NJCCIC Cyber Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


A

account hijacking

n. A form of identity theft in which a criminal or other attacker gains unauthorized access over a user's online account.

active cyber defense

n. An approach to cyber defense that concentrates on detection and mitigation of cyber risks in cyber-relevant (near-real) time. Active Cyber Defense involves placing sensors on one's own networks, and then automating detection, analysis, reverse engineering, and mitigation to reduce the need for human intervention. Information may be automatically shared, machine-to-machine, among cooperating enterprises.

Advanced Encryption Standard (AES)

n. A symmetric-key encryption specification defined by the National Institute of Standards & Technology of the United States and based on the block cipher known as Rijindael. It has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits. AES is considered to be one of the most secure ciphers available and has been approved by the U.S. Government for the protection of Top Secret information.

advanced persistent threat (APT)

n. A form of cyber attack characterized by stealth and long duration that typically interacts with human controllers and may involve a range of related exploitation tools and techniques.

advanced technology attachment (ATA)

n. A specific interface standard for connecting storage devices in computers.

adware

n. Software that automatically renders advertisements, often malicious or unwanted advertising, to generate revenue.

algorithm

n. A specific set of instructions for carrying out a procedure or solving a problem, usually with the requirement that the procedure terminate at some point.

Android

n. A Linux-based mobile operating system developed by Google and designed primarily for mobile touch-screen devices, such as tablets and smartphones.

anonymizer

n. A tool that attempts to make Internet activity anonymous or untraceable, normally a proxy server is interposed between a client device and the rest of the Internet. Such a proxy server accesses the Internet on the user's behalf, hiding the client device's identifying information.

anti-malware

n. or adj. Any resource such as software, a device, a process, etc., that protects systems or networks against some form of malware.

application

n. Software designed to perform certain specific tasks, such as a word processor.

asset classification

n. The criteria for identifying the sensitivity, criticality, and loss of impact of an asset.


B

backdoor

n. A method used to gain unauthorized access to a computer, service, system, or data, which is designed to remain undetected by users and administrators.

big data

1.       n. A collection of data too large to be readily processed by traditional database management or data processing tools.

2.       n. The technological sector that has emerged to handle such data sets.

biometric

adj. Pertaining to identification and access control through the use of metrics related to human characteristics.

BIOS

n. Acronym for basic input/output system. Low-level software that runs first when a computer is started. The BIOS initializes the hardware, then loads and starts the main operating system.

bit

n. A basic unit of digital information that can take one of two values, typically represented as 0 and 1.

black-box testing

n. A method of software testing that examines an application's or device's functionality without knowledge of its internal structure or workings.

black hat hacker

n. A hacker who maliciously exploits computer or network vulnerabilities either for personal gain or to inflict damage on a person or organization.

blacklist

n. A list or register of entities or people, for one reason or another, that are being denied a particular privilege, service, mobility, access, or recognition.

v. To deny someone work in a particular field, or to ostracize a person from a certain social circle.

blind SQL injection

n. A type of Structured Query Language (SQL) injection attack that asks the database true or false questions and determines the answer based on the application’s response.

blind XPath injection

n. An attack through the XML Path query language that is used to extract data from an application that embeds user supplied data in an unsafe way.

block cipher

n. A method of encrypting text using a cryptographic key and an algorithm and applying them to a chunk of data at once as a group. 

bootkit

n. A stealthy type of malware that infects the Master Boot Record (MBR), causing the malware to launch prior to the operating system and allowing it unrestricted access to the entire computer.

bot

n. A program that performs automated tasks, most commonly, a malware-infected computer that carries out tasks set by someone other than the device's legitimate user.

botnet

n. A network of bots—a set of Internet-connected programs communicating with similar programs to collaboratively perform tasks. Botnets may be benign, but are most often assembled, used, and sold by cybercriminals to conduct malicious activities.

Bring-Your-Own-Device (BYOD)

n. An enterprise practice or policy that allows employees to use their own mobile devices on the enterprise's networks.

browser

n. A software application for retrieving, presenting and traversing information resources on the World Wide Web.

brute-force attack

n. An exhaustive search for a cryptographic key or password that proceeds by systematically trying all alternatives until it discovers the correct one.

buffer

n. A physical memory storage location in a device used to temporarily store data while it is being moved from one place to another.

buffer overflow

n. An anomaly in which a program overruns a buffer's boundary while writing data to that buffer, and so overwrites adjacent memory.

bug

n. An error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways.

byte

n. A digital unit of information that consists of 8 bits, and can store integer values between 0 and 255 - the smallest addressable unit of memory on a computer.


C

cache

n. A storage buffer or mechanism within a computing environment that stores data so future requests for that data can be retrieved faster.

cache poisoning

n. The impact of a maliciously constructed response which is magnified if it is cached either by a web cache used by multiple users or even by the browser cache of a single user; also called DNS (Domain Name System) poisoning or DNS cache poisoning.

carding

n. The trafficking of stolen credit card accounts and other financial information; includes the process of acquiring, purchasing, and selling the information, as well as cloning and money laundering techniques.

catfish

n. A fictitious online identity created for the purpose of seduction, misdirection, or fraud.

certificate authority (CA)

n. An entity that issues digital certificates.

Certified Information Systems Security Professional (CISSP)

n. An independent information security professional certification governed by the International Information Systems Security Certification Consortium (ISC)2.

Chief Information Security Officer (CISO)

n. A senior officer in an organization responsible for the strategic design, direction, and oversight of policies, procedures, and systems designed to protect the organization's information assets and technologies.

cipher

n. or v. Any method of encrypting text. Advanced ciphers use both a key and an algorithm. There are two types of ciphers, block and stream.

ciphertext

n. The result of encrypting plaintext.

cloud computing

n. Using shared remote servers accessible via the Internet to store, access, manage, and process data as opposed to using local or personally-owned computing resources.

cluster

n. A set of loosely or tightly connected computers that work together and can, for practical purposes, be treated as a single system.

code injection

n. The general term for attack types which consist of injecting code that is then interpreted and executed by the application, usually designed to change the course of execution.

cold boot

v. Occurs when the computer's power is quickly cycled without the machine shutting down cleanly or, in some cases, by hitting a reset button on the device of the system.

cold boot attack

n. A type of side-channel attack in which an attacker with physical access to a device retrieves encryption keys from a running operating system after a cold boot.

command injection

n. An attack in which a perpetrator utilizes a vulnerable application to execute arbitrary commands on a host operating system.

commercial off-the-shelf (COTS)

adj. A term that refers to hardware or software products that are available for sale to the general public. Microsoft Office is an example of a COTS product.

computer network attack (CNA)

n. Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves.

computer network defense (CND)

n. Actions taken to protect, monitor, analyze, detect and respond to unauthorized activity within information systems and computer networks.

computer network exploitation (CNE)

n. Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from a target or adversary's information systems or networks.

computer network operations (CNO)

n. Encompasses computer network attacks, computer network defense, and related computer network exploitation-enabling operations.

cookie

n. A small text file that is transmitted by a website and stored in the user's web browser used to identify the user and prepare customized webpages.

credential stuffing

n. The automated injection of breached username/password pairs in order to fraudulently gain access to user accounts.

creepware

n. Malware that allows an attacker to use a device's webcam or microphone to spy on the device's user or environment, without the user's knowledge or consent.

cross-site request forgery (CSRF)

n. A malicious website exploit where an attacker transmits unauthorized commands to a website from a seemingly trusted user's browser.

cross-site scripting (XSS)

n. A code injection tactic in which a hacker inputs malicious code into a legitimate web application or website that is then executed in a user's web browser, often to compromise user credentials or take control of the user's session.

crowd sourcing

n. Gathering services, ideas, or content by soliciting contributions from a large group, especially from an online community, as opposed to employees, suppliers, or experts.

cryptographic key

n. A parameter that defines the output of a cipher which affects how plaintext is to be encrypted by a given cipher, and how the resulting ciphertext is to be decrypted back into plaintext.

cryptography

n. Literally, "secret writing"; the practice and study of techniques for securing communications in the presence of adversaries in which plaintext data is converted through a cipher into ciphertext, from which the original data cannot be recovered without the cryptographic key.

cybersquatting

n. Registering, trafficking in, or using an Internet domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else, then offering to sell the domain to the trademark owner at an inflated price.

cyber vandalism

n. An attack without any obvious rational criminal, political, or ideological motive - usually the defacement of a vulnerable website – often done to display the hacker's prowess.

cyber vigilantism

n. A cyber attack conducted in response to a scam, cyber crime, or other perceived injustice. Also called Internet vigilantism.


D

dark web

n. A portion of the Internet that is anonymized, encrypted, not indexed by clearnet search engines, and is only accessible via special software. The dark web is used primarily for criminal activity but also for secure communication. It is also known as the darknet or dark Internet.

data at rest

n. Inactive data physically stored in any digital form.

data

n. Pieces of information that can be measured, collected, reported, and analyzed.

data breach

n. An incident in which sensitive, protected, or confidential data has potentially been viewed, stolen, or used by an individual unauthorized to do so.

data exfiltration

n. Removal of data, especially the unauthorized removal of data, from a system or a network.

data in transit

n. Data actively traveling over a network.

data in use

n. Active data undergoing analysis, change, or other manipulation.

data loss prevention (DLP)

n. A strategy designed to address the detection and prevention of a potential data breach or loss.

data segregation

n. The division of data into various categories for purposes of restricting access to different classes of data. Also called data separation.

Deep Web

n. Those portions of the Internet not indexed by standard search engines.

denial-of-service attack (DoS)

n. An attack that attempts to make a system unavailable to the intended user(s), which is accomplished when an attack successfully consumes all available network or system resources, usually resulting in a slowdown or server crash.

DoS - cash overflow

n. A type of denial-of-service attack which is specifically aimed at exceeding the hosting costs for a cloud application, either essentially bankrupting the service owner or exceeding the application cost limits, leading the cloud service provider to disable the application.

dictionary attack

n. A way of searching for an encryption key or a password by working through a list of likely candidates, such as words in a dictionary.

differential fault analysis attack

n. A side-channel attack that induces unexpected environmental conditions—temperature, voltage, current, overclocking, electromagnetic fields, etc.—into a cryptographic implementation in order to reveal its internal state.

digital certificate

n. An electronic message issued by an official, trusted agency used to verify the sender’s identity and allow a person, computer, or organization to exchange information securely over the Internet using public key infrastructure (PKI).

directory traversal attack

n. A type of attack that exploits a weakness in an application to enable a user to access data at a directory location that should be inaccessible to that user.

distributed denial-of-service attack (DDoS)

n. A denial-of-service attack where the attack source is comprised of multiple unique IP addresses used to flood the bandwidth or resources of a targeted system or network.

DDoS - ICMP Flood

n. A distributed denial-of-service (DDoS) attack that uses a botnet to send a large number of ICMP packets to a target server in an attempt to consume all available bandwidth and deny access to legitimate users.

DDoS - HTTP GET Flood

n. A distributed denial-of-service (DDoS) attack is a type of Layer 7 application attack that occurs when a large number of continuous HTTP GET requests are generated and sent to a target web site in an attempt to consume enough resources to make the server unavailable for legitimate users.

DDoS - HTTP POST Flood

n. A distributed denial-of-service (DDoS) attack that is a type of Layer 7 application attack which occurs when a large number of continuous HTTP POST requests are generated and sent to a target web site in an attempt to consume enough resources to make the server unavailable for legitimate users.

DDoS - Synchronize (SYN) Flood

n. A distributed denial-of-service (DDoS) attack that exploits a known weakness in the Transmission Control Protocol (TCP) connection sequence, or “three-way handshake,” and floods the target with Synchronize (SYN) requests without acknowledging the host’s response in an attempt to bind resources and make the target unavailable for legitimate users.

DDoS - ESSYN/XSYN Flood

n. A distributed denial-of-service (DDoS) attack that is a variation of the SYN Flood attack that is designed to target entities using stateful firewalls.

DDoS - User Datagram Protocol (UDP) Flood

n. A distributed denial-of-service (DDoS) attack that is initiated by sending a large amount of UDP packets to random ports on a target which then forces the target into sending ICMP packets in response which ultimately consumes all of the available bandwidth on the server's network link, thereby denying access to legitimate users.

DDoS reflection attack

n. A type of denial-of-service attack in which spoofed packets are sent to a large number of destinations, all of which respond to the (spoofed) origin of the packets—the victim—who is flooded with these responses.

DDoS reflection attack - Fraggle

n. A distributed denial-of-service (DDoS) attack that is an alternative method of carrying out a UDP flood attack in which the attacker uses the target's IP address as their own and then sends messages to other IP addresses, who will all flood the target IP address with responses, resulting in the consumption of available bandwidth.

DDoS reflection attack - Network Time Protocol (NTP) with Amplification

n. A distributed denial-of-service (DDoS) attack that occurs when the attacker uses traffic from a legitimate NTP server to overwhelm the resources of the target.

DDoS reflection attack - Simple Service Discovery Protocol (SSDP) with Amplification

n. A distributed denial-of-service (DDoS) attack that occurs when an attacker spoofs the victim's IP address and sends crafted SOAP requests to open Universal Plug and Play (UPnP) devices on the Internet that will send their responses to the victim's IP address.

DDoS reflection attack - Smurf

n. A distributed denial-of-service (DDoS) attack that is an alternate method of carrying out an ICMP Flood attack in which the attacker uses the target's IP address as their own and sends ICMP ping requests to the broadcast IP address of a public network on the Internet, which will flood the target IP address with ping replies, resulting in the consumption of available bandwidth.

DDoS reflection attack - WordPress Pingback with Amplification

n. A distributed denial-of-service (DDoS) attack in which an attack sends pingback requests to a number of WordPress web sites containing the URL of the target web site, resulting in each of those WordPress websites sending requests to download the web page to the target server that can eventually overload the target web server.

DNS amplification

n. A reflection-based distributed denial-of-service (DDoS) attack that relies on the use of publically accessible open DNS servers to overwhelm a victim system with DNS response traffic.

DNS hijacking / redirection

n. Subverting the resolution of Domain Name System (DNS) queries, typically by overriding a computer's TCP/IP configuration to point at a rogue DNS server under the attacker's control, or by modifying a trusted DNS server's behavior so that it is no longer in compliance with Internet standards.

DNS cache poisoning / spoofing

n. An attack in which data introduced into a Domain Name System (DNS) name server's cache database cause the name server to return an incorrect IP address, diverting traffic to another computer.

Domain Name System (DNS)

n. The naming system that translates domain names into IP addresses.

doxing

n. The Internet-based practice of researching and publishing personally identifiable information about an individual.

drive

n. A computer storage device. (Not to be confused with driver.)

driver

n. Software that interfaces a hardware device with an operating system. (Not to be confused with drive.)

drive-by download

n. Unintended download of computer software from the Internet. This can include seemingly legitimate downloads that contain a hidden malicious component as well as any download that happens without the user's knowledge.


E

electromagnetic attack

n. A side-channel attack that exploits the electromagnetic emissions of a system, which can directly provide plaintexts and other information.

electronic health record (HER)

n. The digital version of a patient’s medical history that is stored and maintained by a health care provider.

Email Relay and Content Inspection System

n. A filtering system designed to scan incoming emails for malware and spam, as well as provide other security controls to protect the State's email, along with email encryption and provisions for protecting against data loss via email.

encoding

n. Representation of electronic data in a specific, often standard, format. Also the format in which data is stored: for example, a character encoding is a way to map characters to bytes. Not to be confused with encryption.

encryption

n. The conversion of electronic plaintext data into unreadable ciphertext using algorithms. Encryption protects the confidentially of data at rest and in transit.

encryption-as-a-service (EaaS)

n. A model in which users subscribe to a cloud-based encryption service without having to install encryption in their own systems.

endpoint

n. A device that serves as a terminal or gateway in a network.

Ethernet

n. A family of computer networking technologies commonly used in local area networks (LANs) and metropolitan area networks (MANs), with protocols to control the passing of information and to avoid simultaneous transmission by two or more systems.

evil maid attack

n. A security exploit that targets a device that has been shut down or left unattended. Physical access is needed to perform this attack.

executable file (.exe)

n. Causes a computer to perform indicated tasks according to encoded instructions, as opposed to a data file that must be parsed by a program to be meaningful.

expert system

n. A system that simulates the decision-making of a human expert by applying factual or heuristic rules generated by a human subject matter expert.

exploit

v. To attack a weakness in a computer system, program, or network to accomplish some malicious action through the use of software, data, commands, or hardware devices.

exploit kit

n. Malicious toolkits that automate the exploitation of vulnerabilities in popular software applications in order to maximize successful infections and serve as a platform to deliver payloads such as Trojans, spyware, ransomware, and other malware.

extranet

n. A website or secure network communications that allows controlled access to partners, vendors and suppliers, or an authorized set of customers - normally a subset of the information accessible from an organization's intranet.


F

Federal Information Security Management Act of 2002 (FISMA)

n. A federal law recognizing information security which requires federal agencies to develop, document, and implement security controls to support the operations and assets of the agency.

file

n. A named collection of data.

firewall

n. A system, program, or tool that permits or denies network transmissions based upon a set of rules.

firmware

n. A type of software that provides control, monitoring, and data manipulation of engineered products and systems.

forensics

n. In the context of cybersecurity, examination of digital material and computer devices for the purposes of gathering evidence in an investigation of an exploit or criminal act.

free and open source software (FOSS)

n. Software that can be classified as both free software and open-source software.

fuzzing

n. A black-box testing technique that finds bugs through the automated injection of random or malformed data into a system.


G

geolocation

n. The identification of the real-world geographic location of a person or object, using a radar source, mobile phone, or Internet-connected computer terminal.

geotagging

n. The process of adding geographical identification (geospatial) metadata to various digital media such as photographs, videos, websites, SMS messages, QR Codes, or RSS feeds.

gigabyte (GB)

n. A unit of digital information, with slightly different values depending on the context. In the context of memory capacity, refers to 1024 megabytes (MB) or 230 bytes for RAM, refers to 1000 MB or 109 bytes for disk space.

Government Off-the-Shelf (GOTS)

adj. typically used to describe hardware or software developed by the technical staff of a government agency or by an external entity with funding and specification from the agency for which it was created.

gray-box testing

n. Software debugging or vulnerability testing in which the tester has only limited knowledge of a program's internal details, and in particular no access to the source code. A gray box is a device, program or system whose workings are partially understood; a combination of white-box testing and black-box testing which aims to search for defects due to improper structure or improper usage of applications.

grey hat hacker

n. A hacker whose activities are neither clearly legal (white hat) nor illegal (black hat).


H

hacker

n. Someone who exploits weaknesses in a computer system or network to gain unauthorized access to data.

hacking

n. The action of exploiting weaknesses in a computer system or network.

hacktivist

n. A hacker whose motivation is political, religious, or ideological, as opposed to criminal.

hard drive

n. A device used for storing and retrieving digital information using one or more rigid rapidly rotating disks coated with magnetic material.

hashing

n. Producing hash values, or a number generated from a string of text, for accessing data or for security.

heuristic

n. A technique used to solve a problem quickly but not optimally, precisely, or completely perfect, yet sufficient enough for immediate goals.

Hibernate Query Language (HQL) injection

n. An object-oriented query language that uses persistent objects and their properties. An HQL injection occurs when the attacker executes a dynamic SQL statement built with user-controlled input, allowing hackers to modify the statement’s meaning or execute arbitrary commands.

honeypot

n. A computer system designed specifically to attract potential attackers in order to detect, deflect, counteract, or record metrics of attempted unauthorized access.

hotspot

n. A physical location that offers Internet access over a wireless local area network (WLAN) through the use of a router connected to a link to an Internet service provider.

HTTP request smuggling

n. An attack that explores an incomplete parsing of the submitted data done by an intermediary HTTP system working as a proxy.

HTTP response splitting

n. An attack in which data enters a web application through an untrusted source, most frequently an HTTP request, and when the data is included in an HTTP response header sent to a web user without being validated for malicious characters.


I

identity management

n. Management, authentication, and authorization of identities, including their privileges, in an enterprise.

identity theft

n. The deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name.

iFrame injection

n. An injection of one or more iFrame tags into a webpage content.  The injection will typically download an executable application that contains a virus or malware with the intent to compromise a victim's computer system.

information assets

n. All categories of electronic devices that process and/or contain digital information including but not limited to the following: databases, records, files, electronic documents, stored data, applications, and other software that is required to support business processes such as application software and system software.

Information Disclosure (ID) injection

n. A flaw that allows an attacker to read information that is otherwise inaccessible.

integrated development environment (IDE)

n. A software application providing comprehensive facilities for software development.

Internet filtering and content inspection

n. Scans for inappropriate content and malware, and accommodates remote access towards users' security controls and data loss prevention.

Internet-of-Things (IoT)

n. The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data. Examples include, but are not limited to: thermostats, vehicles, fitness trackers, refrigerators, baby monitors, etc.

Internet Protocol (IP) address

n. A numerical identifier for devices on a computer network that uses the Transmission Control Protocol/Internet Protocol (TCP/IP) for communication.

in-transit encryption

n. A secure path between systems.

intrusion detection system (IDS)

n. A device or software application that monitors network or system activities for malicious activities or policy violations and reports results of such monitoring.

intrusion prevention system (IPS)

n. Network security appliances that monitor network and/or system activities and prevents malicious activities.

iOS

n. A mobile operating system created and developed by Apple designed primarily for mobile devices such as tablets and smartphones.


J

jailbreak

v. To remove the developer-created, vendor-created, or carrier-created restrictions or limitations of an operating system on a device.


K

keylogging

n. Recording the output of keys typed on a keyboard, typically without the knowledge or consent of the user, in order to monitor the user's activities or compromise the user's information.

kilobyte (KB)

n. A unit of digital information, with slightly different values depending on the context. In the context of memory capacity, refers to 1024 bytes or 210 bytes for RAM, 1000 bytes or 103 bytes for disk space.


L

LDAP (Lightweight Directory Access Protocol) Injection

n. An attack used to exploit web applications which occurs when an attacker includes input that changes the LDAP query, allowing unintended commands or code to be executed, and sensitive data to be read or modified.

Linux

n. An operating system based on UNIX and assembled under the model of free and open source software development and distribution.

Local area network (LAN)

n. A computer network that interconnects devices within a limited area such as a residence, school, laboratory, or office building.

location-based services (LBS)

n. A service accessible by mobile devices that requires information about the geographical position of the mobile device in order to operate correctly; a general class of computer program-level services that use location data to control features.


M

machine learning

n. A subfield of artificial intelligence involving the creation of computer programs that automatically improve from experience or data.

Mac OS

n. A graphical interface-based operating system developed by Apple.

maltweet

(n. or v.) A tweet on the Twitter social media network that carries a malicious payload.

malvertising

n. Online advertising used to spread malware.

malware

n. Short for malicious software, any software designed to disrupt, damage, or intrude into a computer.

managed security service (MSS)

n. Network security services that have been outsourced to a service provider.

man-in-the-browser (MITB) attack

n. An attack where a Trojan horse is used to intercept and manipulate calls between the main application's executable and its security mechanisms or libraries on-the-fly.

man-in-the-middle (MITM) attack

n. An attack where the attacker secretly accesses, relays, and possibly alters the communication between two parties who believe they are directly communicating with each other.

medical identity theft

n. The criminal action of using a victim's name and other personally identifying information without the victim's knowledge or consent in order to commit insurance fraud.

megabyte (MB)

n. A unit of digital information, with slightly different values depending on the context. In the context of memory capacity, refers to 1024 kilobytes or 220 bytes for RAM, 1000 KB or 106 bytes for disk space.

Metropolitan area network (MAN)

n. A computer network larger than a LAN, covering an area of a few city blocks to the area of an entire city.

Mitigation

n. Reducing risks or effects. In the context of cybersecurity, reducing the risk or effect of a cyber attack.

multi-factor authentication

n. A method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism - typically at least two of the following categories: knowledge (something they know), possession (something they have), and inheritance (something they are). See also, Two-Factor Authentication.


N

near-field communications (NFC)

n. A set of communication protocols that enable two electronic devices, one of which is usually a portable device such as a smartphone, to establish communication by bringing them within 10 cm (4 in) of each other.

network

n. A group or system of interconnected people or things. Within the context of cybersecurity, telecommunications which allows computers to exchange data.

Network address translation (NAT)

v. Remapping one IP address space into another by modifying the network address information in the IP datagram packet headers while they are in transit across a traffic routing device. NAT is used to improve security and decrease the number of IP addresses an organization needs.

network telescope

n. Also known as a darknet, an Internet motion sensor, or a black hole, a system that observes large-scale events taking place on the Internet by monitoring traffic targeting the Dark Web.

Network Time Protocol (NTP)

n. A protocol for synchronizing system clocks over a network.

Network Time Protocol attack

n. A kind of distributed denial-of-service attack in which query packets to an NTP server are generated at a high rate.

next-generation firewall (NGFW)

n. A next-generation firewall is a hardware- or software-based network security system that detects and blocks sophisticated attacks by enforcing security policies at the application level in addition to the port and protocol level. Next-generation firewalls integrate enterprise firewalls, an intrusion prevention system (IPS) and application control.


O

open source software

n. Software whose source code is made available through an open-source license which allows anyone to modify or enhance it for his or her own use or distribution.

operating system (OS)

n. A system software that manages hardware and software resources and provides common services for executing various applications on a computer.

OS command injection

n. The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.


P

packet

n. The smallest unit of information transmitted across certain types of digital networks.

page hijacking

n. A form of redirecting Internet traffic away from a legitimate website to a malicious website by exploiting vulnerabilities or glitches in search engines.

payload

n. Part of digitally transmitted data that is the fundamental purpose of the transmission. In the cyber-security context, normally the part of a malware program that performs a malicious action.

penetration testing

n. Evaluating the security of a system or network by simulating an attack on it.

PERIMETER (European Union Project)

n. A user-centric paradigm for seamless mobility in future Internet.

peripheral

n. A device that is used to transfer data to or from the computer.

personal area network (PAN)

n. A computer network used for data transmission among devices such as computers, telephones, and personal digital devices.

personal security product (PSP)

n. A software application installed on an end-user workstation designed to protect users from Internet and network threats like exploit kits, Trojans, port scans, or viruses.

protected health information (PHI)

n. Under U.S. law, any information about health status, provision of health care, or payment for health care that is created or collected by a "Covered Entity" (or a Business Associate of a Covered Entity), and can be linked to a specific individual.

personally identifiable information (PII)

n. Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

phishing

n. A form of social engineering which involves sending generic spam emails to a large distribution list in the hopes that some recipients will fall for the scam, divulge valuable information, or infect their machines by clicking on embedded malicious links or attachments.

physical assets

n. All computing, telecommunication, and other devices that process and contain digital information including, but not limited to: processors, monitors, laptops, moderns, hand-held wireless devices, communications equipment (routers, switches, firewalls, etc.), magnetic media (tapes and disks), and other technical equipment.

plaintext

n. Information a sender wishes to transmit to a receiver. Commonly referred to as “cleartext”.

port address translation (PAT)

v. An extension to the network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. PAT is used to conserve IP addresses.

power-analysis attack

n. A side-channel attack in which an attacker seeks to compromise a system by analyzing the power consumption level of the physical device.

privilege creep

n. The gradual accumulation of access rights by individuals beyond those their job requires.

privilege escalation attack

n. Exploitation of a bug, oversight, or misconfiguration to gain elevated access to information or resources that are normally protected from an application or user.

privilege management

n. Managing the data and activities permitted to users of a system or network, differentiating users on the basis of the level of authority they have within the system.

Python

n. A general-purpose, high-level programming language.


Q

No terms at this time for Q.


R

random-access memory (RAM)

n. A form of computer data storage that allows data items to be accessed in almost the same amount of time irrespective of the physical location of data inside the memory.

ransomware

n. A type of malware that attempts to extort money from its victims by restricting access to a computer system or files.

reflected DOM injection (RDI)

n. When a maturely programmed crawler fails to strip malicious data from crawled resources prior to persistent storage due to improper data validation.

remote access Trojan (RAT)

n. Trojan malware designed to give an attacker remote access to a system or network.

Remote Code Execution (RCE) injection

n. A vulnerability that, when fully exploited, allows an attacker to take full control of the vulnerable system.

reverse engineering

n. The process of taking a piece of software or hardware and analyzing its functions and information flow so that its functionality and behavior can be understood. Malware is commonly reverse-engineered in cyber defense.

n. The process of extracting knowledge or design information from anything man-made and reproducing it, or reproducing anything based on the extracted information.

risk

n. The probability that a threat will exploit a vulnerability to damage an asset.

rootkit

n. A collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed while at the same time masking its existence or the existence of other software.


S

salt

n. Random data added to a piece of sensitive data (usually a password) before the sensitive data is hashed and stored which makes it more resistant to dictionary (and other) attacks.

sandbox

n. A virtual container in which untrusted programs can be safely run for analysis and evaluation.

scareware

n. Malware that uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted and unneeded software.

secure sockets layer

n. A layer of cryptographic protocols designed to provide communication security over the Internet.

security breach

n. An infiltration, intrusion, or attack on an IT system or network with the intent to steal, change, and/or expunge information.

Security Information and Event Management (SIEM)

n. Technology offering real-time analysis of security logs and alerts generated by a variety of network and security-monitoring applications.

security file transfer

n. A secure exchange of files between systems.

Serial Advanced Technology Attachment (SATA)

n. An industry standard for connecting computers to mass storage devices such as hard drives and optical drives.

Service-Oriented Architecture (SOA)

n. An architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network.

session hijacking attack

n. An attack that consists of the exploitation of the web session control mechanism, which is normally managed for a session token.

shellcode

n. Series of machine-code instructions delivered as input during an exploit.

side-channel attack

n. An attack on a system based on information gained from its physical implementation as opposed to its algorithms.

signature

n. A mathematical scheme for demonstrating the authenticity of a digital message or documents.

sinkhole

n. A standard DNS server configured to hand out non-routable addresses for all domains in the sinkhole, so that every computer that uses it will fail to get access to the real website.

skimming

n. The theft of credit card information using card readers, or skimmers, to record and store victims' data.

smishing

n. A form of social engineering that exploits SMS, or text, messages.

sniffer

n. A piece of software or hardware designed to intercept data in transit across a network without blocking, modifying, or redirecting the data.

social engineering

n. An umbrella term encompassing the full range of methods used to psychologically manipulate people into divulging sensitive information.

spam

n. Unsolicited electronic messages, especially containing advertising, indiscriminately transmitted to a large number of people.

spearphishing

n. A targeted form of phishing, in which an attacker uses specially-crafted emails to try and extract information from a targeted individual or small group of individuals.

spoofing

n. Most commonly, an attack technique that relies on falsifying data on a network in a way that enables a malicious site or communication to masquerade as a trusted one.

spyware

n. A form of malware that collects information about a person or organization.

Structured Query Language (SQL)

n. A special-purpose programming language designed for managing data held in a relational database management system.

SQL injection attack

n. A cyber tactic that exploits a vulnerability in a database application that does not properly validate or encode user input. This attack allows attackers to manipulate, exfiltrate, or delete data stored on a backend server.

steganography

n. The craft of concealing a file, message, image, or video within another file, message, image, or video.

strategic web compromises (SWC)

n. When a trap is set within legitimate websites likely to be visited by the target demographic, in which the target's system becomes affected once the website is visited.

Stream Cipher

n. A method of encrypting text in which a cryptographic key and an algorithm are applied to each bit in a data set, one at a time.

SYN scanning

n. A reconnaissance method in which an attacker uses synchronization requests to probe for open ports through which attackers may gain access to a system or network.


T

telephony denial-of-service

n. A denial-of-service attack technique in which large volumes of calls are used to overwhelm a telephone system, thereby denying access to legitimate users.

tether

n. The process of connecting your mobile phone to a laptop or similar data device using a data cable or wirelessly via Bluetooth.

threat

n. A person, event, or object that presents a danger.

timing attack

n. A side-channel attack in which an attacker seeks to compromise a system by analyzing the time it takes that system to execute operations.

Transport Layer Security (TLS)

n. A cryptographic protocol using asymmetric cryptography to authenticate the parties to a communication and exchange a symmetric key that enables confidentiality, message integrity, and message authentication.

Trojan

n. Malware that masquerades as a benign program.

Trojan - File Transfer Protocol (FTP)

n. A Trojan that uses the port 21 to enable the attackers to connect to the victim's computer using File Transfer Protocol.

Trojan - data sending

n. A Trojan that uses keylogging technology to capture sensitive data, such as passwords, credit card and banking information, and IM messages, and sends them back to the attacker.

Trojan - destructive

n. A Trojan designed to destroy data stored on the victim's computer.

Trojan - proxy

n. A Trojan that uses the victim's computer as a proxy server, providing the attacker an opportunity to execute illicit acts from the infected computer and even malicious attacks over the internet.

Trojan - security software disabler

n. A Trojan designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim's computer, and even to infect more than the computer.

two-factor authentication (2FA)

n. Authentication that requires presentation of at least two of the three authentication factors: knowledge (something the user knows, such as a password), possession (something the user has, such as a smart card or other token), or inherence (something the user is, such as a fingerprint or other biometric marker).


U

Universal Serial Bus (USB)

n. An industry standard for connecting computers and hardware devices such as keyboards and disk drives.

user experience (UX)

n. The overall experience of a person using a product such as a website or computer application, especially in terms of how easy or pleasing it is to use.

user interface (UI)

n. The mechanisms (e.g. tactile, visual, or auditory) designed to enable human interaction with machines.


V

virtual machine

n. A software emulation of a physical computer.

virtual private network (VPN)

n. A private network extended across public networks that enables a remote computer to send and receive data as if it were physically part of the private network.

virtualization

n. Creating a virtual version of a computing resource.

virus

n. A program that can copy itself and infect a computer. Sometimes used loosely to refer to any kind of malware; strictly speaking, a virus attaches itself to an existing program and usually corrupts or modifies files on the device it infects. Viruses spread across networks to infect other computers.

virus scan

n. An automated process that searches for and detects malware.

vishing

n. A social engineering approach that leverages voice communication.

vulnerability

n. A flaw or misconfiguration in hardware or software.

vulnerability assessment

n. The process of identifying, quantifying, and prioritizing the vulnerabilities in a system.


W

watering hole attack

n. An attack in which a hacker compromises websites commonly visited by members of a targeted community and uses those compromised sites to infect visitors with malware.

weaponize

v. To develop an exploit against a vulnerability into an attack tool that can be deployed in the wild against a target.

whaling

v. Carefully crafted emails designed to target or spoof specific people within an organization – usually top level executives, upper management, and other corporate decision-makers.

white box testing

n. Software or vulnerability testing that tests an application's internal structures as opposed to its functionality. White-box testing uses an internal perspective on, and knowledge of, the system under test to design test cases.

white hat hacker

n. A penetration tester or vulnerability researcher. A white hat hacker aims to (legally and legitimately) improve system and network security by exposing threats and vulnerabilities.

wide area network (WAN)

n. A telecommunications network or computer network that extends over a large geographical distance. Business, education, and government entities use wide area networks to relay data among devices in that geographical location.

in the wild (ITW)

n. Cyberspace, aside from controlled laboratory cyber environments. Malware is said to be "in the wild" when it spreads among unwilling or unsuspecting users' devices in the course of the ordinary operation of those devices.

Windows

n. A graphical interface-based operating system developed by Microsoft.

wireless communication

n. The transfer of information between two or more points that are not connected by an electrical conductor.

wireless network

n. Any type of computer network that uses wireless data connections for connecting network notes.

wizard

n. An application interface that leads a user through a procedure, such as installation, with a series of dialogs.

worm

n. Self-replicating malware that uses a network to distribute copies of itself to other nodes, often without user intervention. Worms need not attach themselves to existing programs. They usually cause damage to a network.


X

Cross-Site Scripting (XSS)

n. A code injection tactic – similar to an SQL injection – in which a hacker inputs malicious code into a legitimate web application or website that is then executed in a user’s web browser, often to compromise user credentials or take control of the user’s session.

XSS - client

n. Occurs when untrusted user supplied data is used to update the Document Object Model (DOM) with an unsafe JavaScript call.

XSS - document object model (DOM) based

n. A form of XSS where the entire tainted data flow from source to sink takes place in the browser.

XSS - stored

n. A more devastating variant of a cross-site scripting flaw; it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping.

XSS - Server

n. Occurs when untrusted user supplied data is included in an HTML response generated by the user.

Extensible Markup Language (XML)

n. A markup language that defines a set of rules for encoding documents in a format which is both human-readable and machine-readable.

XPath injection

n. An attack that occurs when a website uses user-supplied information to construct an XPath query for XML data.

XSLT injection

n. Occurs when invalidated data enters a program from an untrusted source, or when invalidated data is written to XSL stylesheet, which can allow an attacker to change the structure and contents from the resultant XML, include arbitrary files from the file system, or execute arbitrary PHP code.

XQuery injection

n. Occurs when the software uses external input to dynamically construct an XQuery expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input which allows an attacker to control the structure of the query.


Y

No terms at this time for Y.


Z

zero-day attack

n. Exploitation of a previously unrecognized vulnerability.

zero-day malware

n. A previously unknown piece of malware for which no detection signature is available.

Zero-day vulnerability

n. a vulnerability unknown to the vendor and of which there is currently no patch for.

zombie

n. A computer connected to the Internet that has been compromised by a hacker, computer virus, or Trojan horse and can be used to perform various malicious tasks under remote direction.