In this section you will find definitions of security terms typically used in security related book, documentation, articles etc.
As a security professional you should know and understand meaning of those expressions and terms.

Common terminology
• Vulnerability – weakness of security or system (insecure communication, poor passwords, improper input handling)
• Exploit – mechanism used to break security or system (executable code, password-guessing tools, scripts)
• Thread – expresses potential for the occurrence of a harmful event
• Risk – is the likelihood that a particular thread using a specific tool will exploit
• Confidentiality – limit access to information
• Authentication – confirm the identity of user, process or system
• Authorization – access control for user, process or system
• Non-repudiation – unable o deny an action


Alert classification:
• True Positive – genuine alert
• True Negative – genuine legitimate traffic
• False Positive – alert triggered on legitimate traffic
• False Negative – There was an attack but sensor didn’t detect it


Signature types:
• Atomic signature – a signature that triggers based on content of single packet
• Flow-based signature – a signature that triggers based on information contained in a sequence of packets
• Anomaly based signature – a signature that triggers when traffic deviates from typical (most likely previously observed) behavior

Security device modes:
• Inline mode – examining passing traffic and capability to stop attack immediately before it pass security check
• Promiscuous mode – securing device is not placed on the path of traffic, but receives copy of data to check. Can’t stop attack immediately

Follow me!