice’s guide to acronyms in data security

Written by guest author Tabby Farrar from Further.

First Published: 01 April 2019

Please note: Opinions expressed in this article are those of the guest author and not necessarily of Friends Against Scams. This article contains links to external websites, some of which provide a service that is not exclusive to that particular organisation and you may wish to research and use alternative organisations.

To the uninitiated, the wide range of acronyms that come up in tech and cyber security articles can feel pretty confusing. If you’re not sure of the difference between HTTPS and HSTS, wouldn’t know your IP address if it looked you in the eye and ever thought DNS might have been a hip-hop artist, this guide to data security acronyms is here to help.

From protecting personal data to giving it away, settings that could let hackers through to tools that defend against them, here are some common acronyms you’ll come across in online security that are well worth knowing about.

IP address

IP stands for Internet Protocol, and denotes a set of rules regarding the way in which data is transferred over the internet. Your device’s internet protocol address is a number used by computer servers to identify and locate it, and anything internet-connected has one. From laptops and smartphones to internet-connected fridges and webcams, communication from device to device happens thanks to IP addresses.

Much like the way that a postman will need a building address in order to deliver a package, computer servers need IP addresses in order to transfer data from one place to another. There are different types of IP address – private and public, static and dynamic – and it is possible to keep your IP address secret, but we’ll get to the whys and hows of that shortly.

The key thing to note is that when someone refers to the IP address of your phone, your laptop or even a website you use, it’s similar to a physical delivery address, or to writing a return address on something when you post it. The difference is that while a phone may not know where to send a text for “John Smith” based only on that name, it will be able to deliver a message using the IP address associated with John Smith’s phone.

DNS

DNS stands for Domain Name System, and it’s all about turning human-friendly text into computer-friendly IP addresses. Domain names are things like Google.com or BBC.co.uk – the alphanumeric web addresses you type into your search bar in order to access the sites, or domains, you want.

Just as every device has an IP address, so does every website. The domain name system is a little like a phonebook for the internet, which takes the site names you enter and translates them into IP addresses, allowing your browser to load the requested site.

Instead of needing to know the IP address for every site you want to visit, the DNS simply converts the name you already know into a language that computer servers can understand.

VPN

VPN stands for Virtual Private Network. VPNs are a type of software designed to keep your data private and secure online, and they achieve this in two main ways.

Firstly, they hide your real IP address and allow you to surf the internet using an alternate IP address, taken from a server elsewhere in the world. This is useful because people like advertisers and nosy internet service providers can track your activities and interests using your real IP, and use that data to pester you with ads. Worse, they can also sell that data to other organisations, all without your knowledge.

As well as keeping your online activities blissfully anonymous, VPNs also add a layer of encryption to your connection. In brief, that means that when you’re transferring data over the internet – such as credit card details, personal emails or similar – it’s hidden in a layer of impenetrable security.

The term ‘virtual private network’ comes from the fact that you’re really getting just that; a conversion of whatever network you’re using into something totally private and just for you. Whether you’re on mobile data, workplace WiFi or any other network, a VPN is designed to lock down personal information so that only you and the desired recipients can see it.

VPN DNS Leaks

While the DNS in itself is more a function than a security consideration, DNS leaks fall into the latter category and can cause your IP address to be exposed even when you’re using a VPN. They happen when your device sends DNS requests to your internet provider’s servers instead of to your VPN service’s servers. This kind of leak can be avoided by configuring your firewall to block non-VPN traffic and by setting your preferred DNS server as the default.

HTTP, HTTPS and HSTS

This is quite the trio, and the difference from one to the next is all a matter of security. HyperText Transfer Protocol, or HTTP, is the rule that defines what actions web servers and browsers should take in response to various commands. There are all kinds of HTTP statuses, and you might sometimes have seen things like a 404 error page while browsing online – 404 being an HTTP status code meaning a file that’s been requested can’t be found.

As an everyday internet user you don’t need to get too bogged down into all the different possible HTTP statuses, but it is important to know the difference between plain HTTP and the more secure HTTPS. HTTPS stands for HyperText Transfer Protocol Secure, and the name is almost self-explanatory.

In HTTPS, communication between your browser and the site you’re on is encrypted, rather than being easily accessible by would-be hackers. Browsers like Google Chrome work hard to stop people from visiting sites that still use HTTP instead of HTTPS, because of the security risk the former can pose.

However, hackers are getting smarter every day, and it is possible for someone to hijack an HTTPS connection and downgrade it to HTTP without the user knowing about it. That’s where HSTS comes in. HSTS is short for HTTP Strict Transport Security, and it allows servers to declare that web browsers can only interact with them over a secure HTTPS connection.

That way, if you’re entering payment details on a site like https://www.enterpaymentdetails.com and someone tries to divert your connection through an unencrypted http:// version to try and view those details, communication between your browser and the website will be denied until security is back in place.

Of course, these are just a few of the acronyms you’ll encounter online. With a solid understanding of the basics, hopefully more complex references will start to make sense – from Man-in-The-Middle (MiTM) hacks using stripped HTTPS connections, to Distributed Denial of Service (DDoS) attacks where a particular IP address is targeted for digital assault.