Glossary:

1. Malware and Related Attacks

●​ RAT: Remote Access Trojan

●​ Keylogger: Captures keystrokes.
●​ Spyware: Gathers user data without consent.
●​ Adware: Unwanted ads, sometimes malicious.
●​ Ransomware: Encrypts files for ransom.
●​ Rootkit: Hides malicious processes.
●​ Logic Bomb: Triggered by specific events.
●​ Trojan Horse: Disguised as legitimate software.
●​ Virus: Requires a host to propagate.
●​ Worm: Self-replicates without user intervention.
●​ Backdoor: Allows unauthorized remote access.

2. Social Engineering Attacks

●​ Phishing: Email or website-based scams.

●​ Spear Phishing: Targeted phishing attack.
●​ Vishing: Voice-based phishing.
●​ Smishing: SMS phishing.
●​ Pretexting: Creating a fabricated scenario to steal information.
●​ Baiting: Using physical or digital bait (e.g., USBs).
●​ Tailgating: Following someone into a restricted area.
●​ Piggybacking: Similar to tailgating but with consent.

3. Network Attacks

●​ DoS: Denial of Service

●​ DDoS: Distributed Denial of Service
●​ MITM: Man-in-the-Middle
●​ Spoofing: Faking identity or data (IP, MAC, or email spoofing).
●​ Sniffing: Intercepting network traffic.
●​ Replay Attack: Reusing captured data packets.
●​ Session Hijacking: Taking control of a user’s session.
●​ ARP Poisoning: Faking ARP messages to redirect traffic.
●​ DNS Poisoning: Altering DNS records to redirect traffic.
4. Cryptographic Attacks

●​ Brute Force: Trying all possible passwords.

●​ Dictionary Attack: Using a pre-defined list of words.
●​ Rainbow Table: Precomputed hash attack.
●​ Birthday Attack: Exploiting hash collisions.
●​ Replay Attack: Reusing intercepted authentication data.
●​ Downgrade Attack: Forcing a system to use weaker encryption.

5. Application and Web-Based Attacks

●​ SQL Injection: Exploiting SQL queries.

●​ XSS: Cross-Site Scripting
●​ CSRF (or XSRF): Cross-Site Request Forgery
●​ Command Injection: Injecting system commands.
●​ Directory Traversal: Accessing restricted directories.
●​ Buffer Overflow: Exploiting memory overflow.
●​ LDAP Injection: Exploiting LDAP queries.
●​ API Attacks: Exploiting API vulnerabilities.
●​ Zero-Day Attack: Exploiting undisclosed vulnerabilities.

6. Wireless Attacks

●​ Evil Twin: Fake wireless access point.

●​ Rogue AP: Unauthorized access point.
●​ Bluejacking: Sending unsolicited messages via Bluetooth.
●​ Bluesnarfing: Stealing data via Bluetooth.
●​ Jamming: Interfering with wireless signals.
●​ WPS Attack: Exploiting weaknesses in WPS PIN.
●​ Deauthentication Attack: Forcing devices to reconnect to a rogue AP.

7. Insider Threats

●​ Privileged Escalation: Gaining unauthorized privileges.

●​ Malicious Insider: Employee with harmful intent.
●​ Unintentional Insider: Accidental data leaks.
8. Physical Attacks

●​ Dumpster Diving: Searching trash for information.

●​ USB Drop Attack: Planting malicious USB drives.
●​ Skimming: Stealing payment card data via devices.

9. Threat Actors and Advanced Attacks

●​ APT: Advanced Persistent Threat

●​ Supply Chain Attack: Targeting third-party vendors.
●​ Watering Hole Attack: Targeting websites frequented by a specific group.
●​ Malvertising: Malicious advertisements.
●​ Island Hopping: Attacking via connected systems.

10. IoT and Embedded System Attacks

●​ Botnet: Network of compromised devices.

●​ IoT Exploits: Exploiting vulnerabilities in IoT devices.
●​ Firmware Exploits: Compromising firmware to gain control.

11. Cloud Attacks

●​ Cloud Jacking: Taking control of cloud accounts.

●​ Misconfigured Cloud Storage: Exposing sensitive data.
●​ Data Exfiltration: Stealing data from cloud environments.
Comprehensive Glossary:
1. Threats, Attacks, and Vulnerabilities

●​ Attack Surface: Total points of entry an attacker can exploit.

●​ Threat Actor: An entity (person, group, or nation) with malicious intent.
●​ Exploit: Code or technique used to take advantage of a vulnerability.
●​ Zero-Day: A vulnerability that is unknown to the vendor and exploited before a fix is
available.
●​ Phishing: Deceptive emails or messages to trick users into revealing sensitive
information.
○​ Spear Phishing: Targeted phishing at specific individuals.
○​ Whaling: Phishing targeting high-level executives.
●​ Ransomware: Malware that encrypts data and demands payment for decryption.
●​ Malware: Malicious software (e.g., viruses, worms, Trojans, rootkits, spyware).
●​ Social Engineering: Manipulating people into giving confidential information.
●​ Denial-of-Service (DoS): Overloading a system to make it unavailable.
●​ Distributed Denial-of-Service (DDoS): DoS attack using multiple systems.
●​ SQL Injection: Inserting malicious SQL code into a query.
●​ Cross-Site Scripting (XSS): Injecting scripts into webpages viewed by others.
●​ Privilege Escalation: Exploiting flaws to gain higher access rights.
●​ Man-in-the-Middle (MitM): Intercepting communications between two parties.
●​ Brute Force: Trying all possible password combinations.
●​ Dictionary Attack: Using a list of predefined words to guess passwords.
●​ Replay Attack: Re-sending captured network traffic to repeat a transaction.
●​ Logic Bomb: Malicious code triggered by a specific condition.
●​ Watering Hole Attack: Compromising websites frequently visited by the target.
●​ Backdoor: Hidden access points into a system.
●​ Session Hijacking: Taking over a legitimate session.

2. Technologies and Tools

●​ Firewall: Filters incoming/outgoing traffic based on rules.

●​ IDS/IPS: Intrusion Detection/Prevention Systems to monitor and respond to threats.
●​ SIEM: Security Information and Event Management system for analyzing logs.
●​ Honeypot: Decoy systems set up to detect and analyze attacker behavior.
●​ Vulnerability Scanner: Identifies weaknesses in systems (e.g., Nessus, OpenVAS).
●​ Port Scanner: Scans open ports on a network (e.g., Nmap).
●​ Antivirus: Detects and removes malware.
●​ Sandboxing: Isolating code execution in a controlled environment.
 ●​ Endpoint Detection and Response (EDR): Detects threats on endpoints (e.g., laptops,
mobile devices).
●​ Data Loss Prevention (DLP): Prevents unauthorized data exfiltration.
●​ Proxy Server: Intermediary between client and server for filtering traffic.
●​ SSL/TLS: Protocols for encrypting web traffic.
●​ VPN: Virtual Private Network for secure remote connectivity.

3. Cryptography and PKI

●​ Symmetric Encryption: Uses the same key for encryption and decryption (e.g., AES).
●​ Asymmetric Encryption: Uses public and private key pairs (e.g., RSA, ECC).
●​ Hashing: One-way function for data integrity (e.g., MD5, SHA-256).
●​ Digital Signature: Validates authenticity and integrity of a message.
●​ Certificate Authority (CA): Issues and manages digital certificates.
●​ Public Key Infrastructure (PKI): Framework for managing keys and certificates.
●​ Elliptic Curve Cryptography (ECC): Lightweight encryption for resource-constrained
devices.
●​ Perfect Forward Secrecy (PFS): Ensures session keys can't be reused or decrypted
later.
●​ Steganography: Hiding data within files or images.

4. Identity and Access Management

●​ Authentication: Verifying identity (e.g., passwords, biometrics, tokens).

●​ Authorization: Granting permissions based on identity.
●​ MFA (Multi-Factor Authentication): Using two or more factors for authentication.
●​ RBAC (Role-Based Access Control): Assigning permissions based on roles.
●​ ABAC (Attribute-Based Access Control): Granting access based on attributes.
●​ SSO (Single Sign-On): One set of credentials for multiple systems.
●​ Federation: Sharing identities across organizations (e.g., SAML, OAuth).

5. Risk Management

●​ Risk Assessment: Evaluating potential risks to assets.

○​ Quantitative Risk: Assigns monetary value to risks.
○​ Qualitative Risk: Describes risks using scenarios and likelihoods.
●​ Vulnerability Management: Identifying and remediating vulnerabilities.
●​ Penetration Testing: Ethical hacking to simulate an attack.
●​ Incident Response: Detecting, containing, and recovering from an incident.
 ●​ Business Continuity Plan (BCP): Ensures critical operations continue after disruptions.
●​ Disaster Recovery Plan (DRP): Restoring IT operations after a disaster.
●​ Risk Mitigation Strategies: Accept, Transfer, Avoid, Mitigate.

6. Network Security

●​ Subnetting: Dividing networks into smaller segments.

●​ DMZ (Demilitarized Zone): Isolated network for public-facing services.
●​ 802.1X: Network access control using authentication.
●​ WPA3: Modern Wi-Fi security standard.
●​ NAT (Network Address Translation): Hides internal IP addresses.
●​ MAC Filtering: Allowing/blocking devices based on MAC addresses.
●​ IPSec: Encrypting and authenticating IP traffic.
●​ VLANs: Segmenting networks for security and performance.

7. Governance, Risk, and Compliance

●​ GDPR: EU data privacy regulation.

●​ HIPAA: Protects healthcare information.
●​ PCI DSS: Security standard for payment card transactions.
●​ SOX: Sarbanes-Oxley Act for corporate financial transparency.
●​ ISO/IEC 27001: Information security management standard.
●​ NIST: US cybersecurity framework (e.g., NIST SP 800-53).

8. Physical Security

●​ Biometric Authentication: Fingerprints, facial recognition.

●​ Access Control: Keycards, PINs, security guards.
●​ CCTV: Surveillance cameras.
●​ Faraday Cage: Blocks electromagnetic signals.
●​ Mantrap: Double-door system for controlled access.

9. Emerging Technologies

●​ IoT (Internet of Things): Securing smart devices.

●​ Blockchain: Secure, decentralized ledger technology.
●​ Quantum Cryptography: Future-proof encryption techniques.
 ●​ AI/ML: Detecting and responding to threats using machine learning.
●​ Cloud Security: Securing IaaS, PaaS, SaaS environments.

10. Important Ports

●​ FTP (21): File Transfer Protocol.

●​ SSH (22): Secure Shell.
●​ DNS (53): Domain Name System.
●​ HTTP (80): Web traffic.
●​ HTTPS (443): Secure web traffic.
●​ RDP (3389): Remote Desktop Protocol.
Simple Definitions:
1. IP Address

An IP address is like the home address of a device on a network. It helps devices find each
other and communicate. There are two types:

●​ IPv4: Example: 192.168.1.1

●​ IPv6: Example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

2. Firewall

A firewall is like a security guard for your network. It decides what data can enter or leave your
system based on rules you set, blocking harmful or unwanted traffic.

3. VPN (Virtual Private Network)

A VPN is like a secure tunnel for your internet traffic. It hides your IP address and encrypts
your data, keeping it safe from hackers or spying while using the internet.

4. Malware

Malware is any harmful software (like a virus, worm, or trojan) designed to damage or steal
data from your computer. It's like a spy or thief attacking your system.

5. Encryption

Encryption is like a secret code that makes your data unreadable to anyone who doesn’t have
the key to decode it. It protects sensitive information, like passwords and credit card details.

6. Phishing
Phishing is when a hacker tries to trick you into revealing personal information (like your
password or bank details) by pretending to be a trustworthy entity (like your bank). It's like a
fake message that looks real.

7. Authentication

Authentication is the process of verifying your identity, like showing an ID to prove who you
are. It can involve:

●​ Something you know (password)

●​ Something you have (phone for a one-time code)
●​ Something you are (fingerprint or face)

8. Access Control

Access control is like setting permissions on your house doors. It decides who can enter (or
access) specific parts of your network or system based on roles, such as:

●​ RBAC (Role-Based Access Control)

●​ MAC (Mandatory Access Control)

9. SIEM (Security Information and Event Management)

A SIEM is like a security camera system that watches over your network. It collects data from
various sources to identify possible security threats and respond to them quickly.

10. IDS/IPS (Intrusion Detection System / Intrusion Prevention System)

●​ IDS is like a watchdog that looks for suspicious activity and alerts you when
something’s wrong.
●​ IPS is a watchdog that also takes action to stop the attack.

11. Two-Factor Authentication (2FA)

2FA adds an extra layer of security by requiring two forms of verification before you can
access your account. It’s like needing both a key and a password to open a door.
12. Backup

A backup is like making a copy of important files or data in case something goes wrong, like
losing your files or getting attacked by ransomware.

13. Vulnerability

A vulnerability is like a weak spot in your system that hackers can exploit to cause damage,
steal data, or take control.

14. DDoS Attack (Distributed Denial of Service)

A DDoS attack is when many computers are used to flood a system with traffic, making it slow
or crash. It’s like overloading a website by having too many people visit at once.

15. Zero-Day Vulnerability

A zero-day vulnerability is a flaw in a system that’s unknown to the software maker. Hackers
exploit it before the vendor can release a fix. It's like a hidden door in your house that a thief
finds before you even realize it exists.

16. Ransomware

Ransomware is a type of malware that locks you out of your files or system and demands
payment to unlock them. It’s like a kidnapper holding your files for ransom.

17. Endpoint

An endpoint is any device (like a computer, smartphone, or printer) connected to a network. It’s
like the entry point for data and attacks.
18. Hashing

Hashing is like turning a word into a unique code (a hash). It's commonly used to store
passwords in a way that they can't easily be reversed back into the original word.

19. Patch Management

Patch management is like fixing holes in your house to prevent intruders. It involves updating
software to close security vulnerabilities.

20. Social Engineering

Social engineering is when a hacker manipulates people into breaking security rules, often by
pretending to be someone trustworthy. It’s like a fraudster tricking you into handing over your
house keys.

21. Cryptography

Cryptography is the practice of protecting information by transforming it into a secret format

(ciphertext). It’s like a secret language that only authorized people can understand.

22. Risk Management

Risk management is the process of identifying, assessing, and mitigating risks to your
network or system. It’s like creating a plan to avoid potential threats.

23. Ports

A port is like a door on a computer or server that allows it to communicate with other devices
over a network. Each port is associated with a specific service or application, such as web
browsing, file transfer, or email.

For example:

●​ Port 80 is like the door for web browsing (HTTP).

●​ Port 443 is the door for secure web browsing (HTTPS).
●​ Port 22 is the door for remote access (SSH).
24. Social Engineering Attacks

Social engineering is a method used by attackers to manipulate individuals into revealing

sensitive information. Some common types include:

●​ Pretexting: Creating a fake scenario to obtain confidential information.

●​ Baiting: Offering something enticing to get victims to share their data.
●​ Quizzes: Using seemingly harmless questions on social media to gather information.

25. Encryption Algorithms

●​ AES (Advanced Encryption Standard): A symmetric encryption algorithm widely used

for data security.
●​ RSA (Rivest-Shamir-Adleman): Asymmetric encryption used for secure data
transmission.
●​ 3DES (Triple DES): A symmetric-key encryption standard based on the DES algorithm
but applied three times for extra security.
●​ ECC (Elliptic Curve Cryptography): A type of asymmetric encryption that is more
efficient with smaller key sizes.

26. Types of Firewalls

●​ Packet Filtering Firewall: Inspects packets of data and decides to allow or block based
on predefined rules.
●​ Stateful Inspection Firewall: Monitors active connections and ensures the packet is
part of an established session.
●​ Proxy Firewall: Acts as an intermediary between a user and the service they want to
access, hiding the user's internal network.

27. SIEM (Security Information and Event Management)

SIEM systems collect and analyze security data from different devices and software. They
provide:

●​ Log Management: Collecting and storing log files.

●​ Event Correlation: Analyzing logs to identify suspicious activity.
●​ Incident Response: Providing alerts for possible security incidents.
28. Risk Mitigation Strategies

●​ Risk Avoidance: Altering plans to avoid the risk.

●​ Risk Transference: Transferring risk to a third party (e.g., insurance).
●​ Risk Acceptance: Acknowledging the risk and accepting the consequences.
●​ Risk Mitigation: Reducing the impact or likelihood of the risk.

29. Network Access Control (NAC)

NAC solutions ensure that only devices meeting specific security criteria (e.g., antivirus, patch
level) can access the network. It’s like a gatekeeper that only lets secure devices in.

30. Incident Response Lifecycle

The stages of incident response are:

●​ Identification: Detecting the security incident.

●​ Containment: Limiting the damage.
●​ Eradication: Removing the threat.
●​ Recovery: Restoring systems to normal operations.
●​ Lessons Learned: Analyzing the incident to improve future responses.

31. Patch Management

Patches are updates to software that address vulnerabilities. Patch management ensures that
patches are applied in a timely manner to avoid exploitation of known vulnerabilities.

32. Network Topology

The arrangement of network devices and how they are connected:

●​ Star: Centralized with a central hub or switch.

●​ Bus: A single central cable shared by all devices.
●​ Ring: Devices connected in a loop.
●​ Mesh: Devices interconnected with multiple connections for redundancy.
33. Cloud Security

Cloud computing offers benefits, but security is crucial. Important concepts include:

●​ Cloud Service Models:

○​ IaaS (Infrastructure as a Service)
○​ PaaS (Platform as a Service)
○​ SaaS (Software as a Service)
●​ Cloud Deployment Models:
○​ Public Cloud
○​ Private Cloud
○​ Hybrid Cloud
●​ Shared Responsibility Model: In the cloud, both the provider and the customer share
security responsibilities.

34. Access Control Models

●​ DAC (Discretionary Access Control): The owner of the resource determines access
rights.
●​ MAC (Mandatory Access Control): Access rights are assigned based on classification
or security level.
●​ RBAC (Role-Based Access Control): Access is assigned based on roles within an
organization.

35. IDS vs. IPS

●​ IDS (Intrusion Detection System): Detects potential security threats but does not take
action (like an alarm).
●​ IPS (Intrusion Prevention System): Detects and actively blocks potential threats in
real-time.

36. Common Attacks

●​ Brute Force Attack: Trying many possible passwords or keys to break into an account.
●​ Man-in-the-Middle (MitM) Attack: Intercepting communications between two parties to
steal information.
●​ Cross-Site Scripting (XSS): Inserting malicious scripts into web pages that can affect
users.
 ●​ Cross-Site Request Forgery (CSRF): Tricking a user into executing unwanted actions
on a web application.

37. Data Loss Prevention (DLP)

DLP is a strategy to ensure sensitive data is not lost, misused, or accessed by unauthorized
users. It involves monitoring and controlling data flow across networks, email, and other
communication channels.

38. Business Continuity Planning (BCP)

BCP ensures an organization’s critical functions can continue during and after a disaster. It
includes:

●​ Disaster Recovery Plan (DRP): Focuses on restoring IT systems.

●​ Business Impact Analysis (BIA): Identifying the critical functions of the business and
the potential impact of disruptions.

39. Authentication Protocols

●​ LDAP (Lightweight Directory Access Protocol): A protocol for accessing and

managing directory information.
●​ Kerberos: An authentication protocol that uses a trusted third-party server to
authenticate users securely.
●​ RADIUS: Used for centralized authentication, authorization, and accounting for users
accessing network services.
●​ TACACS+: A protocol for managing network device access.

40. Vulnerability Scanning vs. Penetration Testing

●​ Vulnerability Scanning: Automated tools that search for known vulnerabilities without
exploiting them.
●​ Penetration Testing: A manual or automated attempt to exploit vulnerabilities to see
how far an attacker can get into the system.
41. Disaster Recovery

A Disaster Recovery Plan (DRP) outlines procedures for recovering systems and data in case
of a disaster. It includes:

●​ Hot Sites: Fully operational backup site.

●​ Cold Sites: Backup site without pre-installed systems.
●​ Warm Sites: A balance between hot and cold sites.

42. SSL/TLS

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols
used to secure communications over the internet, especially for websites (HTTPS).

43. Honeypots

A honeypot is a decoy system designed to attract and trap potential attackers to study their
tactics and protect real systems.