Cybersecurity Glossary

Tailgating, also known as piggybacking, is a physical security breach that occurs when an unauthorised person follows an authorized individual into a restricted area without proper authentication or Authorisation. Tailgating takes advantage of the trust established with the authorized person, allowing the unauthorised person to gain unauthorised access to secure areas. Tailgating can be mitigated by implementing access control measures, such as access cards, turnstiles, security personnel, and user awareness training to encourage individuals to adhere to proper access procedures and report suspicious behaviour.

Tamper detection refers to the capability of a system or device to detect and alert when unauthorised physical access or tampering attempts occur. Tamper detection mechanisms are designed to safeguard the integrity and security of physical assets, such as computers, servers, routers, or sensitive equipment. Tamper detection mechanisms can include seals, tamper-evident stickers, intrusion detection sensors, tamper-resistant screws, or specialised circuits that trigger an alert or initiate countermeasures when tampering is detected. Tamper detection helps protect against physical attacks, unauthorised modifications, or tampering that could compromise the confidentiality, integrity, or availability of sensitive systems or data.

Definition

A threat actor, also known as an attacker or malicious actor, refers to an individual, group, organisation, or entity that poses a threat to the security of systems, networks, or data. Threat actors can range from script kiddies and hacktivists to organized cybercrime groups, state-sponsored attackers, or insiders. Threat actors employ various attack techniques, tools, or motives to exploit vulnerabilities, compromise systems, steal data, disrupt operations, or gain unauthorised access. Understanding the capabilities, motivations, and techniques of different threat actors is crucial for developing effective security strategies and defences.

Threat hunting is a proactive cybersecurity approach that involves actively and iteratively searching for indications of compromise or potential security threats within an organisation's systems, networks, or data. Threat hunting goes beyond traditional security monitoring and incident response by actively seeking out advanced threats or hidden indicators of compromise that may evade automated detection systems. Threat hunting involves collecting and analysing data from various sources, using threat intelligence, employing advanced analytics, and conducting manual investigations to identify, mitigate, and remediate potential security threats before they cause significant damage.

Threat intelligence refers to information about potential or existing cyber threats, including their indicators, tactics, techniques, and procedures (TTPs), motives, and capabilities. Threat intelligence is gathered from various sources, such as security researchers, security vendors, security incident reports, open-source intelligence (OSINT), or specialised threat intelligence providers. Threat intelligence is used to enhance threat detection, improve incident response, support vulnerability management, and inform security strategies and decision-making. It enables organisations to stay informed about emerging threats, understand the threat landscape, and take proactive measures to protect their systems, networks, and data.

Threat modelling is a systematic approach to identify and evaluate potential threats, vulnerabilities, and risks associated with a system, application, or network. Threat modelling involves analysing the system's architecture, components, data flows, and trust boundaries to identify potential attack vectors, entry points, and weaknesses that could be exploited by threat actors. The goal of threat modelling is to understand the system's security posture, prioritize security controls, and guide the development of mitigating measures to address identified threats. Threat modelling can be performed using various methodologies, such as STRIDE, DREAD, or the Microsoft Threat Modelling Tool.

Time-based One-Time Password (TOTP) is a two-factor authentication (2FA) mechanism that uses a time-based algorithm to generate a unique, one-time password for each authentication attempt. TOTP is based on the time-synchronization between the authentication server and the client device, typically through the use of a shared secret key and a clock. TOTP codes are time-limited and change every few seconds, providing an additional layer of security beyond traditional passwords. TOTP is commonly used in the form of authentication apps on mobile devices, such as Google Authenticator or Authy.

Token-based authentication is a method of authentication that uses a unique token to verify the identity of a user or system. A token can be a physical device, such as a smart card or hardware token, or a digital token, such as a software-generated code or cryptographic key. Token-based authentication is often used as a form of two-factor authentication (2FA) or multi-factor authentication (MFA), where the possession of the token is combined with knowledge-based authentication (such as a password) to enhance security. Tokens can provide an extra layer of protection against unauthorised access, as they are typically more difficult to replicate or compromise than passwords alone.

Tokenization is a data protection technique that replaces sensitive data, such as credit card numbers or personal identifiers, with unique tokens that have no meaning or value outside the context of the system or process using them. Tokenization helps reduce the risk associated with storing or transmitting sensitive data by separating the data from the tokenization system. The sensitive data is stored securely in a centralized location (often referred to as a token vault), while tokens are used in applications or databases that require limited or no access to the original sensitive data. Tokenization can help minimize the impact of data breaches, as stolen tokens cannot be used to retrieve the original sensitive information.

The Tor network, also known as The Onion Router, is a decentralized network of volunteer-operated servers that anonymizes internet traffic and provides users with privacy and anonymity. The Tor network routes internet traffic through a series of encrypted relays, making it difficult to trace the origin of the communication. Tor is often used to access websites, services, or content anonymously, bypass censorship, or protect privacy. While the Tor network can offer anonymity, it can also be abused for illicit activities, and certain types of attacks can compromise the anonymity of Tor users.

Traffic analysis is the process of monitoring and analysing network traffic patterns, volumes, and behaviours to gain insights into the flow of data, identify anomalies, detect potential threats, or understand system performance. Traffic analysis involves collecting and examining network data, such as packet headers, flow records, or log files, to identify patterns or trends that may indicate suspicious activities, congestion points, bottlenecks, or performance issues. Traffic analysis techniques can be used for network troubleshooting, capacity planning, intrusion detection, and network security monitoring to maintain the availability, reliability, and security of network infrastructure.

The practice of leveraging knowledge gained from one task or domain to improve learning or performance in another related task or domain. It enables models to leverage pre-trained features and knowledge for faster and more effective learning.

Transport Layer Security (TLS) is a cryptographic protocol that provides secure communication over a computer network, typically the internet. TLS ensures the confidentiality, integrity, and authenticity of data transmitted between a client and a server by encrypting the data and verifying the identity of the parties involved. TLS is widely used to secure web browsing (HTTPS), email communication (SMTPS, POP3S, IMAPS), virtual private networks (VPNs), and other network services. TLS has evolved from its predecessor, Secure Sockets Layer (SSL), and is implemented using various cipher suites and protocol versions to provide strong encryption and secure communication channels.

A Trojan downloader, also known as a dropper, is a type of malware that is designed to download and install additional malicious software onto a victim's system without their knowledge or consent. Trojan downloaders are typically disguised as legitimate files or applications and often use social engineering techniques to trick users into executing them. Once executed, the Trojan downloader connects to a command-and-control server to retrieve instructions and payloads, which can include various types of malware, such as ransomware, spyware, or botnet agents. Trojan downloaders can be distributed through malicious email attachments, compromised websites, or other malware infections.

A Trojan horse, or simply Trojan, is a type of malware that masquerades as a legitimate file or program to deceive users into executing it. Unlike viruses or worms, Trojans do not replicate themselves but rely on social engineering techniques to trick users into installing or executing them. Once inside a system, Trojans can perform a variety of malicious actions, such as stealing sensitive information, gaining unauthorised access, launching distributed denial-of-service (DDoS) attacks, or providing backdoor access for attackers. Trojans are often distributed through email attachments, software downloads from untrusted sources, or by exploiting vulnerabilities in software or operating systems.

A trusted platform module (TPM) is a hardware-based security component that provides a secure environment for cryptographic operations, secure storage of keys and certificates, and hardware-based integrity measurement capabilities. TPM is typically implemented as a microchip on the motherboard of a computer or other devices and works in conjunction with software to enhance system security. TPMs can be used for various security functions, such as disk encryption, secure boot, platform integrity checks, remote attestation, or key management. TPMs help protect against unauthorised access, tampering, or exploitation of sensitive data and system components.

Two-factor authentication (2FA), also known as multi-factor authentication (MFA), is an authentication method that requires users to provide two or more different types of credentials to verify their identity. These credentials typically fall into three categories something the user knows (e.g., a password), something the user has (e.g., a security token or mobile device), or something the user is (e.g., biometric data like fingerprints). By combining multiple authentication factors, 2FA enhances security by adding an additional layer of protection beyond passwords alone. It helps prevent unauthorised access even if passwords are compromised.

The two-man rule, also known as the four-eyes principle or dual control, is a security practice that requires the presence and agreement of two authorized individuals to perform certain critical or sensitive operations. The two-man rule is often used in environments where the risk of unauthorised actions or errors could have severe consequences, such as in nuclear facilities, financial institutions, or military operations. The goal of the two-man rule is to prevent unauthorised or malicious actions by ensuring that no single individual has the sole authority or knowledge required to perform critical tasks or access sensitive information.