Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
In today’s digital age, cybersecurity has become more crucial than ever. As cyber threats evolve, it’s essential to understand the key concepts, tools, and terms that help protect sensitive data and ensure online safety. This Cybersecurity Glossary by Frontlines Edutech provides a clear and concise explanation of the essential terms you need to know, from encryption and malware to firewalls and phishing. Whether you’re new to the field or looking to expand your knowledge, this glossary will serve as a valuable resource in navigating the world of cybersecurity.
A
Adware – refers to any piece of software or application that displays advertisements on your computer.
Advanced Persistent Threat (APT) – An advanced persistent threat is an attack in which an unauthorized user gains access to a system or network without being detected.
Anti-Virus Software – Anti-virus software is a computer program used to prevent, detect, and remove malware.
Access Token: A piece of data that identifies a user and grants them access to certain resources.
Artificial Intelligence – Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions.
Attachment – An attachment is a computer file sent with an email message.
Authentication – Authentication is a process that ensures and confirms a user’s identity.
Attack vector-The term attack vector can be used to describe any technique a hacker uses to gain access to or harm a system.
Attack -An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality.
Anonymity-The state of being not identifiable within a set of subjects, often used to protect users’ privacy online.
Attestation-The process of verifying the integrity of software or hardware through a trusted third party.
Access Control-Access Control ensures that resources are only granted to those users who are entitled to them.
Access Control List (ACL)-A mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource.
Access Control Service-A security service that provides protection of system resources against unauthorized access. The two basic mechanisms for implementing this service are ACLs and tickets.
Access Management Access-Management is the maintenance of access information which consists of four tasks: account administration, maintenance, monitoring, and revocation.
Access Matrix-An Access Matrix uses rows to represent subjects and columns to represent objects with privileges listed in each cell.
Account Harvesting-Account Harvesting is the process of collecting all the legitimate account names on a system.
ACK Piggybacking-ACK piggybacking is the practice of sending an ACK inside another packet going to the same destination.
Active Content-Program code embedded in the contents of a web page. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user’s workstation. Ex. Java, ActiveX (MS)
Activity Monitors-Activity monitors aim to prevent virus infection by monitoring for malicious activity on a system, and blocking that activity when possible.
Adversary -Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Address Resolution Protocol (ARP)-Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address to a physical machine address that is recognized in the local network.
Advanced Encryption Standard (AES)-An encryption standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm.
Algorithm
A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer.
Air gap
An interface between two systems at which (a) they are not connected physically and (b) any
logical connection is not automated (i.e. data is transferred through the interface only manually,
under human control).
Alert
Notification that a specific attack has been directed at an organization’s information systems.
Access control mechanism
Security safeguards designed to detect and deny unauthorized access and permit authorized access to an information system.
Anti-spyware: Software designed to detect, prevent, and remove malicious programs that monitor user activities (spyware) without consent. These programs help protect sensitive information from being stolen.
API (Application Programming Interface): APIs are pathways for software to communicate with other software or services. A well-secured API is crucial, as vulnerabilities in APIs can expose systems to attacks, such as injection attacks or data breaches.
Asymmetric Encryption: A cryptographic system that uses a pair of keys—public and private. The public key encrypts data, while the private key decrypts it. This method is often used in secure communication and data transmission.
Applet
Java programs; an application program that uses the client’s web browser to provide a user interface.
ARPANET
Advanced Research Projects Agency Network, a pioneer packet-switched network that was built in the early 1970s under contract to the US Government, led to the development of today’s Internet, and was decommissioned in June 1990.
Asymmetric Cryptography
Public-key cryptography; A modern branch of cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm.
Asymmetric Warfare
Asymmetric warfare is the fact that a small investment, properly leveraged, can yield incredible results.
Attack signature
A specific sequence of events indicative of an unauthorized access attempt.
Attacker
A party who acts with malicious intent to compromise an information system.
Auditing
Auditing is the information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities.
Audit Log
A chronological record of information system activities, including records of system accesses and operations performed in a given period.
Authority
The aggregate of people, procedures, documentation, hardware, and/or software necessary to authorize and enable security-relevant functions.
Authenticity
Authenticity is the validity and conformance of the original information.
Authorization
Authorization is the approval, permission, or empowerment for someone or something to do something.
Autonomous System
One network or series of networks that are all under one administrative control. An autonomous system is also sometimes referred to as a routing domain. An autonomous system is assigned a globally unique number, sometimes called an Autonomous System Number (ASN).
Availability
Availability is the need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it.
Anti-virus (anti-malware) — A security program designed to monitor a system for malicious software.
Antivirus software — A software program that monitors a computer system or network communications for known examples of malicious code and then attempts to remove or quarantine the offending items.
Asset — Anything that is used in and is necessary to the completion of a business task. Assets include both tangible and intangible items such as equipment, software code, data, facilities, personnel, market value and public opinion.
B
Back door – A backdoor is used to describe a hidden method of bypassing security to gain access to a restricted part of a computer system.
Backup – To make a copy of data stored on a computer or server to reduce the potential impact of failure or loss.
Baiting – Online baiting involves enticing a victim with an incentive.
Bluetooth – Bluetooth is a wireless technology for exchanging data over short distances.
Blackhat – Black hat hacker refers to a hacker that violates computer security for personal gain or malice.
Botnet – A botnet is a collection of internet-connected devices, which may include PCs, servers and mobile devices that are infected and controlled by a common type of malware.
Broadband – High-speed data transmission system where the communications circuit is shared between multiple users.
Browser – A browser is software that is used to access the internet. The most popular web browsers are Chrome, Firefox, Safari, Internet Explorer, and Edge.
Brute-Force Attack – Brute force attack is an activity which involves repetitive successive attempts of trying various password combinations to break into any website.
Bug – A bug refers to an error, fault or flaw in a computer program that may cause it to unexpectedly quit or behave in an unintended manner.
BYOD – Bring your own device (BYOD) refers to employees using personal devices to connect to their organizational networks.
Backdoor
A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.
Bandwidth
Commonly used to mean the capacity of a communication channel to pass data through the channel in a given amount of time. Usually expressed in bits per second.
Banner
A banner is the information that is displayed to a remote user trying to connect to a service. This may include version information, system information, or a warning about authorized use.
Basic Authentication
Basic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each request.
Bastion Host
A bastion host has been hardened in anticipation of vulnerabilities that have not been discovered yet.
BIND
BIND stands for Berkeley Internet Name Domain and is an implementation of DNS. DNS is used for domain name to IP address resolution.
Biometrics
Biometrics use physical characteristics of the users to determine access.
Bit
The smallest unit of information storage; a contraction of the term “binary digit;” one of two symbolsN”0″ (zero) and “1” (one) – that are used to represent binary numbers.
Block Cipher
A block cipher encrypts one block of data at a time.
Blue Team
The people who perform defensive cybersecurity tasks, including placing and configuring firewalls, implementing patching programs, enforcing strong authentication, ensuring physical security measures are adequate and a long list of similar undertakings.
Blockchain: A decentralized and distributed ledger technology that records transactions across many computers securely. In cybersecurity, blockchain is used to enhance data integrity and trust in decentralized environments.
Black-box testing
A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object. Also known as basic testing.
Boot Record Infector
A boot record infector is a piece of malware that inserts malicious code into the boot sector of a disk.
Border Gateway Protocol (BGP)
An inter-autonomous system routing protocol. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP).
Bridge
A product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or token ring).
British Standard 7799
A standard code of practice and provides guidance on how to secure an information system. It includes the management framework, objectives, and control requirements for information security management systems.
Broadcast
To simultaneously send the same message to multiple recipients. One host to all hosts on the network.
Broadcast Address
An address used to broadcast a datagram to all hosts on a given network using UDP or ICMP protocol.
Buffer Overflow
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.
Business Continuity Plan (BCP)
A strategy for maintaining business operations during and after a disaster or security breach.
Business Impact Analysis (BIA)
A Business Impact Analysis determines what levels of impact to a system are tolerable.
Breach: An incident where unauthorized access to confidential data occurs, often leading to data loss.
Bait and Switch: A deceptive tactic in which a user is lured into a trap by misleading offers.
Byte
A fundamental unit of computer storage; the smallest addressable unit in a computer’s architecture. Usually holds one character of information and usually means eight bits.
Backing up — Creating a duplicate copy of data onto a separate physical storage device or online/cloud storage solution.
Backups
A copy of files and programs made to facilitate recovery if necessary.
Behavior monitoring — Recording the events and activities of a system and its users. The recorded events are compared against security policy and behavioral baselines to evaluate compliance and/or discover violations.
Blacklist — The blacklist is a list of specific files known to be malicious or otherwise are unwanted.
C
Clickjacking – Clickjacking, also known as a UI redress attack, is a common hacking technique in which an attacker creates an invisible page or an HTML element that overlays the legitimate page.
Cloud Computing – The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.
Cloud: Refers to internet-based computing where services like storage, databases, servers, and networking are accessed remotely. In cybersecurity, cloud security refers to the set of policies and technologies that safeguard cloud-based systems from cyber threats.
Compliance: The process of adhering to laws, regulations, standards, or guidelines that relate to cybersecurity practices (e.g., GDPR, HIPAA). It ensures that organizations follow best practices in protecting data and systems.
Command and Control (C2): A method used by attackers to communicate with compromised systems to execute commands remotely.
Compromise
A violation of the security policy of a system such that an unauthorized disclosure, modification, or destruction of sensitive information has occurred.
Common Vulnerabilities and Exposures (CVE)
A nomenclature and dictionary of security-related software flaws.
Containerization: The practice of encapsulating applications and their dependencies in a container for consistent deployment.
Cookie – Cookies are small files which are stored on a user’s computer. Cookies provide a way for the website to recognize you and keep track of your preferences.
Critical Update – A fix for a specific problem that addresses a critical, non-security-related bug in computer software.
Certificate Authority (CA): An entity that issues digital certificates used to verify identities in secure communications.
Cyber Attack: Any attempt to expose, alter, disable, destroy, or gain unauthorized access to data or information systems.
Cyber Warfare – Cyber warfare typically refers to cyber-attacks perpetrated by one nation-state against another.
CISO (Chief Information Security Officer): An executive responsible for an organization’s information and data security.
Cloud Security: Measures and technologies used to protect data stored in cloud computing environments.
Click fraud
Scammers generate money using fake clicks. They will sometimes hire people and pay them to click on ads from several devices to earn affiliate or advertising cash for an app install or website visit.
Cryptography
Cryptography is the practice of securing information and communication through writing and solving codes. It ensures that information is only readable to the party intended to read it.
Code: code refers to the set of instructions written in programming languages that can contain vulnerabilities or be manipulated by attackers to execute malicious actions, like remote code execution.
Cyberattacks
Cyberattacks refer to attempts by hackers to cause harm, destroy, or access sensitive information in a computer system.
Cyber espionage
Cyber espionage is the use of computer networks to gain unauthorized access to sensitive information. Purposes may include spying, economic gain, or political motivation.
Cache
Pronounced cash, a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device.
Cache Cramming
Cache Cramming is the technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions.
Cache Poisoning
Malicious or misleading data from a remote name server is saved [cached] by another name server. Typically used with DNS cache poisoning attacks.
Call Admission Control (CAC)
The inspection and control of all inbound and outbound voice network activity by a voice firewall based on user-defined policies.
Cell
A cell is a unit of data transmitted over an ATM network.
Certificate-Based Authentication
Certificate-Based Authentication is the use of SSL and certificates to authenticate and encrypt HTTP traffic.
CGI
Common Gateway Interface. This mechanism is used by HTTP servers (web servers) to pass parameters to executable scripts in order to generate responses dynamically.
Chain of Custody
Chain of Custody is the important application of the Federal rules of evidence and its handling.
Challenge-Handshake Authentication Protocol (CHAP)
The Challenge-Handshake Authentication Protocol uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks.
Checksum
A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.
Cipher
A cryptographic algorithm for encryption and decryption.
Ciphertext
Ciphertext is the encrypted form of the message being sent.
Continuous Monitoring
Maintaining ongoing awareness to support organization risk decisions.
Circuit Switched Network
A circuit switched network is where a single continuous physical circuit connected two endpoints where the route was immutable once set up.
Client
A system entity that requests and uses a service provided by another system entity, called a “server.” In some cases, the server may itself be a client of some other server.
Collision
A collision occurs when multiple systems transmit simultaneously on the same wire.
Competitive Intelligence
Competitive Intelligence is espionage using legal, or at least not obviously illegal, means.
Computer Emergency Response Team (CERT)
An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.
Computer Network
A collection of host computers together with the sub-network or inter-network through which they can exchange data.
Confidentiality
Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.
Configuration Management
Establish a known baseline condition and manage it.
Cookie
Data is exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use.
Corruption
A threat action that undesirably alters system operation by adversely modifying system functions or data.
Cost Benefit Analysis
A cost benefit analysis compares the cost of implementing countermeasures with the value of the reduced risk.
Countermeasure
Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected.
Covert Channels
Covert Channels are the means by which information can be communicated between two parties in a covert fashion using normal system operations. For example by changing the amount of hard drive space that is available on a file server can be used to communicate information.
Crimeware
A type of malware used by cyber criminals. The malware is designed to enable the cyber criminal to make money off of the infected system (such as harvesting keystrokes, using the infected systems to launch Denial of Service Attacks, etc.).
Cron
Cron is a Unix application that runs jobs for users and administrators at scheduled times of the day.
Crossover Cable
A crossover cable reverses the pairs of cables at the other end and can be used to connect devices directly together.
Cryptanalysis
The mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. In other words, convert the ciphertext to plaintext without knowing the key.
Cryptographic Algorithm or Hash
An algorithm that employs the science of cryptography, including encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key agreement algorithms.
Cut-Through
Cut-Through is a method of switching where only the header of a packet is read before it is forwarded to its destination.
Critical infrastructure
Systems and assets, whether physical or virtual, are so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security,national public health or safety, or any combination of those matters.
Critical infrastructure Sector
A logical collection of assets, systems, or networks that provide a common function to the economy, government, or society.
Cyclic Redundancy Check (CRC)
Sometimes called “cyclic redundancy code.” A type of checksum algorithm that is not a cryptographic hash but is used to implement a data integrity service where accidental changes to data are expected.
CND (Computer Network Defense) — The establishment of a security perimeter and of internal security requirements with the goal of defending a network against cyberattacks, intrusions and other violations.
Cracker — The proper term to refer to an unauthorized attacker of computers, networks and technology instead of the misused term “hacker.” However, this term is not as widely used in the media; thus, the term hacker has become more prominent in-spite of the terms misuse.
Critical infrastructure — The physical or virtual systems and assets that are vital to an organization or country. If these systems are compromised, the result would be catastrophic.
CVE (Common Vulnerabilities and Exposures) — An online database of attacks, exploits and compromises operated by the MITRE organization for the benefit of the public.
Cyber ecosystem — The collection of computers, networks, communication pathways, software, data and users that comprise either a local private network or the world-wide Internet.
Cybersecurity — The efforts to design, implement, and maintain security for an organization’s network, which is connected to the Internet. It is a combination of logical/technical-, physical- and personnel-focused countermeasures, safeguards and security controls.
Cyber teams — Groups of professional or amateur penetration testing specialists who are tasked with evaluating and potentially improving the security stance of an organization.
D
Data Breach – A data breach is a confirmed incident where information has been stolen or taken from a system without the knowledge or authorization of the system’s owner.
Data: Digital information that can be stored, processed, or transmitted. Protecting data from unauthorized access, modification, or destruction is a key focus of cybersecurity.
Data Server – Data server is the phrase used to describe computer software and hardware that delivers database services.
Deepfake – Deepfake refers to any video in which faces have been either swapped or digitally altered, with the help of AI.
Domain name – The part of a network address which identifies it as belonging to a particular domain.
Domain Name Server – A server that converts recognisable domain names into their unique IP address
Download – To copy (data) from one computer system to another, typically over the Internet.
Dark web
The dark web or darknet is a part of the World Wide Web only accessible through special software or tools. This keeps its users and visitors hidden because they often exchange illegal and stolen information, such as people’s personally identifiable information.
Defense-in-depth
Defense-in-depth is the concept of stacking several layers of security so backup protection is available if one fails.
Detection: The process of identifying potential security incidents, vulnerabilities, or threats using tools like intrusion detection systems (IDS), firewalls, and antivirus software.
Detection deficit
A detection deficit is a gap between the time an attack occurs and the time it is discovered. This term refers to the severity of attacks and how long they can cause harm undetected.
Defense in Depth: A layered security approach that uses multiple defensive measures to protect data and resources.
Distributed denial of service (DDoS) attack
DDoS, or distributed denial of service, occurs when a cybercriminal floods a server with traffic to prevent users from accessing a network, site, or system.
Denial of Service
The prevention of authorized access to resources or the delaying of time-critical operations.
Domain
In cybersecurity terms, a domain is a group of connected computers. They typically share account information and security policies. A domain controller handles relevant administrative tasks.
Daemon
A program which is often started at the time the system boots and runs continuously without intervention from any of the users on the system.
Data Aggregation
Data Aggregation is the ability to get a more complete picture of the information by analyzing several different types of records at once.
Data Custodian
A Data Custodian is the entity currently using or manipulating the data, and therefore, temporarily taking responsibility for the data.
Data Encryption Standard (DES)
A widely-used method of data encryption using a private (secret) key. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used.
Data Mining
Data Mining is a technique used to analyze existing information, usually with the intention of pursuing new avenues to pursue business.
Data Owner
A Data Owner is the entity having responsibility and authority for the data.
Data Warehousing
Data Warehousing is the consolidation of several previously independent databases into one location.
Datagram
“a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network.”
Day Zero
The “Day Zero” or “Zero Day” is the day a new vulnerability is made known. In some cases, a “zero day” exploit is referred to as an exploit for which no patch is available yet. (“day one”-> day at which the patch is made available).
Decapsulation
Decapsulation is the process of stripping off one layer’s headers and passing the rest of the packet up to the next higher layer on the protocol stack.
Decryption
Decryption is the process of transforming an encrypted message into its original plaintext.
Defacement
Defacement is the method of modifying the content of a website in such a way that it becomes “vandalized” or embarrassing to the website owner.
Demilitarized Zone (DMZ)
In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a subnetwork) that sits between an organization’s internal network and an external network, usually the Internet.
Decipher
Convert enciphered text to plain text by means of a cryptographic system.
Denial of Service
The prevention of authorized access to a system resource or the delaying of system operations and functions.
Dictionary Attack
An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key.
Diffie-Hellman
A key agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman. Diffie-Hellman does key establishment, not encryption. However, the key that it produces may be used for encryption, for further key management operations, or for any other cryptography.
Digest Authentication
Digest Authentication allows a web client to compute MD5 hashes of the password to prove it has the password.
Digital Certificate
A digital certificate is an electronic “credit card” that establishes your credentials when doing business or other transactions on the Web.
Digital Envelope
A digital envelope is an encrypted message with the encrypted session key.
Digital Signature
A digital signature is a hash of a message that uniquely identifies the sender of the message and proves the message hasn’t changed since transmission.
Digital Signature Algorithm (DSA)
An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers. The signature is computed using rules and parameters such that the identity of the signer and the integrity of the signed data can be verified.
Digital Signature Standard (DSS)
The US Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography.
Disassembly
The process of taking a binary program and deriving the source code from it.
Disaster Recovery Plan (DRP)
A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster.
Discretionary Access Control (DAC)
Discretionary Access Control consists of something the user can manage, such as a document password.
Disruption
A circumstance or event that interrupts or prevents the correct operation of system services and functions.
Distance Vector
Distance vectors measure the cost of routes to determine the best route to all known networks.
Distributed Scans
Distributed Scans are scans that use multiple source addresses to gather information.
Domain Hijacking
Domain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain’s DNS server and then putting his own server up in its place.
Domain Name System (DNS)
A system that translates domain names into IP addresses, crucial for internet functionality.
Doxing: The act of publicly revealing previously private personal information about an individual.
Due Care
Due care ensures that a minimal level of protection is in place in accordance with the best practice in the industry.
Due Diligence
Due diligence is the requirement that organizations must develop and deploy a protection plan to prevent fraud, abuse, and additional deploy a means to detect them if they occur.
DumpSec
DumpSec is a security tool that dumps a variety of information about a system’s users, file system, registry, permissions, password policy, and services.
Dumpster Diving
Dumpster Diving is obtaining passwords and corporate directories by searching through discarded media.
Dynamic Link Library
A collection of small programs, any of which can be called when needed by a larger program that is running in the computer.
Dynamic Routing Protocol
Allows network devices to learn routes. Ex. RIP, EIGRP Dynamic routing occurs when routers talk to adjacent routers, informing each other of what networks each router is currently connected to.
Data integrity — A security benefit that verifies data is unmodified and therefore original, complete and intact. Integrity is verified through the use of cryptographic hashing.
Data theft — The act of intentionally stealing data.
Digital forensics — The means of gathering digital information to be used as evidence in a legal procedure.
Data Loss
The exposure of proprietary, sensitive, or classified information through either data theft or data leakage.
DLP (Data Loss Prevention) — A collection of security mechanisms which aim at preventing the occurrence of data loss and/or data leakage.
DOS (Denial of Service) — An attack that attempts to block access to and use of a resource. It is a violation of availability.
Drive-by download — A type of web-based attack that automatically occurs based on the simple act of visiting a malicious or compromised/poisoned Web site.
E
Exploit – A piece of code or software that takes advantage of a vulnerability to gain unauthorized access or cause damage.
Exfiltration: Unauthorized transfer of data from a computer or network.
Encryption
Encryption is the process of converting information into a code to prevent unauthorized access. This practice helps hide sensitive information from those it is not intended for.
Email Spoofing: The creation of email messages with a forged sender address to mislead the recipient.
Endpoint
In cybersecurity, an endpoint is a physical device connected to a computer network.
Endpoint Protection Platform
Safeguards implemented through software to protect end-user machines such as workstations and laptops against attack (e.g., antivirus, antispyware, anti adware, personal firewalls, host-based intrusion detection and prevention systems, etc.).
Exploit Kit: A collection of software tools used to exploit vulnerabilities in order to distribute malware.
Exploit
A technique to breach the security of a network or information system in violation of security policy.
Endpoint detection and response (EDR) or endpoint threat detection and response (ETDR)
These cybersecurity acronyms are used to describe a solution that continuously monitors and mitigates potential threats in endpoint devices.
Ethical hacking (white hat)
Ethical hacking is sometimes referred to as white hat hacking. It describes authorized hacking that is meant to simulate malicious hacking.
Evil twin
In cybersecurity terms, an evil twin refers to a fraudulent Wi-Fi access point (AP).
Eavesdropping
Eavesdropping is simply listening to a private conversation which may reveal information which can provide access to a facility or network.
Echo Reply
An echo reply is the response a machine that has received an echo request sends over ICMP.
Echo Request
An echo request is an ICMP message sent to a machine to determine if it is online and how long traffic takes to get to it.
Egress Filtering
Filtering outbound traffic.
Emanations Analysis
Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data.
Encapsulation
The inclusion of one data structure within another structure so that the first data structure is hidden for the time being.
Ephemeral Port
Also called a transient port or a temporary port. Usually it is on the client side. It is set up when a client application wants to connect to a server and is destroyed when the client application terminates. It has a number chosen at random that is greater than 1023.
Escrow Passwords
Escrow Passwords are passwords that are written down and stored in a secure location (like a safe) that are used by emergency personnel when privileged personnel are unavailable.
Ethernet
The most widely-installed LAN technology. Specified in a standard, IEEE 802.3, an Ethernet LAN typically uses coaxial cable or special grades of twisted pair wires. Devices are connected to the cable and compete for access using a CSMA/CD protocol.
Event
An event is an observable occurrence in a system or network.
Exponential Backoff Algorithm
An exponential backoff algorithm is used to adjust TCP timeout values on the fly so that network devices don’t continue to timeout sending data over saturated links.
Exposure
A threat action whereby sensitive data is directly released to an unauthorized entity.
Extended ACLs (Cisco)
Extended ACLs are a more powerful form of Standard ACLs on Cisco routers. They can make filtering decisions based on IP addresses (source or destination), Ports (source or destination), protocols, and whether a session is established.
Extensible Authentication Protocol (EAP)
A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, and arbitrary dialog sequences.
Exterior Gateway Protocol (EGP)
A protocol which distributes routing information to the routers which connect autonomous systems.
Encode — The act which transforms plaintext or cleartext (i.e. the original form of normal standard data) into ciphertext (i.e. the unintelligible and seeming random form of data that is produced by the cryptographic function of encryption).
Encryption key — The secret number value used by a symmetric encryption algorithm to control the encryption and decryption process. A key is a number defined by its length in binary digits.
F
Firewall – A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
Forensics: The process of collecting and analyzing data to investigate security breaches.
False Rejects
False Rejects are when an authentication system fails to recognize a valid user.
Fast File System
The first major revision to the Unix file system, providing faster read access and faster (delayed, asynchronous) write access through a disk cache and better file system layout on disk. It uses inodes (pointers) and data blocks.
Fast Flux
Protection method used by botnets consists of a continuous and fast change of the DNS records for a domain name through different IP addresses.
Fault Line Attacks
Fault Line Attacks use weaknesses between interfaces of systems to exploit gaps in coverage.
Firmware: The permanent software programmed into a device that controls its hardware functions.
Federated Identity Management: A system that allows users to manage their identity across multiple domains and services.
False Positive: A security alert that incorrectly indicates a threat or vulnerability when none exists.
Forensic Analysis: The process of collecting, preserving, and analyzing electronic evidence from devices involved in a security incident.
File Transfer Protocol (FTP)
A TCP/IP protocol specifying the transfer of text or binary files across the network.
Filter
A filter is used to specify which packets will or will not be used. It can be used in sniffers to determine which packets get displayed, or by firewalls to determine which packets get blocked.
Filtering Router
An inter-network router that selectively prevents the passage of data packets according to a security policy. A filtering router may be used as a firewall or part of a firewall.
Finger
A protocol to lookup user information on a given host.
Fingerprinting
Sending strange packets to a system in order to gauge how it responds to determine the operating system.
Flooding
An attack that attempts to cause a failure in (especially, in the security of) a computer system or other data processing entity by providing more input than the entity can process properly.
Forest
A forest is a set of Active Directory domains that replicate their databases with each other.
Fork Bomb
A Fork Bomb works by using the fork() call to create a new process which is a copy of the original. By doing this repeatedly, all available processes on the machine can be taken up.
Form-Based Authentication
Form-Based Authentication uses forms on a webpage to ask a user to input username and password information.
Forward Lookup
Forward lookup uses an Internet domain name to find an IP address
Forward Proxy
Forward Proxies are designed to be the server through which all requests are made.
Fragment Offset
The fragment offset field tells the sender where a particular fragment falls in relation to other fragments in the original larger packet.
Fragment Overlap Attack
A TCP/IP Fragmentation Attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media.
Fragmentation
The process of storing a data file in several “chunks” or fragments rather than in a single contiguous sequence of bits in one place on the storage medium.
Frames
Data that is transmitted between network points as a unit complete with addressing and necessary protocol control information.
Full Duplex
A type of duplex communications channel which carries data in both directions at once.
Fully-Qualified Domain Name
A Fully-Qualified Domain Name is a server name with a hostname followed by the full domain name.
Fuzzing
The use of special regression testing tools to generate out-of-spec input for an application in order to find security vulnerabilities. Also see “regression testing”.
G
Guessing entropy
Guessing entropy is a measurement of difficulty. It is used to determine how many tries a hacker may need to guess a password or some other unknown variable.
Gateway
A network point that acts as an entrance to another network.
gethostbyaddr
The gethostbyaddr DNS query is when the address of a machine is known and the name is needed.
GNU
GNU is a Unix-like operating system that comes with source code that can be copied, modified, and redistributed.
Gnutella
An Internet file sharing utility. Gnutella acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users.
GDPR (General Data Protection Regulation): A regulation in EU law on data protection and privacy for individuals.
Ghostware: Malware designed to remove its traces after an attack, making it harder to detect.
Geolocation Tracking: The identification of the geographic location of a user or device using various data sources.
H
Hacking – Hacking refers to an unauthorized intrusion into a computer or a network.
Honeypot – A decoy system or network that serves to attract potential attackers.
HTML – Hypertext Markup Language (HTML) is the standard markup language for creating web pages and web applications.
HTTP/2: The second major version of the HTTP protocol, which improves performance and security.
Hacker
A hacker is someone who tries to access data they aren’t authorized to view.
Hardening
Hardening is the process of identifying and fixing vulnerabilities on a system.
Hash Function
An algorithm that computes a numerical value (called the hash value) on a data file or electronic message that is used to represent that file or message, and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message.
Header
A header is the extra information in a packet that is needed for the protocol stack to process the packet.
Hijack Attack
A form of active wiretapping in which the attacker seizes control of a previously established communication association.
Honeymonkey
Automated system simulating a user browsing websites. The system is typically configured to detect web sites which exploit vulnerabilities in the browser. Also known as Honey Client.
Hops
A hop is each exchange with a gateway a packet takes on its way to the destination.
Host
Any computer that has full two-way access to other computers on the Internet. Or a computer with a web server that serves the pages for one or more Web sites.
Host-Based ID
Host-based intrusion detection systems use information from the operating system audit records to watch all operations occurring on the host that the intrusion detection software has been installed upon.
HTTP Proxy
An HTTP Proxy is a server that acts as a middleman in the communication between HTTP clients and servers.
Hashing: The process of converting data into a fixed-size string of characters, which acts as a digital fingerprint.
HSTS (HTTP Strict Transport Security): A web security policy mechanism that helps to protect websites against man-in-the-middle attacks.
HTTPS
When used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually SSL.
Hub
A hub is a network device that operates by repeating data that it receives on one port to all the other ports. As a result, data transmitted by one host is retransmitted to all other hosts on the hub.
Hybrid Attack
A Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words.
Hybrid Encryption
An application of cryptography that combines two or more encryption algorithms, particularly a combination of symmetric and asymmetric encryption.
Hyperlink
In hypertext or hypermedia, an information object (such as a word, a phrase, or an image; usually highlighted by color or underscoring) that points (indicates how to connect) to related information that is located elsewhere and can be retrieved by activating the link.
Hypertext Markup Language (HTML)
The set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page.
Hypertext Transfer Protocol (HTTP)
The protocol in the Internet Protocol (IP) family used to transport hypertext documents across the internet.
Hacktivism — Attackers who hack for a cause or belief rather than some form of personal gain.
I
Identity theft – Identity theft is a crime in which someone uses personally identifiable information in order to impersonate someone else.
Impersonation: When an attacker pretends to be someone else to gain unauthorized access to systems or data.
Incident Management: The process of identifying, managing, and responding to security incidents.
Incident Response Plan – An incident response policy is a plan outlying an organization’s response to an information security incident.
Internet of things (IoT) – The Internet of Things, or IoT, refers to the billions of physical devices around the world that are now connected to the internet, collecting and sharing data.
IP Address – An IP address is an identifying number for a piece of network hardware. Having an IP address allows a device to communicate with other devices over an IP-based network like the internet.
IOS – An operating system used for mobile devices manufactured by Apple.
Information security (InfoSec)
InfoSec stands for information security. It refers to a subcategory of cybersecurity that focuses on the practices, systems, and processes used to protect sensitive information.
Infiltration: The act of gaining unauthorized access to a computer system, network, or device, often to steal data, monitor activities, or install malicious software.
Intrusion detection system (IDS)
An intrusion detection system, or IDS, is a monitoring device or software. It detects vulnerabilities, policy violations, and malicious activity in a system.
IP packet
An IP packet is sometimes referred to as a network packet. It is a unit of data that contains the information needed to transmit data between devices over a network.
Identity
Identity is who someone or what something is, for example, the name by which something is known.
Incident
An incident as an adverse network event in an information system or network or the threat of the occurrence of such an event.
Incident Handling
Incident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security-related events.
Incremental Backups
Incremental backups only backup the files that have been modified since the last backup.
Indicator
A sign that an incident may have occurred or may be currently occurring.
Inetd (xinetd)
Inetd (or Internet Daemon) is an application that controls smaller internet services like telnet, ftp, and POP.
Inference Attack
Inference Attacks rely on the user to make logical connections between seemingly unrelated pieces of information.
Information Warfare
Information Warfare is the competition between offensive and defensive players over information resources.
Ingress Filtering
Ingress Filtering is filtering inbound traffic.
Injection: A type of attack in which malicious code is injected into a vulnerable system, application, or query. Common examples include SQL injection and code injection, where the attacker manipulates queries or inputs to execute unintended commands.
Information Operations (I/O)
The integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision-making of adversaries and potential adversaries while protecting our own. Also called IO.
Input Validation Attacks
Input Validations Attacks are where an attacker intentionally sends unusual input in the hopes of confusing an application.
Integrity
Integrity is the need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete.
Integrity Star Property
In Integrity Star Property a user cannot read data of a lower integrity level then their own.
Internet
A term to describe connecting multiple separate networks together.
Internet Control Message Protocol (ICMP)
An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network.
Internet Engineering Task Force (IETF)
The body that defines standard Internet operating protocols such as TCP/IP. The IETF is supervised by the Internet Society Internet Architecture Board (IAB).
Internet Message Access Protocol (IMAP)
A protocol that defines how a client should fetch mail from and return mail to a mail server.
Internet Protocol (IP)
The method or protocol by which data is sent from one computer to another on the Internet.
Internet Protocol Security (IPsec)
A developing standard for security at the network or packet processing layer of network communication.
Internet Standard
A specification, approved by the IESG and published as an RFC, that is stable and well-understood, is technically competent, has multiple, independent, and interoperable implementations with substantial operational experience, enjoys significant public support, and is recognizably useful in some or all parts of the Internet.
Interrupt
An Interrupt is a signal that informs the OS that something has occurred.
Information system resilience
The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.
Information technology
Any equipment or interconnected system that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. It commonly includes computers, ancillary equipment, software, firmware, similar procedures, services, and related resources.
Interoperability
A measure of the ability of one set of entities to physically connect to and logically communicate with another set of entities.
Intrusion
A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without having authorization to do so.
Intrusion Detection and Prevention
The process of monitoring the events occurring in a computer system or network, analyzing them for signs of possible incidents, and attempting to stop detected possible incidents.
Intranet
A computer network, especially one based on Internet technology, that an organization uses for its own internal, and usually private, purposes and that is closed to outsiders.
Intrusion Detection
A security management system for computers and networks.
IP Flood
A denial of service attack that sends a host more echo request (“ping”) packets than the protocol implementation can handle.
IP Forwarding
IP forwarding is an Operating System option that allows a host to act as a router.
IP Spoofing
The technique of supplying a false IP address.
ISO
International Organization for Standardization, a voluntary, non-treaty, non-government organization, established in 1947, with voting members that are designated standards bodies of participating nations and non-voting observer organizations.
Issue-Specific Policy
An Issue-Specific Policy is intended to address specific needs within an organization, such as a password policy.
ITU-T
International Telecommunications Union, Telecommunication Standardization Sector (formerly “CCITT”), a United Nations treaty organization that is composed mainly of postal, telephone, and telegraph authorities of the member countries and that publishes standards called “Recommendations.”
IaaS (Infrastructure-as-a-Service) — A type of cloud computing service where the provider offers the customer the ability to craft virtual networks within their computing environment.
Identity cloning — A form of identity theft in which the attacker takes on the identity of a victim and then attempts to live and act as the stolen identity.
Identity fraud — A form of identity theft in which a transaction, typically financial, is performed using the stolen identity of another individual.
Information security policy — A written account of the security strategy and goals of an organization. A security policy usually consists of standards, policies (or SOPs – Standard Operating Procedures) and guidelines. All hardware, software, facilities and personnel must abide by the terms of the security policy of an organization. (Also known as security policy.)
Insider threat — The likelihood or potential that an employee or another form of internal personnel may pose a risk to the stability or security of an organization.
IPS (Intrusion Prevention System) — A security tool that attempts to detect the attempt to compromise the security of a target and then prevent that attack from becoming successful.
ISP (Internet Service Provider) — The organization that provides connectivity to the Internet for individuals or companies.
J
Jailbreaking: Removing software restrictions on devices, often for malicious purposes.
Jitter
Jitter or Noise is the modification of fields in a database while preserving the aggregate characteristics that make the database useful in the first place.
JavaScript: A widely-used programming language for web development that, if not properly secured, can be exploited to launch attacks like cross-site scripting (XSS), which injects malicious scripts into web pages.
JavaScript Injection: A web security vulnerability that allows an attacker to inject malicious JavaScript into a web application.
Jump Bag
A Jump Bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.
JBOH (JavaScript-Binding-Over-HTTP) — A form of Android-focused mobile device attack that enables an attacker to be able to initiate the execution of arbitrary code on a compromised device.
Just-in-time (JIT) Access: A security model that provides users with temporary access to resources for a limited time.
JSON Web Token (JWT): A compact, URL-safe means of representing claims to be transferred between two parties, often used in authentication.
Kali Linux: A popular open-source Linux distribution used for penetration testing and security auditing.
K
Keystroke logger – A keystroke logger is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you are unaware actions are being monitored.
Kerberos
A system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography (DES) to implement ticket-based, peer entity authentication service and access control service distributed in a client-server network environment.
Key Exchange: The method of sharing cryptographic keys between parties securely.
Kernel
The essential center of a computer operating system, the core that provides basic services for all other parts of the operating system. A synonym is nucleus.
Keylogger — Any means by which the keystrokes of a victim are recorded as they are typed into the physical keyboard.
Key Management: The process of handling encryption keys, including their creation, storage, and deletion.
KPI (Key Performance Indicator): Metrics used to evaluate the success of security efforts within an organization.
L
Lattice Techniques
Lattice Techniques use security designations to determine access to information.
Layer 2 Forwarding Protocol (L2F)
An Internet protocol (originally developed by Cisco Corporation) that uses tunneling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user.
Layer 2 Tunneling Protocol (L2TP)
An extension of the Point-to-Point Tunneling Protocol used by an Internet service provider to enable the operation of a virtual private network over the Internet.
Least Privilege
Least Privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function.
Legion
Software to detect unprotected shares.
Lightweight Directory Access Protocol (LDAP)
A protocol used to access and manage directory services over a network.
Link State
With link state, routes maintain information about all routers and router-to-router links within a geographic area, and create a table of best routes with that information.
List Based Access Control
List Based Access Control associates a list of users and their privileges with each object.
Loadable Kernel Modules (LKM)
Loadable Kernel Modules allow for the adding of additional functionality directly into the kernel while the system is running.
Log Clipping
Log clipping is the selective removal of log entries from a system log to hide a compromise.
Logic bombs
Logic bombs are programs or snippets of code that execute when a certain predefined event occurs.
Logic Gate
A logic gate is an elementary building block of a digital circuit. Most logic gates have two inputs and one output.
Lockout Policy: A security measure that locks accounts after a specified number of failed login attempts.
Loopback Address
The loopback address (127.0.0.1) is a pseudo IP address that always refers back to the local host and is never sent out onto a network.
LAN (Local Area Network) — An interconnection of devices (i.e. a network) that is contained within a limited geographic area (typically a single building).
Link jacking — A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards.
Load Balancer: A device that distributes network or application traffic across multiple servers to ensure reliability and performance.
M
Malware – Malware is shorthand for malicious software and is designed to cause damage to a computer, server, or computer network.
Malvertising – The use of online advertising to deliver malware.
Memory stick – A memory stick is a small device that connects to a computer and allows you to store and copy information.
MP3 – MP3 is a means of compressing a sound sequence into a very small file, to enable digital storage and transmission.
Multifactor Authentication – Multi-Factor Authentication (MFA) provides a method to verify a user’s identity by requiring them to provide more than one piece of identifying information.
Monitoring: this refers to the continuous surveillance of systems, networks, or data to detect suspicious activities, policy violations, or unauthorized access.
Malicious code
Any code that is intended to cause harm to a system or data.
Malicious Insider: An employee or contractor who intentionally breaches security protocols to harm the organization.
MAC Address
A physical address; a numeric value that uniquely identifies that network device from every other device on the planet.
Mandatory Access Control (MAC)
Mandatory Access Control controls is where the system controls access to resources based on classification levels assigned to both the objects and the users. These controls cannot be changed by anyone.
Man-in-the-Middle Attack (MitM)
A security breach where an attacker intercepts communication between two parties.
Mobile Device Management (MDM): Software solutions that manage and secure mobile devices within an organization.
Multi-Cloud Strategy: The use of multiple cloud computing services in a single architecture for improved flexibility and reliability.
Masquerade Attack
A type of attack in which one system entity illegitimately poses as (assumes the identity of) another entity.
md5
A one way cryptographic hash function. Also see “hash functions” and “sha1”
Measures of Effectiveness (MOE)
Measures of Effectiveness is a probability model based on engineering concepts that allows one to approximate the impact a given action will have on an environment.
Monoculture
Monoculture is the case where a large number of users run the same software, and are vulnerable to the same attacks.
Morris Worm
A worm program written by Robert T. Morris, Jr. that flooded the ARPANET in November, 1988, causing problems for thousands of hosts.
Multi-Cast
Broadcasting from one host to a given set of hosts.
Multi-Homed
You are “multi-homed” if your network is directly connected to two or more ISP’s.
Multiplexing
To combine multiple signals from possibly disparate sources, in order to transmit them over a single path.
N
Network: A group of interconnected devices that share resources and communicate with each other. Securing networks from threats like intrusions, malware, and data breaches is a primary concern in cybersecurity.
Network Security: Measures taken to protect the integrity and usability of networks and data
NAT
Network Address Translation. It is used to share one or a small number of publicly routable IP addresses among a larger number of hosts. The hosts are assigned private IP addresses, which are then “translated” into one of the publicly routed IP addresses.
NIST (National Institute of Standards and Technology): An agency that provides cybersecurity frameworks and guidelines.
Network Sniffer: A tool that captures and analyzes network traffic.
Normalization: The process of converting data into a common format for analysis or storage.
Node: A connection point within a network, such as a computer, server, or other devices. Each node can represent a potential vulnerability that requires proper security measures.
Network Access Control (NAC): A security solution that enforces policies for devices attempting to access the network.
Natural Disaster
Any “act of God” (e.g., fire, flood, earthquake, lightning, or wind) that disables a system component.
Netmask
32-bit number indicating the range of IP addresses residing on a single IP network/subnet/supernet. This specification displays network masks as hexadecimal numbers.
Network Address Translation
The translation of an Internet Protocol address used within one network to a different IP address known within another network.
Network Mapping
To compile an electronic inventory of the systems and the services on your network.
Network Taps
Network taps are hardware devices that hook directly onto the network cable and send a copy of the traffic that passes through it to one or more other networked devices.
Network-Based IDS
A network-based IDS system monitors the traffic on its network segment as a data source.
Non-Printable Character
A character that doesn’t have a corresponding character letter to its corresponding ASCII code.
Non-Repudiation
Non-repudiation is the ability for a system to prove that a specific user and only that specific user sent a message and that it hasn’t been modified.
Null Session
Known as Anonymous Logon, it is a way of letting an anonymous user retrieve information such as user names and shares over the network or connect without authentication.
Network Segmentation: Dividing a network into smaller parts to improve security and performance.
O
Open Source: Software with source code that anyone can inspect, modify, or enhance.
Outage: A period during which a system is unavailable.
Operating system
An operating system (OS) is system software that manages a computer’s resources and processes.
Octet
A sequence of eight bits. An octet is an eight-bit byte.
Obfuscation: The practice of making code or data difficult to understand to protect it from unauthorized access.
One-Way Encryption
Irreversible transformation of plaintext to cipher text, such that the plaintext cannot be recovered from the cipher text by other than exhaustive procedures even if the cryptographic key is known.
One-Way Function
A (mathematical) function, f, which is easy to compute the output based on a given input.
Open Shortest Path First (OSPF)
Open Shortest Path First is a link state routing algorithm used in interior gateway routing.
Operational Security (OpSec): The process of protecting sensitive information from being accessed by adversaries.
OSI
OSI (Open Systems Interconnection) is a standard description or “reference model” for how messages should be transmitted between any two points in a telecommunication network.
OSI layers
The main idea in OSI is that the process of communication between two end points in a telecommunication network can be divided into layers, with each layer adding its own set of special, related functions.
Overload
Hindrance of system operation by placing excess burden on the performance capabilities of a system component.
Outside threat — The likelihood or potential that an outside entity, such as an ex-employee, competitor or even an unhappy customer, may pose a risk to the stability or security of an organization. An outsider must often gain logical or physical access to the target before launching malicious attacks.
Outsourcing — The action of obtaining services from an external entity. Rather than performing certain tasks and internal functions, outsourcing enables an organization to take advantage of external entities that can provide services for a fee.
OWASP (Open Web Application Security Project) — A nonprofit organization that provides resources for improving the security of software.
Open Source Intelligence (OSINT): Information collected from publicly available sources used for intelligence purposes.
P
Packet Sniffer – Software designed to monitor and record network traffic.
Padlock – A padlock icon displayed in a web browser indicates a secure mode where communications between browser and web server are encrypted.
Phishing – Phishing is a method of trying to gather personal information using deceptive e-mails and websites.
Policy Management – Policy Management is the process of creating, communicating, and maintaining policies and procedures within an organization.
Proxy Server – A proxy server is another computer system which serves as a hub through which internet requests are processed.
Pre-texting – Pre-texting is the act of creating a fictional narrative or pretext to manipulate a victim into disclosing sensitive information.
Password
A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
Programming
Programming refers to a technological process for telling a computer which tasks to perform in order to solve problems.
Packet
A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data.
Packet Switched Network
A packet switched network is where individual packets each follow their own paths through the network from one endpoint to another.
Partitions
Major divisions of the total physical hard disk space.
Password Authentication Protocol (PAP)
Password Authentication Protocol is a simple, weak authentication mechanism where a user enters the password and it is then sent across the network, usually in the clear.
Password Cracking
Password cracking is the process of attempting to guess passwords, given the password file information.
Password Sniffing
Passive wiretapping, usually on a local area network, to gain knowledge of passwords.
Patch
A patch is a small update released by a software manufacturer to fix bugs in existing programs.
Patching
Patching is the process of updating software to a different version.
Payload
Payload is the actual application data a packet contains.
Penetration
Gaining unauthorized logical access to sensitive data by circumventing a system’s protections.
Penetration Testing
Penetration testing is used to test the external perimeter security of a network or facility.
Permutation
Permutation keeps the same letters but changes the position within a text to scramble the message.
Personal Firewalls
Personal firewalls are those firewalls that are installed and run on individual PCs.
Pharming
This is a more sophisticated form of MITM attack. A user’s session is redirected to a masquerading website.
Ping of Death
An attack that sends an improperly large ICMP echo request packet (a “ping”) with the intent of overflowing the input buffers of the destination machine and causing it to crash.
Ping Scan
A ping scan looks for machines that are responding to ICMP Echo Requests.
Ping Sweep
An attack that sends ICMP echo requests (“pings”) to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities.
Plaintext
Ordinary readable text before being encrypted into ciphertext or after being decrypted.
Phishing-as-a-Service (PhaaS): A business model where attackers offer phishing kits or services to other criminals.
Point-to-Point Protocol (PPP)
A protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server.
Point-to-Point Tunneling Protocol (PPTP)
A protocol (set of communication rules) that allows corporations to extend their own corporate network through private “tunnels” over the public Internet.
Poison Reverse
Split horizon with poisoned reverse (more simply, poison reverse) does include such routes in updates, but sets their metrics to infinity.
Polyinstantiation
Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks.
Polymorphism
Polymorphism is the process by which malicious software changes its underlying code to avoid detection.
Port
A port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. Only one process per machine can listen on the same port number.
Port Scan
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a “well-known” port number, the computer provides.
Port scanning
Using a program to remotely determine which ports on a system are open (e.g., whether the systems allow connections through those ports).
Private key
A cryptographic key that is used with an asymmetric (public key) cryptographic algorithm. For digital signatures, the private key is uniquely associated with the owner and is not made public. The private key is used to compute a digital signature that may be verified using the corresponding public key.
Probe
A technique that attempts to access a system to learn something about the system.
Possession
Possession is the holding, control, and ability to use information.
Post Office Protocol, Version 3 (POP3)
An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.
Practical Extraction and Reporting Language (Perl)
A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.
Public Disclosure: The act of making information publicly available, which can include vulnerabilities or security flaws.
Preamble
A preamble is a signal used in network communications to synchronize the transmission timing between two or more systems. Proper timing ensures that all systems are interpreting the start of the information transfer correctly.
Privacy: The protection of personal information and data from unauthorized access. Cybersecurity focuses on ensuring privacy through encryption, access controls, and other privacy-enhancing technologies.
Pretty Good Privacy (PGP)TM
Trademark of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet.
Private Addressing
IANA has set aside three address ranges for use by private or non-Internet connected networks. This is referred to as Private Address Space and is defined in RFC 1918.
Program Infector
A program infector is a piece of malware that attaches itself to existing program files.
Program Policy
A program policy is a high-level policy that sets the overall tone of an organization’s security approach.
Promiscuous Mode
When a machine reads all packets off the network, regardless of who they are addressed to.
Proprietary Information
Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.
Protocol
A formal specification for communicating; an IP address the special set of rules that end points in a telecommunication connection use when they communicate.
Protocol Stacks (OSI)
A set of network protocol layers that work together.
Proxy: An intermediary server that routes requests between a client and another server. Proxies can be used for anonymity, load balancing, and protecting systems from direct exposure to threats.
Proxy Server
A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service.
Public Key
The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.
Public Key Encryption
The popular synonym for “asymmetric cryptography”.
Public-Key Forward Secrecy (PFS)
For a key agreement protocol based on asymmetric cryptography, the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.
PaaS (Platform-as-a-Service) — A type of cloud computing service where the provider offers the customer the ability to operate custom code or applications.
Packet sniffing — The act of collecting frames or packets off of a data network communication. This activity allows the evaluation of the header contents as well as the payload of network communications.
Patch management — The management activity related to researching, testing, approving and installing updates and patches to computer systems, which includes firmware, operating systems and applications.
Payment card skimmers — A malicious device used to read the contents of an ATM, debit or credit card when inserted into a POS (Point of Sale) payment system.
Pen testing — A means of security evaluation where automated tools and manual exploitations are performed by security and attack experts. This is an advanced form of security assessment that should only be used by environments with a mature security infrastructure.
Privilege Escalation: A type of attack that exploits a vulnerability to gain higher access rights than intended.
PKI (Public Key Infrastructure) — A security framework for using cryptographic concepts in support of secure communications, storage and job tasks.
POS (Point of Sale) intrusions — An attack that gains access to the POS (Point of Sale) devices at a retail outlet enabling an attacker to learn payment card information as well as other customer details.
Q
QAZ
A network worm
Quarantine: Isolating files or systems that are suspected of being infected with malware
Quarantine Area: A designated space where suspected malware or infected files are isolated to prevent spread.
Quorum: The minimum number of members that must be present for a security-related decision to be made in distributed systems.
R
Ransomware – A type of malicious software designed to block access to a computer system until a sum of money is paid.
Red Team: A group of ethical hackers who simulate real-world attacks to test an organization’s defenses.
Resilience
The ability to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.
Rootkit – Rootkits are a type of malware designed to remain hidden on your computer.
Router – A router is a piece of network hardware that allows communication between your local home network and the Internet.
Race Condition
A race condition exploits the small window of time between a security control being applied and when the service is used.
Radiation Monitoring
Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by listening to radiation signals.
Reconnaissance
Reconnaissance is the phase of an attack where an attacker finds new systems, maps out networks, and probes for specific, exploitable vulnerabilities.
Reflexive ACLs (Cisco)
Reflexive ACLs for Cisco routers are a step towards making the router act like a stateful firewall. The router will make filtering decisions based on whether connections are a part of established traffic or not.
Registry
The Registry in Windows operating systems in the central set of settings and information required to run the Windows computer.
Regression analysis
The use of scripted tests which are used to test software for all possible input is expected.
Request for Comment (RFC)
A series of notes about the Internet, started in 1969 (when the Internet was the ARPANET).
Resource Exhaustion
Resource exhaustion attacks involve tying up finite resources on a system, making them unavailable to others.
Response
A response is information sent that is responding to some stimulus.
Reverse Address Resolution Protocol (RARP)
RARP is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server’s Address Resolution Protocol table or cache.
Reverse Engineering
Acquiring sensitive data by disassembling and analyzing the design of a system component.
Reverse Lookup
Find out the hostname that corresponds to a particular IP address. Reverse lookup uses an IP (Internet Protocol) address to find a domain name.
Reverse Proxy
Reverse proxies take public HTTP requests and pass them to back-end web servers to send the content to it, so the proxy can then send the content to the end-user.
Risk
Risk is the product of the level of threat with the level of vulnerability. It establishes the likelihood of a successful attack.
Risk analysis
The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment.
Risk Assessment
A Risk Assessment is the process by which risks are identified and the impact of those risks determined.
Risk Averse
Avoiding risk even if this leads to the loss of opportunity.
Rivest-Shamir-Adleman (RSA)
An algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.
Role Based Access Control
Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.
RAT (Remote Access Trojan): A type of malware that allows an attacker to control a device remotely.
Remote Access: The ability to access a computer or network from a distant location, often used in managing systems or troubleshooting. Securing remote access is crucial, especially with tools like VPNs (Virtual Private Networks) and secure authentication methods.
Root
Root is the name of the administrator account in Unix systems.
Routing Information Protocol (RIP)
Routing Information Protocol is a distance vector protocol used for interior gateway routing which uses hop count as the sole metric of a path’s cost.
Routing Loop
A routing loop is where two or more poorly configured routers repeatedly exchange the same packet over and over.
RPC Scans
RPC scans determine which RPC services are running on a machine.
Rule Set Based Access Control (RSBAC)
Rule Set Based Access Control targets actions based on rules for entities operating on objects.
Restore — The process of returning a system back to a state of normalcy.
Recovery: The process of restoring a system, network, or data after an attack, disaster, or failure. Cybersecurity recovery plans include data backups, incident response, and system repair strategies.
Risk management — The process of performing a risk assessment and evaluating the responses to risk in order to mitigate or otherwise handle the identified risks.
S
Scam – A scam is a term used to describe any fraudulent business or scheme that takes money or other goods from an unsuspecting person.
Scareware – Scareware is a type of malware designed to trick victims into purchasing and downloading potentially dangerous software.
Security Awareness Training – Security awareness training is a training program aimed at heightening security awareness within an organization.
Security Operations Centre (SOC) – A SOC monitors an organization’s security operations to prevent, detect and respond to any potential threats.
Server – A server is a computer program that provides a service to another computer program (and its user).
Smishing – Smishing is any kind of phishing that involves a text message.
Spam – Spam is slang commonly used to describe junk e-mail on the Internet.
Social Engineering – Social engineering is the art of manipulating people, so they disclose confidential information.
Software – Software is the name given to the programs you will use to perform tasks with your computer.
Spear Phishing – Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
Security engineering
Security engineering is the practice of designing and implementing core security measures in an information system.
S/Key
A security mechanism that uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login.
Safety
Safety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm.
Scavenging
Searching through data residue in a system to gain unauthorized knowledge of sensitive data.
Secure Electronic Transactions (SET)
Secure Electronic Transactions is a protocol developed for credit card transactions in which all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
Secure Shell (SSH)
A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.
Secure Sockets Layer (SSL)
A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that’s transferred over the SSL connection.
Scanning
Sending packets or requests to another system to gain information to be used in a subsequent attack.
Security Policy
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
Segment
Segment is another name for TCP packets.
Sensitive Information
Sensitive information, as defined by the federal government, is any unclassified information that, if compromised, could adversely affect the national interest or conduct of federal initiatives.
Separation of Duties
Separation of duties is the principle of splitting privileges among multiple individuals or systems.
Session
A session is a virtual connection between two hosts by which network traffic is passed.
Session Hijacking
Take over a session that someone else has established.
Session Key
In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time.
SHA1
A one way cryptographic hash function. Also see “MD5”
Shadow Password Files
A system file in which encryption user passwords are stored so that they aren’t available to people who try to break into the system.
Share
A share is a resource made public on a machine, such as a directory (file share) or printer (printer share).
Shell
A Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters.
Signals Analysis
Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data.
Signature
A Signature is a distinct pattern in network traffic that can be identified to a specific tool or exploit.
Simple Integrity Property
In Simple Integrity Property a user cannot write data to a higher integrity level than their own.
Simple Network Management Protocol (SNMP)
The protocol governing network management and the monitoring of network devices and their functions. A set of protocols for managing complex networks.
Simple Security Property
In Simple Security Property a user cannot read data of a higher classification than their own.
Smartcard
A smartcard is an electronic badge that includes a magnetic strip or chip that can record and replay a set key.
Smurf
The Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.
Sniffer
A sniffer is a tool that monitors network traffic as it is received in a network interface.
Sniffing
A synonym for “passive wiretapping.”
Socket
The socket tells a host’s IP stack where to plug in a data stream so that it connects to the right application.
Socket Pair
A way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port.
SOCKS
A protocol that a proxy server can use to accept requests from client users in a company’s network so that it can forward them across the Internet.
Source Port
The port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is made.
Spanning Port
Configures the switch to behave like a hub for a specific port.
Split Horizon
Split horizon is an algorithm for avoiding problems caused by including routes in updates sent to the gateway from which they were learned.
Split Key
A cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items.
Spoof
Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.
SQL Injection
SQL injection is a type of input validation attack specific to database-driven applications where sql code is inserted into application queries to manipulate the database.
Stack Mashing
Stack mashing is the technique of using a buffer overflow to trick a computer into executing arbitrary code.
Standard ACLs (Cisco)
Standard ACLs on Cisco routers make packet filtering decisions based on Source IP address only.
Star Property
In Star Property, a user cannot write data to a lower classification level without logging in at that lower classification level.
State Machine
A system that moves through a series of progressive conditions.
Stateful Inspection
Also referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer.
Static Host Tables
Static host tables are text files that contain hostname and address mapping.
Static Routing
Static routing means that routing table entries contain information that does not change.
Stealthing
Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.
Steganalysis
Steganalysis is the process of detecting and defeating the use of steganography.
Steganography
Methods of hiding the existence of a message or other data. This is different from cryptography, which hides the meaning of a message but does not hide the message itself.
Stimulus
Stimulus is network traffic that initiates a connection or solicits a response.
Store-and-Forward
Store-and-Forward is a method of switching where the entire packet is read by a switch to determine if it is intact before forwarding it.
Straight-Through Cable
A straight-through cable is where the pins on one side of the connector are wired to the same pins on the other end. It is used for interconnecting nodes on the network.
Stream Cipher
A stream cipher works by encrypting a message a single bit, byte, or computer word at a time.
Strong Star Property
In Strong Star Property, a user cannot write data to higher or lower classifications levels than their own.
Sub Network
A separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.
Subnet Mask
A subnet mask (or number) is used to determine the number of bits used for the subnet and host portions of the address. The mask is a 32-bit value that uses one-bits for the network and subnet portions and zero-bits for the host portion.
Structured Query Language (SQL) injection
An attack technique that attempts to subvert the relationship between a webpage and its supporting database, typically in order to trick the database into executing malicious code.
Supplier
Organization or individual that enters into an agreement with the acquirer or integrator for the supply of a product or service.
Switch
A switch is a networking device that keeps track of MAC addresses attached to each of its ports so that data is only transmitted on the ports that are the intended recipient of the data.
Switched Network
A communications network, such as the public switched telephone network, in which any user may be connected to any other user through the use of message, circuit, or packet switching and control devices.
Symbolic Links
Special files which point at another file.
Symmetric Cryptography
A branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). Symmetric cryptography is sometimes called “secret-key cryptography” (versus public-key cryptography) because the entities that share the key.
Symmetric Key
A cryptographic key that is used in a symmetric cryptographic algorithm.
SYN Flood
A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.
Synchronization
Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal the start of a frame.
Syslog
Syslog is the system logging facility for Unix systems.
System Security Officer (SSO)
A person responsible for enforcement or administration of the security policy that applies to the system.
System-Specific Policy
A System-specific policy is a policy written for a specific system or device.
SaaS (Software-as-a-Service) — A type of cloud computing service where the provider offers the customer the ability to use a provided application.
Sandboxing — Running programs in a restricted environment to prevent them from affecting the broader system.
SCADA (Supervisory Control and Data Acquisition) — A complex mechanism used to gather data and physical world metrics as well as perform measurement or management actions of the monitored systems for the purposes of automatic large complex real-world processes such as oil refining, nuclear power generation or water filtration.
Security control — Anything used as part of a security response strategy which addresses a threat in order to reduce risk. (Also known as countermeasure or safeguard.)
Security perimeter — The boundary of a network or private environment where specific security policies and rules are enforced.
SIEM (Security Information and Event Management) — A formal process by which the security of an organization is monitored and evaluated on a constant basis.
Spoof (spoofing) — The act of falsifying the identity of the source of a communication or interaction. It is possible to spoof IP address, MAC address and email address.
Spyware — A form of malware that monitors user activities and reports them to an external party.
Supply chain — The path of linked organizations involved in the process of transforming original or raw materials into a finished product that is delivered to a customer.
Supply Chain Attack: A method where an attacker infiltrates an organization by targeting a third-party vendor.
Security Token: A physical or digital object used to prove a user’s identity electronically.
System Integrity
The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental.
T
Tailgating – Tailgating involves someone who lacks the proper authentication following an employee into a restricted area.
Tablet – A tablet is a wireless, portable personal computer with a touchscreen interface.
Traffic – Web traffic is the amount of data sent and received by visitors to a website.
Tabletop Exercise
A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency situation.
Target of Attack
An information technology product or system and associated administrator and user guidance documentation that is the subject of an attack.
Threat Intelligence: Information about potential threats that helps organizations prepare for and respond to attacks.
Trojan – A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to disguise as legitimate software to gain access to target users’ systems.
Two-factor authentication (or multi-factor authentication)
This term describes the use of two authentication methods to log into a system. Two-factor authentication prevents attackers from gaining access with just one exploited password.
T1, T3
A digital circuit using TDM (Time-Division Multiplexing).
Tamper
To deliberately alter a system’s logic, data, or control information to cause the system to perform unauthorized functions or services.
TCP Fingerprinting
TCP fingerprinting is the use of odd packet header combinations to determine a remote operating system.
TCP Full Open Scan
TCP Full Open scans check each port by performing a full three-way handshake on each port to determine if it was open.
TCP Half Open Scan
TCP Half Open scans work by performing the first half of a three-way handshake to determine if a port is open.
TCP Wrapper
A software package which can be used to restrict access to certain network services based on the source of the connection; a simple tool to monitor and control incoming network traffic.
TCP/IP
A synonym for “Internet Protocol Suite;” in which the Transmission Control Protocol and the Internet Protocol are important parts. TCP/IP is the basic communication language or protocol of the Internet.
TCPDump
TCPDump is a freeware protocol analyzer for Unix that can monitor network traffic on a wire.
TELNET
A TCP-based, application-layer, Internet Standard protocol for remote login from one host to another.
Threat
A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
Threat Intelligence: Information about potential threats to help organizations prepare and respond.
Threat Assessment
A threat assessment is the identification of types of threats that an organization might be exposed to.
Threat Model
A threat model is used to describe a given threat and the harm it could do to a system if it has a vulnerability.
Threat Vector
The method a threat uses to get to the target.
Time to Live
A value in an Internet Protocol packet that tells a network router whether or not the packet has been in the network too long and should be discarded.
Tiny Fragment Attack
With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets.
Token: A digital object or string used in cybersecurity for authentication and authorization purposes. Tokens are often part of two-factor authentication or API security to verify user identities.
Token Ring
A token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time.
Token-Based Access Control
Token based access control associates a list of objects and their privileges with each user. (The opposite of list based.)
Token-Based Devices
A token-based device is triggered by the time of day, so every minute the password changes, requiring the user to have the token with them when they log in.
Topology
The geometric arrangement of a computer system. Common topologies include a bus, star, and ring. The specific physical, i.e., real, or logical, i.e., virtual, arrangement of the elements of a network.
Traceroute (tracert.exe)
Traceroute is a tool that maps the route a packet takes from the local machine to a remote destination.
Transmission Control Protocol (TCP)
A set of rules (protocol) used along with the Internet Protocol to send data in the form of message units between computers over the Internet.
Transport Layer Security (TLS)
A protocol that ensures privacy between communicating applications and their users on the Internet.
Triple DES
A block cipher, based on DES, that transforms each 64-bit plaintext block by applying the Data Encryption Algorithm three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.
Triple-Wrapped
S/MIME usage: data that has been signed with a digital signature, and then encrypted, and then signed again.
Trunking
Trunking is connecting switches together so that they can share VLAN information between them.
Trust
Trust determines which permissions and what actions other systems or users can perform on remote machines.
Trusted Ports
Trusted ports are ports below number 1024 usually allowed to be opened by the root user.
Tunnel
A communication channel created in a computer network by encapsulating a communication protocol’s data packets in (on top of) a second protocol that normally would be carried above, or at the same layer as, the first one. Most often, a tunnel is a logical point-to-point link.
Two-step authentication — A means of authentication commonly employed on websites as an improvement over single factor authentication but not as robust as two-factor authentication.
Threat Hunting: The proactive search for cyber threats lurking in a network before they can cause damage.
U
User Awareness Training: Educational programs designed to help users recognize and avoid security threats.
USB – USB (Universal Serial Bus) is the most popular connection used to connect a computer to devices such as digital cameras, printers, scanners, and external hard drives.
Username – A username is a name that uniquely identifies someone on a computer system.
Unified Threat Management (UTM): An approach that combines multiple security features into a single platform.
User Account Control (UAC): A Windows feature that helps prevent unauthorized changes to the operating system by prompting for permission.
User Behavior Analytics (UBA): Monitoring and analyzing user activity to identify anomalies that may indicate a security threat.
Unsecured Wi-Fi: Wireless networks that lack encryption, making them vulnerable to attacks.
UDP Scan
UDP scans perform scans to determine which UDP ports are open.
Unicast
Broadcasting from host to host.
Uniform Resource Identifier (URI)
The generic term for all types of names and addresses that refer to objects on the World Wide Web.
Uniform Resource Locator (URL)
The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located.
Unix
A popular multi-user, multitasking operating system developed at Bell Labs in the early 1970s.
Untrusted: this refers to systems, networks, or devices that are not inherently trusted and could pose a risk. Zero Trust security models treat all entities as untrusted until proven otherwise.
Unprotected Share
In Windows terminology, a “share” is a mechanism that allows a user to connect to file systems and printers on other systems. An “unprotected share” is one that allows anyone to connect to it.
User
A person, organization entity, or automated process that accesses a system, whether authorized to do so or not.
User Contingency Plan
User contingency plan is the alternative method of continuing business operations if IT systems are unavailable.
User Datagram Protocol (UDP)
A communications protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It’s used primarily for broadcasting messages over a network.
Unauthorized access — Any access or use of a computer system, network or resource which is in violation of the company security policy or when the person or user was not explicitly granted authorization to access or use the resource or system
V
Virus – A computer virus is a malicious software program loaded onto a user’s computer without the user’s knowledge and performs malicious actions.
VPN (Virtual Private Network) – A virtual private network gives you online privacy and anonymity by creating a private network from a public Internet connection. VPNs mask your Internet protocol (IP) address so your online actions are virtually untraceable.
Vulnerability – A vulnerability refers to a flaw in a system that can leave it open to attack.
Vishing – Voice phishing; a scam where attackers use phone calls to trick victims into revealing personal information.
Voice Firewall
A physical discontinuity in a voice network that monitors, alerts and controls inbound and outbound voice network activity based on user-defined call admission control (CAC) policies, voice application layer security threats or unauthorized service use violations.
Voice Intrusion Prevention System (IPS)
Voice IPS is a security management system for voice networks which monitors voice traffic for multiple calling patterns or attack/abuse signatures to proactively detect and prevent toll fraud, Denial of Service, telecom attacks, service abuse, and other anomalous activity.
Virtual Machine (VM): An emulation of a physical computer that runs in isolation, often used for testing and security purposes.
Virtual Private Cloud (VPC): A private cloud hosted within a public cloud, providing added security and privacy.
Vulnerability Assessment: A systematic examination of an information system to determine security weaknesses.
W
Whaling – Whaling is a specific form of phishing that’s targeted at high-profile business executives and managers.
Whitehat – White hat hackers perform penetration testing, test in-place security systems and perform vulnerability assessments for companies.
Worm – A computer worm is a malware computer program that replicates itself in order to spread to other computers.
Wi-Fi – Wi-Fi is a facility that allows computers, smartphones, or other devices to connect to the Internet or communicate with one another wirelessly within a particular area.
WPA (Wi-Fi Protected Access): A security protocol designed to protect wireless networks.
WarChalking
War chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals that can be accessed.
War Dialer
A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogs those numbers so that a cracker can try to break into the systems.
War Dialing
War dialing is a simple means of trying to identify modems in a telephone exchange that may be susceptible to compromise in an attempt to circumvent perimeter security.
War Driving
War driving is the process of traveling around looking for wireless access point signals that can be used to get network access.
Web of Trust
A web of trust is the trust that naturally evolves as a user starts to trust other’s signatures, and the signatures that they trust.
Web Server
A software process that runs on a host computer connected to the Internet to respond to HTTP requests for documents from client web browsers.
WHOIS
An IP for finding information about resources on networks.
Windowing
A windowing system is a system for sharing a computer’s graphical display presentation resources among multiple applications at the same time.
Windump
Windump is a freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire.
Wired Equivalent Privacy (WEP)
A security protocol for wireless local area networks defined in the standard IEEE 802.11b.
Wireless: Refers to communication systems that transmit data over the air (e.g., Wi-Fi, Bluetooth). Wireless security focuses on protecting such networks from eavesdropping, unauthorized access, and other threats.
Wireless Application Protocol
A specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, can be used for Internet access, including e-mail, the World Wide Web, newsgroups, and Internet Relay Chat.
Wiretapping
Monitoring and recording data that is flowing between two points in a communication system.
World Wide Web (“the Web”, WWW, W3)
The global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.
Whitelist — A security mechanism prohibiting the execution of any program that is not on a pre-approved list of software. The whitelist is often a list of the file name, path, file size and hash value of the approved software.
Web Application Firewall (WAF): A security solution that monitors and filters HTTP traffic to and from a web application.
WPA2 (Wi-Fi Protected Access II): A security protocol used to secure wireless networks.
Wormhole Attack: A network attack where a malicious node creates a shortcut for data packets, allowing interception.
Web Shell: A script that allows an attacker to remotely control a web server through a web browser.
X
XSS (Cross-Site Scripting): A security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
X.509: A standard for public key infrastructure (PKI) that defines the format for public key certificates.
XDR (Extended Detection and Response): A security approach that integrates multiple security products into a unified solution for threat detection and response.
Y
YARA: A tool used to identify and classify malware by creating rules based on patterns.
YubiKey: A hardware authentication device that provides two-factor authentication through a USB connection.
Yarn: A package manager for JavaScript that can be used to manage libraries and dependencies in web applications securely.
Z
Zero-Day – Zero-Day refers to a recently discovered vulnerability that hackers can use to attack systems, suggesting the company has just realized the exploit exists and has zero days to fix it.
Zero Trust: A security model that requires strict verification for every person and device trying to access resources, regardless of whether they are inside or outside the network.
Zero-day attack
A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer.
Zero-Day Exploit: A vulnerability that is exploited before the vendor has had a chance to issue a fix.
Zero-Day Vulnerability: A software vulnerability that is unknown to the vendor and for which no patch exists.
Zombie
A computer that has been compromised and is controlled by an attacker, often as part of a botnet.
With this Cybersecurity Glossary, you’re now equipped with the critical terminology needed to safeguard digital assets and combat online threats. As cybercrime continues to rise, staying informed and up-to-date is crucial for protecting yourself and your organization. Ready to take your cybersecurity knowledge to the next level?
Join our Cybersecurity Course at Frontlines Edutech, where you’ll receive hands-on training from industry experts, gain real-world skills, and learn how to defend against modern threats. Enroll today and start your journey toward becoming a cybersecurity professional. Visit our website and secure your spot in the course to master the art of cyber defense!
