Understanding key security terms is crucial whether you are a seasoned cybersecurity professional or an everyday user looking to stay informed. This blog serves as a comprehensive guide to the most commonly used terms in the field. It is crafted to help you build your knowledge, recognize your strengths, and pinpoint areas for growth. Use this glossary as a trusted resource to better navigate the ever-evolving world of cybersecurity.
A-B
Access Control
Access control ensures that only authorized users can access specific resources.
Access Control List (ACL)
An ACL enforces access control by listing the system entities permitted to access a particular resource.
Access Control Service
A security service that safeguards system resources from unauthorized access. It primarily uses ACLs and tickets to implement protection.
Access Management
Access management involves maintaining access information through four key tasks: account administration, monitoring, maintenance, and revocation.
Access Matrix
An access matrix represents subjects as rows and objects as columns, with privileges assigned within the matrix cells.
Account Harvesting
Account harvesting refers to the collection of legitimate account names from a system.
ACK Piggybacking
ACK piggybacking embeds an acknowledgment (ACK) within another packet sent to the same destination.
Active Content
Active content consists of embedded program code in a web page that executes automatically when accessed by a browser. Examples include Java and ActiveX.
Activity Monitors
Activity monitors prevent virus infections by detecting and blocking malicious activities on a system.
Address Resolution Protocol (ARP)
ARP maps an IP address to a physical machine address in a local network using an ARP cache for reference.
Advanced Encryption Standard (AES)
AES is a symmetric encryption standard developed by NIST for secure data encryption.
Algorithm
An algorithm is a step-by-step computational procedure designed to solve a problem.
Applet
Applets are Java programs that run within a web browser to provide interactive features.
ARPANET
ARPANET was a pioneering packet-switched network developed in the 1970s that laid the foundation for today’s internet.
Asymmetric Cryptography
Asymmetric cryptography uses a public and private key pair to perform different encryption and decryption operations.
Asymmetric Warfare
Asymmetric warfare enables a small, well-leveraged investment to achieve significant outcomes.
Auditing
Auditing involves gathering and analyzing information to ensure compliance with security policies and vulnerability assessments.
Authentication
Authentication verifies the legitimacy of a claimed identity.
Authenticity
Authenticity ensures the originality and validity of information.
Authorization
Authorization grants permission for users or systems to perform specific actions.
Autonomous System
An autonomous system consists of interconnected networks under a single administrative entity, identified by a unique Autonomous System Number (ASN).
Availability
Availability ensures that systems and resources remain accessible for legitimate users.
Backdoor
A backdoor is a hidden tool that attackers install to bypass security controls and regain system access.
Bandwidth
Bandwidth measures the capacity of a communication channel, typically in bits per second.
Banner
A banner displays system information or warnings when a remote user attempts to connect to a service.
Basic Authentication
Basic authentication is a simple web-based authentication method that transmits usernames and passwords with each request.
Bastion Host
A bastion host is a hardened system designed to withstand unknown vulnerabilities.
BIND (Berkeley Internet Name Domain)
BIND is an implementation of DNS that resolves domain names to IP addresses.
Biometrics
Biometrics authenticate users based on their unique physical traits.
Bit
A bit, short for “binary digit,” is the smallest data unit, represented as 0 or 1.
Block Cipher
A block cipher encrypts data in fixed-size blocks rather than bit by bit.
Blue Team
The blue team focuses on defensive cybersecurity measures, such as firewall implementation, patch management, and physical security.
Boot Record Infector
A boot record infector is malware that embeds malicious code into a disk’s boot sector.
Border Gateway Protocol (BGP)
BGP is an inter-autonomous system routing protocol used by ISPs to exchange internet routing information.
Botnet
A botnet is a network of compromised computers controlled by attackers to spread malware or launch attacks.
Bridge
A bridge connects two local area networks (LANs) that use the same communication protocol.
British Standard 7799
This security standard provides guidelines for information security management systems.
Broadcast
Broadcasting sends a message simultaneously to multiple recipients.
Broadcast Address
A broadcast address enables data transmission to all hosts within a network using UDP or ICMP.
Browser
A browser is a client program that retrieves and displays web content.
Brute Force Attack
A brute force attack systematically tries all possible passwords or encryption keys.
Buffer Overflow
A buffer overflow occurs when excess data overwrites adjacent memory, potentially leading to system crashes or exploits.
Business Continuity Plan (BCP)
A BCP outlines procedures for emergency response, backup, and disaster recovery to ensure operational continuity.
Business Impact Analysis (BIA)
A BIA assesses the potential consequences of disruptions to business operations.
Byte
A byte, typically composed of eight bits, represents the smallest addressable unit of computer storage.
C-D
Cache
Cache (pronounced “cash”) refers to a high-speed storage mechanism that stores frequently accessed data for faster retrieval. It can either be a reserved section of RAM or a separate high-speed storage unit. Common types include memory caching and disk caching.
Cache Cramming
Cache cramming manipulates a browser into executing Java code from the local cache instead of fetching it online. This method bypasses stricter security permissions typically applied to online content.
Cache Poisoning
Cache poisoning happens when a name server saves incorrect or malicious data from a compromised remote server. This often plays a role in DNS poisoning attacks.
Call Admission Control (CAC)
Call Admission Control inspects and regulates voice network traffic—both incoming and outgoing—based on predefined user policies, typically enforced by a voice firewall.
Cell
In ATM networks, a cell represents a small, fixed-size unit of data transmission.
Certificate-Based Authentication
This method authenticates users and secures HTTP traffic by using SSL/TLS certificates, enhancing both identity verification and encryption.
CGI (Common Gateway Interface)
CGI allows web servers to interact with external scripts and programs, enabling dynamic content generation based on user input.
Chain of Custody
This legal principle ensures the secure, documented handling of evidence to maintain its integrity throughout investigations.
CHAP (Challenge-Handshake Authentication Protocol)
CHAP authenticates users by generating a unique challenge for each login attempt, reducing the risk of replay attacks.
Checksum
A checksum is a computed value used to verify the integrity of data during storage or transmission.
Cipher
A cipher is an algorithm that encrypts and decrypts data to protect its confidentiality.
Ciphertext
Ciphertext refers to the encrypted version of a message, unreadable without decryption.
Circuit Switched Network
This type of network creates a dedicated communication path between two endpoints for the duration of the session.
Client
A client is a device or program that requests services from a server, which may also act as a client to other servers.
Cloud Computing
Cloud computing enables users to store, manage, and process data on remote servers instead of relying solely on local machines.
Disaster Recovery Sites (Hot, Warm, Cold)
- Hot site: Fully equipped with hardware, software, and connectivity, it allows quick failover with minimal downtime.
- Warm site: Partially equipped and operational within hours or days, it allows limited continuity.
- Cold site: Requires setup and may take weeks to become operational, offering the least immediate support.
Collision
A collision occurs when multiple devices transmit on the same network medium at the same time, causing data loss.
Competitive Intelligence
This practice gathers information about competitors using legal means to gain business insights.
CERT (Computer Emergency Response Team)
CERT provides cybersecurity incident response, publishes alerts, and supports organizations in improving digital defenses.
Computer Network
A computer network links multiple computing devices, allowing data exchange and communication over a shared infrastructure.
Confidentiality
Confidentiality ensures that only authorized users can access sensitive information.
Configuration Management
This process maintains a consistent system state by managing hardware and software configurations.
Cookie
A cookie stores stateful data on a user’s browser, enabling web applications to remember user preferences or login sessions.
Corruption
Corruption involves the unauthorized modification of system functions or data, disrupting proper operation.
Cost-Benefit Analysis
This analysis evaluates the cost of implementing security measures against the value of reduced risk.
Countermeasure
Countermeasures are security responses deployed after threat detection to prevent successful exploits, such as IPS, patches, and ACLs.
Covert Channels
These hidden pathways transmit information using legitimate system processes, often bypassing traditional security controls.
Crimeware
Crimeware is malicious software designed to financially benefit cybercriminals, often by stealing data or enabling DDoS attacks.
Cron
Cron is a Unix-based scheduler that automates tasks by running commands at specified times.
Crossover Cable
A crossover cable connects similar devices directly by reversing transmit and receive wires.
Cryptanalysis
Cryptanalysis aims to break encryption by analyzing ciphertext without access to the key.
Cryptographic Algorithm or Hash
These algorithms support encryption, digital signatures, key exchange, and hash functions used in secure communications.
Cut-Through Switching
In cut-through switching, a device forwards a packet after reading just the header, reducing latency.
Cyber-Attack
A cyber-attack involves unauthorized access, damage, theft, or disruption of digital systems or data.
Cybersecurity Risk Assessment
This assessment identifies and evaluates threats, vulnerabilities, and impacts to help protect an organization’s digital assets.
Cyclic Redundancy Check (CRC)
CRC is an error-checking method used to detect accidental changes in raw data, though it’s not cryptographic.
Daemon
A daemon is a background process—typically started at boot time—that handles system tasks without user input.
Data Aggregation
This process combines data from multiple sources to provide a more complete and useful picture.
Data Breach
A data breach exposes sensitive or confidential data to unauthorized parties, often through hacking or misuse.
Data Custodian
A data custodian manages and safeguards data during its use, taking responsibility for handling and security.
Data Encryption Standard (DES)
DES is a symmetric-key encryption standard with a vast key space, requiring both sender and receiver to use the same secret key.
Data Mining
Data mining extracts patterns and insights from large datasets to support decision-making.
Data Owner
A data owner is accountable for the accuracy, security, and use of a specific data set.
Data Warehousing
Data warehousing consolidates multiple databases into a central repository to streamline analysis and reporting.
Datagram
A datagram (or packet) is a self-contained unit of data that routes independently through a connectionless network.
Day Zero (Zero-Day)
A zero-day refers to a newly discovered software vulnerability that lacks an available fix at the time of discovery.
Decapsulation
Decapsulation removes a data packet’s outer header to process the remaining content at the next protocol layer.
Decryption
Decryption converts ciphertext back into its original, readable form.
Defacement
Defacement alters website content without authorization, often to embarrass the organization or spread a message.
Defense in Depth
Defense in depth implements multiple security layers to reduce the risk of a single point of failure.
Demilitarized Zone (DMZ)
A DMZ is a subnetwork that isolates internal systems from external access while allowing limited communication.
Denial of Service (DoS)
A DoS attack floods a system with traffic, making services unavailable to legitimate users.
Dictionary Attack
A dictionary attack tries words from a list to guess passwords, as opposed to testing every possible combination.
Diffie-Hellman
Diffie-Hellman is a key exchange protocol that securely establishes shared keys over an insecure channel.
Digest Authentication
This authentication method uses MD5 hashing to validate a user’s password without transmitting it in plain text.
Digital Certificate
A digital certificate verifies an entity’s identity online using a public key, issued and signed by a certificate authority.
Digital Envelope
A digital envelope combines encrypted data with an encrypted session key to secure communications.
Digital Signature
A digital signature verifies message integrity and authenticity by hashing and signing the data with a private key.
Digital Signature Algorithm (DSA)
DSA generates a pair of large numbers that act as a digital signature to confirm identity and data integrity.
Digital Signature Standard (DSS)
DSS is the U.S. federal standard for digital signatures, built on the Digital Signature Algorithm (DSA).
Disassembly
Disassembly reverse-engineers binary code to approximate the original source code.
Disaster Recovery Plan (DRP)
A DRP outlines how to restore IT systems and services after a disruption or disaster.
Discretionary Access Control (DAC)
DAC gives users control over access permissions, like setting passwords on files.
Disruption
A disruption temporarily halts normal system operations or service delivery.
Distance Vector
This routing method selects network paths based on distance (cost) to destination networks.
Distributed Scans
These scans originate from multiple sources to obscure the attack and collect reconnaissance data.
Domain
A domain represents a set of systems, knowledge, or IP addresses—often organized under a common name or management.
Domain Hijacking
Attackers hijack a domain by disabling legitimate DNS access and replacing it with their own DNS server.
Domain Name
A domain name identifies a website or entity on the internet, like “example.org.”
Domain Name System (DNS)
DNS translates domain names into IP addresses, enabling users to access websites using human-readable names.
Due Care
Due care ensures an organization follows industry best practices to maintain basic security protections.
Due Diligence
Due diligence involves planning, implementing, and monitoring security practices to detect and prevent threats.
DumpSec
DumpSec collects system information such as user accounts, permissions, and services for security auditing.
Dumpster Diving
This method recovers sensitive information by retrieving discarded media or documents from trash bins.
Dynamic Link Library (DLL)
A DLL contains code and routines used by other programs, enabling modular and reusable software components.
Dynamic Routing Protocol
Dynamic routing protocols like RIP or EIGRP allow routers to automatically share route information and update paths as networks change.
E-F
Eavesdropping
Listening in on private conversations to gather information that may help gain unauthorized access to networks or facilities.
Echo Reply
A message sent by a device in response to receiving an ICMP Echo Request, confirming its availability.
Echo Request
An ICMP message sent to a device to check if it’s online and to measure network latency.
Egress Filtering
The practice of monitoring and controlling outbound network traffic based on predetermined security rules.
Emanations Analysis
Analyzing unintentional signals emitted by electronic devices to extract sensitive information.
Encapsulation
Wrapping one data structure inside another to hide or protect its contents during transmission.
Encryption
The process of converting readable data (plaintext) into a coded format (ciphertext) to prevent unauthorized access.
Ephemeral Port
A temporary port number is assigned to a client for the duration of a session, typically above 1023.
Escrow Passwords
Passwords are stored securely for emergency use when privileged personnel are unavailable.
Ethernet
A widely-used LAN technology standardized under IEEE 802.3, using coaxial or twisted-pair cables and CSMA/CD for media access.
Event
A detectable occurrence within a system or network, such as logins, errors, or policy changes.
Exponential Backoff Algorithm
A technique used to gradually increase wait time after transmission failures, preventing network congestion.
Exposure
The act of unintentionally revealing sensitive data to unauthorized users.
Extended ACLs (Cisco)
Advanced access control lists on Cisco devices that filter traffic based on IPs, protocols, and port numbers.
Extensible Authentication Protocol (EAP)
A framework that supports various authentication methods for network access, including password and certificate-based methods.
Exterior Gateway Protocol (EGP)
A protocol that facilitates the exchange of routing information between autonomous systems.
False Rejects
Occurrences where valid users are incorrectly denied access by an authentication system.
Fast File System
An enhanced Unix file system offering improved read/write performance using inodes and optimized disk layout.
Fast Flux
A DNS technique used by botnets to rapidly change domain IP addresses and avoid detection.
Fault Line Attacks
Exploits that take advantage of weak points between different system interfaces.
File Transfer Protocol (FTP)
A protocol that transfers files over a network using TCP/IP, supporting both text and binary formats.
Filter
A mechanism for allowing or blocking data packets based on specific criteria, used in sniffers and firewalls.
Filtering Router
A router enforces security policies by deciding whether to forward packets based on predefined rules.
Finger
A protocol that retrieves user information from remote systems, such as login status and user profile data.
Fingerprinting
A technique where unusual packets are sent to a system to determine its operating system based on responses.
Firewall
A system or device that blocks unauthorized access to or from a private network, creating a security boundary.
Flooding
An attack that overwhelms a system with excessive traffic or data to cause failure or degrade performance.
Forest
A collection of Active Directory domains that share a common schema and replicate with each other.
Fork Bomb
A denial-of-service attack that repeatedly forks processes to exhaust system resources.
Form-Based Authentication
A method where users input their credentials into a web form for identity verification.
Forward Lookup
A DNS function that translates a domain name into its corresponding IP address.
Forward Proxy
A server that acts on behalf of clients to retrieve data from other servers, often used to enforce access policies.
Fragment Offset
Indicates where a fragment belongs in the original IP packet, used during reassembly.
Fragment Overlap Attack
An attack that manipulates fragmented packets to overwrite data during reassembly and bypass security controls.
Fragmentation
Dividing large data into smaller packets or storage blocks for easier handling by network systems.
Frames
Self-contained units of data transmission with headers and trailers that encapsulate network-layer information.
Full Duplex
A communication method that allows data to be sent and received simultaneously on a channel.
Fully-Qualified Domain Name
A complete domain name includes both the host and the domain, providing a unique address.
Fuzzing
A technique for discovering vulnerabilities by inputting unexpected or malformed data into software.
G-H
Gateway
A gateway serves as a connection point, enabling communication between one network and another.
gethostbyaddr
This DNS function retrieves the domain name of a host when its IP address is known.
gethostbyname
This DNS function fetches the IP address of a host when its domain name is provided.
GNU
GNU is a Unix-like operating system developed under a free software model. Launched in 1983 by Richard Stallman and supported by the Free Software Foundation, it allows users to modify and share source code.
Gnutella
Gnutella is a decentralized file-sharing application that lets users both share and download files from one another, acting as both server and client.
Hardening
Hardening involves identifying and fixing potential security vulnerabilities on a system to reduce the risk of attacks.
Hash Function
A hash function is a mathematical algorithm that converts data into a smaller, fixed-size value. It is typically used for fast data lookups or integrity checks.
Cryptographic Hash Function
A cryptographic hash function produces a one-way checksum from input data. It helps verify data integrity and detect tampering. Common examples include MD5 and SHA1.
Header
A header contains essential metadata in a packet, enabling the protocol stack to understand and process the data effectively.
Hijack Attack
In a hijack attack, the intruder takes over an existing communication session between two parties, potentially manipulating or intercepting data.
Honey Client (Honeymonkey)
A honey client, also known as a honeymonkey, mimics user behavior to detect websites that exploit browser vulnerabilities.
Honey Pot
A honeypot simulates vulnerable services on a computer to lure attackers. It monitors and records malicious activity, helping identify threats before they escalate.
Hops
A hop refers to each transfer a data packet makes from one network device (like a router) to another on its way to the final destination.
Host
A host is a device connected to a network that can send and receive data. If it runs a server, it can also serve content, such as web pages.
Host-Based Intrusion Detection System (Host-Based ID)
This system monitors activities on a single host by analyzing OS audit logs. It compares those activities to predefined security rules but can consume significant resources.
HTTP Proxy
An HTTP proxy acts as an intermediary between a user’s browser and web servers, managing requests and sometimes caching or filtering content.
HTTPS
HTTPS is the secure version of HTTP, typically using SSL or TLS encryption to protect data exchanged between a browser and a server.
Hub
A hub is a basic networking device that sends incoming data to all connected devices, making it less efficient and secure than switches.
Hybrid Attack
A hybrid attack enhances a dictionary attack by inserting numbers or special characters into common words to guess passwords.
Hybrid Encryption
Hybrid encryption combines symmetric and asymmetric encryption methods to improve both security and performance during data transmission.
Hyperlink
A hyperlink is a clickable element in digital content—like a word, phrase, or image—that directs users to related information or resources.
Hypertext Markup Language (HTML)
HTML uses markup tags to format and display content on web pages, defining elements like text, images, and links.
Hypertext Transfer Protocol (HTTP)
HTTP is the standard protocol used to transfer and display web pages over the Internet.
I-K
Identity
Identity refers to the unique name or label that defines a person, system, or object within a network or environment.
Incident
An incident describes any unexpected or adverse event that impacts an information system or the possibility of such an event occurring.
Incident Handling
Incident handling involves a structured response plan to manage security threats such as cyber-attacks, system failures, or natural disasters. It includes six stages: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.
Incident Response
Incident response is the organized process of detecting, managing, and reducing the impact of security incidents to restore normal operations and avoid future issues.
Incremental Backups
Incremental backups store only files that have changed since the last backup, minimizing storage use and speeding up the backup process.
Inetd (xinetd)
Inetd, also known as xinetd, is a network service manager that launches smaller services like Telnet or FTP only when needed, conserving system resources.
Inference Attack
An inference attack exploits logic and indirect clues to derive sensitive data from non-sensitive information.
Information Security
Information security, or InfoSec, is the practice of protecting data from unauthorized access, alteration, or destruction.
Information Warfare
Information warfare involves the battle between attackers and defenders over digital data and systems.
Ingress Filtering
Ingress filtering is the process of inspecting and controlling incoming traffic to block potentially harmful data before it reaches a network.
Input Validation Attacks
Input validation attacks occur when an attacker sends unexpected or malicious input to exploit vulnerabilities in an application’s input handling.
Integrity
Integrity ensures that data remains accurate, consistent, and unaltered, whether by accident or malicious intent.
Integrity Star Property
This security rule prevents users from accessing data with a lower integrity level than their own, maintaining data trustworthiness.
Internet
The Internet connects multiple separate computer networks into a global system for communication and data sharing.
Internet Control Message Protocol (ICMP)
ICMP is a network layer protocol used for diagnostic and error-reporting tasks, like sending echo requests and replies (e.g., ping).
Internet Engineering Task Force (IETF)
The IETF is a global organization responsible for developing and maintaining Internet standards such as TCP/IP, under the Internet Society’s guidance.
Internet Message Access Protocol (IMAP)
IMAP is an email protocol that allows users to access and manage messages stored on a mail server. It supports features like remote folder management and message synchronization.
Internet Protocol (IP)
IP defines how data moves between computers over the Internet, assigning addresses and ensuring proper packet delivery.
Internet Protocol Security (IPsec)
IPsec provides security at the network layer by encrypting and authenticating IP packets, ensuring private and trusted communications.
Internet Standard
An Internet Standard is a formally approved and widely adopted protocol or specification that ensures stability, interoperability, and utility across the Internet.
Interrupt
An interrupt is a signal sent to the operating system to indicate that an event, such as user input or hardware activity, requires attention.
Intranet
An intranet is a private network within an organization that uses internet-based technologies for internal communication and data sharing.
Intrusion Detection
Intrusion detection involves monitoring network or system activities to identify unauthorized access or misuse, helping to protect against both external attacks and internal threats.
IP Address
An IP address is a numerical label assigned to devices on a network that identifies and enables communication between them, typically in IPv4 format (e.g., 192.168.1.1).
IP Flood
An IP flood is a type of denial-of-service (DoS) attack where the attacker overwhelms a system with excessive ping or echo request packets.
IP Forwarding
IP forwarding allows a device to route packets between different networks, functioning as a router when it has multiple network interfaces.
IP Spoofing
IP spoofing is a deceptive technique where an attacker sends packets using a forged source IP address to disguise their identity.
ISO
The International Organization for Standardization (ISO) is a global body that develops voluntary international standards across a range of industries, including technology and cybersecurity.
Issue-Specific Policy
An issue-specific policy targets particular areas of concern within an organization, such as setting password requirements or data classification rules.
ITU-T
The ITU Telecommunication Standardization Sector (ITU-T) is a UN agency responsible for setting global communication and telecommunication standards.
Jitter
Jitter refers to small, random changes made to data, such as in databases, in order to preserve overall patterns while protecting individual privacy.
Jump Bag
A jump bag is a ready-to-use emergency kit that contains tools and resources needed to respond quickly to security incidents.
Kerberos
Kerberos is a network authentication protocol developed at MIT. It uses symmetric encryption and ticket-based mechanisms to verify user identities securely.
Kernel
The kernel is an operating system’s core component. It manages system resources and facilitates communication between hardware and software.
L-M
Lattice Techniques
Lattice techniques determine access to information by using security classifications and designations.
Layer 2 Forwarding Protocol (L2F)
L2F is a tunneling protocol developed by Cisco that uses PPP over IP to extend dial-up links across a network, making the process transparent to the user.
Layer 2 Tunneling Protocol (L2TP)
L2TP extends the Point-to-Point Tunneling Protocol and allows ISPs to support virtual private networks over the Internet.
Least Privilege
The principle of least privilege ensures that users and applications receive only the minimum permissions needed to perform their tasks.
Legion
Legion is a tool designed to identify shared network resources that lack protection.
Lightweight Directory Access Protocol (LDAP)
LDAP enables users to locate resources like files, devices, people, or organizations across networks, including the Internet or private intranets.
Link State
In link state routing, routers gather data about all nearby routers and connections, then calculate the best path based on that information.
List Based Access Control
This access control method attaches a list of users and their permissions to each object to manage access.
Loadable Kernel Modules (LKM)
LKMs let systems add new features directly into the operating system kernel without restarting the machine.
Log Clipping
Log clipping involves deleting selected entries from system logs to conceal evidence of a security breach.
Logic Bombs
Logic bombs are hidden code fragments that trigger actions when specific conditions or dates are met.
Logic Gate
A logic gate is a digital circuit component that processes binary inputs (0 or 1) to produce a single binary output.
Loopback Address
The loopback address (127.0.0.1) always refers to the local machine and never travels over a network.
MAC Address
A MAC address uniquely identifies a network device at the hardware level.
Malicious Code
Malicious code appears useful but performs harmful actions, like granting unauthorized access or executing unwanted operations.
Malware
Malware is a general term for software designed to harm, exploit, or gain unauthorized access to systems.
Mandatory Access Control (MAC)
In mandatory access control, the system enforces access rules based on user and object classifications, and users cannot modify these rules.
Man-in-the-Middle Attack (MitM)
A man-in-the-middle attack intercepts communication between two parties, letting the attacker read, alter, or relay messages without detection.
Masquerade Attack
In a masquerade attack, an attacker pretends to be another user or system to gain unauthorized access.
MD5
MD5 is a one-way cryptographic hash function that creates a unique value to verify data integrity.
Measures of Effectiveness (MOE)
Measures of effectiveness estimate how successful actions are in a specific environment, especially in cybersecurity defense and offense scenarios.
Monoculture
Monoculture occurs when many users rely on the same software, increasing the risk of widespread attacks.
Morris Worm
The Morris Worm, released in 1988 by Robert T. Morris, Jr., caused major disruptions on ARPANET by replicating uncontrollably.
Multi-Cast
Multicasting sends information from one host to multiple specified hosts simultaneously.
Multi-Homed
A multi-homed network connects to two or more Internet service providers, offering redundancy and improved connectivity.
Multiplexing
Multiplexing combines several signals or data streams into one to optimize transmission over a single communication path.
N-O
NAT (Network Address Translation)
NAT allows multiple devices with private IP addresses to share a limited number of public IP addresses. It translates private addresses into public ones, enabling devices on a local network to access external networks like the Internet. Home and small business networks often use NAT to share a single DSL or cable modem IP address. It can also add a layer of protection for servers.
National Institute of Standards and Technology (NIST)
NIST, part of the U.S. Department of Commerce, develops and promotes measurement standards. It works with industries and scientific communities to create and apply these standards, enhancing technology and innovation.
Natural Disaster
A natural disaster is any uncontrollable event—such as a fire, flood, earthquake, lightning strike, or strong wind—that disrupts or disables system components.
Netmask
A netmask is a 32-bit number used to define the range of IP addresses within a network, subnet, or supernet. For example, a typical Class C network uses the netmask 255.255.255.0, which appears in hexadecimal as 0xffffff00.
Network Address Translation
Network Address Translation converts IP addresses from one network into IP addresses used in another network. One network is considered the “inside” network, and the other is the “outside.”
Network Mapping
Network mapping involves creating a digital inventory of devices and services running on a network.
Network Taps
Network taps are physical devices that connect directly to network cables and duplicate all passing traffic to monitoring systems for analysis.
Network-Based Intrusion Detection System (NIDS)
A network-based IDS monitors network traffic in real time using a sensor placed on a specific segment. It operates in promiscuous mode, capturing all traffic on its segment and detecting potential threats based on known attack patterns. NIDS is particularly effective for identifying attacks that may bypass host-based security systems.
Non-Printable Character
Non-printable characters have no visible representation. Examples include Line Feed (ASCII 10), Carriage Return (ASCII 13), and Bell (ASCII 7). On PCs, users can insert them by holding the Alt key and entering the character’s ASCII code.
Non-Repudiation
Non-repudiation ensures that a system can prove a specific user sent a message and that no one else could have done so. It also guarantees the message remains unchanged during transmission.
Null Session
A null session, or anonymous logon, allows unauthenticated users to retrieve system information—like usernames and shared folders—over a network. Applications like Windows Explorer use it to view shared resources on remote machines.
Octet
An octet is a unit of digital information that consists of eight bits, commonly used to represent one byte.
One-Way Encryption
One-way encryption transforms plaintext into ciphertext in a way that prevents reversing the process without exhaustive methods—even when the cryptographic key is known.
One-Way Function
A one-way function is easy to compute in one direction, producing output from input. However, reversing the process to determine the input from the output is practically impossible without brute force.
Open Shortest Path First (OSPF)
OSPF is a link-state routing protocol used in internal networks. It maintains a detailed map of routers, their connections, and link costs to determine the shortest path for data.
OSI (Open Systems Interconnection)
The OSI model standardizes how communication occurs between systems across a network. It consists of seven layers that define specific tasks during data transmission. This model helps ensure different systems and software can interact reliably.
OSI Layers
The OSI model divides communication into seven functional layers:
- Layer 7: Application – Manages user access, authentication, and communication requirements.
- Layer 6: Presentation – Translates and formats data for the application layer.
- Layer 5: Session – Manages sessions and conversations between applications.
- Layer 4: Transport – Ensures reliable data transfer and error checking.
- Layer 3: Network – Determines routing paths and handles packet forwarding.
- Layer 2: Data Link – Controls access to the physical medium and handles data framing.
- Layer 1: Physical – Transmits raw bitstreams over physical media using hardware.
Overload
Overload happens when a system component receives more data or processing requests than it can handle, causing delays or failures in performance.
P-Q
Packet
A packet carries a portion of data and includes the destination address. In IP networks, these packets—also known as datagrams—move across a packet-switching network to deliver information efficiently.
Packet-Switched Network
In a packet-switched network, individual packets travel independently, each choosing its own path from the source to the destination.
Partitions
Partitions divide a physical hard drive into major sections to organize and manage storage.
Password Authentication Protocol (PAP)
PAP is a basic and insecure method of authentication. It sends the user’s password in cleartext across the network, making it vulnerable to interception.
Password Cracking
Password cracking involves trying to guess passwords using data from password files, often to gain unauthorized access.
Password Sniffing
Password sniffing passively monitors network traffic—usually on a local area network—to intercept and collect passwords.
Patch
A patch is a small software update designed to fix bugs or vulnerabilities in existing applications.
Patching
Patching updates software to a newer version to address issues or enhance security.
Payload
The payload is the core data that a packet carries—typically the actual message or application data.
Penetration
Penetration occurs when someone bypasses security controls and gains unauthorized access to sensitive systems or data.
Penetration Testing
Penetration testing assesses the strength of a network or facility’s external defenses by simulating real-world attack scenarios.
Permutation
Permutation rearranges the characters in a message, scrambling their order while keeping the original characters intact.
Personal Firewalls
Personal firewalls operate on individual computers, controlling incoming and outgoing traffic to prevent unauthorized access.
Pharming
Pharming redirects users to fake websites by corrupting DNS records. When users attempt to visit legitimate URLs, they are unknowingly sent to malicious sites where attackers can collect sensitive information like login credentials.
Phishing
Phishing uses fake emails, often mimicking trusted organizations, to trick users into entering sensitive information on fraudulent websites.
Ping of Death
This attack sends an oversized ICMP echo request (ping) to a target machine, potentially overflowing its buffer and causing a crash.
Ping Scan
A ping scan identifies active hosts by sending ICMP echo requests and listening for responses.
Ping Sweep
A ping sweep sends ICMP requests across a range of IP addresses to discover which systems are active and potentially vulnerable.
Plaintext
Plaintext refers to readable text that hasn’t been encrypted or has already been decrypted from ciphertext.
Point-to-Point Protocol (PPP)
PPP enables two computers to communicate over a serial link, like a dial-up connection. It encapsulates network-layer data for transmission.
Point-to-Point Tunneling Protocol (PPTP)
PPTP creates encrypted tunnels through public networks, allowing secure communication as if it occurred over a private connection.
Poison Reverse
Poison reverse is a routing technique where routers advertise routes as unreachable by setting the metric to infinity, helping prevent routing loops.
Polyinstantiation
Polyinstantiation allows databases to store multiple records with the same key. It’s a security measure to prevent inference attacks.
Polymorphism
Polymorphism enables malicious code to change its appearance or structure, making it harder for security tools to detect.
Port
A port is a numerical identifier for a communication endpoint. Each process on a machine uses a specific port to handle network traffic.
Port Scan
A port scan sends requests to various ports on a system to find out which services are running. Attackers use this to identify vulnerabilities.
Possession
Possession refers to having control over information or the ability to use it.
Post Office Protocol v3 (POP3)
POP3 is a standard email protocol that lets clients access and download messages from a remote server to a local machine.
Practical Extraction and Reporting Language (Perl)
Perl is a scripting language that resembles C in syntax and includes powerful text-processing features drawn from Unix tools like sed, awk, and tr.
Preamble
A preamble is a synchronization signal sent before data transmission. It ensures that devices on the network correctly detect the start of a message.
Pretty Good Privacy (PGP™)
PGP is an encryption program that secures email and other digital communications using strong cryptographic techniques.
Private Addressing
Private IP addresses are reserved for internal use within networks and are not routable on the public Internet. RFC 1918 defines the ranges:
- 10.0.0.0 – 10.255.255.255
- 172.16.0.0 – 172.31.255.255
- 192.168.0.0 – 192.168.255.255
Program Infector
A program infector is a type of malware that attaches itself to legitimate programs, executing malicious code when the infected software runs.
Program Policy
A program policy sets the foundational direction for an organization’s overall security strategy and decision-making.
Promiscuous Mode
In promiscuous mode, a network device captures all traffic on its segment, not just traffic addressed to it. Administrators use it for diagnostics, but attackers may use it to intercept sensitive data.
Proprietary Information
Proprietary information includes confidential business data—like customer lists, trade secrets, or product costs—that gives a company a competitive edge.
Protocol
A protocol defines a set of rules that devices follow to communicate across networks. Multiple protocols operate at different layers of a network connection.
Protocol Stacks (OSI)
A protocol stack is a combination of network protocol layers, such as those in the OSI model, that work together to enable communication.
Proxy Server
A proxy server stands between users and the Internet. It filters traffic, enforces policies, improves performance via caching, and enhances security by hiding internal network details.
Public Key
A public key is part of an asymmetric key pair. It is openly shared and used for encrypting data or verifying digital signatures.
Public Key Encryption
Public key encryption refers to asymmetric cryptography, where data encrypted with one key (public) can only be decrypted with the other (private).
Public Key Infrastructure (PKI)
PKI enables secure data exchange over public networks. It uses digital certificates and a trusted authority to manage public and private key pairs.
Public-Key Forward Secrecy (PFS)
PFS ensures that compromising a private key does not affect the security of previous session keys, maintaining the confidentiality of past communications.
QAZ
QAZ is a type of network worm that spreads through shared resources and exploits vulnerabilities to compromise systems.
R-S
Race Condition
A race condition occurs when an attacker exploits the brief moment between applying a security control and using a service.
Radiation Monitoring
Radiation monitoring involves intercepting images, data, or audio by capturing unprotected radiation signals emitted by a system.
Ransomware
Ransomware is a type of malware that encrypts a victim’s files and demands payment to restore access.
Reconnaissance
In the reconnaissance phase, attackers gather information about systems, networks, and vulnerabilities to identify potential entry points.
Reflexive ACLs (Cisco)
Reflexive Access Control Lists on Cisco routers enhance security by filtering traffic based on established connections, similar to a stateful firewall.
Registry
The Windows Registry stores configuration settings and essential information for running the operating system.
Regression Analysis
Regression analysis uses automated test scripts to evaluate software against expected inputs, often run before new releases.
Request for Comment (RFC)
RFCs are technical documents that describe Internet standards. The IETF evaluates and approves them, potentially turning them into formal standards.
Resource Exhaustion
A resource exhaustion attack drains system resources, making them unavailable to legitimate users.
Response
A response is the information a system sends after receiving a request or stimulus.
Reverse Address Resolution Protocol (RARP)
RARP allows a device to request its IP address from a router using its MAC address.
Reverse Engineering
Reverse engineering involves analyzing a system’s components to uncover sensitive data or design information.
Reverse Lookup
Reverse lookup identifies a domain name based on a known IP address.
Reverse Proxy
A reverse proxy forwards public HTTP requests to internal servers, then returns their responses to the end-user.
Risk
Risk reflects the likelihood of a threat exploiting a vulnerability.
Risk Assessment
A risk assessment identifies potential threats and evaluates their impact on assets.
Risk Averse
A risk-averse approach avoids exposure, even if it means sacrificing opportunities, such as using phone calls instead of emails for security.
Rivest-Shamir-Adleman (RSA)
RSA is a widely used asymmetric encryption algorithm developed in 1977.
Role-Based Access Control
Role-Based Access Control assigns user permissions based on organizational roles and responsibilities.
Root
Root is the administrative account in Unix systems with full control over the system.
Rootkit
A rootkit is a toolkit hackers use to hide their presence and maintain administrator-level access.
Router
Routers connect networks and direct data based on IP addresses.
Routing Information Protocol (RIP)
RIP is a distance-vector protocol that uses hop counts to determine the best path between routers.
Routing Loop
A routing loop happens when misconfigured routers continuously send packets back and forth.
RPC Scans
RPC scans identify which Remote Procedure Call services are running on a system.
Rule Set-Based Access Control (RSBAC)
RSBAC restricts or permits actions based on rule-defined operations on system entities.
S/Key
S/Key provides secure logins using a sequence of one-time passwords generated through repeated cryptographic hashing.
Safety
Safety ensures the protection of all individuals involved with an organization from physical harm.
Scavenging
Scavenging retrieves leftover data from system memory or storage to uncover sensitive information.
Secure Electronic Transactions (SET)
SET secures online credit card transactions by authenticating all parties and encrypting data for end-to-end protection.
Secure Shell (SSH)
SSH securely accesses remote systems to execute commands or transfer files over a network.
Secure Sockets Layer (SSL)
SSL encrypts data during internet transmission, ensuring secure communication between web clients and servers.
Security Policy
A security policy outlines how an organization protects sensitive systems and information.
Segment
In networking, a segment refers to a TCP data packet.
Sensitive Information
Sensitive information includes unclassified data that could cause harm if disclosed.
Separation of Duties
This principle divides critical responsibilities among multiple users to reduce the risk of abuse or fraud.
Server
A server provides services to clients by processing and responding to their requests.
Session
A session is a temporary communication link between two hosts for data exchange.
Session Hijacking
Session hijacking involves taking control of an active session between two systems.
Session Key
A session key is a temporary encryption key used during a specific communication session.
SHA1
SHA1 is a cryptographic hash function that produces a fixed-size hash from input data.
Shadow Password Files
These secure files store encrypted passwords, keeping them hidden from unauthorized users.
Share
A share is a network resource, such as a file or printer, made available to others.
Shell
A shell provides a command-line interface to interact with the operating system, particularly in Unix environments.
Signals Analysis
Signals analysis extracts useful data by examining unintended emissions from a system.
Signature
A signature is a recognizable pattern in network traffic that identifies specific tools or attacks.
Simple Integrity Property
This property prevents users from writing to objects at a higher integrity level.
Simple Network Management Protocol (SNMP)
SNMP manages and monitors network devices and their operations.
Simple Security Property
This rule blocks users from accessing data above their classification level.
Smartcard
A smartcard stores secure data on a chip or magnetic strip for authentication purposes.
Smishing
Smishing is phishing through SMS, tricking users into revealing personal data via text messages.
Smurf
A Smurf attack floods a target with traffic by spoofing a ping request to a network’s broadcast address.
Sniffer
A sniffer monitors and captures network traffic through a device’s network interface.
Sniffing
Sniffing refers to the passive interception of data traveling across a network.
Social Engineering
Social engineering uses deception and manipulation to exploit human behavior and gain system access.
Socket
A socket links data streams to applications on a host using IP addresses and ports.
Socket Pair
A socket pair identifies a unique network connection using source and destination IP addresses and ports.
SOCKS
SOCKS is a protocol that routes client requests through a proxy server to reach the internet securely.
Software
Software includes programs and data that a computer executes and processes.
Source Port
The source port is a randomly chosen number (typically above 1024) used by the client to initiate a connection.
Spam
Spam refers to unwanted or unsolicited electronic messages, especially in email and forums.
Spanning Port
A spanning port on a switch mirrors traffic, allowing the port to function like a hub for monitoring.
Split Horizon
Split horizon prevents routing loops by not advertising a route back to the interface from which it was learned.
Split Key
A split key divides a cryptographic key into parts that must be combined to access the full key.
Spoof
Spoofing involves faking an identity to gain unauthorized access to systems or data.
SQL Injection
SQL injection manipulates a database by inserting malicious code into application queries.
Stack Mashing
Stack mashing uses buffer overflows to execute arbitrary code on a system.
Standard ACLs (Cisco)
Standard ACLs in Cisco routers filter traffic using only the source IP address.
Star Property
This rule prevents users from writing data to lower security levels unless logged in under that level.
State Machine
A state machine progresses through predefined stages or conditions during execution.
Stateful Inspection
Stateful inspection evaluates packets based on both header data and content, tracking active connections for added security.
Static Host Tables
These are text files mapping hostnames to IP addresses, used instead of dynamic name resolution.
Static Routing
Static routing manually defines routes in the routing table and does not adapt to network changes.
Stealthing
Stealthing uses methods to hide malware’s presence and avoid detection.
Steganalysis
Steganalysis detects and counters the use of steganography to uncover hidden messages.
Steganography
Steganography conceals the existence of data within other non-secret files or media.
Stimulus
A stimulus initiates a network interaction or response.
Store-and-Forward
Store-and-forward switches read the full packet, verify integrity, then forward it if valid.
Straight-Through Cable
A straight-through cable connects network devices with matching pin configurations on both ends.
Stream Cipher
A stream cipher encrypts data one bit or byte at a time for continuous data streams.
Strong Star Property
The Strong Star Property blocks users from writing data outside their classification level.
Sub Network
A subnetwork, or subnet, divides a larger network into smaller, manageable sections.
Subnet Mask
A subnet mask defines which part of an IP address identifies the network and which part identifies the host.
Switch
A switch forwards data only to the specific port where the destination device is located using MAC addresses.
Switched Network
A switched network uses routing and switching devices to establish communication paths dynamically between users.
Symbolic Links
Symbolic links act as pointers or shortcuts to other files.
Symmetric Cryptography
Symmetric cryptography uses the same key for both encryption and decryption, requiring secure key sharing.
Symmetric Key
A symmetric key is a shared secret used in encryption algorithms for secure communication.
SYN Flood
A SYN flood attack overwhelms a server by sending excessive TCP connection requests, preventing legitimate access.
Synchronization
Synchronization signals mark the beginning of a frame, helping network devices align data transmission.
Syslog
Syslog is a Unix-based protocol and service that logs system events and messages.
System Security Officer (SSO)
The SSO manages and enforces the system’s security policies and procedures.
System-Specific Policy
This type of policy outlines security requirements and rules for a specific device or system.
T-U
T1, T3
T1 and T3 are digital circuits that transmit multiple data streams simultaneously using Time-Division Multiplexing (TDM).
Tamper
Tampering means deliberately modifying a system’s data, logic, or controls to make it perform unauthorized actions.
TCP Fingerprinting
TCP fingerprinting identifies a remote operating system by analyzing unusual combinations of TCP packet headers.
TCP Full Open Scan
This scan performs a full TCP three-way handshake on each port to check if it’s open.
TCP Half Open Scan
A half-open scan sends the first part of the handshake, stopping short of completion to detect open ports without alerting the system.
TCP Wrapper
TCP Wrapper is a security tool that restricts access to network services based on the source address and monitors incoming connections.
TCP/IP
TCP/IP, or the Internet Protocol Suite, is the foundation of internet communication. It manages data transmission between devices over networks.
TCPDump
TCPDump is a Unix-based, open-source protocol analyzer used to capture and examine network traffic.
TELNET
TELNET is a TCP-based protocol that enables users to remotely log in and control another device over a network.
Threat
A threat is any circumstance, action, or event that could exploit vulnerabilities and cause harm or a security breach.
Threat Assessment
Threat assessment involves identifying potential threats and understanding their impact on an organization’s operations.
Threat Model
A threat model outlines the nature of a threat and its potential impact on a system if vulnerabilities exist.
Threat Vector
A threat vector is the pathway or method an attacker uses to access a target system.
Time to Live (TTL)
TTL is a field in IP packets that defines how long the packet can travel through the network before routers discard it.
Tiny Fragment Attack
This attack breaks IP packets into tiny fragments to bypass security filters, exploiting packet filtering rules that fail to inspect incomplete headers.
Token Ring
Token Ring is a network setup where devices form a ring or star and use token-passing to manage data transmission and prevent collisions.
Token-Based Access Control
This access model assigns privileges to each user based on tokens that list allowed objects and actions.
Token-Based Devices
These devices generate time-based, constantly changing passwords that users must have in real time for secure logins.
Topology
Topology refers to the physical or logical layout of a network, such as star, bus, or ring configurations.
Traceroute (tracert.exe)
Traceroute tracks and displays the path packets take from the source device to a destination host across a network.
Transmission Control Protocol (TCP)
TCP is a core internet protocol that manages reliable, ordered data delivery between devices using a connection-based method.
Transport Layer Security (TLS)
TLS is a security protocol that encrypts data between applications and users, ensuring privacy and integrity over the Internet.
Triple DES (3DES)
Triple DES enhances DES encryption by applying the algorithm three times using two or three keys, increasing security.
Triple-Wrapped
In S/MIME, “triple-wrapped” means a message is digitally signed, then encrypted, and signed again to ensure confidentiality and authenticity.
Trojan Horse
A Trojan Horse is a deceptive program that appears useful but secretly performs malicious actions, often bypassing security controls.
Trunking
Trunking connects switches to share VLAN information, enabling consistent communication across VLANs.
Trust
Trust defines the permissions and actions a system or user can perform on another remote system.
Trusted Ports
Trusted ports are system-level ports (below 1024) typically accessible only to users with root or administrative privileges.
Tunnel
A tunnel encapsulates data within another protocol to securely transfer it across incompatible or unsecured networks.
UDP Scan
UDP scans check which UDP ports are open by sending probe packets and monitoring responses or lack thereof.
Unicast
Unicast is a one-to-one network communication where a single sender transmits data to a single receiver.
Uniform Resource Identifier (URI)
A URI identifies any resource on the web, including both names and locations of resources.
Uniform Resource Locator (URL)
A URL specifies the protocol and location of web resources, serving as a complete address for accessing online content.
Unix
Unix is a multi-user, multitasking operating system developed in the 1970s, known for its portability and security features.
Unprotected Share
An unprotected share is a network resource, like a file or printer, accessible by anyone without authentication.
User
A user is any individual, organization, or process that interacts with or accesses a system, whether authorized or not.
User Contingency Plan
This plan outlines alternative procedures to maintain operations if IT systems become unavailable.
User Datagram Protocol (UDP)
UDP is a connectionless protocol that sends datagrams without guaranteeing delivery, often used for broadcasts and time-sensitive transmissions.
V-Z
Virtual Private Network (VPN)
A VPN creates a secure, private network by using encryption and tunneling over a public network like the Internet. Organizations often use it to connect remote sites through encrypted links, allowing safe data transfer without building dedicated physical networks.
Virus
A virus is a malicious software component that hides inside other programs, replicates itself, and activates only when its host program runs.
Vishing (Voice Phishing)
Vishing uses phone calls, either through traditional lines or VoIP, to trick individuals into revealing sensitive information. It operates in a similar way to phishing, which targets users through email.
Voice Firewall
A voice firewall protects voice networks by monitoring and controlling voice traffic. It applies user-defined policies to detect unauthorized service use or threats at the voice application layer.
Voice Intrusion Prevention System (Voice IPS)
Voice IPS analyzes voice network traffic to identify suspicious patterns, preventing toll fraud, service abuse, denial-of-service (DoS) attacks, and other threats.
War Chalking
War chalking involves drawing symbols in public places, like sidewalks, to indicate areas with accessible wireless signals.
War Dialer
A war dialer is a program that automatically dials phone numbers to find those connected to modems, helping attackers identify vulnerable entry points.
War Dialing
War dialing is the technique of scanning phone numbers to detect modem connections that could be exploited to bypass network security.
War Driving
War driving involves moving through areas with a wireless-enabled device to locate and log unsecured wireless access points.
Web of Trust
A web of trust grows as users trust others’ digital signatures and extend that trust to those others also endorsed.
Web Server
A web server is software running on a host machine that responds to HTTP requests from client browsers by delivering web content.
WHOIS
WHOIS is an Internet protocol used to retrieve details about domain names, IP addresses, or network ownership.
Windowing
Windowing systems allow users to run and manage multiple applications simultaneously in a graphical interface, using separate windows for each process.
Windump
Windump is a Windows-based, open-source network protocol analyzer used to capture and inspect data packets on a network.
Wired Equivalent Privacy (WEP)
WEP is a wireless network security protocol defined in IEEE 802.11b, designed to provide privacy similar to wired networks.
Wireless Application Protocol (WAP)
WAP is a standardized set of communication protocols that enables wireless devices to access the Internet, including services like web browsing and email.
Wiretapping
Wiretapping involves intercepting and recording communication data as it travels between two points, typically without authorization.
World Wide Web (WWW or “the Web”)
The Web is a global, hyperlinked collection of documents and services hosted on Internet servers and accessed through web browsers using HTTP.
Web Application Firewall (WAF)
Web Application Firewall actively filters, monitors, and blocks HTTP traffic to and from web applications. It analyzes web traffic to protect against common threats like SQL injection, cross-site scripting (XSS), file inclusion, and misconfigured systems, helping to prevent the exploitation of known vulnerabilities.
White Hat – Black Hat
It refers to ethical and malicious hackers, respectively. Black hat hackers exploit systems for criminal or harmful purposes, while white hat hackers use their skills to identify and fix security flaws, helping organizations stay protected.
Whitelist or Allowlist
It includes pre-approved items, users, or actions that are automatically granted access through a system or security filter. It ensures that only trusted elements are allowed through security checkpoints.
Worm
A worm is a standalone malware program that spreads itself across networks without needing a host file, often consuming resources and causing harm.
Zero Day
A zero day refers to the moment when a new software vulnerability becomes publicly known, often before a patch is available.
Zero-Day Attack
A zero-day attack targets unknown or undisclosed software vulnerabilities, exploiting them before developers can release a fix.
Zero-Day Exploit
A zero-day exploit uses unpatched vulnerabilities in software, hardware, or firmware to carry out unauthorized or malicious actions, often before the vendor is even aware.
Zero-Touch Provisioning (ZTP)
It automates device setup, allowing users to configure their devices with minimal effort and no IT involvement. This streamlined process saves time, reduces manual errors, and frees IT teams to focus on higher-priority tasks. By eliminating the need to manage or deploy system images manually, ZTP simplifies onboarding for both new and repurposed devices.
Zombies
A zombie computer is a compromised device under remote control, usually as part of a botnet. It performs malicious tasks without the owner’s knowledge.
Frequently Asked Questions
Malware, Phishing, Botnet, Attack, Secure, and Network are the most widely used cybersecurity words.
