Addressing some common Cybersecurity jargons
Table of contents
No headings in the article.
Letโs break down some common Cybersecurity jargons.
Sometimes people get confused by these terms or find it hard to retain their differences.
โ. ๐๐ฎ๐ญ๐ก๐๐ง๐ญ๐ข๐๐๐ญ๐ข๐จ๐ง ๐ฏ๐ฌ ๐๐ฎ๐ญ๐ก๐จ๐ซ๐ข๐ณ๐๐ญ๐ข๐จ๐ง:
๐๐ฎ๐ญ๐ก๐๐ง๐ญ๐ข๐๐๐ญ๐ข๐จ๐ง is the process of verifying the identity. It uses a combination of techniques/methods to verify the identity. For e.g: If one of your friends calls you from an unknown number, after hearing their voice youโll ask ABC, is that you? and they will reply yes, itโs me.
Whereas ๐๐ฎ๐ญ๐ก๐จ๐ซ๐ข๐ณ๐๐ญ๐ข๐จ๐ง refers to the permissions attached to performing a certain task. This often comes after authentication is successful and a task is to be executed. For e.g: While making online payments you are asked to input PIN/OTP which is a form of authorization.
[ NOTE: While these solutions might sound very true there are ways to circumvent them. ]
โ. ๐๐๐ ๐ฉ๐ซ๐ข๐ง๐๐ข๐ฉ๐ฅ๐ ๐ฏ๐ฌ ๐๐๐ ๐ฉ๐ซ๐ข๐ง๐๐ข๐ฉ๐ฅ๐:
๐๐๐ stands for โDonโt Repeat Yourselfโ. Simply put it minimizes bugs & shortens codebase size
Whereas ๐๐๐ stands for โWrite Everything Twiceโ. Simply put it means the same code is implemented at least two times in a codebase. It offers the flexibility to use the same code for two different purposes.
[ NOTE: These two terms are not common as they are part of the software development process. There are high chances of seeing their implementation if you do web app pentest or code reviews. ]
โ. ๐๐๐ ๐ฏ๐ฌ ๐๐๐:
๐๐๐ or Uniform Resource Identifier provides the identity of an item. For e.g: the IMEI no of your smartphone can be defined as Uri, or the ISBN no of a book, or better yet your roll number/employee id.
๐๐๐ or Uniform Resource Locator provides a way to reach any location. It comprises of a protocol, domain name/IP address and path to the resource. For e.g: https://medium.com
โ. ๐๐๐ง๐๐ญ๐ซ๐๐ญ๐ข๐จ๐ง ๐ญ๐๐ฌ๐ญ๐ข๐ง๐ ๐ฏ๐ฌ ๐๐๐ ๐ญ๐๐๐ฆ ๐๐ฌ๐ฌ๐๐ฌ๐ฆ๐๐ง๐ญ:
๐๐๐ง๐๐ญ๐ซ๐๐ญ๐ข๐จ๐ง ๐ญ๐๐ฌ๐ญ๐ข๐ง๐ is a process to test the security of a company/system/network/website/software. For e.g: You hired a lockpicker to check the strength of your locks.
๐๐๐ ๐ญ๐๐๐ฆ ๐๐ฌ๐ฌ๐๐ฌ๐ฆ๐๐ง๐ญ on the other hand deals with testing the strength of blue team & adversary simulation. For e.g: You hired a professional thief to test out your state-of-the-art home security system.
[ NOTE: There is a fine line between these two terms. In most scenarios, they differ only in terms of use cases. In other scenarios, their terms are often interchanged. ]
โ. ๐๐๐ ๐ญ๐ซ๐ข๐๐ ๐ฏ๐ฌ ๐๐๐ ๐ญ๐ซ๐ข๐๐:
๐๐๐ ๐ญ๐ซ๐ข๐๐ stands for Confidentiality, Integrity & Availability. Itโs part of the Blue team side of security where these terms help design security mechanisms. For e.g: You use WhatsApp to send encrypted messages to another person & can do until WhatsApp servers are down or there is a Man-In-The-Middle (MITM ).
๐๐๐ ๐ญ๐ซ๐ข๐๐ stands for Disclosure, Alter & Denial. Itโs part of the Red team side of security where they define breaking of the CIA triad. For e.g: If someone intercepts your WhatsApp traffic and manages to break the encryption they can read, modify or even permanently delete your messages.
[ NOTE: While WhatsApp encrypts your text messages, any documents sent over it are not encrypted and remain plaintext in its servers. Anyone with access to these servers/MITM can easily read them. Be mindful of what you share over WhatsApp ]
โ. ๐๐๐ฏ๐๐ซ๐ฌ๐ ๐ฌ๐ก๐๐ฅ๐ฅ ๐ฏ๐ฌ ๐๐ข๐ง๐ ๐ฌ๐ก๐๐ฅ๐ฅ: For this letโs imagine you have two devices i.e, a client ( your smartphone ) and a server ( your laptop ). For the sake of simplicity letโs also assume these two are in the same LAN network.
In ๐๐๐ฏ๐๐ซ๐ฌ๐ ๐ฌ๐ก๐๐ฅ๐ฅ scenario the client will open a port and the server will connect back to it using the IP:Port combo. This is very useful in case of circumventing firewalls. For e.g: Letโs assume you met someone and instead of asking them, shared your phone number so they can contact you.
Whereas in ๐๐ข๐ง๐ ๐ฌ๐ก๐๐ฅ๐ฅ server will open a port and the client will connect to it using the IP:Port combo. This is helpful but less reliable if security measures are in place. For e.g: Letโs assume you met someone & they shared their phone no so you can contact them.
[ NOTE: Both of these shells have their individual use cases, sometimes you will use reverse and sometimes bind. It often takes trial & error to find a perfect solution for a given scenario, however in most cases reverse shell will do well than a bind one. ]
โ. ๐๐ง๐๐ซ๐ฒ๐ฉ๐ญ๐ข๐จ๐ง ๐ฏ๐ฌ ๐๐๐ฌ๐ก๐ข๐ง๐ :
๐๐ง๐๐ซ๐ฒ๐ฉ๐ญ๐ข๐จ๐ง is a terminology given to the process of encoding information in a way that it cannot be recovered without a secret (code/key). Simply put using this technique you can encode/decode your content ( text, files, devices ). Encryption is used to provide confidentiality among two or more people. Some common encryption algorithms are AES, RSA, etc.
For e.g: Letโs imagine you have a lock and a key, in this case, that lock canโt be opened without that key.
Whereas ๐๐๐ฌ๐ก๐ข๐ง๐ is a different technique that uses special mathematical functions to encode data in such a manner that it cannot be reversed. Due to this unique property, hashing is also used to store passwords in a database. It is also worth mentioning there is no secret/key in this scenario. Hashes are used to verify the integrity of a given data/file. Some of the common hash algorithms are MD5, SHA256, etc.
For e.g: You login into your Computer using a combination of username/password. This password is stored in the form of a hash and when you type it in the login panel, the system translates it into a hash & then compares it with the one stored in its database. Only if both matches, access is granted.
If you have read till here, thank you for bearing with me. While I wrote this post to explain concepts in layman's terms, hope you enjoyed it.