Gateway – These are network points that act as an entrance to another network. A node or stopping point can be either a gateway node or a host (end-point).
Government Communications Headquarters – This is an a UK government intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance to the government and armed forces of the United Kingdom. Commonly known as GCHQ.
Ghidra – This is a tool that was published by the National Security Agency in the US (NSA) that allows penetration testers to ‘de-compile’ applications and inspect the inner working of the apps. More info at https://ghidra-sre.org/.
GeoFencing – Geo-fencing (geofencing) is a feature in a software program that uses the global positioning system (GPS) or radio frequency identification (RFID) to define geographical boundaries. Geo-fencing allow an administrator to set up triggers so when a device enters (or exits) the boundaries defined by the administrator, an alert is issued. Many geo-fencing applications incorporate Google Earth, allowing administrators to define boundaries on top of a satellite view of a specific geographical area. Other applications define boundaries by longitude and latitude or through user-created and Web-based maps.
Geofence virtual barriers can be active or passive. Active geofences require an end user to opt-in to location services and a mobile app to be open. Passive geofences are always on; they rely on Wi-Fi and cellular data instead of GPS or RFID and work in the background.
GeoFencing also relates to the restrictions of broadcasted media to specific geological boundaries based on where you are accessing an internet service and where that service is located.
Google CAPTCHA – This provides a way for web publishers to present puzzles called CAPTCHAs (completely automated public Turing test to tell computers and humans apart) that can usually, but not always, distinguish automated website interaction from human engagement. The point of presenting such challenges is to keep bots from registering fake accounts and conducting other sorts of online abuse.
Governance – This is a system for directing and controlling an organization. It includes set of rules, processes, practises established to evaluate the options, needs, conditions of the stakeholders such as Management, Suppliers, financiers, customers, etc. It also includes framework for attaining the established goals of an organization, alongside achieving a balance between the goals of organization and interests of the stakeholders. It aims to protect the interests of the organization by protecting assets of the organization, and the interests of the creditors, customers.
Graduated Security – This is a security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics.
Greyware – This is a term that relates to potentially unwanted software that are not typically classified as malware, but potentially can affect your computer systems. This includes Adware and Spyware. It can also allude to software that is delivered as part f a downloaded package you install on your computer. This could be unwanted toolbars and utilities that seem to have a doubtful purpose, and not something you would necessarily want to keep. Getting rid of these applications is often difficult as they will often install multiple components across your system and you will need to know what is legitimate and what is unwanted. Often the only way to rid yourself of these applications is to do a clean install of the operating system.
Guessing Entropy – This is a measure of the difficulty that an Attacker has to guess the average password used in a system.
Guideline – This is a general rule, or a piece of advice, required to be followed in order to accomplish the set goals of an organization.
Hacker – A computer hacker is any skilled computer expert that uses their skills to solve a problem. However, this term is often referred to as someone who has malicious intent and deploys malware (see also ‘White Hat Hacker‘ and ‘Black Hat Hacker‘).
Hacking Services Scams – It is possible to find on the Internet some services offering to hack other people’s data for you. Many scammers are promoting those not only illegal but also fictitious services. It is very likely that, by answering to such an offer, you will get defrauded of your money with nothing in return.
Handshaking – This is a dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another.
Hash – This is a way to represent any data as a unique string of characters. You can hash anything: music, movies, your name, or this article. Metaphorically speaking, hashing is a way of assigning a “name” to your data. It allows you to take an input of any length and turn it into a string of characters that is always the same length. Obviously, there are many methods (algorithms) to do this. A few of the most popular hashing algorithms:
- MD5 – Given any data will return a unique 32 character hash.
- SHA1 – Given any data will return a unique 40 character hash.
- SHA256 – Given any data will return a unique 64 character hash; designed by the National Security Agency.
See also Password Hash.
Hash-based Message Authentication Code – This is a message authentication code that uses a cryptographic key in conjunction with a hash function. See also Message Authentication Code.
High Assurance Guard – This is an network boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic functional capabilities:
- Message Guard – provides filter service for message traffic traversing the Guard between adjacent security domains
- Directory Guard – provides filter service for directory access and updates traversing the Guard between adjacent security domains.
Hijacking – This is a network security attack by which the intruder takes control of a connection, while a session is in progress. The intruder gains unauthorized access to the information.
Hijack Attack – This is a form of active wiretapping in which the attacker seizes control of a previously established communication association.
Honeypot – This is a service that masquerades as a legitimate service, but can harbour malware (e.g. a fake WiFi network). It can also be used to lure attackers to a decoy service (e.g. a server) thereby reducing the opportunity for a successful cyber attack. Multiple honeypots form a honeynet.
Host-Based Intrusion Detection System (HIDS) – This is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host. These operations are then compared to a pre-defined security policy norm.
Hot Site -This is a fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption. A Hot Site should be able to become fully operations within a few hours.
Hot Standby – This is a method of redundancy in which the primary and secondary (i.e. backup) systems run simultaneously. The data is mirrored to the secondary server in real time so that both systems contain identical information.
Hot Standby Site – This is often called a Fail Over Site and is a Hot Site site that can take the enterprise networking and processing needs within seconds of a failure of the primary site.
HTTP – This stands for “HyperText Transport Protocol.” and is the technology that allows for a website to be downloaded and rendered in your web browser.
HTTPS – This is the same as HTTP, but uses a secure protocol (SSL) to encrypt the information coming back from the website. Your web browser will decrypt this and allow the website to be displayed to you.
HTTP Request Smuggling – This is a technique for interfering with the way a web site processes sequences of HTTP requests that are received from one or more users. Request smuggling vulnerabilities are often critical in nature, allowing an attacker to bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users.
Human Operated Ransomware – This is a subsection of the ransomware category. In human-operated ransomware attacks, hackers breach corporate networks and deploy the ransomware themselves. This is in opposition to classic ransomware attacks that have been seen in the past, such as ransomware distributed via email spam or exploit kits, where the infection process relies on tricking the users in launching the payload.
Hybrid Attack – This is a blend of both a dictionary attack method as well as brute force attack. This means that while a dictionary attack method would include a wordlist of passwords, the brute-force attack would be applied to each possible password in that list.
Hybrid Encryption – This is a method of encryption that combines two or more encryption algorithms or systems. This method merges asymmetric and symmetric encryption in order to derive benefit from the strengths of each form of encryption. These strengths include speed and security respectively.
Impersonation – In this content as part of social engineering, an attacker will impersonate someone in authority to trick you into divulging information. An example of an attack is a call from HR requesting information on yourself or another person.
Imposter Scam – This is where fraudsters try to coerce their targets into handing over personal information or funds by impersonating government agencies or well-known organizations. See also Courier Fraud.
Incident – This is an unplanned disruption, or degradation, of a network or system service and needs to be resolved immediately. An example of an incident is a server crash that causes a disruption in the business process. However, if the disruption is planned, say, a scheduled maintenance, it is not an incident.
Incident handling Plan – This is an action plan developed (by an organisation or individual) to counteract cyber attacks and any other security-related events. It comprises of six process steps:
- identification of attack
- containment of attack
- analysis (lessons learned).
Incremental Backup – This is a form of backup that only stores files that have changed since the last full/incremental backup. In this way, these backups are very quick to create and are often used for daily (or even hourly) backups. They are supported by full backups, that take a copy of the whole file store. See also our blog post of Backing up your data.
Inference Attack – This is a data mining technique used to illegally access information about a subject or database by analysing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it.
Influencer Fraud – This is where the number of social media account followers is artificially inflated, often by buying followers. This is a way of promoting the account to look like it has a very high following and therefore becomes an influencer in that subject. These fake followers often do not exist, or are an account with zero posts.
Ingress Filtering – This is a technique used to ensure that all incoming packets (of data) are from the networks from which they claim to originate. Network ingress filtering is a commonly used packet filtering technique by many Internet service providers to prevent any source address deceiving. This helps in combating several net abuse or crimes by making Internet traffic traceable to its source.
Input Validation Attack – This is when an attacker purposefully sends strange inputs to confuse a web application. Input validation routines serve as the first line of defence for such attacks. Examples of input validation attacks include buffer overflow, directory traversal, cross-site scripting and SQL injection.
Insider Threat – This is an attack method where a trusted employee has access to confidential information, or high privilege access and abuses that privilege to disclose information or provide a hacker to access to privileged areas of the IT infrastructure. This is particularly an issue when an disgruntled employee leaves a company and is vulnerable to disclosing privileged information.
Internet Control Message Protocol (ICMP) – This is one of the key Internet protocols and is used by network devices, such as routers, to generate error messages to the source IP address when network problems prevent delivery of IP packets. Any IP network device has the capability to send, receive or process ICMP messages. This protocol is also used to relay query messages and is assigned protocol number 1.
Internet identity (IID) / Internet Persona – This is a social identity that an Internet user creates on online communities and websites. While some users prefer using their real names online, others prefer to be anonymous and identify themselves by means of pseudonyms.
Internet Message Access Protocol (IMAP) – This is a standard Internet protocol that is used by e-mail clients to retrieve e-mail messages from a mail server over TCP/IP and is defined by RFC 3501. An IMAP server typically listens on port number 143. IMAP over SSL (IMAPS) is assigned the port number 993.
Intelligent Platform Management Interface – (IPMI) this is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system’s CPU, firmware (BIOS or UEFI) and operating system. IPMI defines a set of interfaces used by system administrators for out-of-band management of computer systems and monitoring of their operation. For example, IPMI provides a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell. Another use case may be installing a custom operating system remotely. Without IPMI, installing a custom operating system may require an administrator to be physically present near the computer, insert a DVD or a USB flash drive containing the OS installer and complete the installation process using a monitor and a keyboard. Using IPMI, an administrator can mount an ISO image, simulate an installer DVD, and perform the installation remotely.
Internet of Things – This is a collection of devices that are not typically identified as computers. They can be anything from light bulbs connected to a home automation system, domestic appliances, sensors on industrial plant, as well as autonomous cars and the components that make up non-autonomous cars including Satellite Navigation, automated braking systems, etc. The danger from these devices is that they often do not require any form of authentication to operate and run on outdated embedded software that is not maintained by the vendor. This also extends to the services these devices use to provide their function, e.g. in the case of a door bell/door monitoring system there will be a subscription service that performs that monitoring and provides the owner of alerts when someone comes to the door. See my blog ‘Securing your Internet of Things‘ for more details.
Internet Protocol (IP) – This is a communication protocol that is used for relaying datagrams across network boundaries. It has a routing function which enables inter-networking, and essentially establishes the Internet.
Internet Protocol Security (IPsec) – This is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), security gateways (network-to-network), or between a security gateway and a host (network-to-host).
Internet Service Provider – This is a communications company that provide access to the Internet. This is usually for a monthly fee /subscription and provides different data rates based on the monthly subscription (e.g. 20Mbps, 100Mbps, 1Gbps).
Internet Standard (STD) – is a normative specification (that is approved by the Internet Engineering Task Force (IETF) (and published as an RFC) of a technology or methodology applicable to the Internet. An Internet Standard is characterised by technical reliability and usefulness. The IETF also defines a proposed standard as a less mature but stable and well-reviewed specification.
Insider Attack – This relates to someone who is an employee of a company with legitimate privileged access but uses it to execute a cyber attack, fraud or a data breach.
International Bank Account Number (IBAN) – This is an international bank account number, which is used for accounts held in the EU, as well as Norway, Switzerland, Liechtenstein and Hungary. It’s used as standard when banks around Europe need to process international payments, to make sure your money reaches its destination safely and quickly. Your IBAN is a unique identifier for your own bank account, and contains pretty much all that is needed to identify your country, bank, and your exact account, in just a few numbers. A typical IBAN looks like GB29HBUK40972924681012.
Internet Protocol address (IP address) – This is a numerical label that is assigned to each device that is using Internet Protocol or any other protocol and is connected to an Internet network. An IP address serves two basic functions, that is, host or network interface identification and location addressing. These addresses are typically assigned by a router to a computing device as well as looked up through a DNS service to address a website.
There are two types of IP Address:
- Type 4 (IPV4) – these look like 220.127.116.11
- Type 6 (IPV6) – these look like 2001:db8:0:1234:0:567:8:1
Internet Security Software – This is a class of software that packages up various defensive software’s that attempt to secure your device. This is distributed by various organisations, and can come pre-installed on your PC/Phone. Windows Defender on Windows 10 is a comprehensive set of defensive software’s that comes as the default protection on new PC’s. This includes software such as:
- Anti-Virus software
- Ransomware protection
- Privacy Protection
- Website and Email scanning for malware
- Webcam Protection
- Spam Protection
- Detecting fake websites
- Virtual Private Networks (VPN’s).
See also ‘End Point Protection‘.
Intranet – This is a private or internal network that is accessible only to an organisation’s personnel. An intranet is established with the technologies for local area networks (LANs) and wide area networks (WANs) and typically uses Internet based technologies internal to the organisation.
Investment Fraud – This involves the illegal sale, or purported sale, of financial instruments. The typical investment fraud schemes are characterized by offers of low, or no-risk, investments, guaranteed returns, overly-consistent returns, complex strategies, or unregistered securities. A Ponzi scheme is an example of an Investment fraud. See also Investment Scams.
Investment Scams – Investment scams are where you are convinced to invest in some money making scheme that is not existent. These scams will generally involve small amounts of money at the beginning, but quite important ones as you get into it. Thanks to their very elaborate schemes, where they give false hopes to the consumer, they can take big amounts of money from their targets. They can do so by helping the consumers make some money (at the beginning) out of small bets and sums, which will convince them to invest more money in the scam. This is when things will go wrong, as the scammer will claim that your latest investment made a lot of profit, but that it is somehow impossible to withdraw it (therefore convincing you to pay even more to withdraw that money). Most of the time, scammers stop replying after they took the most they could from you.
Invoice Scam – This is where the scammer poses as you and sends fake invoices to your clients with their own bank account details, phone number and email address. The scammer poses as a regular supplier of yours and sends fake invoices to you. Also known as Invoice Fraud. See also Business Email Compromise and Cyber Enabled Fraud.
Internet Protocol Address (IP address) – This is a numerical label that is assigned to each device that is using Internet Protocol, or any other protocol, and is connected to an Internet network. An IP address serves two basic functions, that is, host or network interface identification and location addressing.
IP Flood – This is a type of Denial of Service attack where the victim or system is flooded with information that uses up all the available bandwidth and preventing legitimate users from access. When IP Flood Detection is enabled, the router has the ability to block malicious devices that are attempting to flood devices.
IP Forwarding – This is also known as Internet routing. It is a process used to determine using which path a packet or datagram can be sent. IP forwarding is an OS option that allows a host to act as a router. A system that has more than one network interface card must have IP forwarding turned on in order for the system to be able to act as a router.
IP Multi-Cast – This is a method of sending packets of data to a group of receivers in a single transmission. This method is often used to stream media applications on the Internet and private networks.
IP Spoofing Attack – This is a hijacking technique where a hacker impersonates as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network. This is also known as IP Address Forgery or a Host File Hijack.
Issue-Specific Policy – This is a statement of policy that is intended to address specific needs within an organisation, such as a password policy.
International Telecommunication Union (ITU) – This is a specialized agency of the United Nations that is responsible for issues that concern information and communication technologies. It is the oldest global international organization. The ITU coordinates the shared global use of the radio spectrum, promotes international cooperation in assigning satellite orbits, works to improve telecommunication infrastructure in the developing world, and assists in the development and coordination of worldwide technical standards. The ITU is also active in the areas of broadband Internet, latest-generation wireless technologies, aeronautical and maritime navigation, radio astronomy, satellite-based meteorology, convergence in fixed-mobile phone, Internet access, data, voice, TV broadcasting, and next-generation networks. It consists of the following sectors:
- Radio Communication (ITU-R) – manages the international radio-frequency spectrum and satellite orbit resources
- Standardisation (ITU-T) – coordinates standards for telecommunications
- Development (ITU-D) – helps spread equitable, sustainable and affordable access to information and communication technologies (ICT)
- ITU Telecom – organizes major events for the world’s ICT community.
ITU Telecommunication Standardization Sector (ITU-T) – This is one of the three sectors of the International Telecommunication Union (ITU). It coordinates standards for telecommunications.
Jackpotting Attack – Also called ATM “black box” attacks, is where cybercriminals make an ATM spit out cash. A jackpotting attack can be executed with malware installed on an ATM, or by using a “black box.” A black box attack is when an intruder unfastens an ATM outer case to access its ports or cuts a hole in the casing for direct access to its internal wiring or other hidden connectors. Using these access points, the attacker then connects a “black box” device (typically a laptop or Raspberry Pi board) to the ATM’s internal components, which they use to send commands to the ATM’s cash dispenser and release cash from the storage cassettes.
Kerberos – This is a computer network authentication protocol and is ticket-based allowing nodes to communicate over a non-secure. Kerberos protocol messages are protected against snooping and replay attacks.
Kernel – This is a computer program that is the core of a computer’s operating system, with complete control over everything in the system. On most systems, it is one of the first programs loaded on power-up. It handles the rest of start-up as well as input/output requests from software, translating them into data-processing instructions for the CPU. It also handles memory and peripherals like keyboards, monitors, printers, and speakers. As a result of the sensitivity of the Kernel, this is often a prime target for hackers since this gives them total control over all operations within the computers OS.
Key Loggers – This is a form of malware that records all the keystrokes you make on your computer. Typically the attacker is looking for usernames and passwords to gain access to computer systems, but this can also be used to capture private information. Key loggers can be delivered by various means, including a social engineering attack.
Lateral Phishing – This is a Phishing Attack that is conducted from an email address within, rather than outside, the organization. See also Phishing and Business Email Compromise Attack for further information.
Lattice Techniques – These use security designations to determine access to information.
Layer 2 Forwarding Protocol (L2F) – is a tunnelling protocol developed by Cisco Systems, Inc. to establish virtual private network connections over the Internet. L2F does not provide encryption or confidentiality by itself; It relies on the protocol being tunnelled to provide privacy. L2F was specifically designed to tunnel Point-to-Point Protocol (PPP) traffic.
Layer 2 Tunnelling Protocol (L2TP) – This is a tunnelling protocol used to support virtual private networks (VPNs), or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.
Lightweight Directory Access Protocol (LDAP) – This is an open, vendor-neutral, industry standard application protocol used for accessing and maintaining distributed directory information services over an IP network.
Link-State Routing Protocol – This is one of the two main classes of routing protocols used in packet switching networks. The link-state protocol is performed by every switching node in the network. Every node creates a map of the connectivity to the network (in the form of a graph) displaying all the nodes that are connected to other nodes. Each node then calculates the next best logical path from it to every possible destination in the network. The collection of these best paths forms the node’s routing table.
List Based Access Control – This associates a list of users and their privileges with each object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. This list is implemented differently by each operating system.
Loadable Kernel Module – (LKM) This is a file that contains code to extend the running kernel, or so-called base kernel, of an operating system. LKMs are typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls. When the functionality provided by a LKM is no longer required, it can be unloaded in order to free memory and other resources. This is also a cyber attack vector, although often requires significant privilege escalation to gain access.
Local Security Authority Subsystem Service (LSASS) – This is a Microsoft Windows service responsible for enforcing security policy and it is used to add entries to the security log, as well as to handle user logins, access token creation, and password changes. If the LSASS process fails, the user will immediately lose access to Windows accounts available on the machine, an error will be displayed, and the device will be forced to restart.
Logic Bomb – This is a piece of code intentionally inserted into a software system that will set off a malicious action when a specified condition is met. For example, date is Friday the 13th, if a user hasn’t logged in for a number of days. The effect of a logic bomb is to perform some action, e.g. deleting files, corrupt data, install malware.
Loopback Address – This is an pseudo address that sends outgoing signals back to the same computer for testing. In a TCP/IP network, the loopback IP address is 127.0.0.1, and pinging this address always returns a reply unless the firewall prevents it.
Living Off the Land Binaries (LOLBin) – These are non-malicious binaries (programmes, DLL’s, etc.) that cyber criminals have discovered can be used to hide their malicious activity within a system and evade cyber defenses. The idea behind the LOLBin technique is that attackers can find legitimate, benign, and usually built-in executables present within an operating system, and then use those binaries to achieve malicious goals without relying on malicious code or files. Using LOLBins, attackers can “live off the land” (as the name suggests) and use a machine’s resources against itself to progress their attack.
Lure – In the context of malware and cyber security and social engineering, this is something (e.g. an email, IM, SMS) that tempts you to visit a malicious website to install malware or attack your privacy by disclosing information.