One of the signature characteristics of the IT landscape is the sheer volume of unique terms that are used on a regular basis. Indeed, to outsiders it can seem like IT pros are speaking a completely different language — and in a sense, they are!
To help turn some of this confusion into clarity, we have created a new IT Security Glossary of Terms.
Naturally, experienced IT pros will be very familiar with these terms. However, as we all know a quick refresher never hurts!
More practically, we invite IT pros to share this glossary with their colleagues and customers who may struggle to understand various terms and concepts. For example, they may think that “Credential Injection” and “SQL Injection” are the same thing, or fail to grasp that access to a “Privileged Session” is granted on a temporary vs. permanent basis.
Currently, the glossary contains nearly 150 unique IT security terms, and we will be constantly adding more. Here is a snapshot of 30 terms that you will find:
-
Access control: A technique to restrict access to authorized users only.
-
Access management: The framework for validating, authorizing, maintaining, monitoring, and revoking access.
-
Account brokering: Inputs credentials into systems, websites, end servers, and applications without revealing those credentials to the user.
-
Active Directory: A directory service created by Microsoft; a database of resources.
-
Authentication: The action or process of validating an identity, usually that of a user or process requesting access.
-
Authorization: The action or process (often succeeding authentication) of granting access or empowering a user or process to do something.
-
Credential Brokering: (in Remote Desktop Manager) lets a user check out credentials for a session from RDM directly on the entry itself.
-
Credential injection: (in session management) the secure, direct input of credentials into a remote session without revealing them to the user.
-
Data Encryption Standard (DES): A symmetric encryption algorithm, fundamental in the development of cryptography; as a standard, DES was made obsolete in 2005 and superseded by AES, but is still widely used.
-
Gateway: A node (entrance) in a network to connect multiple networks.
-
HTTP Proxy: A filter for requests between a user and a server; this filter alters the details of requests to increase the anonymity of the user, and prevents unauthorized data from being downloaded on the user's end or uploaded/deleted on the server's end.
-
IT professional: An individual having the skills, knowledge, and education to execute one or more of the following activities for an organization: maintain, manage, and secure systems and databases; create and develop software and applications; test, build, install, and maintain software, hardware, network systems, and IT infrastructure; and provide technical support.
-
Least privilege: The principle of granting users only the amount of access needed to carry out their responsibilities.
-
Lightweight Directory Access Protocol (LDAP): An open protocol for authentication and access to a central directory.
-
Malware: Malicious software; a generic term for software designed to execute harmful and/or disruptive attacks on a server, network, or computer.
-
Managed Service Providers (MSPs): An outsourced third-party organization that remotely manages the IT systems of its clients.
-
Offline Access: The ability to access data without being connected to the source.
-
Password Authentication Protocol (PAP): A method of authenticating plaintext credential, considered vulnerable when used in Point-to-Point Protocol (PPP) connections.
-
Password Vault: A digital repository for securely storing credentials in password managers and privileged access management (PAM) systems.
-
Ping of Death: A cyberattack in which the attacker sends a malicious packet of data intended to cause a computer failure.
-
Privileged session: A temporary privileged access to critical assets.
-
Remote Connection Management: Organizing and securely sharing remote connections among users.
-
Remote Desktop Protocol (RDP): A network communications protocol owned and developed by Microsoft.
-
Role Based Access Control: A hierarchy of permissions determining how much or how little a user can do according to their role (function) in an organization.
-
Secure Shell (SSH): A protocol employing cryptographic techniques to establish a secure connection between a client and a server.
-
Sensitive Information: A broad term for any data that must be safeguarded from unauthorized access.
-
Single Sign-On (SSO): A method of accessing multiple resources with only one set of credentials.
-
SQL Injection: Inserting malicious SQL code into queries destined for a backend database to alter, expose, or retrieve data in that database.
-
Zero Trust Principle: A fundamental security concept which proposes that no person or computer should be trusted without authentication.
-
Zero-day attack: A cyberattack on a security vulnerability that is discovered by the attacker before the developer of the system or program.
Click here to access the full IT Security Glossary of Terms. We are constantly updating the glossary, so remember to bookmark the page.
Indeed, while it is very difficult to predict what the world will look like a year — or even a month — from now, one thing is certain: there will always be more (and more and more) terms to add to the ever-growing IT security vocabulary!