Cyber security glossary

Photo by Slejven Djurakovic on Unsplash

This is a useful glossary of cyber security acronyms and terms if you’re just getting into the cyber security space.


APTAdvanced Persistent Threat is a stealthy threat actor (nation state) which gains unauthorised access and may remain undetected for an extended period.

CCMP — Counter Mode Cipher Block Chaining Message Authentication Code Protocol which is based on AES (replaced the TKIP protocol in WEP with AES)

DPF — Dynamic Packet Filtering, used by most modern firewalls so that you only block outbound traffic. If inbound traffic is a response to an outbound request, that inbound traffic is automatically allowed (also called SPI)

DPI Deep Packet Inspection, generally used just by hardware firewalls. Looks at the data being sent over the network — alerts, blocks, re-routes or logs it. Used to analyse and troubleshoot performance issues, or check for malicious code

E2EE — End to end encryption — where the data is encrypted by the sender and decrypted only be the receiver — e.g. ZRTP, OTR, PGP Programs include Signal messaging, ChatSecure — encrypted messenger for iOS

EC — Elliptic-curve algorithm
DH — Diffie-Helman algorithm

HLD — High Level Domain that has no slash to the left of it e.g. .COM, .ORG, .CO, .GOV

HMAC — Hash Message Authentication Code — including a pre-arranged secret into the message

PKI — Public Key Infrastructure

PUA — Potentially unwanted application — a type of privacy-invasive software

PUPs — potentially unwanted programs

RAT — remote access tool, can be challenging to detect as it may mimic commercial remote admin tools and can open legitimate ports & therefore appears to be benign

RSA — Rivest-Shamir-Adleman algorithm

SPI — Stateful Packet Inspection, used by most modern firewalls so that you only block outbound traffic. If inbound traffic is a response to an outbound request, that inbound traffic is automatically allowed (also called DPF)

SSL — Secure Sockets Layer

SNI — Server Name Indication — a TLS extension that can allow an eavesdropper to see what sites you are going to. The hostname is not encrypted, and this can be used to implement censorship & block sites.

TLS — Transport Layer Security

X.509 — is a poorly designed standard is a digital certificate that uses the X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity in the certificate

— DH — Diffie-Helman algorithm
— RSA — Rivest-Shamir-Adleman algorithm
— EC — Elliptic-curve algorithm


ANT catalogue — a leaked NSA document listing the technology and tools available for passive & active listening

Asymmetric algorithm
Public & private key — two keys (RSA ECC, DH, El Gamal) — better key distribution, scalable, authentic & non repudiated, slow, mathematically intensive 1024-bit RSA keys is as strong as an 80-bit symmetric key

Availability — providing timely access to information

Authentication —a system that verifies the user of a system

Authorisation — what the user is allowed to do

Blue team — internal cyber security staff, red teams test the effectiveness of blue teams. Purple teams act as both red and blue teams

CIA Trio — Confidentiality, Integrity, Availability

Confidentiality — who can get what kind of information

Digital signatures — provide authentication, non-repudiation, integrity

Doxing — to do research to find personal or private info — and either releasing it or threatening to release it. If someone has been doxed, they have had info released to the public

Egress filtering — filters outbound traffic (via a firewall) (see also ingress filtering)

Escrow keys — the keys needed to decrypt encrypted data are held in escrow so that under certain circumstances (e.g for official purposes) an authorized third party may gain access to those keys

Encryption — provides confidentiality

Forward security — a new key is negotiated with each transaction & long-term keys are used only for authentication, these session keys are discarded after each transaction.

Hashes — provides encryption integrity

Homomorphic encryption — allows you to perform calculations on encrypted data without decrypting it first

Ingress filtering — filters inbound traffic (via a firewall) (see also egress filtering)

Integrity — correct or consistent with the intended state of information (e.g. not modified)

Interdiction — hardware devices are intercepted prior to delivery and monitoring devices are placed in side the device before you get them

Non-repudiation — one party can’t deny having received it, and the other party can’t deny having sent the message.

Obfuscate — make obscure, unclear or unintelligible

Parkerian HexaidPossession (e.g. loss of control or possessions, that doesn’t involve a breach of confidentiality), Authenticity (veracity of the claim of origin, authorship), Utility (usefulness e.g. ransomware removes usefulness) + Confidentiality, Integrity, Availablility

Privacy — nobody sees what you do but may know who you are. Systems that support privacy are Signal or an encrypted Dropbox for example

Pseudoanonymity — retaining an alias and are able to post content (creating a false identity) e.g. Satoshi Nakamoto —which is a pseudonym for the bitcoin creators

Purple team — security professionals who act as both adversaries & internal teams to help with testing and securing a company.

Red team — security professionals who act as adversaries to overcome cyber security controls — often ethical hackers who provide objective evaluations of a system. See also, blue team & purple team.

Risk — the Risk calculation is (Vulnerabilities x Threats x Consequences)

SABSA business attributes — speaking business language

Social engineering — attacks that centre on weakness in the human being

Stateless — e.g. stateless laptop — lacks any persistent storage, no firmware-carrying flash memory chips. All state is kept on an external device

Steganography — hiding data in plain site, concealing information or files inside — the best carriers are videos, images and audio files — generally they are not encrypted.

Symmetric algorithim — one which uses one key only — Advanced Encryption Standard, fast and strong.

Zero day — computer software vulnerability that is unknown (especially to the vendor). It refers to the number of days since the software was released or updated — hence zero days.

Zero Trust Model — the less you trust, the lower your risk. The Zero Trust security model assumes that a breach may already have occurred, and so access is limited to only what is needed

Started reading at 4, haven’t stopped yet

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store