Terminology |
Explanation |
Intrusion Prevention System (IPS) |
IPS is a network security and threat prevention technology which detects and prevents vulnerability exploits. These intrusion attempts are often aimed at exploiting known and unknown vulnerabilities in server or applications and can lead to a data breach if left unchecked. Once detected, the IPS will drop the traffic and block the malicious source, protecting the environment. IPS is often deployed either integrated with or just behind the firewall to provide maximum coverage from external threats. |
Intrusion Detection System (IDS) |
Similar to IPS, however, once an intrusion attempt is detected the IDS sensor sends an alert to allow a security analyst to investigate. When the technology was first released IDS was common due to a high number of false positives but now detection is intelligent enough to confidently block, so IDS is less common and only used in highly sensitive locations. |
General Data Protection Regulation (GDPR) |
GDPR is a European law introduced in May 2018 aimed at ensuring data protection and privacy for all individuals in Europe. All organisations which are either “controllers” or “processors” of personal data are required to carefully document and protect that data. Should a data breach occur organisations are required to disclose the breach within 72 hours of becoming aware of the incident. Failure to comply with GDPR regulations may incur a fine of up to 4% of global turnover or €20m, whichever is higher. |
Two/Multi-Factor Authentication (2FA or MFA) |
MFA is a system which requires multiple sets of credentials before granting access to a system or application. Frequently used on remote access VPNs, MFA often requires a user to enter a number sequence from either a physical token (known as a “hard token”) or from an application on a mobile device (known as a “soft token”). Users, therefore, need to provide who they are (username), what they know (password) and what they have (MFA token) |
Virtual Private Network (VPN) |
A VPN is a method of connecting a remote network or device to the corporate environment in a secure, encrypted manner. The main two types of VPNs are site-to-site VPNs and remote access VPNs. |
Remote Access VPN |
Allows secure remote connectivity to a corporate network using a configuration or application on the user’s device. Recommended to be used with MFA to ensure the device hasn’t been stolen or compromised. |
Phishing |
An attempt by a nefarious third party to obtain user credentials, often by impersonation of a legitimate individual or organisation. Phishing attempts are often made via legitimate looking email and are one of the most frequent causes of breaches. |
Security information and event management (SIEM) |
An application capable of gathering security information from across the organisation’s infrastructure in order to log and correlate suspicious behaviour. When suspicious activity is detected an alert will be generated for a security analyst to investigate. SIEM platforms are key in security operations due to the high quantity of logs generated by modern systems. |
Anti-Virus |
Software installed on server and endpoints aimed at preventing viruses and malware from exploiting the device. Typically signature based, relying on viruses to be detected globally and the signatures downloaded before providing protection |
Endpoint Protection |
Considered the “next generation” of anti-virus, endpoint protection focuses on locking down the exploits which can be exploited by viruses and malware, providing enhanced protection against zero-day and advanced threats. |
Botnet |
A network of compromised machine used for malicious activity. Once malicious actors gain control over a number of hosts, these compromised machines can be combined into a network to attack or disrupt the operations of a target. Botnets can be used for spreading viruses, sending spam or creating a DDoS attack. |
Distributed Denial of Service (DDoS) |
Denial of Service (DoS) attacks involve overloading a server or application with illegitimate requests so it cannot continue to serve legitimate users. Distributed DoS attacks use botnets scattered across the world to accomplish their goals. Since DDoS attacks typically saturate the network as well as the server, it is best to mitigate them within the network provider’ infrastructure rather than at the organisation’s edge. |
Ransomware |
Recently seen with the well publicised WannaCry malware, Ransomware attempts to encrypt all the files on the device, then offer to decrypt the files if a ransom is paid, typically in cryptocurrency such as Bitcoin. Ransomware is typically delivered via email. |
Cryptocurrency |
A cryptocurrency is a digital or virtual currency designed to work as a medium of exchange just like other currencies we are all familiar with. It uses cryptography to secure and verify transactions as well as to control the creation of new units of a particular cryptocurrency. |
Spoofing |
In the context of network security, a spoofing attack is a situation in which a person or program successfully masquerades as another by falsifying data, to gain an illegitimate advantage. |