Glossary

2FA (Two Factor Authentication) is the same authentication as MFA but suggests that you have at least two factors.

ACL (Access-control list) is a type of configuration specifying users' access rights. For example, in SharePoint, you can set up ACL, saying that USER 1 can read a specific document and USER 2 cannot.

Remote desktop services implement an account lockout to safeguard the system from cyberattacks. It is similar to logging in and inputting incorrect credentials several times. However, with account lockout, the client device can lock the account for some time after making incorrect password guesses.

Authentication verifies the identity of a user. It is the first step of a thorough security process that users go through to access files and applications on a system. The authentication process begins with a thorough crosscheck of user credentials provided by the user and those recorded in the system's user credential log. A successful authentication shows a positive match, granting access to the system.

Following authentication, authorization determines the level of access a user is entitled to. Authorized users gain access to the resource or command prompt they require from the system. The system recognizes an authenticated user, granting them their request to access a file or execute an action. Authorization is also used interchangeably with client privilege or access control.

The Azure Bastion service allows users to connect to a virtual machine from the Microsoft Azure portal. Another method to connect is through the remote desktop protocol (RDP) client or the native SSH protocol pre-installed on the local computer. Azure Bastion keeps RDP or SSH ports from being exposed to the public Internet. Additionally, virtual machines do not require an IP address to operate.

The authentication system determines the validity of a user's identity according to inherence factors. It runs face recognition, fingerprint scans, and voice recognition compares and contrasts the biometric data provided by the user with those recorded in the database.

In cybersecurity, a blacklist, also known as a blocklist, is a listing of IP addresses without prohibited access. Websites often land on a company's blocklist due to their infamous suspicious activities. Blacklisted domains may be exploiters of online scams, distributors of inappropriate content, or root causes for cyberslacking (i.e., social media, gaming platforms and online casinos).

BlueKeep is a vulnerability that brought trouble for Microsoft's default RDP server. It affected devices running Windows 2000, Windows 7 and Windows Server 2008 R2. BlueKeep allowed remote code execution; attackers could exploit this and disrupt systems. On May 2019, BlueKeep was addressed with a patch update. However, this patch does not guarantee that BlueKeep no longer affects devices.

This policy allows business users to depend on personal devices to perform tasks. While this saves the office from costly investments in new technology, it can also bring about security and compliance risks. Employees may use third-party applications to speed up their work process without approval from the IT department. The introduction of shadow IT to the workplace endangers critical client data and risks business governance. Additionally, client devices do not share the same security solutions as those with office computers. Checking device health is crucial to mitigate data breaches.

In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key, which is typically created from the password using a key derivation function. This is known as an exhaustive key search.

A business VPN reinforces the security of remote access by encrypting user traffic. This allows the company to keep a close watch on user activity, all the while cloaking transactions between employees and the company’s servers from the public.

CARTA is Continuous Adaptive Risk and Trust Assessment. It is not a very well-defined approach, basically saying that access to resources should not be granted based on static allow/deny rules (ACL). Instead, the access rights should change dynamically based on the parameters like location, the security posture of the entity requesting access, etc.

Cloud design patterns are architectural frameworks allowing organizations to build applications and implement security solutions on a cloud computing platform. Cloud computing helps businesses communicate, store data, and accomplish tasks over the Internet. Microsoft Azure, for example, is a cloud computing platform that enables users to implement secure identity and access management (IAM), data backup and recovery, and an overall improvement in IT infrastructure.

The Cloud Security Alliance also emphasizes how zero trust implementation using SDP can help organizations defend their systems from newer variations of attack methods. By implementing SDP, you're able to fortify your cloud computing security measures and your system's security. It also makes it easier for you to adapt to newer, more complex attacks.

Implementing a DMZ in cloud computing is a strategy fitting for network operating services and applications within the local area network and on the cloud for remote access. In this scenario, a DMZ records and regulates traffic moving between on-site servers and virtual networks.

Cloud VPN is a site-to-site VPN, but one of the sites is cloud. For example, a connection between the branch office and infrastructure in Azure.

Infecting a network with malware is among organizations' most potent online threats. Malware is unsuspecting, and Internet users may come into contact with them through redirect links. Just clicking or navigating a malicious web page can lead to the installation of unwanted content on the organization's computer system. Malicious content can undo an organization's years of hard work and breach sensitive client data. Hence, DNS filtering services are a crucial cybersecurity measure to block access to malicious websites and suspicious activity across the Internet.

Cybercrime uses a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy.

DoS (Denial of Service) is an attack whose goal is to render service unusable. Usually, this is done by overwhelming the service with too many requests or sending requests to the service very slowly, forcing it to keep open connections and waste resources. DDoS (Distributed Denial of Service) is the same concept, just this attack is distributed, meaning it’s coming from multiple sources (locations).

DNS means Domain Name System. This hierarchical and decentralized naming system is used to identify computers, services and other resources reachable through the Internet.

Web filtering is an umbrella term for technologies that filter user activity and oversee web traffic for web pages with suspected malicious content. Web filtering includes DNS filtering and URL filtering, among others.

DNS filtering blocks requests from websites whose domain names are blacklisted due to malicious and inappropriate content. DNS filtering secures a business environment from potential cyberattacks.

Device permissions differ according to the level of trust an authorization system shares with a device. Trusted devices include company-issued computers and legacy hardware, whereas untrusted devices refer to personal devices like mobile phones, tablets, and home laptops. Device health and security are fundamental in granting appropriate device permissions.

The hacker loads a list of the most common words people use to make their passwords. He then feeds the list, item by item, to your login. Not so clever, but one is surprised how often it works. The attack is, of course, better targeted in most cases. It fetches available information from social networks to try the birth dates of your family members or names of pets. And it recombines them.

A digital certificate is a file or electronic password that proves the authenticity of a device, server, or user through cryptography and the public critical infrastructure (PKI). Digital certificate authentication helps organisations ensure that only trusted devices and users can connect to their networks. It’s also used to verify the authenticity of a website to a web browser, also known as a secure sockets layer or SSL certificate.

Discretionary Access Control (DAC) specifies users' privileges according to their roles and access groups. With a DAC model, all objects on the system are accessible to a specific user or user group.

The dual firewall design is a more secure and scalable network architecture for DMZ. The front-end firewall screens traffic coming into the DMZ network, while the back-end firewall screens traffic moving from the DMZ to the private network.

On the other hand, dynamic IP addresses constantly change. Dynamic IP addresses are assigned and reassigned as the Dynamic Host Configuration Protocol (DHCP) server sees fit. The DHCP server assigns IP addresses via network routers.

The European Union Agency for Cybersecurity is located in Athens, Greece. The Agency works closely with the EU Members States and other stakeholders to deliver advice and solutions and improve their cybersecurity capabilities.

Ensure the confidentiality of data accessible on your devices with encryption technology. This prevents sensitive data from leaking.

A business VPN is specially developed to cater to the needs of multiple users. As employees access files on the server at recurring times of the day, data loss and internal breaches are highly plausible vulnerabilities. A business VPN mitigates such risks by requiring authorized access.

Faas means Firewall as a Service. You can use the firewall as a hardware appliance (physical computer in your network), as a virtual appliance (still a computer, but it's running in the cloud), or you can pay for a firewall as a service. It means you are not responsible for the firewall itself. Instead, your provider is making sure it's running and secure; you are just specifying what it should be doing. An example is Azure Firewall.

File transfer protocol, or FTP, is a network protocol that enables data transfer between computers connected to a computer network. FTP servers can manage and host content within an organization's private network. Their purpose plays an acritical role in directly engaging with network files and resources. Thus, isolating FTP servers from internal systems is crucial to mitigate data loss or exploitation.

A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.

Firewall Layer 4 works on four layers (transport layer based on Open System interconnection OSI). This means it has visibility to protocol, IP address and port. It doesn't care about message content.

Run RDP with firewall listening ports. This hides the Remote Desktop from hackers lurking around the network for an open remote desktop connection.

Cybercriminals use hacked IP addresses to access and download illegal content. Unsuspecting Internet users may be framed for crimes they didn't commit as the activities were traced back to their IP addresses.

Geo-blocked content is internet content that is blocked based on location. For example, this restriction often happens in the case of TV shows or movies (who did not experience problems while trying to access Netflix series?). The solution is to anticipate the usage when choosing a VPN provider and verify if the servers of its VPN are located in a selected country.

An organized group of hackers can be hired as a service.

Hacktivists are groups of criminals who unite to carry out cyber-attacks supporting political causes. Hacktivists typically target entire industries but sometimes attack specific organizations that they feel don't align with their political views or practices.

A private home network comprised of a local area network and a broadband router is also an excellent instance to implement a DMZ. The router, or an appointed device, will be configured with a DMZ host feature. This device operates outside the firewall, comparable to another DMZ. This device will not experience intermittent connections, as the rest of the devices in the home network are accessing the Internet from within the firewall.

Hybrid cloud is an environment where are both on-prem and cloud instances. For example, a company has a web application running in the cloud, but some components like HSM or AD are running on-prem.

IP tracking, also known as IP grabbing, extracts the IP addresses of unknowing users with third-party services. Malicious individuals can manipulate IP addresses to affect users' access to websites and online content.

IP addresses help devices in a network exchange data. However, these unique strings of numbers can be difficult to memorize, so humans have designed a way to represent IP addresses with domain names through the Domain Name System (DNS). Every IP address equates to a unique domain name online, making it easier for human users to look up websites. A sample of a domain name would be https://www.shieldoo.io.

IPv4, or IP version 4, is 32 bits long. It follows the dotted quad format (x.x.x.x), where the string of numbers is separated into sets of four by periods. Every set range from 0 to 255. An example of an IPv4 address would be 192.158.0.48. The IPv4 is the original version of an IP address, with around 4.3 billion in use today. To resolve the IP shortage and accommodate advanced communication between devices, IPv6 was developed.

On the other hand, IPv6, or IP version 6, is 16 bits long and uses colons instead of periods. The string of numbers is separated into eight sets by colons. An example of an IPv6 address would be 2000:0001:3249:DFEB:0074:0000:0001:FDBE.

Operational technology equipment is typically not built with a security infrastructure to withstand cyberattacks. That being said, a DMZ is a viable security solution. With network segmentation, access to the internal systems of operational technology equipment is divided across the network, limiting users to the least privileged access. In addition, due to granular traffic, cybercriminals will find it difficult to invade and navigate their way through the network.

Just-in-time access is defined as a "true" least privilege security principle requiring users to have just enough authority to access data and perform actions needed for no longer than necessary. With this, user accounts granted enough privilege may access resources, applications, or systems only when necessary and for the least time possible.

Latency is a synonym for the delay. In telecommunications, low latency is associated with a positive user experience (UX), while high latency is related to poor UX. In computer networking, latency is an expression of how much time it takes for a data packet to travel from one designated point to another.

RDP lacks the nature of role assignment for remote users accessing the RDP server. Therefore, implement least-privilege access to limit the accessibility of critical information and databases. With the least privilege, clients have minimal access to the remote server. Hence, they can only access one file at a time.

In the Nebula network, the lighthouse node or simply "lighthouse", is an important component – it's a public access node. The lighthouse nodes are responsible for tracking the other nodes; they are used as traffic directors. Once the location has been provided from the lighthouse, the two nodes can communicate directly using the best route to one another. By contrast, using a traditional VPN, the connections between any two PCs must pass through its central server creating traffic bottlenecks – in these cases; Nebula becomes more efficient.

Location permissions limit user access to critical assets relative to their location. The vulnerability of remote access to prying eyes prompts authorization systems to restrict access to more sensitive data.

MFA (Multifactor Authentication) means using multiple factors to authenticate. For example: Factor 1 - name + password and Factor 2 - OTP (one time password) - you can get it from Microsoft Authenticator or Google Authenticator Android app etc.

MITM means Man In The Middle. It is someone reading or modifying your data on its way between you and your counterpart. Imagine, for example, that you sit in your favourite cafe and connect to the free Wi-Fi. What can happen? The hacker can either break into a poorly protected router in the cafe or advertise another free Wi-Fi in that area with a similar name. Boom! The site you're browsing may look and behave precisely like the original, but it is modified and served from the hacker's computer instead. It sends a password to the attacker first. Then the attacker forwards it to the bank, email server, etc.

Malware is an umbrella term for any malicious software, including ransomware (although the terms are often used interchangeably). Malware can take the form of a Trojan horse that looks like a legitimate file but executes malicious code when the user opens or downloads it.

A Mandatory Access Control (MAC) model oversees permissions within the operating system. Users eligible to access operating system files and processes can modify or execute changes within the scope of permissions granted by the MAC model.

Mesh VPNs use a peer-to-peer architecture where every node or peer in the network can connect directly to any other peer without going through a central concentrator or gateway. As a result, this approach can be less expensive and easier to scale than a traditional VPN.

Mesh network is a network topology in which all resources connect directly to each other. The classic approach is to have a "hub" (like a VPN server in HQ) over which you route traffic. Mesh network allows you to connect directly to the resource. For example, if CF would have HQ in Prague, and I would like to connect from Poprad to the resource in Ceske Budejovice, I would have to go to Prague first and then to Budejovice, back to Prague, and then back to Poprad. So, in this case, the Prague office would serve as a "hub". I would connect directly from Poprad to Ceske Budejovice on the mesh network. This connection would be much faster. There are full and partial mesh networks.

A mesh topology is a network setup where each computer and network device is interconnected. This topology setup allows most transmissions to be distributed even if one of the connections goes down. It is a topology commonly used for wireless networks.

Multi-cloud is an environment that uses multiple cloud providers. For example, a company has a part of the infrastructure running in Azure and part in AWS.

NaaS (Network as a Service) is a very rarely used service, the same as VPN, but it does not require installing a VPN server. Instead, all resources can be connected to each other directly. An example is Shieldoo secure mesh. It is a similar type of service as FaaS. You are just responsible for telling your provider who should connect, where and how fast, and he is taking care of the infrastructure for you.

The purpose of the Nebula network is to create a secure connection between computers across the internet. It combines the benefits of well-known concepts such as encryption, security groups or tunnelling. Nebula is a scalable networking framework that offers highly performant reliability and security.

OAuth 2.0 is an authorization protocol widely used in the computing industry. OAuth 2.0 allows a website or application to grant users access to resources hosted across the web. First, a user or client provides their access token. After the client is authenticated, the authorization server receives and delivers the access request retrieved from the resource server.

On-prem means on-premise. When you have a server, you can either have it "on your own premise," meaning the server is physically located in the office, or you can have it so-called in the cloud, which means an external datacenter.

One-time passwords (OTP) grant access to a one-time transaction or login session. An OTP is a computer-generated string of characters that the authentication system may deliver to the user via text message, email, or an access token.

An IP address is all a stalker needs to learn everything about a user. Because IP addresses expose a user's physical location, stalkers can easily find your house, determine your usual routes and more.

An open port does not immediately indicate a security issue. However, it can provide an attacker a path to an application listening on a given port. An attacker could exploit this, such as weak credentials, no two-factor user authentication, or even a vulnerability in the application itself.

OpenID Connect (OIDC) is an identity authentication layer on top of OAuth. OIDC features quick and simple verification through single sign-on.

In networking, a packet is a small segment of a larger message. For example, data sent over computer networks, such as the Internet, is divided into packets. These packets are then recombined by the computer or device that receives them.

Passthrough VPN is a forwarding functionality for messaging from a VPN client to a VPN server.

Passwordless authentication omits the need for a password to validate a user's identity. Instead, it uses an inherence factor, a possession factor, or a combination of both. These include one-time passwords, magic links, biometric data, and push notifications.

Perimeter is a too generic word. In general, it comes from US Army, and it marks a territory protected by soldiers. For example, we can have a "network perimeter" in IT. It is usually the internal network behind the firewall. Everything behind the firewall and security checks is "inside the perimeter", and the rest is "outside of the perimeter".

Phishing attacks are one of the most common delivery systems for ransomware. In these attacks, hackers successfully convince individuals to click on a link or open an attachment that then downloads ransomware to their system. This ransomware attack vector often takes the form of social engineering. Cybercriminals masquerade as someone the recipient trusts and trick them into granting administrative access to corporate systems.

In line with implementing least privilege access, a privileged account manager (PAM) secures access to RDP through several access management methods. These include: Remote Desktop Protocol Relay (RDP relay) - Direct Remote Desktop Protocol (Direct RDP) - Run as Privileged User - Credential Provider (CP) - Application SSO

RDP is short for Remote Desktop Protocol, a network access protocol that enables users to connect to a host server remotely. With RDP, users can access files, applications and other resources from the host server on a client device from a remote location.

Ransomware is a type of malware that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.

Malicious ransomware code can also be found in web scripts hidden in seemingly legitimate or compromised websites. This is a perfect attack vector for cybercriminals because victims believe they visit a trusted site. When an individual visits that site, the code is automatically downloaded and once executed, it can infect the user's system and move laterally across the organization, encrypting files and data.

This establishes a remote connection between employees and the business network. A network access server (NAS) is a dedicated server linked to the business network. An employee enables a VPN client to connect to the NAS and retrieve data from the network. This software creates an encrypted tunnel, providing secure access to the NAS and preventing user traffic from ambushed by unauthorized parties.

Role-based access control (RBAC) model configures access control befitting the roles assigned to a user or group of users. Objects within the system are made accessible to users who meet authorization requirements.

Role-based permissions allow users with a common role in the business to access specific resources. It follows the principle of least privilege access, wherein a user only has access to resources they require to perform their role in the organization.

Security assertion markup language (SAML) is an XML-based language and the main standard for employing single sign-on. SSO authentication tokens are written in SAML, driving the information exchange between the user, identity provider, and service provider.

SASE (Secure Accesss Service Edge) is a security stack in the cloud. A full-blown SASE solution has two parts. First part: Secure networking, which can deliver ZTNA. Second part: Security stack in the cloud (CASB, DLP, NGFW, IPS/IDS). Typically, if you have one central office, one branch and some remote users, you can use a VPN to "backhaul" all traffic to the HQ and inspect it in there. However, it is an old-fashioned way to tackle this problem, mainly because it is prolonged and not easily scalable. The modern approach would be to use SASE, in which way your remote users are connecting directly to the SASE (hosted by a vendor in the cloud), and their traffic is inspected there.

SDN (Software Defined Network) is a concept similar to SD-WAN, just focused on local LAN networks. It’s a virtual, programmable network that can sense that it is overloaded and use additional communication channels for different types of traffic.

SDP (Software Defined Perimeter) is an open framework created by CSA (Cloud Security Alliance), technically describing how to achieve parameters of ZTNA. For marketing or non-technical purposes, terms like SDP or ZTNA can be used interchangeably.

SIEM (Security Information and Event Management) is a powerful logging tool IT security professionals use to manage logs. These logs are used to identify incidents and keep track of security threats (often using automated workbooks). In addition, SIEM helps correlate data from multiple sources and keeps everything in one place. It is a valuable tool for any organization that wants to be secure. It can help you identify gaps in your security, fix them with ease and maintain an effective log management system.

SOAR (Security Orchestration, Automation and Response) is a security operations solution that usually comes with the SIEM and allows for automated resolution of incidents. For example, SIEM will recognize a password brakeforce attack on an Internet-facing management port and create an incident ticket. SOAR can then continue and automatically block the source IP of the attack.

SSO (Single Sign-on) is an authentication solution allowing users to use one set of login credentials to access multiple applications or websites. SSO is an effective method for companies to strengthen their security measures. As for the end-users, SSO saves them from password fatigue - the burden of recalling and managing passwords for different accounts.

The SSO process requires information to be passed between providers to validate user authentication. Bits and pieces of data are collected into an SSO authentication token. Digital information stored in authentication tokens may contain a user's email address, username, and password. Service and identity providers exchange certificates to sign the verification that the token is provided by a trustworthy source.

Users are protected from malicious web threats by connecting to an SWG instead of directly to a website.

There is often confusion about the meaning of a security incident versus a security breach. A security incident covers many security violations - from systems, network and data access violations to malware, DDoS attacks or even the theft of physical computer equipment and devices with sensitive data. On the other hand, a security breach pertains to data breaches only - not the network or system access violations or malware invasions where data is not involved. In this respect, the security breach is a subcategory of a security incident that relates explicitly to unauthorized access or theft of data only. For example, this data breach could involve altering or outright theft of sensitive company data such as intellectual property or customer lists. It may also involve the unauthorized access, alteration or theft of the personally identifiable information of customers, clients, patients or others that violates these individuals' privacy rights.

A security incident is an event that may indicate that an organization's systems or data have been compromised or that measures put in place to protect them have failed. In IT, an event is anything that has significance for system hardware or software, and an incident is an event that disrupts normal operations. Security events are usually distinguished by the degree of severity and the associated potential risk to the organization.

A business VPN is not immune to capacity overload. A VPN server may experience handling some data requests well over its capacity, leading to slower responses and dropped requests. An overloaded VPN server also affects latency, which can impair the productivity of business users. Most enterprises would consider managing an extra VPN server, but this can be a costly and rather impractical resolution.

A single firewall design needs at least three network interfaces. The DMZ network is secured behind this firewall. An external network sets the communication path from the public Internet to the firewall. This is made possible by connecting to an internet service provider (ISP). The second network interface connects to the internal network, while the third network interface manages connections to the DMZ network.

Usually, when we talk about VPN, we talk about a “remote access” solution. A user from an external location (on a local network) connects to the corporate network to access resources like an FTP server. So we have a single user on one side and a network on another side. Site-to-site VPN is a model when we have a network on both sides.

State-sponsored attacks (SSA) are carried out by cybercriminals directly linked to a nation-state. Their goals are threefold: identify and exploit national infrastructure vulnerabilities, gather intelligence, and exploit systems and people for money.

As the name implies, a static IP address is a fixed, unchangeable address assigned to a device. Devices typically assigned with IP addresses are servers or equipment mainly used in corporate networks.

These are two modes through which IP-sec protocol can operate inside the VPN. The transport mode does not change the IP header and is used for point-to-point tunnels. The tunnel mode encapsulates the original IP packet inside the new IP packet, creating a new IP header. Therefore this mode is used for site-to-site VPN scenarios.

URL filtering, on the other hand, refers to filtering and blocking individual web pages. This web filtering type allows companies to control the amount and type of content business users can tap into on a business network. URL filtering refers to a data repository where URLs are specified by topic and their accessibility to employees.

VPN is an acronym for Virtual Private Network. It is a network for creating a secure connection or respectively an encrypted "tunnel" between two separate local networks, for example, the one you use at work and the one you use at home. VPN allows you to securely reach resources like a webserver (maybe hosting HR system) or printer located in your office and helps protect confidential business information from being stolen while outside of the office.