Thursday, March 26, 2020
We’ve all been there, talking about work projects or the latest in industry news, when suddenly someone mentions a word or term you’ve never heard of. Or worse, a word you should know but can’t seem to remember what it means.
With the help of the Fuel Editorial Advisory Committee, we’ve rounded up a list of common words and terms you’ve always wanted to know but were too afraid to ask.
This glossary will be updated on a regular basis. Interested in contributing? Email the Fuel editors at firstname.lastname@example.org.
Access Control List: A mechanism to control system resources within a network by listing the identities that persons and/or systems are permitted access to, and/or denied access to.
Attack Vectors: A means in which an attacker gains entry or access to a target system. Attackers’ methods are primarily via a human element or other known weak elements for systems that aren’t properly patched.
Authentication: The process of identifying a piece of information or a connection. This can be done using username and password combinations, biometric methods like fingerprints or retinal scans, etc. (This is sometimes confused with Encryption.)
Backdoor: A tool installed after a compromise has occurred to allow attacker(s) easier access into the system at a later time.
Blue Team: A group that defends a network when mock attackers (i.e. Red Team) attempt to gain access. This is normally in conjunction with an operational exercise conducted according to a set of rules by a governing body (i.e. White Team).
Botnet: A large collection of compromised systems working in conjunction to perform a targeted task. This can include the distribution of viruses and/or spyware, the flooding of a network to perform an overload or denial of service attack, or any of several other uses.
Broadcast Address: The broadcast address is the last IP address in a subnet. This is used to send a message to all addresses on the given subnet, normally using either the UDP or ICMP protocols.
Data Breach: The occurrence of the disclosure of previously secured, often confidential information.
DMZ (Demilitarized Zone): A subnet or zone that is exposed to the internet for external access while being segregated from internal network resources. Traditionally, this information has an extra level of protection and is more finely controlled, allowing companies to share information with the internet at large while still keeping their internal resources secured.
DoS (Denial of Service): An attack specifically intended to overload the resources on a network preventing normal functionality. Flooding attacks, connection exhaustion and resource demand are three of the most common methods of DoS attacks, but there are many others.
DDoS (Distributed Denial of Service): An attack from multiple systems that simultaneously attacks a system. Attacking systems are typically part of a botnet that can be dynamically sized to orchestrate the attack. All DDoS are DoS, but not all DoS are DDoS.
Encryption: The process of converting information into an encoded string so the information is obfuscated as it is being sent across the internet, preventing other parties from reading the information. This encryption is done in many different ways depending on the endpoints and the need for the level of complexity of the data being protected. It can be done using many different cyphers including, but not limited to, AES (in multiple bit lengths), DES, 3DES and many more. (This is sometimes confused with Authentication.)
Firewall: A security tool that protects your network by filtering traffic. This can be done in many ways, including hardware or software solutions and commercial or open source tools. It can also be implemented in many different tiers depending on the level of protection a network needs.
Honeypot: A trap or decoy for attackers. A honeypot is intended to look like a real resource that a company would publish, in an attempt to lure hackers to target it instead of real resources. The false system of the honeypot, in conjunction with what looks like legitimate data, will cause attackers to waste time trying to gain access to information that is, in truth, worthless.
IDS (Intrusion Detection System): This is a system that actively look for users attempting to access resources within a network. This system will then notify the administrators of “unusual activity,” allowing the security administrators to look into said activity to confirm whether it is an actual attack or a false positive being reported.
IPS (Intrusion Protection System): Used in conjunction with IDS, this is a system that can automatically take action against unauthorized access attempts or intrusion attempts in addition to notifying the security administrators of the activity.
Keylogger: A means of keeping track of the entries into a computer, whether it is through a keyboard, mouse or any other kind of input device. Keyloggers can be hardware-based, software-based or any combination of both.
Loopback address: A pseudo-IP address (127.0.0.1 for IPv4 or ::1/128 for IPv6) allowing for easy access to map back to the current system being used, while never touching the network beyond the current system — meaning it keeps the data on the current machine.
MAC Address: The physical address of the network interface card that uniquely identifies the machine that is communicating on the internet.
Malware: A generic term intended to cover all of the different types of malicious code out there, including viruses, spyware, etc. Essentially, it refers to any code that is “malicious,” hence the “mal” prefix.
NAT (Network Address Translation): This process is used to share a single or smaller number of publicly available IP addresses, preventing the need for a one-to-one pairing. This allows for the internal network of a company to use whatever IP address scheme they’d like to organize their network — be it logically, physically or some combination of both.
OAuth (Open Standard Authorization): Protocol or framework that provides applications the ability to access other applications using tokens instead of passwords. (Varonis describes this as a valet key for your car: It will start the car, but not grant access to the trunk or glove box.) Used mainly by apps or the Internet of Things (IoT).
Penetration (“Pen") Test: A term for the testing of a network’s security from the outside world in a somewhat controlled manner. This allows an organization to see how secured or protected a network is from attacks.
Phishing: A form of social engineering to trick or deceive individuals into providing information that can be used to gain additional access to systems.
Private Key: A cryptographic key that is used to enable the operation of an asymmetric (public key) cryptographic algorithm that should be kept confidential. Private keys are never to be transmitted across the internet — that’s what public keys are for.
Public Key: The other half of a private key, this is what is passed out to any remote sites that need to make a secure connection to a site a user controls. This public key is then paired to a private key on the destination server to make a secure, encrypted handshake.
Ransomware: A type of malware that locks a user out of their files or device until a ransom is paid, usually in bitcoin or other crypto currency.
Red Team: A group authorized to perform a simulated, controlled attack on a network. This can be done as part of a cyber competition, part of a penetration test, or done in working on learning more about certified ethical hacking and related technologies.
Rootkit: A set of software tools that allow for administrator-level access and privileges that are installed on a system, with the intention of hiding their presence until they are necessary.
SAML (Security Assertion Markup Language): XML-based open standard that enables SSO to pass credentials from an identity provider (like Active Directory) to a service provider (like an SaaS application). Used mainly by users, and not applications.
SSH (Secure Shell): A command line-based interface into a system that doubles as a protocol for making a secured connection into a system. This allows for secure, encrypted sending of commands to a remote system most commonly used when accessing ix-based systems (Unix, Linux, AIX, etc.).
SOC (Security Operations Center): The team that is responsible for monitoring, assessing and defending the security of a firm.
Spoofing: Pretending to be someone else by faking the sender email address in a communication. This is a very common method used when trying to make a phishing attack to gain information via social engineering.
SSO (Single Sign On): The process that allows users within an organization to access different resources with a single set of credentials.
Spyware: Intended to infiltrate and collect data unknown to the user for later use to attack and/or compromise systems.
TIPSec Tunnel: A secure connection between two remote systems. This is a many-to-many type of tunnel, allowing for multiple machines on either network to communicate with each other over an encrypted connection.
Tunnel: A connection between two networks, allowing for communication at a Layer 2 Protocol level. This allows for TCP communication and, along with the proper authentication and encryption methods, the data can also be encoded in a manner preventing others for inspecting and reading the traffic.
Trojan (Trojan Horse): Malware that misleads users as to its true intent. Typically, must be invited in by the unsuspecting user (akin to the Greek myth).
Virus: Primarily intended to attack and damage systems.
VPN (Virtual Private Network): A secure connection between a remote system and another network. This is a one-to-many type of IPSec tunnel connection.
Whitelist: A list of entries that are explicitly granted permission or access to a given system.