Glossary of Cyber-security Terms

Chapter 17 - Cyber-security in Industrial Measurement and Control Systems

PDF Version

Cyber-security seems to have its own vocabulary, ranging from unwieldy technical acronyms to slang terms borrowed from amateur computer enthusiasts. What follows is a partial listing of some common terms and their definitions. This list is not only useful as a definitional reference when encountering such terms in cyber-security literature, but it also serves to outline a number of common attack strategies:

  • Active attack: an attack involving data written to a network or to device. See passive attack for contrast.
  • Authentication: to correctly identify a person or device requesting access to a system.
  • Authorization: to correctly assign rights to a person or device requesting access to a system.
  • Backdoor: an easy-to-access pathway into a system, typically used by system developers for convenience in their work. There is nothing wrong with a backdoor during development, but backdoors are very dangerous when left in place on commissioned systems.
  • Blacklist: a database of prohibited messages or users or software applications.
  • Broadcast network: a form of network where all transmissions are heard by all connected devices, even those devices the data is not intended for. Any communication network sharing a common physical channel is a broadcast network.
  • Brute-force attack: attempting every combination of characters in an effort to forge a working password.
  • Cleartext: ASCII text messages that are communicated over a network without any form of special encoding or encryption, but rather are “clear” for anyone to read.
  • Comsec: shorthand for “communications security”.
  • Crypto: shorthand for “cryptography”, which is the purposeful scrambling of data to render it unintelligible to all but the intended recipient.
  • Data diode: a device permitting only one-way (simplex) data communication. Data diodes eliminate the possibility of active attacks, because they make writing data to the protected system impossible.
  • Denial-of-Service (DoS): a form of attack where the intended function of the system is either downgraded or entirely faulted. This may be achieved by “flooding” the targeted system with messages until it cannot process legitimate traffic, but it should be noted that flooding is not the only form of DoS attack.
  • Dictionary attack: attempting common words and character combinations in an effort to forge a working password. This form of attack is based on the fact that most human beings choose words and phrases for their computer passwords that are easy for them to remember, and that these easy-to-remember words and phrases will likely resemble common speech.
  • Distributed Denial-of-Service (DDoS): a form of DoS based on flooding where the attack originates from multiple locations – for example, a large number of independent computers programmed to flood a single target with messages until that target can no longer perform its intended service(s).
  • DMZ: an acronym standing for DeMilitarized Zone, referring to a network segment that stands between a private (trusted) network and some untrusted network, akin to a strip of land separating two nations at odds with each other. DMZs are created through the use of multiple firewalls, the intermediate network inhabited by proxy machines tasked with relaying messages safely between the separated networks.
  • Eavesdropping: passively “listening” to the traffic on a network, for the purpose of gaining information.
  • Encryption: any process by which a message may be converted into a form that is inscrutable to everyone but the intended recipient. Decryption is the reversal of that process, where the encrypted message becomes intelligible again.
  • Exploit: when used as a noun, this term refers to a specific attack that takes advantage of a system vulnerability (or “vuln” for short).
  • Firewall: a software or hardware application intended to limit connectivity between networked devices by permitting or denying specific messages along a network path.
  • Flooding: an attack technique consisting of overloading a digital system with data or requests for data, generally the point of which being to achieve denial of service (DoS) when the target system becomes overloaded.
  • FTP: an acronym standing for File Transfer Protocol, a protocol used for reading and writing files on one computer remotely from another computer. FTP is a predecessor to SFTP which includes public-private key encryption for much better security.
  • HTTP: an acronym standing for Hyper Text Transfer Protocol, the method used for computers to exchange web page data (encoded in HTML files). HTTP is not encrypted.
  • HTTPS: an acronym standing for Hyper Text Transfer Protocol Secure, the method used for computers to exchange web page data (encoded in HTML files) using encryption.
  • IP: an acronym standing for Internet Protocol, the packaging of data into “packets” which may be routed independently of each other across a large network.
  • IT: an acronym standing for Information Technology, used to broadly describe general-purpose digital data systems and communications.
  • Key: a relatively small segment of digital data that serves to either encrypt or decrypt other digital data. The imagery here is that of a key used to engage or disengage a physical lock.
  • LAN: an acronym standing for Local Area Network, a network connecting multiple devices over a limited distance, such as the span of an office building or campus. See WAN for contrast.
  • Logic bomb: a form of malware designed to delay its malicious action until some time after infection.
  • Malware: software written to fulfill some malicious purpose.
  • Man-in-the-Middle: an attack where the attacker is positioned directly in between sender and receiver, in such a way as to be able to modify messages sent over the network without either sender or receiver being aware.
  • Operating system: software installed on a computer for the purpose of directly managing that computer’s hardware resources, functioning as an intermediate layer between the application and the hardware itself. The existence of operating system software vastly simplifies the design and development of application software. Popular consumer-grade operating systems at the time of this writing (2016) include Microsoft Windows, Apple OS X, Linux, and BSD.
  • Packet sniffing: the act of passively monitoring data transmitted over an IP network, where individual packets of transmitted data are inspected for valuable information.
  • Passive attack: an attack only involving the reading of data from a network or device. See active attack for contrast.
  • Passphrase: an easily-memorized sentence which may be used to generate complex passwords. For example, one could take the first letter of every word in the passphrase “What we have here is a failure to communicate” to generate the password wwhhiaftc. Passphrases are useful because they make complex passwords easy to remember, and in fact may be used to generate multiple passwords from the same phrase (e.g. replacing words like “to” with numerals such as 2, and/or using the last letter of each word instead of the first, to create the password teeesaeoe from the same passphrase used previously).
  • Phishing: an anonymous or strange invitation from an online source to either reveal sensitive information or download an infected file.
  • Ping: a simple network utility used on IP networks to test connectivity, and part of the Internet Control Message Protocol (ICMP). The ping message is sent from one computer to another, with the receiving computer replying to declare successful receipt of the ping message.
  • Ping flood: a crude denial-of-service attack that works by bombarding a device with ping “echo-request” messages in an attempt to keep that device so occupied with answering these ping requests that it cannot service other messages as it should.
  • Private key: a cryptographic key useful for decrypting encrypted data. “Private” refers to the fact that this key must be held in confidence by authorized parties only, since it has the ability to unlock coded messages.
  • Public key: a cryptographic key useful only for encrypting data. “Public” refers to the fact that this key may be shared openly, as it cannot be used to unlock a coded message, but instead is only useful for encoding messages sent to a party holding a private key which can decode the message.
  • Replay attack: a form of attack where a message is intercepted, recorded, and later broadcast to the network in order to inflict damage. An interesting feature of replay attacks is that they may work on encrypted messages, and even when the purpose of the message is unknown to the attacker!
  • SCADA: Supervisory Control And Data Acquisition, a common moniker in the network security realm for any industrial control system tasked with measuring and/or controlling real processes. Instrumentation professionals typically use the term “SCADA” more specifically in reference to control systems spanning large geographic distances.
  • SFTP: an acronym standing for Secure File Transfer Protocol, a protocol used for reading and writing files on one computer remotely from another computer. SFTP is a successor to FTP which lacked encryption.
  • Sniffing: inspecting network communications for important data. So-called “packet sniffers” monitor data traffic on a broadcast network for certain information such as passwords, network addresses, and system data.
  • Spear phishing: an invitation from a seemingly trusted online source (e.g. friend, colleague) to either reveal sensitive information or download an infected file.
  • Spoofing: presenting a false identification to the receiver of digital data. This commonly takes the form of presenting fake network address information, to trick the receiver into thinking the source is from a legitimate location or device.
  • Spread spectrum: a type of radio communications technology where the information is “spread” over multiple frequency channels rather than a single channel and is therefore more challenging to intercept or mimic.
  • SSH: an acronym standing for Secure Shell, a remote-access utility commonly used in Unix operating systems allowing users to log into a computer from another computer connected to the same network. SSH is a successor to telnet, which lacked encryption.
  • Syn flood: a specific form of denial-of-service (DoS) attack used on TCP connections, which works by flooding the target computer with TCP Synchronize (SYN) messages. TCP begins each connection with a three-way “handshake” between the two devices to ensure data integrity. This attack exploits the handshake by bombarding the target machine with only one portion of the handshake until it is no longer able to accept legitimate TCP connection requests.
  • TCP: an acronym standing for Terminal Control Protocol, the protocol used to ensure segments of data make it to their intended destinations after being routed by IP (see Internet Protocol).
  • Telnet: a remote-access utility commonly used in Unix operating systems allowing users to log into a computer from another computer connected to the same network. Telnet is a predecessor to SSH which includes public-private key encryption for much greater security.
  • Trusted: a component or section of a digital system that is assumed to be safe from intrusion.
  • UDP: an acronym standing for User Datagram Protocol, a protocol used to transport data packets after being routed by IP (see Internet Protocol).
  • Virus: a form of malware designed to spread via human interactions with computers, for example by inserting an infected data storage device into a computer.
  • VPN: an acronym standing for Virtual Private Network, which encrypts every aspect of a transaction between two computers connected on a network. The effect is to form a “virtual network” or “tunnel” between the machines, the privacy of which being ensured by the encryption algorithm and key(s) used to scramble the data.
  • Vuln: shorthand for “vulnerability” or weakness in a system.
  • Walled garden: a term used to describe an area of a digital system assumed to be safe from intrusion. See trusted.
  • WAN: an acronym standing for Wide Area Network, a network connecting multiple devices over a long range, such as the span of a city. See LAN for contrast.
  • War dialing: the exploratory practice of dialing random phone numbers in search of telephone modem connections, which may connect to computer systems.
  • Whitelist: a database of permitted messages or users or software applications.
  • Worm: a form of malware designed to propagate itself along a network with no human interaction necessary.
  • Zero-day: a system vulnerability that is unknown to the designer(s). In other words, the designer(s) knew about this vulnerability for zero days when it was first exploited.