Cybersecurity Glossary

Packet sniffing, also known as network sniffing or packet capturing, is the process of intercepting and analysing network traffic packets to inspect their content, gather information, or capture sensitive data. Packet sniffing can be performed using specialised software or hardware tools that capture and analyse network packets as they traverse a network interface. While packet sniffing has legitimate uses, such as network troubleshooting and monitoring, it can also be used for malicious purposes, such as capturing unencrypted passwords or sensitive information.

Password cracking is the process of attempting to recover or guess a password by systematically testing different combinations of characters until the correct password is found. Password cracking can be performed using various techniques, such as dictionary attacks (trying commonly used passwords), brute force attacks (trying all possible combinations), or rainbow table attacks (using precomputed tables of hashed passwords). Password cracking is often used by attackers to gain unauthorised access to user accounts or sensitive information. Strong passwords, password complexity requirements, and proper password storage mechanisms help mitigate the risk of password cracking.

A password policy is a set of rules and requirements that govern the creation, management, and use of passwords within an organisation or system. Password policies define criteria such as password length, complexity, expiration, reuse restrictions, and account lockout rules. By enforcing a strong password policy, organisations can enhance the security of user accounts, reduce the risk of password-based attacks, and promote good password hygiene among users. Regular password policy enforcement, user education, and password management tools are essential components of an effective password policy.

Password policy enforcement refers to the mechanisms and processes in place to ensure that users adhere to the defined password policy within an organisation or system. Password policy enforcement may include technical controls, such as password complexity checks, expiration mechanisms, account lockout after failed login attempts, and password history checks. It also involves user awareness and education about the importance of password security and compliance with the password policy. Password policy enforcement helps maintain the integrity and security of user accounts and reduces the risk of password-related attacks.

Password spraying is a technique used in password attacks where an attacker attempts a small number of commonly used passwords against a large number of user accounts. Unlike traditional brute force attacks, which involve trying all possible password combinations for a single user account, password spraying aims to bypass account lockout policies by avoiding excessive failed login attempts. Attackers use lists of common passwords or previously breached passwords to increase the chances of success. Strong password policies, multi-factor authentication, and account lockout mechanisms can help mitigate the risk of password spraying attacks.

Patch management is the process of acquiring, testing, deploying, and monitoring software updates, known as patches, to fix vulnerabilities, address software bugs, or improve the functionality of systems, applications, or devices. Patch management involves identifying vulnerable software, tracking patch releases, assessing the impact and compatibility of patches, and implementing a systematic approach to apply patches across an organisation's infrastructure. Effective patch management helps mitigate the risk of exploitation through known vulnerabilities and ensures that systems are up to date with the latest security fixes.

Patch testing is the practice of evaluating software patches or updates in a controlled environment before deploying them to production systems or critical environments. Patch testing involves conducting thorough testing procedures to ensure that the patch does not introduce new issues, conflicts with existing software or configurations, or adversely affects system stability or performance. Testing patches helps organisations minimize the potential disruption or negative impact that could result from deploying faulty or incompatible patches. It ensures that patches are validated and reliable before being applied to production systems.

In the context of cybersecurity, a payload refers to the malicious component or code within a cyber attack. The payload is the part of the attack that performs the intended malicious action, such as data theft, system compromise, unauthorised access, or the execution of destructive commands. The payload can be delivered through various means, including email attachments, infected files, malicious URLs, or compromised websites. Understanding the payload is crucial for detecting, analysing , and mitigating cyberattacks.

A penetration tester, also known as an ethical hacker or white hat hacker, is a security professional who assesses the security of systems, networks, applications, or infrastructure by simulating real-world attacks. Penetration testers use various tools, techniques, and methodologies to identify vulnerabilities, exploit weaknesses, and gain unauthorised access to test environments. The goal of penetration testing is to evaluate the effectiveness of security controls, discover vulnerabilities before malicious actors do, and provide recommendations to improve the overall security posture of an organisation.

Penetration testing, often referred to as pen testing or ethical hacking, is a proactive security assessment technique that involves simulating real-world attacks on systems, networks, applications, or infrastructure to identify vulnerabilities and assess the effectiveness of security controls. Penetration testing is conducted by skilled security professionals who use various methods, tools, and techniques to exploit weaknesses, gain unauthorised access, and assess the impact of potential attacks. The results of penetration testing provide valuable insights into an organisation's security vulnerabilities and help prioritize remediation efforts.

Penetration testing tools are software applications or frameworks designed to assist security professionals in performing penetration testing activities. These tools automate and facilitate the identification of vulnerabilities, the exploitation of weaknesses, and the assessment of security controls. Penetration testing tools can include vulnerability scanners, network scanners, password crackers, exploit frameworks, wireless analysis tools, and forensic analysis utilities. The selection and use of appropriate penetration testing tools depend on the specific testing objectives, the target environment, and the skills and expertise of the tester.

A personal firewall is a security software application or hardware device designed to protect an individual user's computer or device from unauthorised network access and malicious activities. Personal firewalls monitor inbound and outbound network traffic, apply access control policies, and block or allow connections based on predefined rules. They help prevent unauthorised access to the system, detect and block malicious traffic, and provide an additional layer of defence against network-based attacks. Personal firewalls are commonly used in home or individual user environments to enhance the security of personal devices and data.

Phishing is a cyberattack technique where attackers impersonate trustworthy entities, such as legitimate organisations, to deceive individuals into revealing sensitive information, such as passwords, usernames, credit card details, or social security numbers. Phishing attacks are typically carried out through fraudulent emails, instant messages, or malicious websites that mimic legitimate sources. The aim of phishing attacks is to trick users into clicking on malicious links, opening malicious attachments, or providing personal information, which can then be used for identity theft, financial fraud, or unauthorised access.

Phishing awareness training is an educational program designed to educate users about the risks of phishing attacks, how to identify phishing attempts, and best practices for safe online behaviour. Phishing awareness training aims to raise awareness among individuals and organisations about the tactics, techniques, and red flags associated with phishing attacks. It provides guidance on identifying suspicious emails, avoiding phishing scams, and reporting phishing incidents. Phishing awareness training is an essential component of a comprehensive cybersecurity awareness program to help users become more vigilant and resilient against phishing threats.

Phishing simulation is a proactive security measure that involves the creation and execution of simulated phishing campaigns to test the awareness, response, and susceptibility of individuals within an organisation to phishing attacks. Phishing simulations mimic real phishing emails or scenarios to assess user behaviour, identify vulnerabilities, and measure the effectiveness of security awareness training programs. Phishing simulations help organisations evaluate their readiness to detect and resist phishing attacks, identify areas for improvement, and reinforce security best practices among employees.

Physical access control refers to the measures, processes, and techniques used to restrict or manage physical access to physical premises, facilities, or sensitive areas within an organisation. Physical access control includes various mechanisms, such as security guards, badges, access cards, biometric systems, surveillance cameras, locks, and barriers. The goal of physical access control is to prevent unauthorised individuals from entering restricted areas, protect physical assets and resources, ensure employee safety, and maintain the confidentiality and integrity of sensitive information.

Physical security encompasses the measures and practices implemented to protect physical assets, facilities, resources, and personnel from unauthorised access, theft, damage, or threats. Physical security measures can include physical barriers, access controls, surveillance systems, security personnel, alarm systems, video monitoring, and environmental controls. Physical security aims to safeguard critical infrastructure, data centres, offices, storage areas, and other physical assets from physical breaches, intrusions, theft, natural disasters, or other physical risks.

A ping sweep, also known as an ICMP sweep, is a network scanning technique that involves sending Internet Control Message Protocol (ICMP) echo request messages (pings) to a range of IP addresses to determine which hosts are online or reachable. Ping sweeps can be performed using specialised tools or command-line utilities. The responses received indicate the presence of active hosts, allowing administrators to identify live systems, assess network connectivity, or detect unauthorised devices. Ping sweeps can be used for network troubleshooting, reconnaissance, or security auditing purposes.

Port scanning is the process of systematically scanning a computer network to identify open ports on target systems. Port scanning can be performed using automated tools or scripts that send network requests to specific ports on target IP addresses. By examining the responses received, port scanning helps identify listening services, protocols, or potential vulnerabilities on networked devices. Port scanning is used for network security assessments, vulnerability assessments, and network troubleshooting, but it can also be employed by attackers to identify potential entry points for exploitation.

Privacy refers to the right of individuals to control the collection, use, and disclosure of their personal information. In the context of cybersecurity, privacy involves protecting personal data from unauthorised access, use, or disclosure by implementing appropriate technical and organisational measures. Privacy considerations encompass compliance with privacy laws and regulations, data protection practices, secure data handling, consent management, data minimization, and transparency in data processing. Protecting privacy helps maintain individuals' autonomy, trust, and control over their personal information in an increasingly digital and interconnected world.

A privacy breach, also known as a data breach or security incident, occurs when there is unauthorised access, disclosure, or loss of personal information, resulting in a potential compromise of privacy. Privacy breaches can happen due to various factors, including cyberattacks, insider threats, human error, system vulnerabilities, or physical theft. The consequences of privacy breaches can be significant, leading to identity theft, financial fraud, reputational damage, or legal and regulatory repercussions. Organisations must have incident response plans, security controls, and proactive measures in place to prevent and respond to privacy breaches effectively.

A privacy policy is a statement or document that outlines an organisation's practices and commitments regarding the collection, use, storage, and disclosure of personal information. Privacy policies inform individuals about how their personal data is handled, the purposes for which it is collected, the types of information collected, the security measures in place, and their rights and options for controlling their data. Privacy policies are essential for transparency, compliance with privacy regulations, and building trust between organisations and individuals whose data is being collected or processed.

Privacy-enhancing technologies (PETs) are tools, techniques, or methodologies designed to protect individual privacy by minimizing or eliminating the collection, use, or disclosure of personal information. PETs aim to provide individuals with control over their personal data while still enabling the delivery of desired services or functionality. Examples of PETs include encryption, anonymization techniques, identity management systems, data minimization approaches, secure protocols, and privacy-preserving data analysis methods. PETs play a crucial role in ensuring privacy in various contexts, such as healthcare, financial services, and online interactions.

A private key, in the context of public key cryptography, is a secret cryptographic key that is kept confidential and known only to the owner. Private keys are used in asymmetric encryption algorithms, where different keys are used for encryption and decryption. The possession of the private key enables the decryption of data encrypted with the corresponding public key. Private keys are essential for ensuring the confidentiality, integrity, and authenticity of communications, digital signatures, and secure transactions.

Statistical models that represent the probabilistic relationships between random variables using directed or undirected graphs. Probabilistic graphical models, such as Bayesian networks and Markov networks, are used for reasoning under uncertainty and performing probabilistic inference.

A protocol analyser, also known as a network analyser or packet sniffer, is a tool or software application used to capture, analyse, and decode network traffic in real time. Protocol analysers intercept network packets, extract relevant data, and provide insights into network protocols, communications, and potential issues. Protocol analysers help troubleshoot network connectivity problems, identify network misconfigurations, investigate network performance issues, or analyse network security incidents. They are valuable tools for network administrators, security professionals, and network protocol developers.

A proxy server acts as an intermediary between client devices and servers, facilitating client-server communication. When a client sends a request to access a server, the request is first sent to the proxy server, which then forwards the request to the appropriate server on behalf of the client. Proxy servers can provide various functionalities, such as caching, content filtering, access control, anonymization, or load balancing. From a security perspective, proxy servers can enhance privacy, protect against certain types of attacks, and provide an additional layer of security by isolating clients from direct contact with servers.

A public key, in the context of public key cryptography, is a key that is made available to others for encryption or verification purposes. Public keys are part of an asymmetric encryption algorithm, where different keys are used for encryption and decryption. The public key can be freely distributed and used by anyone to encrypt data or verify digital signatures created with the corresponding private key. Public keys enable secure communication, confidentiality, and integrity in various applications, including secure email, digital certificates, and secure web browsing.

Public key cryptography, also known as asymmetric cryptography, is a cryptographic system that uses a pair of mathematically related keys, a public key and a private key, for secure communication and data protection. Public key cryptography allows for encryption and decryption of data using different keys. The public key is widely distributed and used for encryption, while the private key is kept secret and used for decryption. Public key cryptography provides confidentiality, integrity, and authenticity in various applications, including secure messaging, digital signatures, and secure online transactions.

Public key infrastructure (PKI) is a framework of policies, procedures, hardware, software, and services that enable the creation, distribution, management, and revocation of digital certificates and public-private key pairs. PKI provides the infrastructure necessary for implementing secure communication, authentication, and data protection using public key cryptography. PKI supports the issuance and verification of digital certificates, certificate authorities (CAs), certificate revocation lists (CRLs), and other components required for secure and trusted communication in various domains, such as e-commerce, online banking, and secure email.

Public Wi-Fi security refers to the protection of data and privacy when connecting to and using public Wi-Fi networks, such as those found in coffee shops, airports, or hotels. Public Wi-Fi networks are inherently insecure and can be vulnerable to various attacks, such as eavesdropping, man-in-the-middle attacks, or spoofing. To enhance public Wi-Fi security, individuals should use secure and encrypted connections (e.g., HTTPS), avoid transmitting sensitive information over unsecured networks, and consider using virtual private networks (VPNs) to create secure tunnels for their internet traffic.