STIX (Structured Threat Information eXpression) is a standardized XML programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans and security technologies.
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. DHCP assigns an IP address when a system is started, for example: A user turns on a computer with […]
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.
The principle of triage is the same whether you work in a hospital emergency room or office typing pool: Make sure that the most critical cases are dealt with first, and either take longer or use alternative methods for dealing with less-critical cases. Via SixSigma: Example of Triage in an IT Department The IT department […]
Password salting adds additional characters to passwords before hashing them, and prevents many types of attacks, including dictionary, brute force, and rainbow table attacks. In cryptography, a salt is random data that is used as an additional input to a one-way function that “hashes” a password or passphrase. Salts are closely related to the concept […]
Encryption is the translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher […]
A security operations center (SOC) is a centralized unit that deals with security issues on an organizational and technical level. A SOC within a building or facility is a central location from where staff supervises the site, using data processing technology. Via AlienVault: Originally, SOCs, or Security Operation Centers were designed to be a centralized […]
An attack vector is a path or means by which a hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element. Attack vectors include viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat […]
Diffie Hellman is an algorithm used to establish a shared secret between two parties. It is primarily used as a method of exchanging cryptography keys for use in symmetric encryption algorithms like AES. The algorithm in itself is very simple.
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key.