top of page
Untitled design.png

Glossary

Why are security terms so complicated? We strive to remove the complexity and provide real world context to make these topics easy to understand. Let us know if we should add anything to the list. 

watermark4.png

1. Sender Policy Framework (SPF)

To prevent impersonation of an email sender, SPF is used to verify that the email claiming to originate from a specific domain actually belongs to the list of published IP addresses in the DNS record of that domain. SPF limits the origins of emails to only the designated servers. Email recipients can automatically confirm that the sender is authentic by comparing the “envelope from” address of the mail—rejecting those that appear suspicious before the body of the message is delivered. 

SSL

2. SSL Certificate

Secure Sockets Layer (SSL) is a global security standard for encrypted communication between a web browser and a web server. An SSL Certificate is a digital certificate issued to each endpoint to verify its identify and facilitate a handshake with another endpoint for secure, encrypted, exchange of information. Most websites use http(S) to communicate with browsers securely, encrypting information such as personal details, credit card information or login credentials.

TCP

3. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

TCP is the most common protocol for networked computers to exchange information. It breaks down messages into packets which can then be delivered by network devices (switches, routers, etc.) to their intended destination reliably. Once at the destination, TCP reassembles the packets into their original state. UDP is an alternative protocol optimized for time-sensitive information, such as video play-back or DNS lookup. UDP does not rely upon a handshake similar to TCP (aka TCP handshake), but rather sends all packets directly to the target computer. The downside of UDP is that packets may be sometimes lost in transit, potentially opening the door to compromise of the message integrity. 

Firewall

4. Firewall

A physical or a virtual device with the primary function to block unwanted network traffic. When properly configured, a firewall can prevent unauthorized network traffic from one segment of a network to another based on its origination IP address, destination IP address and port of transmission. It automatically monitors incoming and outgoing traffic at the packet level to decide whether to permit or to block transmission based on the security rules configured by the security or network administrator. Firewall is technically a software product so keeping it updated with the latest patches and service releases is very important to avoid exploitation of vulnerabilities in the actual firewall product.

VLAN

5. Virtual Local Area Network (VLAN)

A LAN is a group of interconnected computers or devices within a limited geographical area. A VLAN is a logical partition isolated on the physical LAN. VLANs are used to segment a network with software rather than relying solely on physical devices, which can yield performance and security improvements. Access from one VLAN to another is possible only via a router configured to direct traffic accordingly. 

CVE

6. Common Vulnerabilities and Exposures (CVE)

CVE is a public directory of known cybersecurity vulnerabilities published by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). It is available online at no charge to anyone who wants to better understand known vulnerabilities in a variety of IT products, software, hardware, tools, etc. CVEs are used by most vulnerability scanners for consistency in nomenclature and ease of tracking, prioritization and remediation based on vendor published advisories and disclosures. 

MIM

7. Man in the Middle (MitM)

During a man-in-the-middle attack, a threat actor can intercept in-transit communication and gain access to login credentials or other sensitive information. An attacker can also modify or sabotage communication between systems. Encryption of traffic is often used to thwart MitM attacks, but sophisticated threat actors may also attempt to redirect traffic to other phishing sites that appear to be authentic adding even more complexity.

Buffer

8. Buffer Overflow

To improve performance, memory buffers temporarily hold data that a resource may need to access quickly. If the volume of incoming data exceeds limited capacity, a buffer can overflow, spilling data into adjacent memory locations. A threat actor with a detailed understanding of system resources can force an overflow into executable memory space with code that alters files, reveals valuable data or unlocks the authentication to protected systems.

Terminal

9. Terminal Server

Organizations use terminal servers to connect remote users to local area network resources by virtualizing a desktop terminal and only transmitting limited data to the user’s device. This is often the visual presentation of the desktop or virtual applications running on the terminal server but controlled by the keyboard / mouse of the remote user. Some products marketed as terminal servers can be very simple devices that do not offer much (if any) security functionality, such as data encryption or user authentication.

VDI

10. Virtual Desktop Interface or Infrastructure (VDI)

Some organizations provide employees (or clients, vendors, etc.) with access to virtual desktop terminals from any device, tablet or desktop computer. VDI runs on a central server, is centrally managed, offering many advantages to deploying consistent security controls. VDI can be especially helpful for employees frequently working away from the office, by providing access to company resources, applications and sensitive data in a controlled environment.

RPC

11. Windows Remote Procedure Call (RPC)

RPC allows Windows applications to communicate with each other, either between a client and a server across a network or within a single system. It is an essential service for more than a hundred services on a typical Windows Server. It is a flexible, powerful tool for system administrators to manage multiple services from a single console, but it is also known to allow threat actors to compromise systems with malicious software.

Add

Anything you would like to see us add?

bottom of page