Cyber Security Glossary

A complete glossary of essential Cyber Security terms.

AJAX progress indicator
Search: (clear)
  • HAG
    High Assurance Guard is an enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic functional capabilities:  a Message Guard and a Directory Guard.  The Message Guard provides filter service for message traffic traversing the Guard between adjacent security domains.  The Directory Guard provides filter service for directory access and updates traversing the Guard between adjacent security domains.
  • Header
    A Header refers to the additional data at the beginning of a chunk of data (or packet) being stored or transmitted. The data that follows the header is called the payload or body. Note that it is important that the header is of clear and unambiguous format to allow for parsing.
  • HIDS
    A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host. These operations are then compared to a pre-defined security policy norm. This analysis of the audit trail forces significant overhead requirements on the system due to the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system, the review of audit data could result in the loss of a real-time analysis capability.
  • High Assurance Guard
    High Assurance Guard is an enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic functional capabilities:  a Message Guard and a Directory Guard.  The Message Guard provides filter service for message traffic traversing the Guard between adjacent security domains.  The Directory Guard provides filter service for directory access and updates traversing the Guard between adjacent security domains.
  • High Availability
    High availability is a failover feature to ensure availability during device or component interruptions.
  • High Impact
    High impact is the loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries).
  • High Impact System
    A high impact system is an information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high. An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of high.
  • Hijack Attack
    A Hijack Attack is a form of active wiretapping in which the attacker seizes control of a previously established communication association
  • Hijacking
    Hijacking is a network security attack by which the intruder takes control of a connection, while a session is in progress. The intruder gains unauthorized access to the information.
  • Hoax
    Hoaxes are reports of false and unsubstantiated claims, in an attempt to trick or defraud users.
  • HoneyClient
    HoneyClient is a web browser-based high interaction client honeypot designed by Kathy Wang in 2004 and subsequently developed at MITRE. It was the first open source client honeypot and is a mix of Perl, C++, and Ruby. HoneyClient is state-based and detects attacks on Windows clients by monitoring files, process events, and registry entries.
  • Honeymonkey
    A honeymonkey is an automated program that imitates a human user to detect and identify websites which exploit vulnerabilities on the Internet. It is also known as Honey Client.
  • Honeypot
    A honeypot is a computer security mechanism set to detect, deflect, or counteract attempts at unauthorized use of information system.
  • Hops
    A hop occurs each time that a data packet is passed from one device (source) to the next device (destination). Data packets pass through bridges, routers, and gateways on the way.
  • Host
    A network host is a computer or other device connected to a computer network. A network host is a network node that is assigned a network layer host address. A network host may offer information resources, services, and applications to users or other nodes on the network
  • Host-Based Intrusion Detection System
    A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host. These operations are then compared to a pre-defined security policy norm. This analysis of the audit trail forces significant overhead requirements on the system due to the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system, the review of audit data could result in the loss of a real-time analysis capability.
  • Hot Site
    A hot site is a fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption. Backup site that includes phone systems with the phone lines already connected. Networks will also be in place, with any necessary routers and switches plugged in and turned on.  Desks will have desktop PCs installed and waiting, and server areas will be replete with the necessary hardware to support business-critical functions. Within a few hours, a hot site can become a fully functioning element of an organization.
  • Hot Wash
    A hot wash is a debrief conducted immediately after an exercise or test with the staff and participants.
  • HTML
    Hypertext Markup Language (HTML) is a set of markup symbols or codes that are inserted in a file intended for display on a World Wide Web (WWW) browser page. These markup states the browser how to display a web page to the user.
  • HTTP
    HTTP is the underlying protocol used by the World Wide Web (WWW). This protocol defines how messages are formatted and transmitted on the Internet and what actions web servers and browsers should take in response to various commands.
  • HTTP Proxy
    An HTTP Proxy is a server that receives requests from your web browser and then, requests the Internet on your behalf. It then returns the results to your browser.
  • HTTPS
    HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is an Internet protocol used for secure communication over a computer network. HTTPS is very important over insecure networks (such as public WiFi), as anyone on the same local network can discover sensitive information not protected by HTTPS. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer.
  • HTTPS Scanning
    Malware and other threats can hide in the encrypted traffic from trusted websites. HTTPS scanning decrypts, scans and then re-encrypts this data.
  • Hub
    A hub is a network device that is a common connection point for devices in a network. These are commonly used to connect segments of a LAN. A hub contains multiple ports. When a data packet is received at one port, it is transmitted to the other ports on the hub
  • Hybrid Attack
    A hybrid attack is a blend of both a dictionary attack method as well as brute force attack. This means that while a dictionary attack method would include a wordlist of passwords, the brute-force attack would be applied to each possible password in that list.
  • Hybrid Encryption
    Hybrid encryption is a method of encryption that combines two or more encryption algorithms or systems. This method merges asymmetric and symmetric encryption in order to derive benefit from the strengths of each form of encryption. These strengths include speed and security respectively.
  • Hybrid Security Control
    Hybrid security control is a security control that is implemented in an information system in part as a common control and in part as a system-specific control
  • Hyperlink
    A hyperlink (usually highlighted by color or underscoring) could be a word, a phrase, or an image that refers to data or related information that the user can directly follow either by clicking or by hovering. A hyperlink points to a whole document or to a specific element within a document while a hypertext is text with hyperlinks.
  • Hypertext Markup Language
    Hypertext Markup Language (HTML) is a set of markup symbols or codes that are inserted in a file intended for display on a World Wide Web (WWW) browser page. These markup states the browser how to display a web page to the user.
  • Hypertext Transfer Protocol
    HTTP is the underlying protocol used by the World Wide Web (WWW). This protocol defines how messages are formatted and transmitted on the Internet and what actions web servers and browsers should take in response to various commands.
  • ICMP
    The Internet Control Message Protocol (ICMP) is one of the key Internet protocols and is used by network devices such as routers to generate error messages to the source IP address when network problems prevent delivery of IP packets. Any IP network device has the capability to send, receive or process ICMP messages. This protocol is also used to relay query messages and is assigned protocol number 1.
  • ICS
    Industrial Control System (IDC) is a collective term used to describe different types of control systems and associated instrumentation, which includes the devices, systems, networks, and controls used to operate and/or automate industrial processes.
  • Identity
    Internet identity (IID) or internet persona is a social identity that an Internet user creates on online communities and websites. While some users prefer using their real names online, others prefer to be anonymous and identify themselves by means of pseudonyms
  • IETF
    The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers who are concerned with the evolution of the Internet architecture and its smooth operations. This body defines the standard Internet operating protocols such as TCP/IP. The IETF is supervised by the Internet Society Internet Architecture Board (IAB). The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols.
  • IMAP
    The Internet Message Access Protocol (IMAP) is a standard Internet protocol that is used by e-mail clients to retrieve e-mail messages from a mail server over TCP/IP. IMAP is defined by RFC 3501. An IMAP server typically listens on port number 143. IMAP over SSL (IMAPS) is assigned the port number 993.
  • Incident
    An incident is an unplanned disruption or degradation of a network or system service and needs to be resolved immediately. An example of an incident is a server crash that causes a disruption in the business process. However, if the disruption is planned, say, a scheduled maintenance, it is not an incident
  • Incident Handling
    Incident handling is an action plan developed (by an organisation or individual) to counteract intrusions, cyber-theft, denial of service, fire, flood, and any other security-related events. It comprises of six process steps: preparation, identification of attack, containment of attack, eradication, recovery, and analysis (lessons learned documentation).
  • Incident Response Plan
    An organized approach to address and manage the aftermath of a cyber attack or an incident. The goal is to limit damage and reduce recovery time and costs.
  • Incremental Backups
    An incremental backup provides a backup of only those files that have changed, modified, or are new since the last backup. Incremental backups are often desirable as they consume minimum storage and are quicker to perform than differential backups.
  • Industrial Control System
    Industrial Control System (IDC) is a collective term used to describe different types of control systems and associated instrumentation, which includes the devices, systems, networks, and controls used to operate and/or automate industrial processes.
  • Inetd
    Inetd stands for Internet Service Daemon and is a super-server daemon on many Unix systems to manage several Internet services. This reduces the load of the system. This means that the network services such as telnet, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP) can be activated on demand rather running continuously
  • Inference Attack
    An inference attack is a data mining technique used to illegally access information about a subject or database by analyzing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it.
  • Information Warfare
    Information Warfare (IW) is primarily a United States Military concept that involves the use and management of information and communication technology in pursuit of a competitive advantage over an opponent. This concept may employ a combination of tactical information, assurance(s) that the information is valid, spreading of propaganda or disinformation to demoralise or manipulate the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces.
  • Ingress Filtering
    Ingress filtering is used to ensure that all incoming packets (of data) are from the networks from which they claim to originate. Network ingress filtering is a commonly used packet filtering technique by many Internet service providers to prevent any source address deceiving. This helps in combating several net abuse or crimes by making Internet traffic traceable to its source.
  • Input Validation Attacks
    Input Validations Attacks are when an attacker purposefully sends strange inputs to confuse a web application. Input validation routines serve as the first line of defense for such attacks. Examples of input validation attacks include buffer overflow, directory traversal, cross-site scripting and SQL injection
  • Insider Threat
    An insider threat is a malicious threat to an organization that comes from people within the organization.
  • Integrity
    Integrity of a system or network is the assurance that information can only be accessed or modified by those who are authorized. Several measures are taken to ensure integrity. These include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can be threatened by environmental hazards, such as heat, dust, and electrical surges
  • Integrity Star Property
    Integrity Star Property means a user cannot access or read data of a lower integrity level than their own
  • Internet
    The Internet is the worldwide network of interconnected computers that use the Internet protocol suite (or TCP/IP) to link billions of devices across globally. It carries an extensive range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony, and peer-to-peer networks for file sharing
  • Internet Control Message Protocol
    The Internet Control Message Protocol (ICMP) is one of the key Internet protocols and is used by network devices such as routers to generate error messages to the source IP address when network problems prevent delivery of IP packets. Any IP network device has the capability to send, receive or process ICMP messages. This protocol is also used to relay query messages and is assigned protocol number 1.
  • Internet Engineering Task Force
    The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers who are concerned with the evolution of the Internet architecture and its smooth operations. This body defines the standard Internet operating protocols such as TCP/IP. The IETF is supervised by the Internet Society Internet Architecture Board (IAB). The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols.
  • Internet Message Access Protocol
    The Internet Message Access Protocol (IMAP) is a standard Internet protocol that is used by e-mail clients to retrieve e-mail messages from a mail server over TCP/IP. IMAP is defined by RFC 3501. An IMAP server typically listens on port number 143. IMAP over SSL (IMAPS) is assigned the port number 993.
  • Internet of Things
    Internet of Things (IoT) is essentially everyday objects in your business or house that are connected to the Internet.
  • Internet Protocol
    The Internet Protocol (IP) is a communication protocol that is used for relaying datagrams across network boundaries. It has routing function which enables inter-networking, and essentially establishes the Internet.
  • Internet Standard
    An Internet Standard (STD) is a normative specification (that is approved by the IESG and published as an RFC) of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force (IETF). An Internet Standard is characterised by technical reliability and usefulness. The IETF also defines a proposed standard as a less mature but stable and well-reviewed specification
  • Internet Worm
    Worms are a form of malware that replicates across the Internet or local networks.
  • Interrupt
    An Interrupt is a signal sent to the processor by hardware or software indicating an event that needs immediate attention.
  • IoT
    Internet of Things (IoT) is essentially everyday objects in your business or house that are connected to the Internet.
  • IP
    The Internet Protocol (IP) is a communication protocol that is used for relaying datagrams across network boundaries. It has routing function which enables inter-networking, and essentially establishes the Internet.
  • IP Address
    An Internet Protocol address (IP address) is a logical numeric address that is assigned to a device that is part of a TCP/IP-based network.
  • Internet Protocol Address
    An Internet Protocol address (IP address) is a logical numeric address that is assigned to a device that is part of a TCP/IP-based network.