Addressing some common Cybersecurity jargons

ยท

5 min read

Table of contents

No heading

No headings in the article.

Letโ€™s break down some common Cybersecurity jargons.

Sometimes people get confused by these terms or find it hard to retain their differences.

โžŠ. ๐€๐ฎ๐ญ๐ก๐ž๐ง๐ญ๐ข๐œ๐š๐ญ๐ข๐จ๐ง ๐ฏ๐ฌ ๐€๐ฎ๐ญ๐ก๐จ๐ซ๐ข๐ณ๐š๐ญ๐ข๐จ๐ง:

๐€๐ฎ๐ญ๐ก๐ž๐ง๐ญ๐ข๐œ๐š๐ญ๐ข๐จ๐ง is the process of verifying the identity. It uses a combination of techniques/methods to verify the identity. For e.g: If one of your friends calls you from an unknown number, after hearing their voice youโ€™ll ask ABC, is that you? and they will reply yes, itโ€™s me.

Whereas ๐€๐ฎ๐ญ๐ก๐จ๐ซ๐ข๐ณ๐š๐ญ๐ข๐จ๐ง refers to the permissions attached to performing a certain task. This often comes after authentication is successful and a task is to be executed. For e.g: While making online payments you are asked to input PIN/OTP which is a form of authorization.

[ NOTE: While these solutions might sound very true there are ways to circumvent them. ]

โž‹. ๐ƒ๐‘๐˜ ๐ฉ๐ซ๐ข๐ง๐œ๐ข๐ฉ๐ฅ๐ž ๐ฏ๐ฌ ๐–๐„๐“ ๐ฉ๐ซ๐ข๐ง๐œ๐ข๐ฉ๐ฅ๐ž:

๐ƒ๐‘๐˜ stands for โ€œDonโ€™t Repeat Yourselfโ€. Simply put it minimizes bugs & shortens codebase size

Whereas ๐–๐„๐“ stands for โ€œWrite Everything Twiceโ€. Simply put it means the same code is implemented at least two times in a codebase. It offers the flexibility to use the same code for two different purposes.

[ NOTE: These two terms are not common as they are part of the software development process. There are high chances of seeing their implementation if you do web app pentest or code reviews. ]

โžŒ. ๐”๐‘๐ˆ ๐ฏ๐ฌ ๐”๐‘๐‹:

๐”๐‘๐ˆ or Uniform Resource Identifier provides the identity of an item. For e.g: the IMEI no of your smartphone can be defined as Uri, or the ISBN no of a book, or better yet your roll number/employee id.

๐”๐‘๐‹ or Uniform Resource Locator provides a way to reach any location. It comprises of a protocol, domain name/IP address and path to the resource. For e.g: https://medium.com

โž. ๐๐ž๐ง๐ž๐ญ๐ซ๐š๐ญ๐ข๐จ๐ง ๐ญ๐ž๐ฌ๐ญ๐ข๐ง๐  ๐ฏ๐ฌ ๐‘๐ž๐ ๐ญ๐ž๐š๐ฆ ๐š๐ฌ๐ฌ๐ž๐ฌ๐ฆ๐ž๐ง๐ญ:

๐๐ž๐ง๐ž๐ญ๐ซ๐š๐ญ๐ข๐จ๐ง ๐ญ๐ž๐ฌ๐ญ๐ข๐ง๐  is a process to test the security of a company/system/network/website/software. For e.g: You hired a lockpicker to check the strength of your locks.

๐‘๐ž๐ ๐ญ๐ž๐š๐ฆ ๐š๐ฌ๐ฌ๐ž๐ฌ๐ฆ๐ž๐ง๐ญ on the other hand deals with testing the strength of blue team & adversary simulation. For e.g: You hired a professional thief to test out your state-of-the-art home security system.

[ NOTE: There is a fine line between these two terms. In most scenarios, they differ only in terms of use cases. In other scenarios, their terms are often interchanged. ]

โžŽ. ๐‚๐ˆ๐€ ๐ญ๐ซ๐ข๐š๐ ๐ฏ๐ฌ ๐ƒ๐€๐ƒ ๐ญ๐ซ๐ข๐š๐:

๐‚๐ˆ๐€ ๐ญ๐ซ๐ข๐š๐ stands for Confidentiality, Integrity & Availability. Itโ€™s part of the Blue team side of security where these terms help design security mechanisms. For e.g: You use WhatsApp to send encrypted messages to another person & can do until WhatsApp servers are down or there is a Man-In-The-Middle (MITM ).

๐ƒ๐€๐ƒ ๐ญ๐ซ๐ข๐š๐ stands for Disclosure, Alter & Denial. Itโ€™s part of the Red team side of security where they define breaking of the CIA triad. For e.g: If someone intercepts your WhatsApp traffic and manages to break the encryption they can read, modify or even permanently delete your messages.

[ NOTE: While WhatsApp encrypts your text messages, any documents sent over it are not encrypted and remain plaintext in its servers. Anyone with access to these servers/MITM can easily read them. Be mindful of what you share over WhatsApp ]

โž. ๐‘๐ž๐ฏ๐ž๐ซ๐ฌ๐ž ๐ฌ๐ก๐ž๐ฅ๐ฅ ๐ฏ๐ฌ ๐๐ข๐ง๐ ๐ฌ๐ก๐ž๐ฅ๐ฅ: For this letโ€™s imagine you have two devices i.e, a client ( your smartphone ) and a server ( your laptop ). For the sake of simplicity letโ€™s also assume these two are in the same LAN network.

In ๐‘๐ž๐ฏ๐ž๐ซ๐ฌ๐ž ๐ฌ๐ก๐ž๐ฅ๐ฅ scenario the client will open a port and the server will connect back to it using the IP:Port combo. This is very useful in case of circumventing firewalls. For e.g: Letโ€™s assume you met someone and instead of asking them, shared your phone number so they can contact you.

Whereas in ๐๐ข๐ง๐ ๐ฌ๐ก๐ž๐ฅ๐ฅ server will open a port and the client will connect to it using the IP:Port combo. This is helpful but less reliable if security measures are in place. For e.g: Letโ€™s assume you met someone & they shared their phone no so you can contact them.

[ NOTE: Both of these shells have their individual use cases, sometimes you will use reverse and sometimes bind. It often takes trial & error to find a perfect solution for a given scenario, however in most cases reverse shell will do well than a bind one. ]

โž. ๐„๐ง๐œ๐ซ๐ฒ๐ฉ๐ญ๐ข๐จ๐ง ๐ฏ๐ฌ ๐‡๐š๐ฌ๐ก๐ข๐ง๐ :

๐„๐ง๐œ๐ซ๐ฒ๐ฉ๐ญ๐ข๐จ๐ง is a terminology given to the process of encoding information in a way that it cannot be recovered without a secret (code/key). Simply put using this technique you can encode/decode your content ( text, files, devices ). Encryption is used to provide confidentiality among two or more people. Some common encryption algorithms are AES, RSA, etc.

For e.g: Letโ€™s imagine you have a lock and a key, in this case, that lock canโ€™t be opened without that key.

Whereas ๐‡๐š๐ฌ๐ก๐ข๐ง๐  is a different technique that uses special mathematical functions to encode data in such a manner that it cannot be reversed. Due to this unique property, hashing is also used to store passwords in a database. It is also worth mentioning there is no secret/key in this scenario. Hashes are used to verify the integrity of a given data/file. Some of the common hash algorithms are MD5, SHA256, etc.

For e.g: You login into your Computer using a combination of username/password. This password is stored in the form of a hash and when you type it in the login panel, the system translates it into a hash & then compares it with the one stored in its database. Only if both matches, access is granted.

If you have read till here, thank you for bearing with me. While I wrote this post to explain concepts in layman's terms, hope you enjoyed it.

ย