Glossary

Below is a glossary of security terms you may see referenced in a report. Plain english.

Account Takeover

When someone is able to takeover an account they do not own.

Ways to prevent account takeover:

(from a Web App PoV)

  • Check existing passwords against a leaked/stolen password database like Have I Been Pwned
  • Ensure that accounts are activated by email
  • Allow users the ability to add 2FA
  • Verify users before issuing a password reset
  • Do not send passwords over email, send a temporary ONE-TIME use link

Alert Fatigue

When too many notifications are made resulting in the inability for an analyst to discern real and high priority security issues from lower priority security issues. This happened at Target for example.

API Key

An API Key is a piece of information, typically a string of characters, used to authenticate a service or user calling an API. Typically this key is considered highly sensitive and confidential and should be protected accordingly. API Keys are typically classified as "secrets" in data classification standards and policies.

AWS Root Account

The "Super User" account in an Amazon Web Services (AWS) account. This is in the form of an email instead of an Account ID / Username combination. It is extremely recommend to not use the AWS Root account login unless in a "break glass" situation.

Note: In GovCloud accounts, you cannot log in as root.

AWS Management Account (AWS Master Account, AWS Organizational Root Account)

This account sits at the top of your AWS Organizational Structure, and contains information on consolidated billing. Additionally, it allows you to enable services across all your AWS Account.

See our AWS Multi-Account guide for more details.

CPSM - Cloud Security Posture Monitoring

Tools designed to give cloud customers insight into their Cloud Presence from a security perspective. Some platforms are focused only on security, while others are designed to manage and monitor costs and assets, while adding security as a feature.

DKIM

DKIM is a protocol used to protect your email from spoofing.

Domain Hijacking

When an attacker or threat actor takes over the primary DNS registration of a domain, allowing an attacker to forward traffic to a 3rd-party location and intercept traffic.

Domain Hijacking Protection & Prevention

Here is a list of actions you can take to protect yourself:

  • Ensure contact details are made through anonymous/private registration
  • Ensure contact details are updated and accurate
  • Enable 2FA with your domain providers login (do not use SMS)
  • Lock your account to disable transferring until unlocked
  • Ensure the domain in your contact details have the same protections

For more information, click on this link.

Hacker

Someone who hacks who is not always a criminal.

Insider Threat

Where the threat actor is an "insider" such as an employee, contractor, or other person inside an organization.

Principle of Least Privilege

Ensuring the amount of privilege assigend to a user or service has the minimal level of access to perform the job function. Excessive permissions can be used (mailciiously or unintentionally) by primary or third party threat actors.

Phishing Attack

The number one vector that is being used to obtain access to credentials or sensitive data.

For more information, click on this link.

Security Awareness Training

A set of training modules delivered to employees to increase "awareness" of information security best practices. Training can be either video or text based.

We

SIEM

Security Information and Event Monitoring. Sometimes pronounced "sim" or "seem" this is a system designed to correlate security related events from system logs. Commonly confused with a log aggregator, a SIEM is a log aggregator with additional correlation rules built-in or added to the system.

For example a properly configured SIEM may detect when AWS Root Credentials are being used or activity coming from an IP that's featured in threat list.

Ideally, a large correlation or rules engine is available out of the box from the SIEM provider. That being said, any log aggregation system can be tuned to function as a SIEM.

Threat Modeling

An exercise of going through various threat scenarios to a system and through the actual execution of a threat or exploit of a system or resource.

For example:

  • What would happen if an attacker got access to a laptop today? Or is it was stolen from a car?
    • What data would be on the laptop (AWS Keys? Customer lists/databases? Source Code?)
    • Would someone be able to access the data on the drive?
    • What's the impact of that data being in possession of:
      • Casual thief
      • Hactivists
      • Competitors

Vendor Security Questionnaires

Questionnaires organizations can use to build trust and incorporate into the vetting process of third parties. Below is a list of questionnaires:

Note: There are multiple vendors that will help automate this process for you.