Term
|
Definition
| A rule which says that data should be stored in three places (one primary, two backups), on two types of storage media, and with one copy off site. |
|
|
Term
|
Definition
| See Triple Data Encryption Standard (3DES). |
|
|
Term
|
Definition
| A framework used for network access control that operates in conjunction with EAP. It defines the process for authenticating devices attempting to connect to a network and enforcing access policies. |
|
|
Term
|
Definition
| A framework that helps you build the controls needed to access computing resources, enforce policies, and audit usage. |
|
|
Term
| access control entry (ACE) |
|
Definition
| A rule within an ACL that consists of criteria used to determine if traffic matches the entry. |
|
|
Term
| access control list (ACL) |
|
Definition
| A set of rules or filters commonly used on routers and firewalls to define the permissions and restrictions applied to network traffic. It acts as a security mechanism, allowing or denying access to network resources based on specific criteria, such as source/destination IP addresses, port numbers, protocols, and other factors. |
|
|
Term
|
Definition
| The process of keeping track of who, what, where, when, why, and how by monitoring, recording, and auditing everything in an organization. |
|
|
Term
|
Definition
| See access control entry (ACE). |
|
|
Term
|
Definition
| See access control list (ACL). |
|
|
Term
|
Definition
| A vulnerability scanner that generates traffic and interacts directly with systems. |
|
|
Term
| ad hoc threat intelligence |
|
Definition
| Intelligence that is manually generated and distributed for a particular topic. |
|
|
Term
| Address Resolution Protocol (ARP) |
|
Definition
| A protocol that is used to map IP addresses to MAC addresses in a local network. It enables devices to determine the MAC address associated with an IP address for direct communication in a subnet/VLAN/broadcast domain. ARP is a data link layer protocol. |
|
|
Term
| Advanced Encryption Standard (AES) |
|
Definition
| The most common symmetric key encryption algorithm in use today. |
|
|
Term
| Advanced Malware Protection (AMP) |
|
Definition
| The Cisco antimalware ecosystem, which consists of endpoint, network, and cloud components. |
|
|
Term
| advanced persistent threat (APT) |
|
Definition
| A highly sophisticated threat that is designed to go undetected for a prolonged period of time so that the attacker can slowly exfiltrate as much data as they can and spy for as long as they can without being noticed. |
|
|
Term
|
Definition
| An event with negative consequences. |
|
|
Term
|
Definition
| See Advanced Encryption Standard (AES). |
|
|
Term
|
Definition
| See Authentication Header (AH). |
|
|
Term
|
Definition
| See annualized loss expectancy (ALE). |
|
|
Term
|
Definition
| See Advanced Malware Protection (AMP). |
|
|
Term
|
Definition
| The AMP component installed on endpoints (for example, computers, servers, and mobile devices). |
|
|
Term
|
Definition
| The AMP component that detects malware in traffic flows. It is integrated into many Cisco security appliances. |
|
|
Term
| annualized loss expectancy (ALE) |
|
Definition
| The expected cost of a particular risk over one year. |
|
|
Term
| annualized rate of occurrence (ARO) |
|
Definition
| The number of expected risk occurrences per year. |
|
|
Term
|
Definition
| A VPN protection feature that sequences the packets that flow over a tunnel, ensuring that if someone or something hijacks the VPN tunnel and tries to use existing packets to take over one of your sessions, they can’t. |
|
|
Term
|
Definition
| The topmost layer of the TCP/IP stack and the OSI model, which provides a means for applications to communicate with each other over the network. |
|
|
Term
|
Definition
| See advanced persistent threat (APT). |
|
|
Term
|
Definition
| See annualized rate of occurrence (ARO). |
|
|
Term
|
Definition
| See Address Resolution Protocol (ARP). |
|
|
Term
|
Definition
| Any data point generated by activity on a system. |
|
|
Term
|
Definition
| Anything of value. Examples include hardware, software, data, employees, and reputation. |
|
|
Term
|
Definition
| The process of deploying, tracking, maintaining, upgrading, and decommissioning assets. |
|
|
Term
|
Definition
| A type of cryptography that requires the use of two different keys that are related to each other. Together, these keys are known as a public/private key pair. |
|
|
Term
|
Definition
| MITRE’s Adversarial Tactics, Techniques, and Common Knowledge framework, which is a repository of attacker tactics and techniques. |
|
|
Term
|
Definition
| The method a cybercriminal uses for an attack to exploit vulnerabilities. |
|
|
Term
|
Definition
| The process of proving the identity of someone or something. Verification that someone or something is in fact truly who they say they are. |
|
|
Term
| Authentication Header (AH) |
|
Definition
| An IPsec protocol that provides integrity, authentication, and protection against replay attacks. |
|
|
Term
|
Definition
| The process of granting and controlling what an authenticated user is able to do. |
|
|
Term
| automated threat intelligence |
|
Definition
| Intelligence that is created, disseminated, and ingested programmatically. |
|
|
Term
|
Definition
| A component of the CIA triad that focuses on ensuring that data is accessible when and where it is needed, in a safe and secure manner. |
|
|
Term
|
Definition
| A type of malicious software that allows an attacker to remotely access and control a system that it has been installed on. |
|
|
Term
|
Definition
| An extra copy of data that is stored to protect against the loss of the primary copy. |
|
|
Term
|
Definition
| See business continuity plan (BCP). |
|
|
Term
|
Definition
| See business impact analysis (BIA). |
|
|
Term
|
Definition
| Microsoft’s implementation of full-disk encryption (FDE) for the Windows operating system. |
|
|
Term
|
Definition
| A system (computer/server) under the control of a C2 server. |
|
|
Term
|
Definition
|
|
Term
| bring your own device (BYOD) |
|
Definition
| A policy that allows employees to use their personally owned work devices for work activities. |
|
|
Term
|
Definition
| An attack that involves systematically trying every possible combination of characters until the correct password is found. Brute-force attacks can be time-consuming but are effective against weak or short passwords. |
|
|
Term
| business continuity plan (BCP) |
|
Definition
| A plan that seeks to ensure continued business operations in the face of disruption or disaster. |
|
|
Term
| business impact analysis (BIA) |
|
Definition
| An examination of critical business functions and the consequences of their disruption. |
|
|
Term
|
Definition
| See bring your own device (BYOD). |
|
|
Term
|
Definition
| See command and control server. |
|
|
Term
|
Definition
| See command and control server. |
|
|
Term
|
Definition
| See certificate authority (CA). |
|
|
Term
|
Definition
| Physically cutting any type of cable to cause an outage that affects availability. |
|
|
Term
| certificate authority (CA) |
|
Definition
| An entity that creates and issues digital certificates. |
|
|
Term
| certificate revocation list (CRL) |
|
Definition
| A list of all the digital certificates that have been revoked by the certificate authority (CA) that issued them so that the validity and trustworthiness of the certificates can be verified. |
|
|
Term
|
Definition
| A document that records the entire path taken by evidence, from collection to court. |
|
|
Term
|
Definition
| A business activity that reduces risk by defining how changes are planned, requested, approved, and documented. |
|
|
Term
|
Definition
| A test for DRPs and BCPs in which leaders evaluate plans line-by-line to ensure that they’re current and complete. |
|
|
Term
|
Definition
| A model that represents the foundational principles behind security. |
|
|
Term
|
Definition
| See classless interdomain routing (CIDR). |
|
|
Term
|
Definition
| A secure remote-access software application developed by Cisco Systems that organizations commonly use to provide secure and encrypted remote access to their networks for employees or authorized users. |
|
|
Term
| Cisco Firepower Next-Generation Firewall |
|
Definition
| Cisco's very own next-generation firewall. |
|
|
Term
| Cisco next-generation cryptography |
|
Definition
| A Cisco best-practice guidance and approach that is meant to keep everyone up to date with the ever-changing security landscape and ensure that there is a widely accepted and consistent set of cryptographic algorithms that provide strong security and good performance for everyone. |
|
|
Term
| Cisco SAFE (Security Access for Everyone) |
|
Definition
| Security Reference Architecture A security reference architecture developed by Cisco that helps you design a secure infrastructure for the edge, branch, data center, campus, cloud, and WAN by creating layered defenses and enforcing security policies to safeguard the network infrastructure and data from potential risks. |
|
|
Term
| Cisco Web Security Appliance (WSA) |
|
Definition
| A hardware or virtual appliance offered by Cisco Systems that provides web security and content filtering capabilities. It is designed to protect organizations from web-based threats, enforce acceptable use policies, and ensure secure and compliant web browsing for users within the network. It is Cisco’s version of a proxy server. |
|
|
Term
|
Definition
| See Cisco Web Security Appliance (WSA). |
|
|
Term
| classless interdomain routing (CIDR) |
|
Definition
| A method used to represent IP addresses and their associated network prefixes (for example, 192.168.0.0/24). |
|
|
Term
|
Definition
| Taking existing authorized users’ badges and cloning them so unauthorized users can use them to gain access to areas and systems. |
|
|
Term
|
Definition
| An older command-line interface (CLI) used for managing Windows. |
|
|
Term
|
Definition
| See command and control server. |
|
|
Term
|
Definition
| A set of rules a cybersecurity professional follows. |
|
|
Term
|
Definition
| An alternate site with space, utilities, and little else. |
|
|
Term
| collective threat intelligence |
|
Definition
| Intelligence that involves many entities (people or organizations) collaboratively gathering and sharing intelligence between themselves. |
|
|
Term
| command and control server |
|
Definition
| A server that an attacker sends instructions to that then relays those instructions to multiple bots that are being controlled by the server. |
|
|
Term
| Common Vulnerabilities and Exposures (CVE) |
|
Definition
| A catalog of publicly known vulnerabilities. |
|
|
Term
| Common Vulnerability Scoring System (CVSS) |
|
Definition
| A tool used to score vulnerabilities based on their difficulty and impact. |
|
|
Term
|
Definition
| A component of the CIA triad that focuses on ensuring that the privacy of data is maintained and making sure that only individuals who should be able to access systems and view data are able to do so. |
|
|
Term
|
Definition
| Immediate steps taken to control the spread of malware. |
|
|
Term
|
Definition
| A security control that addresses the consequences of attacks, incidents, or disasters. |
|
|
Term
|
Definition
| See certificate revocation list (CRL). |
|
|
Term
|
Definition
| The process of using mathematical techniques to transform data and prevent it from being read or tampered with by unauthorized parties. |
|
|
Term
|
Definition
| See Common Vulnerabilities and Exposures (CVE). |
|
|
Term
|
Definition
| See Common Vulnerability Scoring System (CVSS). |
|
|
Term
|
Definition
| A seven-stage model of attacker behavior created by Lockheed Martin. |
|
|
Term
|
Definition
| A person or group that attacks for financial gain. |
|
|
Term
|
Definition
| A person or group that works for their country to attack other countries. |
|
|
Term
|
Definition
| Data that is being stored in any type of storage. |
|
|
Term
|
Definition
| Categorization of data according to its sensitivity, which often determines the level of security controls for a given data set. |
|
|
Term
| Data Encryption Standard (DES) |
|
Definition
| A symmetric key encryption algorithm. |
|
|
Term
|
Definition
| Data that is being transmitted over a wired or wireless network, whether that network is a private trusted network or a public untrusted network. |
|
|
Term
|
Definition
| Data that is being processed by the CPU. |
|
|
Term
|
Definition
| The layer of the OSI model that is responsible for the transmission of data frames between adjacent network nodes over a physical medium and the addressing of those frames. It provides mechanisms for error detection, flow control, and data framing. |
|
|
Term
|
Definition
| Data’s location, including stored data (data at rest), data being transmitted (data in motion), and data being worked on (data in use). |
|
|
Term
|
Definition
| See distributed denial of service (DDoS). |
|
|
Term
|
Definition
| The act of turning unreadable ciphertext back into its original plaintext message. |
|
|
Term
|
Definition
| A suite of security features included in Microsoft Windows (for example, firewall, antimalware, and reputation-based protection). |
|
|
Term
|
Definition
| A strategy that uses a multitude of layered measures to defend against various threats. |
|
|
Term
|
Definition
| See screened subnet (DMZ). |
|
|
Term
|
Definition
| A type of attack against availability in which the attacker does something to make a service unavailable. |
|
|
Term
|
Definition
| See Data Encryption Standard (DES). |
|
|
Term
|
Definition
| A security control that identifies (and often alerts on) attacks and incidents. |
|
|
Term
|
Definition
| A control that is used to make attacks less appealing (for example, an ominous warning message when connecting to a server). |
|
|
Term
|
Definition
| See digital forensics and incident response (DFIR). |
|
|
Term
|
Definition
|
|
Term
|
Definition
| See Dynamic Host Configuration Protocol (DHCP). |
|
|
Term
| Diamond Model of Intrusion Analysis |
|
Definition
| A model that relates four components of attacks: adversary, victim, infrastructure, and capabilities. |
|
|
Term
|
Definition
| An attack in which the attacker uses pre-generated lists of common passwords or words from dictionaries and systematically tries each one against the target network. This method is faster than a brute-force attack and relies on users' tendencies to choose easily guessable passwords. |
|
|
Term
|
Definition
| A partial backup of data that has changed since the last full backup. |
|
|
Term
|
Definition
| An asymmetric algorithm that is used to securely generate and exchange symmetric keys between two parties over an untrusted network. |
|
|
Term
|
Definition
| Also known as a public key certificate, a certificate that is used to cryptographically link ownership of a public key with the entity that owns it. |
|
|
Term
| digital forensics and incident response (DFIR) |
|
Definition
| A combination of forensic investigation and the incident response process. |
|
|
Term
| Digital Signature Algorithm (DSA) |
|
Definition
| An asymmetric algorithm that is typically used to generate digital signatures today. |
|
|
Term
|
Definition
| Any occurrence of major degradation, damage, or destruction of critical assets. |
|
|
Term
| disaster recovery plan (DRP) |
|
Definition
| Detailed procedures for responding to a specific disaster. |
|
|
Term
| distributed denial of service (DDoS) |
|
Definition
| A more aggressive DoS attack in which many bots being controlled by a C2 server perform an attack against a victim to make it unavailable. |
|
|
Term
|
Definition
| See screened subnet (DMZ). |
|
|
Term
|
Definition
| See Domain Name System (DNS). |
|
|
Term
|
Definition
| A protocol that translates domain names (such as www.example.com) into IP addresses (such as 203.0.113.10), facilitating the use of easy-toremember names when referring to resources. It is an application layer protocol. |
|
|
Term
|
Definition
| See denial of service (DoS). |
|
|
Term
|
Definition
| Malicious software that is designed to download other malicious software. |
|
|
Term
|
Definition
| See Disaster Recovery Plan (DRP). |
|
|
Term
|
Definition
| See Digital Signature Algorithm (DSA). |
|
|
Term
|
Definition
| A physical attack that involves looking through the garbage of a victim to find information that could help with an additional attack. |
|
|
Term
| Dynamic Host Configuration Protocol (DHCP) |
|
Definition
| A protocol used for dynamically assigning IP addresses and network configuration parameters to devices on a network. It simplifies network management and reduces manual configuration. DHCP is an application layer protocol. |
|
|
Term
|
Definition
| See Extensible Authentication Protocol (EAP). |
|
|
Term
|
Definition
| See elliptic-curve cryptography (ECC). |
|
|
Term
| elliptic-curve cryptography (ECC) |
|
Definition
| Newer, modern, asymmetric algorithms that are faster, smaller, and more efficient than RSA and DSA because they are based on the algebraic structure of elliptic curves over finite fields. |
|
|
Term
|
Definition
| See enterprise mobility management (EMM). |
|
|
Term
| Encapsulating Security Payload (ESP) |
|
Definition
| An IPsec protocol that provides confidentiality, integrity, authentication, and protection against replay attacks. |
|
|
Term
|
Definition
| The act of turning a plaintext message into ciphertext so it is unreadable. |
|
|
Term
|
Definition
| A device that connects to a network and exchanges data with other devices. Examples of endpoints are workstations, servers, smartphones, tablets, and IoT devices. |
|
|
Term
| enterprise mobility management (EMM) |
|
Definition
| A combination of processes and tools (MDM, MAM, MCM, and MEM) to provide wide-ranging management capabilities for mobile devices. |
|
|
Term
|
Definition
| A method of authenticating individual users or devices accessing a network by using 802.1x, EAP, and RADIUS. |
|
|
Term
|
Definition
| See Encapsulating Security Payload (ESP). |
|
|
Term
|
Definition
| A hacker who uses their skills for good, in a just and lawful manner. |
|
|
Term
|
Definition
| Any occurrence that can be observed. |
|
|
Term
|
Definition
| A graphical utility in Windows for reviewing, analyzing, and filtering log events. |
|
|
Term
|
Definition
| Artifacts that are pertinent and indicate that some event transpired. |
|
|
Term
|
Definition
| A type of wireless network attack in which an attacker creates a fake wireless access point (AP) that appears identical to a legitimate one. This is 100% malicious. |
|
|
Term
|
Definition
| Anything that can take advantage of a vulnerability. |
|
|
Term
|
Definition
| A type of IPv4 ACL that can match the source and/or destination address of a packet, the source and/or destination port of a packet, the protocol of a packet, the QoS markings of a packet, and more. |
|
|
Term
| Extensible Authentication Protocol (EAP) |
|
Definition
| An authentication framework that enables multiple authentication methods within an enterprise environment. |
|
|
Term
|
Definition
| An event isn’t detected, but it did occur. |
|
|
Term
|
Definition
| An event is detected, but it did not occur. |
|
|
Term
| Family Educational Rights and Privacy Act (FERPA) |
|
Definition
| A law that aims to protect students’ educational records. |
|
|
Term
|
Definition
| See full-disk encryption (FDE). |
|
|
Term
| Federal Information Security Management Act (FISMA) |
|
Definition
| A regulation that defines how federal agencies should protect their information systems. |
|
|
Term
|
Definition
| See Family Educational Rights and Privacy Act (FERPA). |
|
|
Term
|
Definition
| A score assigned to a file based on its calculated trustworthiness. Talos Intelligence and Microsoft SmartScreen employ file reputation techniques. |
|
|
Term
|
Definition
| A Cisco AMP feature that detects when permitted files are later determined to be malicious. If brand-new malware gets into your network and is deemed malicious days later, file retrospection generates an alert. |
|
|
Term
|
Definition
| Rules defined on file system objects (files and directories) that define who can do what. |
|
|
Term
| File Transfer Protocol (FTP) |
|
Definition
| A protocol that is used to facilitate the transfer of files between computers on a network. It provides a standard set of commands and protocols for uploading, downloading, and managing files on remote servers. |
|
|
Term
|
Definition
| Searching through the contents of storage media for files that match malware signatures. |
|
|
Term
|
Definition
| Apple’s implementation of full-disk encryption (FDE) for macOS. |
|
|
Term
|
Definition
| Any type of damage that is caused by a fire. |
|
|
Term
|
Definition
| A network security device that acts as a barrier between an internal network and external networks, such as the Internet. It monitors and controls incoming and outgoing network traffic based on predefined security rules and policies. Firewalls play a critical role in network security by protecting the network from unauthorized access, malicious activities, and potential threats. |
|
|
Term
|
Definition
| Software code embedded in electronic devices that provides instructions for their operation. |
|
|
Term
|
Definition
| See Federal Information Security Management Act (FISMA). |
|
|
Term
|
Definition
| An identical, bit-for-bit copy of data. |
|
|
Term
|
Definition
| A server that acts as an intermediary between client devices and the Internet. When a client device, such as a computer or mobile device, requests access to a resource on the Internet, it sends the request to the forward proxy instead of directly connecting to the target server. The forward proxy then forwards the request to the target server on behalf of the client and returns the response back to the |
|
|
Term
|
Definition
| See File Transfer Protocol (FTP). |
|
|
Term
|
Definition
| A complete backup of all data, regardless of what data has or hasn’t changed. |
|
|
Term
| full-disk encryption (FDE) |
|
Definition
| A confidentiality control that protects stored data by encrypting everything written to disk. |
|
|
Term
|
Definition
| A scan that exhaustively searches through the contents of a filesystem. Full scans tend to be slower but more accurate than quick scans. |
|
|
Term
|
Definition
| A test for DRPs and BCPs in which all (or most) personnel and systems are involved in testing plans against a fictional scenario. |
|
|
Term
|
Definition
| A file fingerprint that is less change-sensitive than a cryptographic hash and that can detect similarities in file contents. |
|
|
Term
|
Definition
| See General Data Protection Regulation (GDPR). |
|
|
Term
| General Data Protection Regulation (GDPR) |
|
Definition
| A European regulation that seeks to protect the rights of EU citizens. |
|
|
Term
|
Definition
| A hacker who uses their skills for good and/or bad, depending on how you look at it. |
|
|
Term
|
Definition
| Someone who has the skills needed to breach systems and steal data by exploiting any number of vulnerabilities that exist. |
|
|
Term
|
Definition
| A person or group that attacks for social or political purposes. |
|
|
Term
|
Definition
| The act of fixing vulnerabilities in an environment to eliminate or reduce the risk associated with a threat that could exploit a vulnerability. |
|
|
Term
|
Definition
| A one-way process in which a hash is generated from data and can be used for confidentiality purposes or integrity purposes. |
|
|
Term
| Health Insurance Portability and Accountability Act (HIPAA) |
|
Definition
| A U.S. regulation that aims to protect the privacy and security of patient information. |
|
|
Term
|
Definition
| See Health Insurance Portability and Accountability Act (HIPAA). honeypot A security mechanism used to detect, deflect, or study unauthorized access attempts or malicious activity within a network or system. It is essentially a decoy or trap that is designed to attract and deceive attackers and that provides valuable insights into attackers' methods, motives, and techniques. |
|
|
Term
|
Definition
| Software installed on individual systems to restrict incoming and outgoing network traffic. |
|
|
Term
|
Definition
| An alternate site with all hardware, infrastructure, and personnel needed to resume operation immediately. |
|
|
Term
|
Definition
| See Hypertext Transfer Protocol (HTTP). |
|
|
Term
|
Definition
| Disruptive event caused or controlled by human activity. |
|
|
Term
| Hypertext Transfer Protocol (HTTP) |
|
Definition
| An application-layer protocol used for transmitting and receiving web-based content. It enables communication between web clients (such as web browsers) and web servers. HTTP operates at the application layer of the TCP/IP stack. |
|
|
Term
|
Definition
| See Internet Control Message Protocol (ICMP). |
|
|
Term
| Identity Services Engine (ISE) |
|
Definition
| A comprehensive Cisco NAC solution that provides centralized policy management, authentication, and access control for network devices. |
|
|
Term
|
Definition
| See intrusion detection system (IDS). |
|
|
Term
|
Definition
| Storage media, such as CD-R and DVD-R disks, that can be written to only once. Data on immutable media cannot be encrypted or destroyed by malware. |
|
|
Term
|
Definition
| In qualitative risk analysis, the estimated damage of a risk occurring. |
|
|
Term
|
Definition
| A principle that says to implicitly deny access to everyone and everything unless they are explicitly allowed. |
|
|
Term
|
Definition
| A signature generation technique that hashes an application’s imported libraries and functions to generate a fingerprint. |
|
|
Term
|
Definition
| A violation (or potential violation) of security policies or practices. |
|
|
Term
|
Definition
| The process of identifying, analyzing, and responding to incidents. |
|
|
Term
| incident response team (IRT) |
|
Definition
| A group of people (often interdisciplinary) charged with preparing for and responding to incidents. |
|
|
Term
|
Definition
| A partial backup of data that has changed since the last full or incremental backup. |
|
|
Term
|
Definition
| A sign that an incident is occurring or has occurred. |
|
|
Term
| information sharing and analysis center (ISAC) |
|
Definition
| An organization that facilitates information sharing between members of the same industry. |
|
|
Term
|
Definition
| Patching of uninfected systems to ensure that they aren’t affected by a malware outbreak. |
|
|
Term
|
Definition
| A person or group within an organization that poses a threat to the CIA of that environment. |
|
|
Term
|
Definition
| Any accidental or malicious threat that an organization could face from an insider. |
|
|
Term
|
Definition
| A component of the CIA triad that focuses on ensuring that data is accurate, authentic, and in the state it should be in. |
|
|
Term
| Internet Control Message Protocol (ICMP) |
|
Definition
| A protocol that is primarily used for diagnostics and error reporting in IP networks. It allows network devices to send control messages, such as echo requests (pings) and error notifications, and even trace the path through a network (traceroute). ICMP is an Internet layer protocol. |
|
|
Term
| Internet Protocol Security |
|
Definition
|
|
Term
| Internet Protocol version 4 (IPv4) |
|
Definition
| The fourth version of the Internet Protocol, which is responsible for addressing and routing packets with routers across networks. It uses 32-bit addresses, allowing for approximately 4.3 billion unique addresses for devices around the world. It operates at the Internet layer of the TCP/IP stack, and it is the foundation of Internet communication. |
|
|
Term
| Internet Protocol version 6 (IPv6) |
|
Definition
| The successor to IPv4, which is designed to overcome the limitations of address exhaustion in IPv4. It uses 128-bit addresses, allowing for a significantly larger number of unique addresses. It is responsible for addressing and routing packets across networks, and it operates at the Internet layer of the TCP/IP stack. |
|
|
Term
|
Definition
| The generic name that has been given to all Internet-enabled devices. |
|
|
Term
| intrusion detection system (IDS) |
|
Definition
| A device that passively monitors network traffic, looking for suspicious patterns or indicators of malicious activity. It analyzes network packets, system logs, and other data sources to identify potential security incidents. When an IDS detects an anomaly or a known attack signature, it generates an alert to notify administrators or security personnel. |
|
|
Term
| intrusion prevention system (IPS) |
|
Definition
| A device that actively prevents and blocks malicious activities. This can involve blocking network traffic, dropping malicious packets, or reconfiguring network devices to protect against the identified threats. |
|
|
Term
|
Definition
| See Internet of Things (IoT). |
|
|
Term
|
Definition
| See intrusion prevention system (IPS). |
|
|
Term
|
Definition
| A framework that helps provide secure communication over IP networks. It is widely used for establishing virtual private networks to ensure confidentiality, integrity, and authentication of all network traffic. |
|
|
Term
|
Definition
| See Internet Protocol version 4 (IPv4). |
|
|
Term
|
Definition
| See Internet Protocol version 6 (IPv6). |
|
|
Term
|
Definition
| See incident response team (IRT). |
|
|
Term
|
Definition
| See information sharing and analysis center (ISAC). |
|
|
Term
|
Definition
| See Identity Services Engine (ISE). |
|
|
Term
|
Definition
| Scaling fences to gain access to areas. |
|
|
Term
|
Definition
| Malware designed to capture the user’s keystrokes. |
|
|
Term
| least-privilege principle |
|
Definition
| A principle that says to give users the minimum permissions they need to accomplish their objectives. |
|
|
Term
|
Definition
| A review of a process (such as incident response) after the fact to learn and continually improve. |
|
|
Term
|
Definition
| In qualitative risk analysis, the estimated probability of a risk occurring. |
|
|
Term
|
Definition
| A backup that is kept in physical proximity to the primary data. Compared to remote backups, local backups are typically faster but offer less protection against disaster scenarios. |
|
|
Term
|
Definition
| Breaking a lock to gain access to an unauthorized area. |
|
|
Term
|
Definition
| Bumping lock pins in a lock to gain access to an unauthorized area. |
|
|
Term
|
Definition
| Picking a lock to gain access to an unauthorized area. |
|
|
Term
|
Definition
| A type of malware that is designed to trigger/execute at a specific time or based on a specific condition. |
|
|
Term
|
Definition
| A unique identifier assigned to a network interface card (NIC) at the data link layer to facilitate the identification of devices within a local network. Switches use the destination MAC address listed in a frame to make forwarding decisions. |
|
|
Term
|
Definition
| A security feature used on wireless networks to control access based on the unique Media Access Control (MAC) addresses (hardware addresses) of devices. |
|
|
Term
|
Definition
| A type of social engineering attack that is also a physical attack that takes advantage of people’s curiosity or need to get a great deal. |
|
|
Term
|
Definition
| Any type of software that is malicious. |
|
|
Term
|
Definition
| The fingerprint of a malware sample that is used to identify the presence of that malware on other systems. |
|
|
Term
|
Definition
| See mobile application management (MAM). |
|
|
Term
|
Definition
| See mobile content management (MCM). |
|
|
Term
|
Definition
| See Message Digest 5 (MD5). |
|
|
Term
|
Definition
| See mobile device management (MDM). |
|
|
Term
| Media Access Control address |
|
Definition
|
|
Term
|
Definition
| See mobile email management (MEM). |
|
|
Term
|
Definition
| The Message Digest version 5 hashing algorithm. |
|
|
Term
|
Definition
| See multifactor authentication (MFA). |
|
|
Term
|
Definition
| An identical, fully synchronized copy of the primary site: mirrored sites are highly expensive but allow for instantaneous failover. |
|
|
Term
| mobile application management (MAM) |
|
Definition
| Software that enables IT professionals to deploy, manage, and secure mobile applications. |
|
|
Term
| mobile content management (MCM) |
|
Definition
| Software that provides secure, easy sharing of data to and from mobile devices. |
|
|
Term
| mobile device management (MDM) |
|
Definition
| Software that enables IT professionals to control, configure, and monitor mobile devices. |
|
|
Term
| mobile email management (MEM) |
|
Definition
| Software that allows administrators to manage and secure emails and apply security controls to email applications. |
|
|
Term
|
Definition
| A preconfigured, transportable alternate site typically housed in a trailer or shipping container. |
|
|
Term
| multifactor authentication (MFA) |
|
Definition
| A type of authentication that involves using two or more authentication factors in order to authenticate. |
|
|
Term
|
Definition
| See network access control (NAC). |
|
|
Term
|
Definition
| See Network Address Translation (NAT). |
|
|
Term
|
Definition
|
|
Term
| National Vulnerability Database (NVD) |
|
Definition
| A database of vulnerabilities and vulnerability management information maintained by the U.S. government. |
|
|
Term
|
Definition
| Natural disruptive events that humans do not cause and cannot control. |
|
|
Term
|
Definition
| A principle that says to give users access to what they absolutely need to do their jobs and perform their roles. |
|
|
Term
|
Definition
| A command-line tool that displays open connections, listeners, and protocol statistics. |
|
|
Term
| network access control (NAC) |
|
Definition
| A security framework that ensures only authorized and compliant devices gain access to a network infrastructure. It helps organizations enforce security policies, mitigate risks, and protect against unauthorized access and threats. NAC typically involves a combination of hardware and software components that work together to establish and enforce access control policies. |
|
|
Term
| Network Address Translation (NAT) |
|
Definition
| A service that can convert a private RFC 1918 address that is routable only on private networks into a public IP address that is routable on the Internet. |
|
|
Term
| network-based antimalware |
|
Definition
| Antimalware that scans network traffic for malicious files. |
|
|
Term
|
Definition
| The layer of the OSI model where Internet Protocol (IP) operates. This layer also handles the routing and forwarding of data packets across interconnected networks. |
|
|
Term
| next-generation firewall (NGFW) |
|
Definition
| A network security device that builds on the capabilities of a traditional firewall by incorporating additional features and technologies to provide enhanced security and advanced threat protection by offering several key advancements over a traditional firewall. |
|
|
Term
|
Definition
| See next-generation firewall (NGFW). |
|
|
Term
|
Definition
| A command-line tool for testing DNS queries and responses. |
|
|
Term
|
Definition
| See National Vulnerability Database (NVD). |
|
|
Term
|
Definition
| A backup that is not network connected, which protects against ransomware and other threats that often target mounted backups. |
|
|
Term
|
Definition
| A backup that isn’t stored in proximity to the systems it protects: it is stored in another state or geographic region. |
|
|
Term
| Online Certificate Status Protocol (OSCP) |
|
Definition
| An Internet protocol defined in RFC 6960 that can be used to get the current revocation status of a single X.509 certificate. |
|
|
Term
|
Definition
| An attack in which the attacker intercepts communications by placing themself between two communicating devices. |
|
|
Term
|
Definition
| A backup that is stored in proximity to the systems it protects—in the same building or locality. |
|
|
Term
|
Definition
| Intelligence with a moderate scope, such as a threat actor’s tactics, techniques, and procedures (TTPs). |
|
|
Term
|
Definition
| See Online Certificate Status Protocol (OSCP). |
|
|
Term
| OSI (Open Systems Interconnection) |
|
Definition
| reference model A conceptual framework that standardizes and describes the functions and interactions of a communication system. |
|
|
Term
|
Definition
| A file that contains captured network traffic (often generated by tcpdump or Wireshark). |
|
|
Term
|
Definition
| A test for DRPs and BCPs in which a subset of personnel and systems are used to test plans against a fictional scenario. |
|
|
Term
|
Definition
| A vulnerability scanner that relies on monitoring normal traffic and does not generate traffic. |
|
|
Term
| Payment Card Industry Data Security Standard (PCI-DSS) |
|
Definition
| An industry standard enforced by all major credit card companies. |
|
|
Term
|
Definition
| See packet capture (PCAP). |
|
|
Term
|
Definition
| See Payment Card Industry Data Security Standard (PCI-DSS). |
|
|
Term
|
Definition
| A method of authenticating individual users or devices accessing a network by using pre-shared keys. |
|
|
Term
|
Definition
| An email-based attack that attempts to convince the receiver to click a link and provide confidential or personally identifiable information or open an attachment so that malware is installed on the system. |
|
|
Term
|
Definition
| This layer of the OSI model that deals with the physical transmission of data through network cables, wireless signals, or other media. It defines the electrical, mechanical, and functional specifications for transmitting raw bits across the network. |
|
|
Term
|
Definition
| A type of social engineering attack that involves an unauthorized person—the attacker—gaining access to an authorized area by using an authorized person(s)—the victim(s). The victim thinks they are helping someone who has a legitimate need to enter the area. |
|
|
Term
|
Definition
| See public key infrastructure (PKI). |
|
|
Term
|
Definition
| Scanning that enumerates available hosts, which ports they have open, and (commonly) version information. |
|
|
Term
|
Definition
| A newer and more feature-filled command-line interface (CLI) used for managing Windows. |
|
|
Term
|
Definition
| A sign that an incident may occur in the future. |
|
|
Term
|
Definition
| The layer of the OSI model that is responsible for data representation, encryption, and compression. It ensures that data exchanged between applications is in a format that both applications can understand. |
|
|
Term
|
Definition
| A password or passphrase shared among all users and devices that is used to authenticate to a wireless network. |
|
|
Term
|
Definition
| A control that tries to block risk events from happening (for example, a firewall blocking many potential attacks). |
|
|
Term
|
Definition
| The process of gaining privileges one is not entitled to. It is a technique that attackers use to expand their control over systems. |
|
|
Term
|
Definition
| See pre-shared key (PSK). |
|
|
Term
| public key infrastructure (PKI) |
|
Definition
| A set of identities, roles, policies, and actions for the creation, use, management, distribution, and revocation of digital certificates. |
|
|
Term
|
Definition
| Two related keys that are used for asymmetric cryptography. |
|
|
Term
| qualitative risk analysis |
|
Definition
| A type of analysis that involves generating a relative risk score based on likelihood and impact. (See likelihood, impact) |
|
|
Term
| quantitative risk analysis |
|
Definition
| A type of analysis that involves generating an estimated annual cost, called the annualized loss expectancy (ALE). ALE is calculated by multiplying the singleloss expectancy (SLE) by the annualized rate of occurrence (ARO). (See annualized loss expectancy, annualized rate of occurrence, and single loss expectancy) |
|
|
Term
|
Definition
| Steps taken to keep infected and uninfected systems separate. |
|
|
Term
|
Definition
| A scan that searches through areas where malware is commonly found. These tend to be faster than full ones. |
|
|
Term
|
Definition
| See Remote Access Dial-In User Service (RADIUS). |
|
|
Term
|
Definition
| A device that acts as a central authority responsible for authenticating and authorizing users attempting to connect to a wireless network. |
|
|
Term
|
Definition
| An attack in which the attacker uses rainbow tables, which are precomputed sets of hash values for different possible passwords. The attacker compares captured password hashes with entries in the rainbow table to quickly determine the password corresponding to a specific hash. |
|
|
Term
|
Definition
| Malware that is designed to hold systems and data for ransom. |
|
|
Term
|
Definition
| See remote access Trojan. |
|
|
Term
|
Definition
| Antimalware functions that scan data as it is interacted with (such as after it is downloaded or when it is opened). |
|
|
Term
| recovery point objective (RPO) |
|
Definition
| The maximum data loss a business can accept (that is, the earliest acceptable point in time at which data can be recovered). |
|
|
Term
| recovery time objective (RTO) |
|
Definition
| The maximum acceptable amount of time a system or business function can be disrupted. |
|
|
Term
|
Definition
| Someone who attacks computer systems or networks for fun or curiosity rather than for financial gain or malice. |
|
|
Term
| Remote Access Dial-In User Service (RADIUS) |
|
Definition
| A client/server protocol used for incorporating authentication, authorization, and accounting into an environment. |
|
|
Term
|
Definition
| Trojan A type of Trojan (see Trojan horse) that creates a backdoor into a system once it is executed. |
|
|
Term
|
Definition
| A type of VPN connection that enables individual users or devices to securely access a private network from a remote location over the Internet. |
|
|
Term
|
Definition
| A backup that is kept away from the primary data (such as in another state or region). Remote backups are generally slower than local backups because they must be transferred over the Internet. However, they offer better protection against disasters. |
|
|
Term
| remote monitoring and management (RMM) |
|
Definition
| A tool commonly used by IT service providers that provides monitoring, configuration, patching, inventorying, and other features for enrolled assets. |
|
|
Term
|
Definition
| A server that sits between client devices on the Internet and web servers in a data center, acting as an intermediary for inbound Internet traffic. Unlike a forward proxy, which handles outbound traffic, a reverse proxy manages incoming requests from Internet clients and forwards them to the appropriate backend servers. The reverse proxy receives the requests on behalf of the servers and sends back the |
|
|
Term
|
Definition
| The probability or chance that anyone or anything could exploit a vulnerability in an environment. |
|
|
Term
|
Definition
| A risk management strategy that involves accepting the presence of a risk and doing nothing. Often chosen when responses are more costly than the risk itself. |
|
|
Term
|
Definition
| A risk management strategy that involves eliminating a risk by avoiding the asset or system associated with it (for example, avoiding web server attacks by not maintaining a website). |
|
|
Term
|
Definition
| A business activity that aims to identify, prioritize, and respond to risks. |
|
|
Term
|
Definition
| A response to risk that involves reducing (but not eliminating) risk: any steps taken to reduce the potential impact of a risk. |
|
|
Term
|
Definition
| A risk management strategy that involves transferring some risk to another party (for example, cyber insurance). |
|
|
Term
| Rivest, Shamir, and Adleman (RSA) |
|
Definition
| An asymmetric algorithm used primarily for authentication. |
|
|
Term
|
Definition
| See remote monitoring and management (RMM). |
|
|
Term
|
Definition
| An unauthorized wireless access point (AP) that has been deployed within a network without proper authorization or knowledge, for either malicious or non-malicious purposes. |
|
|
Term
|
Definition
| Malware designed to provide an attacker with administrative-level access to a system and potentially gain access to parts of the system that only the operating system would normally have access to. |
|
|
Term
|
Definition
| See recovery point objective (RPO). |
|
|
Term
|
Definition
| See Rivest, Shamir, and Adleman (RSA). |
|
|
Term
|
Definition
| See recovery time objective (RTO). |
|
|
Term
|
Definition
| The process of adding random characters on the fly as part of the hashing process to ensure unique hashes. |
|
|
Term
|
Definition
| The process of creating a segmented environment for safely testing software (for instance, to observe malware behavior). |
|
|
Term
|
Definition
| See Security Content Automation Protocol (SCAP). |
|
|
Term
|
Definition
| A separate network segment that acts as a buffer zone between an internal trusted network and an external untrusted network, such as the Internet. |
|
|
Term
|
Definition
| Someone who takes advantage of already existing tools and scripts that are available on the Internet and Dark Web and has limited knowledge or skills to create their own tools or scripts. |
|
|
Term
| Secure Hash Algorithm (SHA) |
|
Definition
| A family of hashing algorithms with different bit lengths. |
|
|
Term
|
Definition
| A protocol that provides secure encrypted communication and secure remote administration of network devices and systems. It allows users to establish secure command- line, file transfer (SFTP), and tunneling sessions over an unsecured network. |
|
|
Term
| security automation, orchestration, and response (SOAR) |
|
Definition
| Tools that help streamline and automate security operations. |
|
|
Term
| Security Content Automation Protocol (SCAP) |
|
Definition
| A constellation of complementary standards used to evaluate system vulnerabilities and compliance. |
|
|
Term
| security information and event management (SIEM) |
|
Definition
| A system that helps collect logs, consolidate logs, correlate logs, and get notified about abnormalities/threats in logs that are in breach of established policies. |
|
|
Term
| security orchestration, automation, and response (SOAR) |
|
Definition
| A tool that helps you automate responses and reduce the amount of human intervention when an abnormality/threat has been detected. |
|
|
Term
| service set identifier (SSID) |
|
Definition
| A unique name assigned to a wireless network to identify it among other nearby networks. It acts as the wireless network's name. |
|
|
Term
|
Definition
| The layer of the OSI model that establishes, manages, and terminates communication sessions between applications. It enables processes running on different devices to establish a dialogue and coordinate their communication. |
|
|
Term
|
Definition
| See Secure Hash Algorithm (SHA). |
|
|
Term
|
Definition
| A password, passphrase, or random characters that all parties know. |
|
|
Term
|
Definition
| See security information and event management (SIEM). |
|
|
Term
| single loss expectancy (SLE) |
|
Definition
| The expected cost of a single risk occurrence. |
|
|
Term
|
Definition
| A type of VPN connection that allows two or more separate networks in different physical locations to securely communicate with each other over the Internet. |
|
|
Term
|
Definition
| See single loss expectancy (SLE). |
|
|
Term
| small office/home office (SOHO) |
|
Definition
| A type of network setup in which individuals or businesses operate from their residences or small office spaces. |
|
|
Term
|
Definition
| A social engineering attack in which an attacker texts a victim and attempts to compromise them via text. |
|
|
Term
|
Definition
| See security orchestration, automation, and response (SOAR). |
|
|
Term
|
Definition
| An attack that is accomplished through human interaction, taking advantage of people’s tendency to be kind and helpful and tricking them. |
|
|
Term
|
Definition
| See small office/home office (SOHO). |
|
|
Term
|
Definition
| An authentication factor based on unique aspects of yourself that relies on biometrics. |
|
|
Term
|
Definition
| An authentication factor based on habits and characteristics. |
|
|
Term
|
Definition
| An authentication factor based on possession. |
|
|
Term
|
Definition
| An authentication factor based on knowledge. |
|
|
Term
|
Definition
| An authentication factor based on location. |
|
|
Term
|
Definition
| Malware software that is designed to send unsolicited messages to as many people as it can by using tools like email, instant messaging, and newsgroups. |
|
|
Term
|
Definition
| A more targeted type of phishing attack in which the attacker researches their intended victims ahead of time and targets them more directly. |
|
|
Term
|
Definition
| A fuzzy hashing algorithm that divides files into smaller sections and calculates their hashes piece-by-piece. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| See service set identifier (SSID). |
|
|
Term
|
Definition
| A type of IPv4 ACL that only matches the source address of a packet. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| See Structured Threat Information Expression (STIX). |
|
|
Term
|
Definition
| Intelligence with an expansive scope, such as trends across many threat actors. |
|
|
Term
| Structured Threat Information Expression (STIX) |
|
Definition
| A standard that allows threat intelligence to be expressed using machine-readable JSON. |
|
|
Term
|
Definition
| A type of cryptography that requires a single key for both encryption and decryption. |
|
|
Term
|
Definition
| A format used to arrange log information, as well as a protocol used to transmit it to other devices (such as syslog servers). |
|
|
Term
|
Definition
| A test for DRPs and BCPs in which team members gather, are presented with a scenario, and talk through how they would respond to a fictional scenario. |
|
|
Term
|
Definition
| Intelligence with a tight scope, such as specific attack identifiers. |
|
|
Term
| tactics, techniques, and procedures (TTP) |
|
Definition
| The behaviors of attackers. |
|
|
Term
|
Definition
| A type of social engineering attack that involves an unauthorized person—the attacker—gaining access to an authorized area by using an authorized person(s)—the victim(s). The victim does not know that the attacker has slipped in behind them. |
|
|
Term
|
Definition
| See Trusted Automated Exchange of Intelligence Information (TAXII). |
|
|
Term
|
Definition
| See Transmission Control Protocol (TCP). |
|
|
Term
|
Definition
| Also known as the Internet Protocol suite, a set of communication protocols that form the foundation of the Internet and many other computer networks. |
|
|
Term
|
Definition
| A command-line tool used to capture and analyze network traffic. |
|
|
Term
|
Definition
| A protocol that is used to establish a remote terminal connection between a client and a server over a network. It allows users to log into a remote host and access its command-line interface. |
|
|
Term
|
Definition
| The act of stealing an asset from an organization. |
|
|
Term
|
Definition
| Anyone or anything that could exploit vulnerabilities in an environment. |
|
|
Term
|
Definition
| A person or group that intends to cause harm. |
|
|
Term
|
Definition
| Information about threats that has been enriched through analysis, aggregation, or correlation. |
|
|
Term
|
Definition
| The Cisco threat intelligence and malware analysis platform. ThreatGrid has cloud and on-premises deployment options. |
|
|
Term
| Transmission Control Protocol (TCP) |
|
Definition
| A reliable and connection-oriented transport protocol that operates at the transport layer of the TCP/IP stack. It ensures that data sent over the network reaches the intended destination accurately and in the correct order. |
|
|
Term
|
Definition
| The layer of the OSI model and TCP/IP stack that ensures reliable and efficient end-to-end data delivery between applications running on different devices. The most widely used transport protocol in the TCP/IP stack and OSI model is Transmission Control Protocol (TCP), which provides features such as error correction, flow control, and congestion control. Another transport protocol is User Datagram Protocol |
|
|
Term
|
Definition
| An IPsec mode that encapsulates only the payload of the IP packet. |
|
|
Term
|
Definition
| Removal of malware from a system. This may involve manually deleting malware components or simply wiping the affected system. |
|
|
Term
| Triple Data Encryption Standard (3DES) |
|
Definition
| A symmetric key encryption algorithm that is an extension of DES and uses three keys instead of one. |
|
|
Term
|
Definition
| A malicious program or file disguised as a legitimate program or file that tricks the victim into executing the Trojan, thinking it is legitimate. Trojans typically do not replicate like viruses and worms do. |
|
|
Term
|
Definition
| An event isn’t detected, and it did not occur. |
|
|
Term
|
Definition
| An event is detected, and it occurred. |
|
|
Term
| Trusted Automated Exchange of Intelligence Information (TAXII) |
|
Definition
| A transport mechanism for STIX-formatted threat intelligence that supports collections (request/response architecture) and channels (publisher/subscriber architecture). |
|
|
Term
|
Definition
| See tactics, techniques, and procedures (TTP). |
|
|
Term
|
Definition
| An IPsec mode that encapsulates the entire original IP packet, including the original IP header. |
|
|
Term
|
Definition
| An authentication concept that involves using two or more steps in order to authenticate. |
|
|
Term
|
Definition
| See User Datagram Protocol (UDP). |
|
|
Term
|
Definition
| A hacker who uses their skills for bad, in an unlawful and unjust manner. |
|
|
Term
| User Datagram Protocol (UDP) |
|
Definition
| A connectionless and lightweight transport protocol that operates at the transport layer of the TCP/IP stack. It provides for faster transmission of data between communicating devices compared to TCP but does not offer the reliability and errorcorrection mechanisms of TCP. Therefore, UDP is commonly used for real-time streaming, VoIP, and DNS. |
|
|
Term
|
Definition
| Driving a vehicle into a building to gain access to an unauthorized area. |
|
|
Term
| virtual private network (VPN) |
|
Definition
| A technology that allows you to create a secure and encrypted connection over a less secure network, such as the Internet. It essentially extends a private network across a public network, enabling users to send and receive data as if their devices were directly connected to the private network. |
|
|
Term
|
Definition
| Malware that is designed to insert its code (payload) into a system’s programs and files and lives within a document or an executable file, and remaining dormant, until some type of human interaction occurs to launch its attack and cause it to spread to other systems. |
|
|
Term
|
Definition
| A social engineering attack in which an attacker calls a victim and attempts to compromise them over the phone. |
|
|
Term
|
Definition
| How quickly data degrades and disappears on a system. |
|
|
Term
|
Definition
| See virtual private network (VPN). |
|
|
Term
|
Definition
| A weakness in any part of an enterprise that, if exploited, could jeopardize the confidentiality, integrity, or availability of the systems and the data. |
|
|
Term
|
Definition
| An automated tool that performs tests against defined hosts or network ranges, looking for signs of vulnerabilities. |
|
|
Term
|
Definition
| A technique used to discover and map wireless networks by driving around in a vehicle equipped with a Wi-Fi-enabled device, such as a laptop or smartphone. The purpose of war driving is to identify vulnerable or unsecured wireless networks for potential exploitation or unauthorized access. |
|
|
Term
|
Definition
| An alternate site with most hardware and systems available but that requires some setup and configuration during disaster recovery. |
|
|
Term
|
Definition
| Any type of damage that is caused by water. |
|
|
Term
|
Definition
| See Wired Equivalent Privacy (WEP). |
|
|
Term
|
Definition
| A phishing attack that targets a high-profile person, such as a CEO, CFO, CTO, or CISO. |
|
|
Term
| Wi-Fi Protected Access (WPA) |
|
Definition
| A wireless security protocol designed to be the successor to WEP. WPA introduced stronger encryption and security mechanisms, such as Temporal Key Integrity Protocol (TKIP). |
|
|
Term
| Wi-Fi Protected Access 2 (WPA2) |
|
Definition
| A current standard for wireless network security. It is an improvement over WPA and offers stronger encryption and authentication methods. WPA2 uses Advanced Encryption Standard (AES). |
|
|
Term
| Wi-Fi Protected Access 3 (WPA3) |
|
Definition
| The latest generation wireless security protocol. It uses AES and provides enhanced security features compared to its predecessors, WPA and WPA2. |
|
|
Term
| Wi-Fi Protected Setup (WPS) |
|
Definition
| A network security standard designed to simplify the process of connecting devices to a Wi-Fi network. |
|
|
Term
| Wired Equivalent Privacy (WEP) |
|
Definition
| An encryption protocol used to secure wireless networks. It was introduced as the first standard encryption method for Wi-Fi networks. |
|
|
Term
|
Definition
| Standalone, self-replicating, malicious software that wreaks havoc and spreads without human intervention through vulnerabilities in other software. |
|
|
Term
|
Definition
| See Wi-Fi Protected Access (WPA). |
|
|
Term
|
Definition
| See Wi-Fi Protected Access 2 (WPA2). |
|
|
Term
|
Definition
| See Wi-Fi Protected Access 3 (WPA3). |
|
|
Term
|
Definition
| A method of providing encryption and privacy on open, non-password-protected networks. |
|
|
Term
|
Definition
| See Wi-Fi Protected Setup (WPS). |
|
|
Term
|
Definition
| PIN attack An attack in which the attacker tries different PIN combinations until they discover the correct one when the Wi-Fi network uses Wi-Fi Protected Setup (WPS). |
|
|
Term
|
Definition
| A language that can define various file characteristics of malware samples. |
|
|
