Glossary

Our glossary provides concise definitions of technical terms to assist with education.

  • DMARC

    Description

    DMARC stands for Domain-based Message Authentication, Reporting and Conformance DMARC is an email authentication protocol which gives email domain owners the ability to protect their domain from unauthorized use (email spoofing). The aim is to protect a domain from being used in business email compromise attacks, phishing, email scams or other cyber threats. Dmarc allows a domain owner to understand where their legitimate email messages are originating from and be aware of any spoofing or phishing of their brands. Moreover, through applying the “quarantaine” or “reject” parameters in your DMRC setup you can prevent spoofed mails to even be delivered to the recipient’s mailbox. As an example, threat actors can spoof a domain to trick employees into sharing confidential information or downloading a malicious file attachment. Phishing emails are arriving with smarter baiting tactics. This is where DMARC is one of the three anti-phishing standards that help maintain domain integrity: SPF, DKIM, and DMARC.

    Risk

    The result of a domain not implementing any form of DMARC policy is exposing its recipients to possible phishing attacks and, unsurprisingly, 91% of all cyber attacks begin with a phishing email. Phishing and spoofing attacks against consumers are likely to occur when companies do not have published Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) policies in place.

  • DNSSEC

    Description

    DNSSEC stands for Domain Name System Security Extensions. It is a protocol for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not data availability or data confidentiality. Thus, protecting critical business data and embedding trust in the systems that employ DNSSEC. As an example, when a user surfs to a certain website, a root server, the DNS server acts like the phone book of the Internet where all users have their IPs listed. It is going to ask your server for the IP-address. In a cybersecurity context, the issue arises when some DNS servers are malicious and give the wrong IP-address. When DNSSEC is enabled that is assurance that the website is real.

    Risk

    DNS Systems are continuously at risk to DNS hijacking, domain shadowing, DNS cache poisoning, Man-in-the-Middle (MITM), and DNS spoofing. In many cases, malicious parties can take advantage of the complexity of DNS management, which makes companies vulnerable.

     

    Hijacked, spoofed, or corrupted DNS files are used to divert internet users and customers to fraudulent websites that can convincingly imitate a trusted enterprise brand.

  • HTTP Response Headers

    Description

    HTTP Response Headers facilitate the communication between the client and the server by passing additional information with an HTTP request or response. As an example, one of the most common ways a session is maintained is by sending a Set-Cookie HTTP response header to the browser. This ensures that the only way a server will know which client/browser it is talking to is when the client/browser sends the same cookie value with each and every request made to the server.

    Risk

    Security headers can be of great help in preventing many kinds of common attacks, including Cross Site Scripting and Clickjacking. In addition, they can provide an additional layer of security for your web applications.

  • Infections

    Description

    In the context of cyber hygiene, virus infections can mean ransomware, spyware or other types of malware which affect the well functioning of a computer system. The impact on an organization can range from slow computers to disruption of business operations, to reputational damage.

    Risk

    A malware infection can cause many problems that affect daily operation and the long-term security of your company. Hackers use it to steal passwords, delete files and render computers inoperable.

  • Open Ports

    Description

    In IT security an open port refers to either a TCP or UDP port number which is configured to accept data packets. In contrast, a port that rejects connections or ignores all data packets is a closed port.

    Risk

    Open ports are a security risk if services running on these ports are misconfigured, vulnerable, or unpatched.

  • Potential Phishing

    Description

    Phishing is an attack technique used to psychologically manipulate potential victims into unknowingly taking harmful actions. Scammers launch thousands of phishing attacks every day, and they’re often successful.

    Risk

    Phishing is designed to trick users into giving up sensitive personal or business information that hackers can use to steal their identity, raid their bank accounts and more. Allowing phishing domains to exist can have a big impact on a brand’s reputation and a user’s perception on that brand’s security.

  • Potential Vulnerabilities

    Description

    In IT security, a vulnerability is a weakness in a system or software that can be exploited by threat actors. By gaining unauthorized access attackers exploit a vulnerability and can introduce malicious code, install malware and steal sensitive data. Potential vulnerabilities are difficult to verify as exploitable. Reason why it is important to further investigate the scanned systems and software to get a view on the real exposure.

    Risk

    A vulnerability is a weakness that, when exploited, can lead to data loss, information disclosure, or even having a hacker having a permanent foothold inside your organisation.

  • SPF

    Description

    SPF stands for Sender Policy Framework, and it is an email authentication method designed to detect false sender addresses in email exchanges. In combination with DMARC, SPF can detect the falseness of sender in emails, a technique often used in phishing and email spam. As an example, SPF can prevent email spoofing and phishing. This happens when SPF determines whether or not a sender is allowed to send on behalf of a domain. If the sender is not allowed (meaning if the email fails the SPF check on the receiving server), the spam policy configured on that server determines what to do with the message.

    Risk

    Without an SPF record: • Spammers can spoof your domain name to spam other networks, harming your brand’s reputation. • Attackers can spoof your domain name for phishing and whaling attacks, potentially leading to ransomware, malware, and financial loss or fraud. • Other email servers on the internet may reject your email because they can’t determine its legitimacy.

  • SSL

    Description

    SSL stands for Secure Sockets Layer. Currently replaced by Transport Layer Security (TLS), the successor of SSL. The aim is to provide cryptography, including privacy (confidentiality), integrity, and authenticity through the use of certificates, between two or more communicating computer applications. As an example, companies use SSL and transport layer security (TLS) to encrypt their internet communications. However, the encryption protocols secure all application data, both legitimate and malicious. What happens in these cases is that threat actors use SSL/TLS protocols as a tool to hide their attack payloads. A security device may be able to identify a cross-site scripting or SQL injection attack in plaintext, but if the same attack is encrypted using SSL/TLS, the attack will go through unless it has been decrypted first for inspection.

    Risk

    If you do not have an SSL/TLS certificate on your website, then all the confidential information on your site might be accessed by hackers. This may lead to leakage of personal data of your customers, including payment details which may be compromised.