- July 29, 2022: Added “DNS zone.”
- March 25, 2022: Added “finding.”
- February 14, 2020: Published.
These are the common terms used through Bitsight and cyber security.
- Bulk Email Sender
- A company that offers bulk emailing services, such as a digital marketing company that sends marketing material on behalf of their customers. The “Spam Propagation” risk vector is not used when generating the Security Rating for these companies.
- A collection of software, with additional software offerings as part of a bundle. These aren’t necessarily malicious.
- A public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner.
- Any computer attempting to make a connection to a server.
- Command and Control Server (C&C or C2 Server)
- A centralized machine that sends commands to machines that are part of a botnet.
- Compromised System
Disambiguation: Compromised Systems Risk Category
- Diffie-Hellman Key Exchange
A specific method of publicly exchanging cryptographic keys that allows two parties to create a shared secret over insecure channels to establish encrypted communication. It is mathematically easy to generate a shared secret, but quite difficult for third parties to reverse.
- Diffie-Hellman Prime
A significant component of a Diffie-Hellman key exchange is a static large prime number stored on the server for use in generating the public keys during key exchanges, called a Diffie-Hellman prime.
A measure of how up-to-date a company is, in meeting or exceeding current security industry standards on its networks.
- DomainKeys Identified Mail (DKIM)
A countermeasure against adversaries attempting to send email using a company’s email domain. An encrypted signature is placed inside a DKIM-protected email, which is then checked by a recipient against the sender’s public DKIM record (another key), and then the signature in the email is decrypted by the recipient, using the key.
- Domain Name Server (DNS)
When a website is visited, the computer first needs to know how to find the website. It will ask a domain name server (DNS) for directions. It is the job of the DNS, which is just another computer, to translate human-readable domain names (google.com) into IP addresses (220.127.116.11).
- Domain Name Server Records (DNS Records)
Publicly viewable instructions. These are typically made up of text fields and values that are stored in a computer's “zone file,” which controls IP addresses (nameservers).
- Domain Name System Security Extensions (DNSSEC)
Creates verified identities using public certificates so that a DNS can prove it is legitimate.
- DNS Zone
A differentiator between distinctly managed areas in the DNS namespace. See Cloudflare, “What is a DNS zone?”
A way for an attacker to circumvent the protections provided by encryption or other security measures, using flaws in the technology itself.
- File Transfer Protocol (FTP)
- The culmination of observed internet traffic and configurations. They’re recorded on the Bitsight platform as events and records.
Software that are neither overtly malicious nor completely benign, but somewhere in the middle.
- Hypertext Transfer Protocol Headers (HTTP Headers)
In each response message that a web server sends, there's information at the beginning of the message called a “header.” Much like a business letterhead, headers define where the message is going, who it’s from, date sent, what type of message it is, and other configuration options. Required headers are important for preventing attacks.
A company’s publicly-facing computers, namely, any computer with internet access.
- Internet Protocol Suite (TCP/IP)
The conceptual model and sets of communication protocols used on the Internet and similar computer networks. It's commonly known as TCP/IP, since the foundational protocols in the suite are TCP and IP.
- Internet Service Provider
An organization that provides services for accessing, using, or participating in the Internet.
- Key Pair
Two mathematically generated strings (keys) for public key cryptography, which consists of a public key (seen and usable by everyone) and a private key (only known to its owner). The public key is used to encrypt outgoing messages and the private key is used to decrypt incoming messages.
- Malware Infection
An instance of malicious software crafted by attackers that has been installed in a machine. The presence of malware opens that machine to risk of data breach or additional malware being installed: the security of the system is compromised (a compromised system).
- Malware Server
Hosts a website that injects malicious code into a visitor’s browser, often installing new malware on the visitor’s computer. It lures visitors by claiming to have interesting content, leaked videos, etc, and then attempts to trick the visitor to install its malware, disguised in a variety of ways.
- Message Digest Algorithm (MD2)
A method for cryptographic hashing developed in 1989. MD2 is not collision-resistant and its support has been discontinued.
- Message Digest Algorithm (MD5)
A method for cryptographic hashing, which succeeded MD4 and MD2, published in 1992. MD5 is not collision-resistant and its support has been discontinued.
- Potentially Exploited
The computer is running an application that may be unwanted. It may allow more harmful malware to compromise the system, such as adware, spyware, or remote access tools.
A pre-defined set of rules for software to communicate with each other over networks, for consistency.
Communication between an infected device and a remote command-and-control server or other external system. These detections are evidence of compromised systems.
- Security Assertion Markup Language (SAML)
A markup language used by a single identity provider responsible for managing users, to log in users to external sites and applications. This removes the need to continue creating new user accounts and passwords in destination websites and applications.
A computer that serves a particular purpose and is accessed frequently by other computers, like a database server or a website server.
- Secure Hash Algorithm (SHA-1)
A method for cryptographic hashing (creating unique fingerprints and signatures for input data, such as files and text) developed in 1995. SHA-1 is vulnerable to partial-message collision attacks; Internet Explorer, Chrome and Firefox will not accept SHA-1-signed certificates starting in 2017.
- Spam Propagation
One of the company’s computers has been sending spam due to malware that are specifically designed to turn computers into spam factories. Spam can be damaging to a company’s reputation and can waste company resources.
- Secure Socket Layer (SSL)
A widely used method of encrypting information and webpages sent from websites and servers to web browsers and client services. TLS is the successor to SSL.
- Simple Mail Transfer Protocol (SMTP)
The standard protocol for electronic mail (email) services on a TCP/IP network.
- Transmission Control Protocol (TCP)
One of the main protocols of the Internet Protocol Suite. Provides a reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications that are running on hosts communicating via an IP network.
- Transport-Layer Security (TLS)
A widely used method of encrypting information and webpages sent from websites and servers to web browsers and client services. TLS uses a combination of certificates and keys to encrypt information.
- TLS/SSL Certificate
Certificates serve as the basis for establishing cryptographic trust through TLS/SSL. Certificates are responsible for verifying the authenticity of company servers to associates, clients, and guests.
- Uncompromised System
- Events that occur from a network with non-malicious activity. The traffic between the IP space and Bitsight sinkhole is generally due to testing, sandbox, guest, etc. networks.
- Unsolicited Communications
Malware on a compromised computer is scanning for open network access points (ports) on other computers over the Internet. It may be any type of malware looking to infect additional devices.
- Virtual Private Network (VPN)
Lets users connect to networks from outside those networks and use resources (databases and servers) as if they were directly connected.
Describes a discovered flaw in a security tool, software, hardware, or encryption method that an attacker could use for malicious purposes such as significantly weaken encryption or protections to their advantage.