Cyber security glossary
This is a useful glossary of cyber security acronyms and terms if you’re just getting into the cyber security space.
AES — Advanced Encryption Standard
APT — Advanced Persistent Threat is a stealthy threat actor (nation state) which gains unauthorised access and may remain undetected for an extended period.
CCMP — Counter Mode Cipher Block Chaining Message Authentication Code Protocol which is based on AES (replaced the TKIP protocol in WEP with AES)
DPF — Dynamic Packet Filtering, used by most modern firewalls so that you only block outbound traffic. If inbound traffic is a response to an outbound request, that inbound traffic is automatically allowed (also called SPI)
DPI — Deep Packet Inspection, generally used just by hardware firewalls. Looks at the data being sent over the network — alerts, blocks, re-routes or logs it. Used to analyse and troubleshoot performance issues, or check for malicious code
E2EE — End to end encryption — where the data is encrypted by the sender and decrypted only be the receiver — e.g. ZRTP, OTR, PGP Programs include Signal messaging, ChatSecure — encrypted messenger for iOS
EC — Elliptic-curve algorithm
DH — Diffie-Helman algorithm
HLD — High Level Domain that has no slash to the left of it e.g. .COM, .ORG, .CO, .GOV
HMAC — Hash Message Authentication Code — including a pre-arranged secret into the message
ICS/OT — Industrial Control Systems/Operations Technology — Systems that are used to manage industrial operations such as oil refineries, energy grids. Many ICS’s are managed via Programmable Logic Controllers (PLCs) or a Discrete Process Control System (DPC)
IOC — Indicators Of Compromise — a piece of digital forensics that suggests an endpoint or network may have been breached — generally reactive, meaning if it’s found, it indicates the system has been compromised
OFAC — Office of Foreign Assets Control (US)— produces and publishes lists that contain sanctioned individuals or companies to prevent prohibited transactions by US citizens.
OPC UA — Open Platform Communications Unified Architecture — cross platform open source standard for data exchange from sensors to cloud applications (used in industrial automation)
PKI — Public Key Infrastructure —roles, policies, hardware, software & procedures used to create, manage, distribute, use, store and revoke digital certificates and manage public key encryption
PUA — Potentially unwanted application — a type of privacy-invasive software
PUPs — potentially unwanted programs
RAT — remote access tool, can be challenging to detect as it may mimic commercial remote admin tools and can open legitimate ports & therefore appears to be benign
RSA — Rivest-Shamir-Adleman algorithm
SPI — Stateful Packet Inspection, used by most modern firewalls so that you only block outbound traffic. If inbound traffic is a response to an outbound request, that inbound traffic is automatically allowed (also called DPF)
SSL — Secure Sockets Layer
SNI — Server Name Indication — a TLS extension that can allow an eavesdropper to see what sites you are going to. The hostname is not encrypted, and this can be used to implement censorship & block sites.
TLP — e.g. TLP(RED) — Traffic Light Protocol — many governments use the Traffic Light Protocol to classify documentation access as un-restricted or restricted. For example TLP(CLEAR) means the documentation is not restricted for public use. The other TLP’s are RED (restricted to specific individuals), AMBER (limited to the organisation only), GREEN (limited to the organisation and peers, but not publicly available). More info here.
TLS — Transport Layer Security
TOTP — Time-based One Time Password — using a multi-factor authentication system to produce a code as added protection once you have signed in to a system, app or website, such as LinkedIn
TTP — Tactics, Techniques & Procedures — Identify patterns of behaviour to defend against specific strategies and threat vectors used by malicious actors.
X.509 — is a poorly designed standard is a digital certificate that uses the X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity in the certificate
— DH — Diffie-Helman algorithm
— RSA — Rivest-Shamir-Adleman algorithm
— EC — Elliptic-curve algorithm
Anonymity — not knowing who you are but may know what you do e.g. non-attribution of your name — e.g. if used TOR to create a post about women’s rights and logged in using a VPN
ANT catalogue — a leaked NSA document listing the technology and tools available for passive & active listening
Public & private key — two keys (RSA ECC, DH, El Gamal) — better key distribution, scalable, authentic & non repudiated, slow, mathematically intensive 1024-bit RSA keys is as strong as an 80-bit symmetric key
Availability — providing timely access to information
Authentication —a system that verifies the user of a system
Authorisation — what the user is allowed to do
Blue team — internal cyber security staff, red teams test the effectiveness of blue teams. Purple teams act as both red and blue teams
CIA Trio — Confidentiality, Integrity, Availability
Confidentiality — who can get what kind of information
Digital signatures — provide authentication, non-repudiation, integrity
Doxing — to do research to find personal or private info — and either releasing it or threatening to release it. If someone has been doxed, they have had info released to the public
Egress filtering — filters outbound traffic (via a firewall) (see also ingress filtering)
Escrow keys — the keys needed to decrypt encrypted data are held in escrow so that under certain circumstances (e.g for official purposes) an authorized third party may gain access to those keys
Encryption — provides confidentiality
Forward security — a new key is negotiated with each transaction & long-term keys are used only for authentication, these session keys are discarded after each transaction.
Hashes — provides encryption integrity
Homomorphic encryption — allows you to perform calculations on encrypted data without decrypting it first
Ingress filtering — filters inbound traffic (via a firewall) (see also egress filtering)
Integrity — correct or consistent with the intended state of information (e.g. not modified)
Interdiction — hardware devices are intercepted prior to delivery and monitoring devices are placed in side the device before you get them
MITRE ATT&CK Framework —MITRE Adversary Tactics, Techniques, & Common Knowledge (ATT&CK). A knowledge base that tracks cyber adversary tactics, and links adversary groups to campaigns.
Non-repudiation — one party can’t deny having received it, and the other party can’t deny having sent the message.
Obfuscate — make obscure, unclear or unintelligible
Parkerian Hexaid — Possession (e.g. loss of control or possessions, that doesn’t involve a breach of confidentiality), Authenticity (veracity of the claim of origin, authorship), Utility (usefulness e.g. ransomware removes usefulness) + Confidentiality, Integrity, Availablility
Privacy — nobody sees what you do but may know who you are. Systems that support privacy are Signal or an encrypted Dropbox for example
Pseudoanonymity — retaining an alias and are able to post content (creating a false identity) e.g. Satoshi Nakamoto —which is a pseudonym for the bitcoin creators
Purple team — security professionals who act as both adversaries & internal teams to help with testing and securing a company.
Red team — security professionals who act as adversaries to overcome cyber security controls — often ethical hackers who provide objective evaluations of a system. See also, blue team & purple team.
Risk — the Risk calculation is (Vulnerabilities x Threats x Consequences)
SABSA business attributes — speaking business language
Social engineering — attacks that centre on weakness in the human being
Stateless — e.g. stateless laptop — lacks any persistent storage, no firmware-carrying flash memory chips. All state is kept on an external device
Steganography — hiding data in plain site, concealing information or files inside — the best carriers are videos, images and audio files — generally they are not encrypted.
Symmetric algorithim — one which uses one key only — Advanced Encryption Standard, fast and strong.
Zero day — computer software vulnerability that is unknown (especially to the vendor). It refers to the number of days since the software was released or updated — hence zero days.
Zero Trust Model — the less you trust, the lower your risk. The Zero Trust security model assumes that a breach may already have occurred, and so access is limited to only what is needed