Untitled
Appendix C: Comprehensive Glossary
A
ACK - Acknowledgment flag in TCP header indicating receipt of data.
ACL (Access Control List) - Set of rules that define what traffic is permitted or denied on a network device.
AES (Advanced Encryption Standard) - Symmetric encryption algorithm widely used for securing data.
APT (Advanced Persistent Threat) - Sophisticated, long-term targeted attack typically by nation-state actors.
ARP (Address Resolution Protocol) - Protocol mapping IP addresses to MAC addresses on local networks.
Asymmetric Encryption - Cryptography using public/private key pairs (e.g., RSA, ECDH).
B
Beacon - Regular C2 communication pattern from implant to controller.
BGP (Border Gateway Protocol) - Routing protocol used to exchange routing information between autonomous systems.
Botnet - Network of compromised computers controlled by an attacker.
BPDU (Bridge Protocol Data Unit) - Frames used by STP to prevent network loops.
C
C2 (Command and Control) - Infrastructure used by attackers to control compromised systems.
CAM Table - Switch’s Content Addressable Memory table mapping MAC addresses to ports.
CIDR (Classless Inter-Domain Routing) - Method for allocating IP addresses and routing.
Cipher Suite - Set of algorithms used in TLS for key exchange, encryption, and authentication.
Covert Channel - Communication channel that wasn’t designed for communication.
CVE (Common Vulnerabilities and Exposures) - Standardized identifiers for security vulnerabilities.
D
DAI (Dynamic ARP Inspection) - Security feature validating ARP packets against DHCP snooping database.
DDoS (Distributed Denial of Service) - DoS attack from multiple sources.
DHCP (Dynamic Host Configuration Protocol) - Protocol for automatic IP address assignment.
DMZ (Demilitarized Zone) - Network segment between internal network and internet.
DNS (Domain Name System) - System translating domain names to IP addresses.
DNSSEC - DNS Security Extensions adding cryptographic authentication.
DoS (Denial of Service) - Attack making system or service unavailable.
E
EAP (Extensible Authentication Protocol) - Authentication framework for network access.
EDR (Endpoint Detection and Response) - Security solution for endpoint threat detection.
Encapsulation - Process of wrapping data with protocol headers at each layer.
ESP (Encapsulating Security Payload) - IPsec protocol providing encryption.
Exfiltration - Unauthorized transfer of data out of a network.
F
Firewall - Security device controlling network traffic based on rules.
Four-Way Handshake - WPA/WPA2 key exchange process.
Fragment - Piece of IP packet split for transmission.
G
Gateway - Device connecting networks, typically providing routing.
GTSM (Generalized TTL Security Mechanism) - Protection against off-path attacks.
H
Hash - Fixed-size output from cryptographic hash function.
HSTS (HTTP Strict Transport Security) - Security header forcing HTTPS.
HTTP (Hypertext Transfer Protocol) - Protocol for web communication.
I
IAM (Identity and Access Management) - Framework for managing digital identities.
ICMP (Internet Control Message Protocol) - Protocol for network diagnostics and error reporting.
ICS (Industrial Control Systems) - Systems controlling industrial processes.
IDS (Intrusion Detection System) - System detecting malicious network activity.
IKE (Internet Key Exchange) - Protocol for setting up IPsec associations.
IOC (Indicator of Compromise) - Artifact indicating potential intrusion.
IPS (Intrusion Prevention System) - IDS with ability to block threats.
ISN (Initial Sequence Number) - Starting sequence number in TCP connection.
J
JTAG - Debug interface for embedded systems.
K
Kerberos - Network authentication protocol using tickets.
Kill Chain - Model describing stages of cyberattack.
L
Lateral Movement - Attacker moving between systems in a network.
LLMNR (Link-Local Multicast Name Resolution) - Name resolution protocol vulnerable to spoofing.
M
MAC (Media Access Control) - Unique hardware address for network interfaces.
Malware - Malicious software.
MITM (Man-in-the-Middle) - Attack where attacker intercepts communication.
MITRE ATT&CK - Knowledge base of adversary tactics and techniques.
MTU (Maximum Transmission Unit) - Largest packet size that can be transmitted.
MX Record - DNS record specifying mail servers.
N
NAC (Network Access Control) - Security approach controlling device access to network.
NAT (Network Address Translation) - Technique mapping private IPs to public IPs.
NBT-NS (NetBIOS Name Service) - Name resolution service vulnerable to spoofing.
NDR (Network Detection and Response) - Network-focused security monitoring.
NDP (Neighbor Discovery Protocol) - IPv6 protocol similar to ARP.
NIST - National Institute of Standards and Technology.
Nmap - Network scanning tool.
NTLM - Windows authentication protocol.
O
OSINT (Open Source Intelligence) - Intelligence from publicly available sources.
OSI Model - Seven-layer networking reference model.
OWASP - Open Web Application Security Project.
P
Packet - Unit of data transmitted over network.
Payload - Data carried by packet or malicious code in exploit.
PEAP (Protected EAP) - EAP method using TLS tunnel.
Penetration Testing - Authorized simulated attack to evaluate security.
Phishing - Social engineering attack via fraudulent messages.
PKI (Public Key Infrastructure) - System managing digital certificates.
PMKID - Pairwise Master Key Identifier in WPA.
PMF (Protected Management Frames) - 802.11w protection for management frames.
Port - Logical endpoint for network communication.
Protocol - Set of rules governing communication.
Proxy - Intermediary server between client and destination.
PSK (Pre-Shared Key) - Shared secret for authentication.
PTK (Pairwise Transient Key) - Session key in WPA.
Q
QUIC - Modern transport protocol over UDP.
R
RADIUS - Authentication protocol for network access.
Ransomware - Malware encrypting data for ransom.
Reconnaissance - Information gathering phase of attack.
RFC (Request for Comments) - Internet standards documents.
Rootkit - Malware designed to hide presence on system.
Router - Device forwarding packets between networks.
RPKI (Resource Public Key Infrastructure) - Cryptographic validation for BGP routes.
RST - TCP reset flag terminating connection.
S
SCADA - Supervisory Control and Data Acquisition systems.
SIEM (Security Information and Event Management) - Log aggregation and analysis platform.
SMB (Server Message Block) - Windows file sharing protocol.
SNMP (Simple Network Management Protocol) - Network management protocol.
Spoofing - Impersonating another entity.
SQL Injection - Attack inserting SQL commands into input.
SSL (Secure Sockets Layer) - Deprecated predecessor to TLS.
SSLstrip - Attack downgrading HTTPS to HTTP.
STP (Spanning Tree Protocol) - Protocol preventing network loops.
Subnet - Logical subdivision of IP network.
SYN - TCP flag initiating connection.
SYN Flood - DoS attack sending many SYN packets.
T
TCP (Transmission Control Protocol) - Connection-oriented transport protocol.
Three-Way Handshake - TCP connection establishment (SYN, SYN-ACK, ACK).
TLS (Transport Layer Security) - Protocol providing encryption for network communication.
TTL (Time to Live) - Packet lifetime counter.
Tunneling - Encapsulating one protocol within another.
U
UART - Serial communication interface.
UDP (User Datagram Protocol) - Connectionless transport protocol.
uRPF (Unicast Reverse Path Forwarding) - Anti-spoofing mechanism.
V
VLAN (Virtual Local Area Network) - Logical network segmentation.
VPN (Virtual Private Network) - Encrypted tunnel over public network.
Vulnerability - Weakness that can be exploited.
W
WAF (Web Application Firewall) - Firewall for web applications.
WEP (Wired Equivalent Privacy) - Deprecated wireless security protocol.
WPA (Wi-Fi Protected Access) - Wireless security protocol.
WPA2 - Current widely-used wireless security standard.
WPA3 - Latest wireless security standard with SAE.
X
XSS (Cross-Site Scripting) - Web vulnerability allowing script injection.
Z
Zero Trust - Security model assuming no implicit trust.
Zero-Day - Vulnerability without available patch.
Zone Transfer - DNS mechanism to replicate zone data.