cytr.io

Common Security Terminology

• Firewall - Used to refer to a network security device, you can think of this as the “front-door” of a computer network. Everything that comes in or out should go through this device. Often times you will position a guard here to check to make sure that the visitors belong there. Misconfigurations or poorly designed policies create vulnerabilities. Proper use is indicated from the term’s origins; a firewall should be used between any networks of different security levels.
• IP Address - One of the most important ways of addressing computers and devices on a computer network. There are two main classes of IP addresses: private and public. Public addresses are assigned to devices directly connected to the internet like firewalls and some mobile devices, while private addresses are used within local networks behind firewall devices.
• VPN (Virtual Private Network) - While “private” is in the name, this term describes a way of connecting two logically private networks together across a public network. A host connected over a VPN can reference private addresses as though it were also local. Although security can and often is layered on top of this technology, it should always be validated for proper configuration and functionality. The take- away is, just because you are using a VPN does not imply you are “safe” from attacks.
• TTP (Tools, Techniques, Procedures) - General term used to describe threat actor (hackers) behaviors. These are often unique to threat actors and can be used to correlate threat actor campaigns which are sometimes classified as an APT (Advanced Persistent Threat).
• DLP (Data Loss Prevention) - A class of tools used to limit the compromise of data on an enterprise network. An example might be a system that looks for Social Security Numbers within outbound emails to ensure employees don’t accidentally share this sensitive information. This is a very basic example; these tools range from basic to highly complex.
• Phishing - Generally used to refer to an email designed to trick users into performing an action designed to compromise their host or credentials. Not to be confused with general unsolicited email, usually referred to as SPAM.
• DMZ (De-Militarized Zone) - A network segment designated to allow more access (often remote-access server and web-servers) than the more secure sections of the network. A firewall device is used to separate each network segment in this paradigm.
• Encryption - A way of securing data and communication against eavesdropping and unauthorized access. Properly encrypted data is indistinguishable from random data.
• Ransomware - A class of malware that infects your system then encrypts your personal files demanding payment to allow you to read them again.
• MFA (Multi-Factor Authentication) - A way of adding additional security to logon/ authentication systems. Often users will select poor passwords such as “Spring2020!” because this password meets complexity requirements (8 characters, capital, numbers, and a symbol), but for an attacker is easy to guess. MFA requires the user enter another code which is often generated by a machine and only valid for a short time and only available via a service only that user should have access to.