IT & CyberSecURITY List of Acronyms
IT & CyberSec
Selected terminology and acronyms from the field of IT, networking, cyber security, information assurance, and ethical hacking.
It includes British and European-specific terminology as well as American standards.
Feel free to use it in your CompTIA+, Network+, Security+, or Certified Ethical Hacker (CEH) preparations.
Moon over Greenland
Photo © HD Grzywnowicz, 2018
0-9
2FA - two factor Authentication
4G LTE - Long Term Evolution (4G)
5G - fifth generation service
A
Access Control
Discretionary Access Control ( → DAC)
Mandatory Access Control ( → MAC)
Role-Based Access Control ( → RBAC)
+ Rule-Based Access Control (can be used in combination with any of the above)
Access gateway
ACL - Access Control List
Active content
eg. Flash, Java, Active-X
AD - Active directory 🪟
a directory for Windows network domains; place for many directory-based identity-related services; uses → LDAP protocol (Microsoft version of Kerberos ticketing)
ADDS - Active Directory Domain Service
a domain controller; authenticates and authorizes all users and computers in a Windows domain type network, assigning and enforcing security policies for all computers, and installing or updating software
ADK - Assessment & Deployment Kit 🪟
Adware
a type of malware that tracks user’s activity and shows them unwanted ads; could be a first step to identity theft
ADSL - Asymmetric Digital Subscriber Line
AES - Advanced Encryption Standard
AES replaced RC4 in WPA2+CCMP (previously WPA used RC4+TKIP)
ALE - Annualised Loss of Expectancy
ALE = → SLE (single loss expectancy) x ARO (annualised rate of occurrence)
APIPA - Automatic Private IP Addressing
APK - Android Package
file format for apps used on the Android OS. APK files are compiled with Android Studio, which is the official integrated development environment (IDE) for building Android software. An APK file includes all of the software program's code and assets; beware of sideloaded apks bypassing the official distribution channels
ARP - address resolution protocol
ARP poisoning
usually opening of the man-in-the-middle attack in which the traffic is intercepted and redirected by the attacker sending the unsolicited (and spoofed) ARP response; that response is cached and used en lieu of the correct IP/MAC resolution; requires direct access to the network segment; network needs to use ARP; other names: ARP spoofing, ARP cache poisoning, or ARP poison routing
AUP - Acceptable Usage Policy
B
Backdoor
aka: trapdoor; don’t confuse with: → mantrap
BAU - Business as Usual
BCP - Business Continuity Planning
BIA - Business Impact Analysis
BIOS - Basic Input/Output System
Blacklist
blacklist leaves the access to service/network open to everyone except the specified exceptions; compare with: → whitelist
BootP - the Bootstrap Protocol, 1993
Bot
Botnet
BRI - Basic Rate Interface (ISDN)
Brute force Attack
“bruteforcing” something means to blindly trying every possible combination until you stumble upon the right answer
BSOD - Blue Screen of Death
a message on a Windows PC indicating a stop error/kernel panic has occurred
buffer overflow
bus topology
network topology in which all devices are connected to a single cable, often called the backbone; bus topologies can’t handle large amount of data
BYOD - Bring Your Own Device
aka: “Bring Your Own Disaster” :-)
C
CA - Certification Authority
CAC - Common Access Card
US DOD smart card
cache
hardware or software component that stores data so that future requests for that data can be served faster; the data stored in a cache might be the result of an earlier computation or a copy of data stored elsewhere
CAI - Computer Aided Instruction
CASB - Cloud Access Security Broker
on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies
CBT - Computer-based training
CBC - Cipher Block Chaining
CC - Common Criteria
an assessment scheme providing a scale of product assurance from EAL1 (functional) to EAL 7 (highest)
CCMP - Counter Mode with Cipher Block Chaining Message Authentication Protocol
replaced TKIP in WPA2
CCRA - Common Criteria Recognition Arrangement
CCP - Certified Cyber Professional
NCSC Certified Professional (CCP) Assured Service launched in June 2021 to recognise cyber security practitioners against their specialisms
CCTV - Closed Circuit Television
can be used as a type of detective, physical control
CD-ROM - compact disc read-only memory
CDMA - Code Division Multiple Access (2G)
CDN - Content Delivery Network
eg. Cloudflare
CDP - Certificate Distribution Point
CDPA - Copyright, Designs and Patents Act, 1988 (UK)
CFAA - Computer Fraud and Abuse Act, 1986 (USA)
the first legislation specifically about the computer-related crime
Checksum
a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during transmission or storage of data; checks and confirms integrity of data (but not authenticity); compare with: → hash
CICMADAAD
an acronym to remember stages of creating documentation/ drafting policies:
Creation
Identification
Classification (Security)
Modification (Versioning)
Approval
Distribution
Acknowledgement (via AUP)
Archiving & Retention
Disposal (type of disposal depends on the classification)
CI/CD - Continuous integration/continuous delivery
D can also stand for deployment; automation and monitoring throughout the DevOps lifecycle
CIISec - Chartered Institute of Information security
Cipher
Ciphertext
CIRT - Cyber Incident Response Team
CISO - Chief Information Security Officer
Clean desk policy
CLEF - Commercial Licensed Evaluation Facility
CLI - Command Line Interface
compare with: → GUI
CMA - Computer Misuse Act, 1990 (UK)
CMM - Capability Maturity Model
CNI - Critical National Infrastructure
CoCO - Code of Connection
a minimum set of security standards that organisations must adhere to when joining a Public Service Network
Cold Boot Attack
a type of side channel attack aiming to extract sensitive data stored in random access memory (RAM), which can retain information for up to 90 minutes after the hard reset; CBA is mostly used to retrieve the encryption keys, as well as the data dump during the digital forensics process
CORAS TOOL
an open-source tool for risk analysis
COTS - commercial off-the-shelf (products)
CPA - Commercial Product Assurance
NCSC’s scheme for independent testing of smart meters or recognised smart metering products (eg. Gas Smart Metering Equipment (GSME), Electricity Smart Metering Equipment (ESME), Smart Metering Communications Hub (Comms Hub) and Hand Controlled Auxiliary Load Control Switches (HCALCS); valid for 6 years from the time of issue.
CPNI - Centre for the Protection of National Infrastructure
CRC - cyclic redundancy check
CREST - Council of Registered Ethical Security Testers
CRL - Certificate Revocation List
CRUD - Create, Read, Update & Destroy
(HTTP verb/request operators: post/ get/ put or patch/ delete)
Cryptographic attacks
selected types of cryptographic attacks:
Known Plaintext Attack (KPA) - using a fragment of a known plaintext (so-called “crib”) to try to break the code
Rainbow Table Attack - comparing the hashes with already broken passwords/known combinations generating certain hashes
Dictionary Attack - using pre-loaded dictionary files for cracking single-word passwords
Brute Force Attack (both online and offline) - methodically trying every possible combination
Birthday Attack - exploits hash collision
Downgrade Attack - forcing the victim to use weaker (ie. more easily breakable) hash algorithms
Replay attacks - replaying previously intercepted information later
Crypto risk
danger of suffering harm or loss if the cryptography doesn’t work as it should
CSA - Cloud Security Alliance
CSRF - Cross-site request forgery
sometimes also called “sea surf”; see: XSRF
CTAS
Tailored information assurance evaluations run by the UK’s NCSC that address specific assurance questions and concerns posed by accreditors on behalf of risk owners. This better enables risk owners to make informed risk management decisions.
CTI - Cyber Threat Intelligence
CVE - Common Vulnerabilities and Exposures
CVSS - Common Vulnerabilities Scoring System
The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental.
cyberspace
Cybersecurity
D
DAO - Decentralized Autonomous Organisation
DAC - Discretionary Access Control
a type of access control that allows/denies access based on lists of authorised users per each access point; easy to update and flexible, downsides: the control over it is often in the hands of one person, which is never a good idea
DAEMON
a program running on standby in the background; an extension of operation system initiated at start up and kicking in when needed, without the direct interaction/command from the user
Demarc
sometimes also referred to as dmarc or d-mark; a demarcation point separating the public from private network infrastructure (where the public cabling ends and where the company’s/home’s cabling begins)
DHCP - Dynamic Host Configuration Protocol
automatic and dynamic configuration of the IP address, subnet mask and other options from the pooled base on the DHCP server; udp/67, udp/68
DID - Defense-In-Depth
a layered approach to security architecture
DMPA - The Digital Millennium Copyright Act, 1998 (US)
DMZ - “Demilitarised zone”
a pair of firewalls with logical gap between them; a perfect place for a → honeypot; currently also known as “screened subnet”
DNS - Domain Name Server
udp/53
DNS poisoning
Docker
useful tool allowing sandboxed containerisation of individual apps atop of the shared OS kernel; compare with → virtual machine VM
DOD - Department of Defence (US)
DoS - Denial of Service
a type of an attack flooding the system with useless requests/random data, consuming its resources so that it can’t serve its purpose to genuine users (thus needs to “deny service”); selected types of DoS attacks:
smurf - all pings/replies are being redirected to the named target machine
fraggle - similar to smurf, but uses → UDP instead of → ISMP
land attack - packets received by the victim carry the identical source and destination address, generating confusion and eventually crashing the system
ping of death - sending the ping packet too large, which causes the system to crash immediately upon receiving it
TCP/Syn flood - the attack disturbing the three way handshake process by never completing the handshake that would establish the communication channel between the devices; each request demands for the receiver to put away resources for future connections, which never come to fruition and eventually deplete the resources; considered a legacy attack
DDOS - Distributed Denial of Service
type of an attack performed using a distributed network of machines rather than a single computer
DPA - Data Protection Act, 2018 (UK)
British privacy and security act controlling how your personal information is used by organisations, businesses or the government; a direct response to EU’s → GDPR regulations, adopted in the light of Brexit.
DR - Disaster Recovery
DRE - Data Recovery Encryption
DRP - Disaster Recovery Planning
DSL - Digital Subscriber Line
networking technology that providing broadband (high-speed) Internet connections over the conventional telephone lines
DVD - Digital Versatile Disk
DVD-RW - Digital Versatile Disk Read-Write
E
E2EE - End-To-End Encryption
EAL - Evaluation Assurance Level (1-7)
see: → common criteria
EAST-WEST TRAFFIC
traffic flow of data between devices in the same data centre; characterised by fast response times and lower security requirements; compare with: → north-south traffic
Ecc - Elliptic curve Cryptography
uses elliptic curve function y² = x² + ax + b to generate a pseudo-random number
ECDSA - Elliptic Curve Digital Signature Algorithm
a cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners. It is dependent on the curve order and hash function used
EDI - Electronic Data Interchange
EDGE (3G) - Enhanced Data Rates for GSM Evolution (3G)
EFTA - European Free Trade Association
EFS - Electronic File System
EIDAS - electronic IDentification, Authentication and trust Services
server: tcp/143
ENISA - European Union Agency For Cybersecurity
EPC - European Patent Convention
allows to protect a patent in over 30 countries in a single application
EPHEMERAL ports
temporary port numbers selected at random by the client; ephemeral port range: 1024-65535; compare with: → non-ephemeral ports
ERC-721
non-fungible token (NFT) standard, available on Ethereum blockchain
ESCROW
ETERNAL BLUE
name of code for the SMB vulnerability on the Windows OS; once released, it contributed to development of many exploits, incl. the notorious self-propagating WannaCry ransomware
ETSI
EVENT
something that triggers the alarm; not every event is an incident (but every incident is an event)
EVP - Envelope encryption
EVP functions provide a high level interface to OpenSSL cryptographic functions
F
FAIR - Factor Analysis Information Risk
FAR - False Acceptance Rate
type 2 error of biometric systems; the looser the control - the more FARs (way to remember: the person can go “2FAR”); compare with: → FRR; ideally, FAR and FRR error rate should be equal
FCA - Financial Conduct Authority
FDE - Full Disk Encryption
Firewall
packet-filtering
circuit-level gateway
application-level gateway (proxy)
stateful inspection firewall
next generation firewall
FIPS - Federal Information Processing Standards
FIPS 140-2 - current list of cryptographic algorithms considered secure
FOM - fiber optic modem
FRR - False Rejection Rate
type 1 error of biometric systems; the tighter the control - the more FRRs; compare with: → FAR
FTP - File Transfer Protocol
transfers files between systems; tcp/20 (active node data), tcp/21 (control)
Fuzzing
putting too much data on an application, thus slowing it down
G
GCHQ - Government Communications Headquarters (UK)
GDPR - The General Data Protection RegulatioN, 2016 (EU)
GFS - Grandfather-Father-Son
a backup system maintaining at least 3 generation of backed-up data
GPG - GNU Privacy Guard
also called GnuPG; an alternative to the → PGP suite of encryption software
GPRS - Global Packet Radio Service
GPS - Global Positioning Service
GSM (2G) - Global System for Mobile Communication
GUI - graphic user interface
slightly more intuitive than a command line interface (→ CLI)
H
Hard token
a physical object confirming one’s identity
hardening
practice of reducing the attack surface (e.g. by closing the inactive ports/installing anti-malware/tuning up the firewall settings, etc)
Hash
HDD - Hard Disk Drive
Heuristic
a type of AI-powered → IDS or → IPS that predicts any potential risks and threats by connecting certain clusters of circumstances and calculating the possibility of the negative outcome; heuristics are powered using blueprints of well-documented attack methodologies
HIDS - Host Intrusion Detection System
HIPAA - Health Insurance Portability and Accountability Act, 1996 (US)
HMG - Her Majesty’s Government (UK)
HMI - Human-Machine Interfaces
Honeynet
a network of honeypots; aka: honey farm
Honeypot
Horizon Scanning
HSDPA (3G)- High Speed Downlink Packet Access (3G)
HSM - Hardware Security Modules
HTTP - HyperText Transfer Protocol
non-encrypted; tcp/80
HTTPS - Hypertext Transfer Protocol Secure
encrypted; tcp/443
hub
a multi-port repeater
hypervisor
a virtual machine monitor; allows splitting resources of the server & creating separate virtual machine environments (VMs) with their own OS environments to run independently within the same server (virtualisation technology); example software: VMware, Parallels, Virtual Box
see also: containerisation
I
IA - Information Assurance
IAAA - Identification, Authentication, Authorisation, and Accountability
IASME - Information Assurance for Small Medium Enterprise
IaaS - Infrastructure as a Service
ICMP - Internet Control Management Protocol
Ping uses ICMP packets to determine the performance of a connection between devices
ICCC - International Common Criteria Conference (ICCC)
The annual conference for professionals involved in the specification, development, evaluation and validation or certification of IT security.
ICS - Industrial Control Systems
systems controlling the machines in industrial settings; also includes systems of critical infrastructure
ICS - Information Classification System
Security classifications indicate the sensitivity of information (in terms of the likely impact resulting from compromise, loss or misuse). UK’s HMG classification system features 3 levels (official, secret, and top secret), US - 4 levels (confidential, restricted, protected, and unclassified). Commercial organisations usually classify the information as follows: highly confidential, confidential, internal only, and public/open.
UK’s HMG Information Classification image source
ICT - Information and communications technology
ID&A - Identification and Authentication
IDS - Intrusion Detection System
compare with: → IPS
IEC - International Electrotechnical Commission
IETF - Internet Engineering Task Force
IKE - Internet Key Exchange
IM - Incident Management
for 5 phases of IM see: → RIACAR
IM - Instant Messaging
IMAP - Internet Message Access Protocol
tcp/143, SSL tcp/993
IMEI - International Mobile Station Equipment Identity
identifies every physical mobile device (always check if unlocked when purchasing a second-hand phone)
IMSI - International Mobile Subscriber Identity
I/O devices - input/output devices
eg. CD-R/RW, DVD, and Blu-ray drives; digital camera; fax machine; hard drives; modem; NIC (network interface card); SD Card.
IoC - Indicators of Compromise
Io0 - a loopback interface
IP - intellectual Property
IP address - internet protocol address
needs to be unique within the network; private (internal) and one public IP per each internet access provided via an internet service provider (ISP)
IPv4 - 000.000.000.000, numbers only, each octet between 0-255 (max. 4.29 billion combinations - increasingly more difficult to keep all the IPv4 s on the internet unique)
IPv6 0000:0000:0000:0000:0000:000, alphanumeric (max. 340 trillion + combinations)
IPP - Internet Printing Protocol
IPS - Intrusion Prevention System
compare with: → IDS
IPR - Intellectual Property Rights
IPSec - Internet Protocol Security
IR - Incident response
IRP - Incident Response Plan
IRT - Incident Response Team
IS - Information Security
ISDN - Integrated Services Digital Network
ISF - Information Security Forum
ISM band - Industrial, Scientific and Medical Band
radio band frequency reserved internationally for industrial, scientific and medical sectors
ISMS - Information Security Management System
ISO - International Organisation for STANDARDISATION
est. 1947, USA
ISP - Internet Service Provider
ITAR - International Traffic in Arms Regulation
ITIL - IT Infrastructure Library
ITSEC - Information Technology Security Evaluation Criteria
ITU - International Telecommunication Union
J
K
key
Kerberos, 2021
a network authentication protocol working on a principle of a ticketing system, issuing a ‘ticket’ per each individual transaction
Kernel panic
a stop error / Blue Screen of Death (BSOD) on the Windows; happens when an operating system can't fix a low-level error and needs to shut the system to prevent damage to the hardware
KPA - Known Plaintext Attack
type of a cryptographic attack using a fragment of a known plaintext (“the crib”) to try to break the code and find the right combination to achieve the same hash
KRA - Key Recovery Agent
(in escrow arrangements)
L
LAN - Local Area Network
LCD - Liquid Crystal Display
LDAP - Lightweight Directory Access Protocol
tcp/389
LFSR - Linear Feedback Shift Register
Logic bomb
a code that stays dormant until activated by certain set of circumstances; often used by disgruntled employees to go off after their departure from the company
LOS - Line-of-sight (communicationS)
high speed, high frequency radio propagation (tall communication towers)
LPD - Line Printer Daemon
M
MAC address - Media Access Control Address
a unique identifying number of the device - hexadecimal string of 12 values separated by colons: 00:00:00:00:00:00; first 3 pairs in the string identify the manufacturer, last 3 are a unique value representing the serial number of the device; MAC addresses are encoded by the hardware manufacturer (but they can be overwritten and/or spoofed relatively easily);
MAC - Mandatory Access Control
the strictest, most secure type of → access control; access control settings can’t be changed without the admin; access levels are based upon user classification; inflexible compared to → DAC (requires reprogramming of each specific user’s access)
MAC - Message Authentication Code
Malware
Mantrap
a physical security access control system made of two sets of interlocking doors, such that the first set of doors must close before the second set opens
MBR - Master Boot Record
can be updated via Windows Recovery Environment
MDM - Mobile Device Management
Meshed network
MFA - Multi Factor Authentication
MIMO - Multiple Input Multiple Output
MitM - Man-in-the-Middle
a type of attack in which third party intercepts data/traffic between the two parties
MOD - Ministry of Defence (UK)
MPLS - Multi-Protocol LaBeL Switching
MTBF - Mean Time Between Failures
the average time between system breakdowns
N
NAC - Network Access Control
802.1X
NAT - Network Address Translation
NAT Firewalls - Network Address Translation Firewalls
see: → firewall
NAT OVERLOAD
also known as: source network address translation, or port address translation (PAT)
NCA - National Crime Agency
NCSC - National Cyber security Centre
NDA - Non-Disclosure Agreement
Network
at least 2 devices connected together & communicating with each other; networks can be private or public
Network sniffers
NIDS - Network Intrusion Detection System
NIS - Network and Information Systems
NIST - National Institute of Standards and Technology (US)
NLOS - Non-line-of-sight
a radio wave propagation spectrum characterised by lower frequencies (smaller towers)
NOC - Network Operations Centre
non-ephemeral ports
permanent port numbers assigned to an application; non-ephemeral port numbers range from 0-1023; compare with: → ephemeral ports
Non-repudiation
NORTH-SOUTH TRAFFIC
ingress/egress to another device; different security requirements to → east-west traffic
NTFS - New Technology File System
proprietary journaling file system developed by Microsoft
NVD - National Vulnerability Database by NIST
O
OCTAVE - Operationally Critical Threat, Asset and Vulnerability Evaluation
OES - Operators of Essential Services
OLED - Organic Light-Emitting Diode
doesn’t require backlight - electroluminescent (EL) organic material shaped into a thin film glows upon introduction of the current; the biggest downside: the light-emitting material can degrade with time
OOB - Out-of-band (Authentication)
OS - Operating System
eg. Microsoft Windows, macOS, iOS, Android, Linux, Unix
OS - Offensive Security
one of the certifications bodies offering certifications in pentesting, wireless network attacks, website application attacks, and Windows and macOS exploit development.
OSCP - Offensive Security Certified Professional
one of the pentesting certifications offered by → Offensive Security
OSI - Open Source Intelligence
OSI model - Open Systems Interconnection model
a conceptual framework used to describe the functions of a networking system; OSI proposes 7 layers:
Physical
Data Link
Network
Transport
Session
Presentation
Application
(compare: → TCP/IP model)
OSINT - Open Source Intelligence
OT - Operation Technology
OTA - on the air (updates)
OWASP - Open Web Application Security Project
OWASP is a nonprofit foundation that works to improve the security of software. Each year OWASP issues Top 10 Web Application Security Risks
P
PaaS - Platform as a Service
PABX - Private Automatic Branch Exchange
Packet-filtering firewall
see: → firewall
PACE - Police and Criminal Evidence Act, 1984 (UK)
PAN - Personal Area Network
eg. Bluetooth
Parrot (security)
a Linux distribution with many hacking tools pre-installed.
PAT - Port Address Translation
Patching
Partitioning networks
aka: subnetting, fragmentation
PCI DSS - Payment Card Industry Data Security Standard
PDCA - Plan-Do-Check-Act
aka: the Deming cycle approach
PDNTSPA - Please Do Not Throw Sausage Pizza Away
a funny sentence to help remember all 7 layers of the → OSI network model
PGP - Pretty Good Privacy
PII - Personally Identifiable Information
PIV card - Personal Identity Verification card
US government identity smart card with certificate-based authentication
PKI - Public Key Infrastructure
Plaintext
PLC - Power Line Communication
PLCs - Programmable Logic Controllers
POE - Power over Ethernet
POE device doesn’t require any additional power source in order to run (the energy is taken from the ethernet directly)
POODLE - PaddING Oracle ON DOWNGRADED LEGACY ENCRYPTION
a known and well-documented vulnerability of SSL v.3
POP3 - Post Office Protocol 3
mail protocol mostly used on legacy systems; tcp/110, SSL tcp/995
PRA - Public Records Act, 1958 (UK)
PRI - Product Release Instructions
PRI - Primary Rate Interface (ISDN)
PRIEN MILER
useful acronym to remember stages of incident response (IR):
PReparation
Identification
Escalation (& Notification)
Mitigation
LEssons learned (Reporting)
Recovery
PRL - preferred roaming list
for legacy CDMA networks (Code-division multiple access), towers, etc.
ProtMon - Protective Monitoring
PROXY
Proxy Firewall
see: → firewall
PSN - Public Service Network
PSPG - Policy, Standards, Procedures, Guidelines
PSTN - Public Switched Telephone System
Q
Q-Bits - Quantum bits
QAS - Quality assured Service
QKD - Quantum Key Distribution
Quantum Computing
R
RADIUS - Remote Authentication Dial-In User Service
Raid - Redundant Array of Independent/ Inexpensive Disks
Ransomware/ Crypto-malware
type of malware that encrypts the user’s data files while leaving the OS operational, usually demanding the ransom for the key (often in crypto currencies) with a nuisance pop-up or page
RAT - Remote Access TOOLS
(sometimes also referred to as: remote access trojan)
RBAC - Role-Based Access Control
system that works by assigning permissions to a specific job title rather than an individual user
RDP - Remote Desktop Protocol
shares desktop over the remote location over tcp/3389
RDSP - Relevant Digital Service Providers
REDDI CRESTO PUSHARD
a useful acronym illustrating the process/phases of protection of information (cradle-to-grave protection of information)
REsearch
Design
DIscovery
CREation
STOrage
Processing
Use
SHaring
ARchiving
Disposal
Redundancy
remanence (Data remanence)
residual representation of digital data that remains even after attempts have been made to remove or erase it
Repeater
hardware receiving & repeating the signal to another interface, thus extending the network range without additional cabling; also see: → hub
Resilience
REST API - Representational State API
RFC 1918 - Request for Comments no. 1918
RFID - Radio Frequency Identification
active/powered ID tags
RIJNDAEL
the algorithm/family of ciphers behind the AES; name created by abbreviating and collating names of Rijmen & Daemen
RIACAR
an acronym to remember 5 phases of incident management (IM):
Reporting
Investigation
Assessment
Corrective Action
Review
ring topology
a network topology in which all devices are a connector to two others to create a full circle; downside: the circle can be easily broken as one connection effectively stops the entire communication within the network; aka: token topology
RIPA - Regulation and Investigatory Powers Act, 2000
RJ-45
the Ethernet plug
Rootkit
malware that embeds itself into the heart of the system and ‘cons‘ the system to accept it as native; the only way to remove it is to open the BIOS settings and open only the default files
Router
layer 3 networking device (routing packets)
Routes of infection
RPN - Reverse Polish Notation
reverse Łukasiewicz notation; mathematical notation where the operator symbol is placed after the arguments being operated on (the operands); saves a lot of time for the compiler
RSA SecurID
type of two-factor authentication with one-time password generated on a hard token
RTU - Remote Terminal Units
R.U.D.Y - R-U-Dead-Yet?
type of low and slow denial of service (DOS) attack that occupies the server by opening a connection and sending the data very slowly for a prolonged periods of time, until the server is unable to serve the legitimate traffic
S
SaaS - Software as a Service
SABSA - Sherwood Applied Business Security Architecture
The SABSA Matrix:
Safe Harbour
SCADA - Supervisory Control and Data Acquisition
SCTP - Stream Control Transmission Protocol
a transport-layer protocol that ensures reliable, in-sequence transport of data
‘Shadow IT’
a practice of setting up unofficial and unauthorised IT services (eg. additional cloud storage) without informing the IT/Security team
shim/ Shimming
an insert filling gaps; eg. Windows compatibility mode enabling programs to run on previous - shimmed - versions of Windows, directly from the current version of the OS
Sheep-dipping
SIEM - Security Information and Event Management
SMB - Server Message Blocks
aka: CIFS (Common Internet File Sharing); Microsoft Windows protocol for file sharing; can be using NetBIOS over TCP/IP for older/legacy versions (udp/137, udp/138, tcp/139), or direct SMB over TCP without the NetBIOS for newer versions (tcp/445); Apple/MacOS equivalent: → AFP; SMB vulnerability on Windows XP is believed to be the main reason behind the success of WannaCry ransomware attacks back in 2017 that targeted UK’s NHS (amongst others)
S/MIME - Secure Multi-Purpose Internet Mail Extensions
SMTP - Simple Mail Transfer Protocol
tcp/25 (w/o authentication), tcp/587 (with authentication)
Sniffers
see: → network sniffers
SNMP - Simple Network Management Protocol
queries: udp/161, traps: udp/162
SLA - Service Level Agreement
SLE - Single Loss Expectancy
SLE = AV (asset value) x EF (exposure factor)
see: → ALE
SLP - Service Location Protocol
SOA - Service Oriented Architecture
SOC - Security Operation Centre
SO-DIMM - Small Outline Dual In-Line Memory Module
eg: RAM card
SOE - Standard Operating Environments
set of tested/approved hardware/software combinations within the network
SOHO - Small Office Home Office
Soft Token
token provided via software/app on the phone
SOP - Standard Operating Procedures
SP Networks - Substitution-Permutation Networks
basis of AES (Advanced Encryption Standard)
Spanning port
a spanning port
Spanning tree protocol
used for → redundancy support
SPOF - Single Point of Failure
Spoofing
SPYWARE
malware that is tracking user’s movements without their knowledge, with intention to go beyond what’s legally permissible (dig out personal information, intercept log in details, etc.); compare with: → trackers
SQL - Structured Query Language
a standardized programming language that is used to manage relational databases and perform various operations on the data in them.
SQL Injection
SSD - solid state drive
more robust and faster than → HDD thanks to the lack of moving parts, however constant over-writing large amounts of data may degrade the storage cells (thus it is considered shorter-lasting compared to traditional HDDs)
SSH - Secure Shell
an encrypted communication link, tcp/22; similar to → Telnet, but far more secure
SSHD - Solid State Hybrid Drive
SSL - Secure Sockets Layer
SSO - Single Sign on (system) 🪟
managed through Kerberos on Windows
Star Topology
in star topology of the LAN, all devices in the network are connected to a central switch/hub with their own cable; any failure of the individual connection doesn’t affect the connectivity of the entire network, however failure of the central switch renders network unusable
Steganography
subnetting
aka: partitioning; splitting up a network into smaller, miniature networks within itself
Switch
dedicated devices within a network that are designed to aggregate multiple other devices such as computers, printers, or any other networking-capable device using ethernet; works on data link layer of the Open System Interconnect (OSI) model (connecting two different networks together and providing communication between them); switches can be managed and unmanaged
Syn flood
a type of denial of service attack exploiting the weakness of the packet communication layer; considered a legacy attack
SYS Admin - System Administrator
always update the default credentials and regularly revise the privileges; not every account needs to be an admin.
Sys Log
a standard for message logging in SIEM; requires a lot of disk space
T
TACACS - Terminal Access Control Access Control System
authentication servers’ protocol; originally created to control access to dial-up lines of ARPANET; TACACS+ authentication protocol launched in 1993 and may be still used in places where RADIUS can’t be used
tailgating
gaining access by following someone already authenticated & authorised; can be remedied by mantraps, ensuring only one person can cross a certain barrier at any given time
TCB - Trusted Computer Base
TCP - Transmission Control Protocol
formal process to initiate/finish connection; with packet flow control - requests acknowledgement of receipt and recovers data from layers if necessary; compare with: → UDP
TCP/IP model
a 4-layer model of networking systems proposed by US Department of Defence:
Network Access Layer
Internet Layer
Host-to-Host Layer
Process Application Layer
(compare: → OSI model)
TCSEC - Trusted Computer System Evaluation Criteria
the body behind the US Department of Defense (DOD) “Rainbow Book“ series
TELNET
a non-encrypted, open communication link, tcp/23; it is recommended to have it always closed unless specifically required; for secure communication link see → SSH
Tethering
turning your phone into a wireless router
TKIP - Temporary Key Integrity Protocol
together with RC4, a part of the WPA; IV (initialisation vector) + secret root key + message integrity check; superseded by CCMP
TLS - Transport Layer Security
TOCTOU
time-of-check to time-of-use; attacks can take place between the time a vulnerability is found to when it is fixed; race condition (programming)
ToE - Target of Evaluation
Trackers
online trackers
Trojan (Horse)
a type of malware that disguises as a program/game
TR(R)S - Tip Ring (Ring) Sleeve
an analogue audio connector, aka: the headphone jack
TTP - Tactics, Techniques, Procedures
U
UAC - User Account Control
UDP - User Datagram Protocol
connectionless protocol without the flow control or acknowledgement whether the packets have arrived; “broadcasting mode“ only; compare with: → TCP
UMTS (3G) - Universal Mobile Telecommunications Service (3G)
Unix
UPNP - Universal Plug and Play
UPS - Uninterruptible Power Supply
URI - Uniform Resource Identifiers
URL - Uniform Resource Locator
URL Squatting
USA Patriot Act, 2001
USB - Universal Serial Bus
UTM - Unified Threat Management
V
Virus
type of malware that infects, impairs and/or incapacitates the system; needs the vector in order to travel between devices; there are several different types:
polymorphic - alter themselves to avoid detection
macro - exploit scripts in order to hide in documents/applications, eg. embedded into seemingly empty word document or .pdf
stealth - masks or hides its activity to avoid detection
armoured - difficult to detect/remove
retro - mostly attacking AV systems
phage - infects multiple parts of the system to regenerate quicker
companion - takes a root filename of an executable file in order to launch itself
multipart/multipartite - performs multiple tasks
VLAN - Virtual Local Area Network
VM - virtual machine
VoIP - Voice Over IP
server: udp/5004
VPN - Virtual Private Network
VPS - Virtual Private Server
VPN concentrator
W
WA - Wassenaar Agreement, 1996
WAF - Web Application Firewall
see: → firewall
WAN - Wide Area Network
WAP - Wireless Access Point
WDDM - Windows Display Driver Model
is the graphics display driver architecture introduced in Windows Vista
WEB server
server: tcp/80
WEP - Wireless Equivalent Privacy
old wireless protocol particularly prone to exploits; “use wep and you’re gonna weep”
Whitelist
whitelist leaves the access to service/network closed to everyone except the specified exceptions; compare with: → blacklist
WiFi - Wireless Fidelity
WIMAX - Worldwide Interoperability for Microwave Access
WinPE - Windown Pre-Installation Environment 🪟
WMN - Wireless Mesh Network
eg. use case: Apple AirTags
WORM
a type of malware that can crawl through the networks without a transport vector
WORM - Write Once Read Many
WPA - Wi-Fi Protected Access (2002)
WPA-2
X
XSRF - Cross Site Request Forgery
xss - Cross-site Scripting
Y
Z
Zero day exploit(s)
first, unprecedented attack exploiting the vulnerability; aka: the Zero Day attack
Zigbee
IoT networking open standard; meshed network
Z Wave
IoT networking proprietary standard; meshed network working within the ISM band
虎穴に入らずんば虎子を得ず。
If you don't enter the tiger's cave, you won't catch the cub.
(Nothing ventured, nothing gained)
Japanese proverb