Cybersecurity Glossary

A botnet is a network of compromised computers that are controlled by a third party, typically without the owners' knowledge or consent. The computers in a botnet are often referred to as "bots" or "zombies," and they can be used to perform a variety of malicious activities, such as sending spam emails, participating in distributed denial of service (DDoS) attacks, or distributing malware.

A brute force attack is a type of cyber attack that involves trying every possible combination of characters or values in order to guess a password or decrypt a message. This type of attack is often used by attackers when other, more sophisticated methods have failed or are not practical.

Blue teaming refers to the defensive aspect of cybersecurity, where a team of experts works to detect, prevent and respond to threats to an organization's security. The role of the blue team is to monitor the organization's systems and networks for any signs of a breach or attack, and then take appropriate action to contain and mitigate the threat. Blue teams use a variety of tools and techniques, such as threat intelligence, incident response protocols and security analytics, to protect the organization from cyberattacks. They also work to continuously improve the organization's security posture by identifying vulnerabilities, patching systems and educating employees about best security practices. In summary, Blue teaming is the defensive aspect of cybersecurity where a team of experts work to detect, prevent and respond to cyber threats and continuously improve the organization's security posture.

A computer worm is a type of malware that spreads copies of itself from one computer to another, typically over a network. Unlike viruses, which require the user to execute a piece of code, worms can replicate and spread automatically, without any human interaction. Worms can cause harm to individual computers, networks, or entire systems by consuming bandwidth, slowing down or crashing systems, and potentially allowing unauthorized access to sensitive data. Some worms are designed to exploit vulnerabilities in operating systems or other software in order to propagate, while others may use social engineering techniques to trick users into running them.

Cryptojacking is the unauthorized use of someone's computer to mine cryptocurrency. It is typically done by installing malware on the victim's computer that uses the processor to mine cryptocurrency. The cryptocurrency is then transferred to the attacker's wallet.

Data scraping is the process of extracting data from websites. It involves making HTTP requests to a website's server, downloading the HTML of the web page, and parsing that HTML to extract the data you need. Data scraping is often used to extract data from websites that do not provide APIs or do not allow access to their data in any other way. It can be done manually, but is often automated using specialized software or scripts. Data scraping is generally considered to be a violation of the terms of service of a website, so it is important to be cautious when using it.

Defense in depth is a cybersecurity strategy that involves implementing multiple layers of defense at different points within a system or network in order to protect against cyber threats. The idea behind defense in depth is that no single layer of defense is foolproof, and that by implementing multiple layers of protection, it is possible to create a more secure overall system.

Email spoofing is the creation of an email message with a false sender address. The goal of email spoofing is to trick the recipient into thinking the email is legitimate and from a trusted source, when it is actually from someone else entirely. Email spoofing is often used in phishing attacks and spam emails, where the goal is to get the recipient to click on a link or download a file that is malicious.

Encryption is the process of converting plaintext data into a secure, encrypted form that can only be accessed or read by someone with the appropriate decryption key. Encryption is used to protect the confidentiality of data by making it unreadable to anyone who does not have the key.

AA firewall is a security system that controls access to a computer or a network by examining incoming and outgoing network traffic and blocking or allowing it based on a set of predefined security rules. Firewalls can be implemented in hardware, software, or a combination of both.

A fork bomb is a type of denial-of-service (DoS) attack that exploits a vulnerability in a computer system's process management. It works by creating a large number of processes in a short period of time, overwhelming the system's resources and causing it to crash or become unresponsive.

Fast flux is a technique that is used by some types of malware to hide the location of malicious servers and make them more difficult to track and take down. It works by using a large number of compromised servers or other devices as proxies, which rapidly change the IP addresses associated with a particular domain name.

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

A network gateway is a device that connects two or more networks and acts as a point of entry and exit for data passing between them. From a cybersecurity perspective, network gateways are important because they are often the first line of defense against cyber threats attempting to enter or leave a network.

A honeypot is a security resource that is designed to attract and trap malicious actors or automated threats in order to study their activity and learn how to better protect against similar attacks. Honeypots are often used to detect and deflect cyber threats, such as malware, phishing attacks, and botnets. They are usually deployed on a network as decoy servers or devices that mimic production systems, but which are not actually used for any real business functions.

Honeypots are designed to be attractive targets for attackers, but are set up in such a way that any activity on them can be monitored and recorded, allowing security analysts to learn about the tactics, techniques, and procedures used by the attackers. This information can be used to improve the organization's security posture and to better defend against similar attacks in the future.

HTTP Secure (HTTPS) is a protocol for securely transmitting data over the internet. It is based on the standard HTTP protocol, but includes the use of an SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption layer to secure the data being transmitted.

An insider threat is a security threat that comes from within an organization, rather than from an external attacker. Insiders may include employees, contractors, business partners, or anyone with authorized access to an organization's network, systems, or data.

Internet Protocol Security (IPsec) is a suite of protocols that is used to provide security for internet communications. It is designed to protect the integrity, confidentiality, and authenticity of data transmitted over the internet, and is commonly used to implement virtual private networks (VPNs) and other secure networking solutions.

JavaScript is a programming language that is commonly used in web development. It is used to add interactivity and dynamic behavior to websites, such as animations, form validation, and responding to user input.

A jump bag (also known as a "go bag" or "bug-out bag") is a portable kit that contains essential equipment and supplies that are needed to respond to a cybersecurity incident or other emergency. From a cybersecurity perspective, a jump bag is typically used by incident responders and other security professionals to quickly access the tools and resources that they need to assess and respond to a security incident.

A keylogger is a type of software or hardware that is used to record the keystrokes that a user types on their computer or device. It is typically used by attackers to capture sensitive information, such as passwords and login credentials, that the victim types on their keyboard. Keystroke logging can be used to steal a wide range of sensitive information, including login credentials for online accounts, credit card numbers, and personal identification numbers (PINs).

Kerberos is a network authentication protocol that is designed to provide secure, authenticated communication over the internet or other untrusted networks. It is commonly used in enterprise networks to provide secure access to resources such as servers, databases, and other types of networked systems.

A logic bomb is a type of malicious software that is designed to trigger a harmful event when certain conditions are met. The event could be anything from deleting a file or shutting down a system to stealing data or encrypting a hard drive for ransom.

Least privilege is a security principle that states that users and processes should be granted the minimum level of access and privileges necessary to perform their required tasks. The idea behind least privilege is to minimize the potential for accidental or intentional misuse of privileges, and to reduce the impact of security breaches.

Malware is short for "malicious software." It is any software that is designed to harm or exploit a computer system, often without the owner's knowledge or consent. There are many different types of malware, including viruses, worms, Trojan horses, ransomware, and spyware.

Mandatory access control (MAC) is a type of access control model that is used to enforce a predetermined set of security rules for accessing resources in a computer system. In a MAC system, access to resources is based on a fixed set of security policies that are defined by the system administrator or another designated authority.

Network security is the practice of protecting the integrity and availability of a computer network and its associated devices, data, and services. It involves protecting against a variety of threats, such as malicious attacks, unauthorized access, and data breaches. 

Network security involves the use of a variety of technologies, processes, and policies to secure networks, devices, and data from these threats. Some common measures used in network security include firewalls, antivirus software, intrusion detection and prevention systems, and encryption. 

Network security is important because it helps to protect sensitive information and ensure that it is available only to authorized users, as well as protecting against unauthorized access or attacks that could disrupt the availability of the network and its services.

A network-based intrusion detection system (IDS) is a security tool that is designed to monitor network traffic and detect signs of cyber attacks or other security threats. Network-based IDSs work by analyzing network traffic and looking for patterns or anomalies that might indicate the presence of a security threat.

Open source refers to a type of software whose source code is made available to the public, meaning anyone can view and modify the code. This can be beneficial from a cybersecurity perspective because it allows for many people to review the code and identify any potential vulnerabilities. This can lead to a more secure product because those vulnerabilities can be addressed and fixed. Additionally, because the source code is publicly available, it can be audited by security experts to ensure that it is secure.

A one-way function (also known as a "trapdoor function") is a mathematical function that is easy to compute in one direction, but is difficult or infeasible to invert or reverse. One-way functions are used in a variety of applications, including cryptography and cybersecurity.

Personally identifiable information (PII) is any data that can be used to identify a specific individual. This can include things like a person's name, address, phone number, email address, social security number, and financial information. PII is often collected by businesses and organizations in order to provide services or products, but it is important to protect this information as it can be sensitive and can be misused if it falls into the wrong hands. In order to protect PII, it is important to be cautious when sharing personal information online and to make sure that any business or organization that collects PII has robust security measures in place to protect it.

Pharming is a type of cyber attack that involves redirecting traffic from a legitimate website to a malicious one. It is typically done by manipulating the Domain Name System (DNS) records of a website, causing the website's traffic to be redirected to a different server that is controlled by the attacker.

Penetration testing (also known as "pen testing") is the practice of testing a computer system, network, or web application to identify vulnerabilities that an attacker could exploit. The goal of penetration testing is to evaluate the security of a system or application and identify any weaknesses that could be exploited by an attacker.

Phishing is a type of cyber attack that involves tricking individuals into revealing sensitive information such as login credentials, financial information, or personal data. Phishing attacks are typically carried out through the use of fraudulent emails, websites, or other types of communications that appear to be legitimate, but are actually controlled by the attacker. 

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. It was originally developed by Phil Zimmermann in the 1990s and is now owned by Symantec.

A port scan is a security tool that is used to identify open ports on a computer or network. An open port is a communication endpoint that is listening for incoming traffic, and can be used to transmit data.

Public key encryption is a type of cryptographic system that uses a pair of keys (a public key and a private key) to encrypt and decrypt data. It is based on the idea of asymmetric cryptography, which means that the keys used for encryption and decryption are different.

Quality of Service (QoS) refers to the ability of a network to deliver a consistent level of service to a particular application or group of applications. In a cybersecurity context, QoS is important because it can help to ensure that sensitive or mission-critical applications receive the necessary bandwidth and other resources to function properly, even in the face of network congestion or other issues.

Ransomware is a type of malware that encrypts a victim's files. The attackers then demand a ransom from the victim to restore access to the files upon payment. Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file, and that is delivered to the victim via email or through an infected website. Once the victim opens the file, the ransomware is installed on the victim's computer and begins to encrypt the files on the hard drive. The victim is then presented with a ransom demand, which typically includes a deadline for payment and a countdown timer. If the victim does not pay the ransom before the deadline, the encrypted files may be lost forever.

Risk assessment is the process of identifying, analyzing, and evaluating potential risks to an organization's information assets. In the context of cybersecurity, risk assessment involves identifying potential threats to an organization's systems and data, and evaluating the likelihood and potential impact of those threats.

A rootkit is a type of malware that is designed to gain unauthorized access to a computer system and to allow the attacker to maintain that access while hiding their presence from the victim. Rootkits are often used to gain access to a system at the root level, which allows the attacker to have complete control over the system and to hide their activities from the victim. Rootkits are often used to install other types of malware, such as viruses and Trojans, on the victim's system.

Red teaming is a method of evaluating the effectiveness of a security system, organization or plan by simulating an attack from an adversary. The idea is to identify vulnerabilities and weaknesses in the system that a real attacker could exploit. It involves a team of experts who use a variety of tactics and techniques to try to penetrate the organization's defenses, just as a real attacker would. The results of the red team exercise are then used to improve the organization's security measures.

Security awareness training is a program designed to educate employees about cyber threats and how to protect against them. The goal of security awareness training is to increase employees' knowledge about security and make them more aware of their role in protecting sensitive information. This can include topics such as strong passwords, phishing attacks, and safe browsing practices. Security awareness training is important because it helps to create a culture of security within an organization, where employees are vigilant about protecting sensitive information and aware of the potential consequences of security breaches.

A security token is a physical device that is used to gain access to a computer system or network. It is typically used as an additional form of authentication, in addition to a password, to ensure that only authorized users are able to access the system. There are several different types of security tokens, including hardware tokens, software tokens, and biometric tokens.

Spyware is a type of malware that is designed to spy on the user's activities, such as their internet usage, keystrokes, and login credentials. It can be used to steal sensitive information, such as passwords and credit card numbers, or to track the user's activities and send this information back to the attacker. Spyware is often bundled with other software, and it can be installed on a victim's computer without their knowledge or consent.

Social engineering is the use of psychological manipulation or deception to influence people into performing actions or divulging sensitive information. It is a common tactic used by attackers to gain access to systems, networks, or sensitive information.

Secure Sockets Layer (SSL) is a protocol for establishing secure links between networked computers. It is commonly used to secure communications over the internet, and is often used to protect sensitive information such as login credentials, financial transactions, and other types of sensitive data.

A security policy is a set of rules and guidelines that an organization establishes to protect its information assets and systems from cyber threats. In the context of cybersecurity, a security policy is a document that outlines the measures that an organization has put in place to secure its systems and data.

A Trojan horse, or simply a Trojan, is a type of malware that is disguised as legitimate software. It is called a "Trojan" because it typically arrives on a victim's computer hidden inside something else, like a legitimate-looking application or file. Once a Trojan is installed on a victim's computer, it can be used by an attacker to gain access to the victim's system and perform various malicious activities, such as installing additional malware, stealing sensitive data, or taking control of the victim's machine. Trojans are often spread through email attachments, fake software updates, or by downloading infected software or files from the internet. They can be difficult to detect because they often masquerade as legitimate programs and do not show any visible signs of their presence. It is important to use a reputable antivirus program and be cautious when downloading software or opening email attachments in order to protect against Trojan infections.

A threat vector is a means by which a cyber threat can enter or attack a system or network. Threat vectors can take many forms, including email attachments, malicious websites, infected devices, and other types of vectors.

User Datagram Protocol (UDP) is a simple and efficient transport protocol that is used by applications to send and receive messages over the internet. It is a connectionless protocol, which means that it does not establish a dedicated end-to-end connection between the sender and the receiver before transmitting data. Instead, it sends individual packets of data called datagrams from the sender to the receiver without checking whether the receiver is ready to receive them.

A UDP scan is a security tool that is used to identify open User Datagram Protocol (UDP) ports on a computer or network. UDP is a connectionless protocol that is used to transmit data over networks, and is often used for real-time applications such as video streaming and online gaming.

A virtual private network (VPN) is a technology that allows you to create a secure connection over a less-secure network between your computer and the internet. This can be useful when you are connected to the internet via an untrusted network, such as a public Wi-Fi hotspot at a hotel, airport, or coffee shop.

Voice Intrusion Protection System (VIPS) is a security tool that is used to protect against unauthorized access to voice communication systems. It is typically used to secure telephone systems and other types of voice communication networks.

A computer virus is a type of malicious software that is designed to replicate itself and spread from one computer to another. Once a computer is infected with a virus, the virus can execute a variety of harmful actions, such as deleting files, stealing sensitive information, or corrupting data.

Wireless Application Protocol (WAP) is a technical standard that is used to develop and deliver mobile applications and services to wireless devices such as cell phones and tablets. It provides a framework for delivering content and services to mobile devices over wireless networks, and includes protocols for communication, security, and other features.

A web of trust is a decentralized system for establishing the authenticity of a digital certificate or other type of digital identity. It is commonly used in the context of public key infrastructure (PKI), which is a system for managing the distribution and use of public keys for secure communication.

Wired Equivalent Privacy (WEP) is a security protocol that was designed to provide a level of security for wireless communication that is equivalent to that of a wired network. It was developed in the late 1990s as a way to secure wireless networks, and was widely used until the mid-2000s.

X band is a term that is used to refer to a range of frequencies in the microwave portion of the electromagnetic spectrum. In the United States, the X band is typically defined as the range of frequencies from 8.0 to 12.0 GHz. It is used for a variety of purposes, including radar, satellite communication, and military communication.

From a cybersecurity perspective, YAML is generally considered to be a safe and reliable format for storing and exchanging data. It does not include any active content or scripting elements, which makes it less vulnerable to certain types of attacks such as cross-site scripting (XSS) or injection attacks.

A zero-day exploit is a type of cyber attack that exploits a previously unknown vulnerability in a software or operating system. It is called a "zero-day" exploit because the vulnerability is unknown to the software vendor and to the users of the software, and it is being exploited on the same day that it is discovered.

Zero trust is a security model that is based on the idea that organizations should not automatically trust any user, device, or network, even those that are inside the organization's perimeter. Instead, zero trust requires that all access to resources be authenticated and authorized before it is granted.