Glossary of terms used in Cyber Essentials
admin tasks
An administrator is someone who is in charge of the settings and controls of a computer. Someone using an administrator account can view every file on the system, including any account maintenance, billing and subscriptions, change system-wide system settings, run all installed programs, add new programs, install new hardware drivers and change the usernames and passwords of other user-accounts. These are therefore known as ‘admin tasks’; tasks that require the permissions of an administrator account to perform.
allow list
This is a list of internet addresses, protocols or applications that you know is safe to use and that you need to access. The list can be added to certain types of software, which receive communication from people you don’t know, so that anything that is not in the ‘allow list’ is blocked from being passed on, opened or installed. These lists may be used to filter email, to filter communications coming into a company network, limit a browser to specific websites or to limit which apps a mobile phone user is able to install.
anti-malware solution
Anti malware is a type of software program created to protect computers and IT systems from malware. Anti-malware programs should be configured in line with vendors' best practices.
applications
This is the name of a subset of software that run inside of an operating system (rather than being an operating system themselves) to provide specific functions (word processing, web browsing, games etc.) to the user.
Examples of application software include: Microsoft Office, Spotify, Zoom, Slack, Firefox and VLC Media Player.
software applications, cloud applications
Applications are types of software that provide specific functions. A cloud application simply refers to any software application that is delivered by a remote server and accessed over the internet rather than being hosted on a local machine.
application signed
When software is downloaded onto a computer, the operating system checks for a digital certificate to assure the safety of the software attempting to be installed. If no digital certificate is found, then the user is alerted to this fact, and prompted to either stop or continue the installation. A digital certificate is applied to software/applications by the process of code signing which utilises public key cryptography. Code signing is an operation where a software developer or distributor digitally signs the file being sent out, to assure users that they are receiving software that does what the creator says it will. The signature acts as proof the code has not been tampered with or modified from its original form.
approved software/ application list
The approved software or application list is a list maintained by the organisation identifying reputable trusted sources of software. A list of approved software or applications can be applied through technical controls like a Mobile Device Manager or through written policies where lists are provided to staff of what is and isnt allowed to be added. A list of approved software can be created in the security settings and software not listed, especially malware, cannot be added to your device. You can adjust this list as your needs change. Certain operating systems have options to allow software only from reputable sources, like the official Apple Store and identified developers only.
automatic deny list
Automatic deny lists can be used to block users from using passwords that are on a pre-configured list of common passwords that have been breached. Organisations can create a deny list from a file of the 100,000 most commonly breached passwords compiled by the NCSC. Automatic deny lists are also used to block browsers from visiting specific web sites or to help prevent spam and malicious email by blocking unwanted email from specified email addresses or entire domains.
autorun/ autoplay
Autorun or autoplay is a feature that allows software to automatically open by itself when a USB or DVD is plugged into your device.
It is important to disable autorun or autoplay on all operating systems and web browsers in order to avoid automatic installations of unauthorised software. When autorun or autoplay is disabled, the user is prompted to give permission every time before software is allowed to run or play.
biometric
Biometric authentication is a method of verifying a user's identity using something of 'who they are'. Physical identifiers can be fingerprints, facial features, iris or retina patterns and voice. Behavioural identifiers can be gait analysis, handwriting analysis or typing patterns (how strongly a user depresses keys on their keyboard).
block list
This is a list of internet addresses, protocols or applications that you, or the software that you use, know are sending people malicious or unwanted content. The list can be added to certain types of software, which receive communication from people we don’t know, to block unwanted content from being passed on, opened or installed. These lists may be used to filter email, to filter communications coming into a company network, to block browsers from visiting specific web sites or even to allow a mobile phone user to block certain apps from downloading .
boundary of scope
For the purposes of Cyber Essentials, the boundary of scope is the firewalls and routers which are creating the first line of defence between your networks and devices and the internet. The control requirements in section 1 -Firewalls would need to be applied to these firewalls and routers.
brute force
Brute force attacks use computers to target a login page where they try many different combinations of characters until the correct combination is found to crack the password. Depending on the length and complexity of the password and the processing power of the hacker’s computer, cracking it can take anywhere from a few seconds to many years.
Using a long and complicated password is a good way to protect your data from a brute-force attack.
BYOD
Bring Your Own Device (BYOD) is a widespread term for when a company allows employees to use their own laptops, tablets or phones for work purposes.
cloud services
A series of on demand, remote access, subscription IT services that are delivered to companies and customers over the internet.
examples of cloud services:
An Infrastructure as a Service (IaaS) cloud service provider hosts the infrastructure components that typically exist in an on-premises data centre including servers, storage and networking hardware as well as the hypervisor or virtualisation layer. Examples of IaaS include Rackspace, Google Compute Engine, or Amazon EC2.
Platform as a Service (PaaS) offers developers a platform for software development and deployment over the internet, enabling them to access up-to-date tools. Examples of PaaS include Azure Web Apps and Amazon Web Services Lambda.
Software as a Service (SaaS) cloud service providers host the applications, making them available to users over the internet. With SaaS, organisations do not have to download any software to their existing IT infrastructure.
SaaS is used by most organisation for everyday tasks such as creating and sharing files, signing and sending contracts and project management. Examples of SaaS include Microsoft 365, Jira, Dropbox, Gmail.
controls
In the context of cyber security, controls are safeguards or measures to mitigate security risks. eg configuring a firewall, installing anti-malware software.
commodity attack
Commodity is a term used to describe common, low skill, low sophistication cyber attacks that rely on tools which are widely available on the internet, eg a phishing attack.
Data Protection Act
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Strict laws determine how you store people’s contact details and personal information.
deny list
This is a list of internet addresses, protocols or applications that you, or the software that you use, know are sending people malicious or unwanted content. The list can be added to certain types of software, which receive communication from people we don’t know, to block unwanted content from being passed on, opened or installed. These lists may be used to filter email, to filter communications coming into a company network, or even to allow a mobile phone user to block certain apps from downloading .
encryption
By using mathematical techniques known as cryptography, data is encrypted or scrambled into a code that hides the information's meaning, so that only an authorised person with the key to unlock the code can decrypt and access that data.
end of life (EOL)
When software gets to a certain age, the manufacturer will cease to create and send out patches. The age of software that this occurs varies significantly between vendor. At this point, the software is classed as ‘legacy’ or ‘end of life’ as it is no longer supported and therefore no longer secure to use. Not only are the vulnerabilities left un-patched, but they become common knowledge for hackers who create programmes and services to make them easy to exploit, even for criminals with low levels of technical expertise.
FIDO2
FIDO2 (Fast Identity Online) is a set of security standards that can be used to provide more secure alternatives to passwords for accessing online services. The FIDO2 standards define cryptographic authentication using public-key credentials and protocols which can negate the need for a password completely or be used as a second factor. FIDO2 authenticators can include a personal device such as a smartphone or laptop with a trusted platform module (TPM), or a physical USB key.
firewall
A hardware firewall can be a device like a small computer that is installed between your computer network and the internet. It will monitor the packets of data as they move in and out of your network and can block or permit data according to its predefined rules. Most internet service provider routers contain a firewall which can be configured to meet the controls of Cyber Essentials. It is also common for organisations to have a separate firewall device to provide an increased level of protection.
A software firewall provides added internal protection within a network. A software firewall is installed on an individual computer and protects that single device. If multiple computers need protection, the software firewall must be installed and configured on each device. Most modern operating systems include a free software firewall already installed.
A virtual firewall is an application or a network firewall service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment. Like a traditional network firewall, a virtual firewall inspects packets and uses security policy rules to block unapproved communication between VMs.
firmware
Firmware is a specific type of software embedded into the hardware of a device to make it function correctly and interact with other software installed on the device. Routers and firewalls contain firmware which acts as the operating system for those devices.
heuristic detection
Heuristic detection was developed to spot suspicious characteristics that can be found in unknown, new viruses and modified versions of existing threats. Heuristic analysis is incorporated into anti-malware software to detect new threats before they cause harm.
host
Is a computer that is interlinked to other computers through a network.
hypervisor
A hypervisor is a type of software that is installed over the hardware of a server to run and manage virtual machines (VMs)on that server. Hypervisors are often referred to as “the virtualisation layer”. VMs only work if there is a hypervisor to virtualise and distribute hardware resources.
IaaS cloud services
An Infrastructure as a service ( IaaS) cloud service provider hosts the infrastructure components that typically exist in an on-premises data centre including servers, storage and networking hardware as well as the hypervisor or virtualisation layer. A company might use IaaS if they need to develop bespoke applications and programmes but are not equipped to handle the infrastructure that this requires.
Examples of IaaS are, Rackspace, Amazon Web Services (AWS), Cisco Metacloud, Microsoft Azure.
inbound ports
Firewalls have ports which are like doors, they can be opened or closed depending on how the firewall is configured. Different ports allow different types of network traffic through them, eg If an incoming or outgoing port is "open," packets with that port number are allowed into or out of the local network.
In networking, the term ‘open port’ indicates a port number has been configured to accept data packets. Different software and services will require different numbers of ports to be open on firewalls in order to establish connections. Inbound means someone else from outside of your computer initiates a connection to your computer. A web browser connecting to your web server is an inbound connection to your web server. You might enable a service to work from outside your network or allow an external IT provider to remotely configure your devices. Do not leave any port open that does not have a legitimate reason for being open. Close all unnecessary ports.
For Cyber Essentials, opening ports in the firewall should only happen when there is a documented business case for doing so. A documented business case means that the reason for opening a port must be discussed and recorded. The requirement should be reviewed regularly and when the ports no longer need to be open, they should be closed as soon as possible.
internet of things (IoT)
It is not just computers, laptops, tablets and mobile phones that connect to the internet, an increasing amount of objects such printers, security cameras, home appliances and lights also connect. These ‘connected’ devices are collectively known as the ‘internet of things’ (IoT) and they enable the user, to control their functions remotely from an app on their phone or tablet. IoT connected devices that do not access business data are not in scope for Cyber Essentials.
interpreters
A program that translates code from one computing code language into equivalent computing code written in another language.
IP address
This is a numeric address (eg 216.239.32.0) or identifier for every connected computer or device on the internet. An IP address is used to determine the geographical location of that server.
IP telephony
IP telephony refers to any phone system that uses an internet connection to send and receive voice data
jailbreaking
Jailbreaking is the process of removing the limitations put in place by a device’s manufacturer. Jailbreaking is generally performed on Apple iOS devices, such as the iPhone or iPad. Jailbreaking removes the restrictions Apple puts in place, allowing you to install third-party software from outside the app store. Essentially, jailbreaking allows you to use software that Apple doesn’t approve.
legacy/unsupported
When software gets to a certain age, the manufacturer will cease to create and send out patches. The age of software that this occurs varies significantly between vendor. At this point, the software is classed as ‘legacy’ or ‘end of life’ as it is no longer supported and therefore no longer secure to use. Not only are the vulnerabilities left un-patched, they become common knowledge for hackers who create programmes and services to make them easy to exploit, even for criminals with low levels of technical expertise.
libraries
Libraries in programming languages are collections of prewritten code that users can use to optimize a task.
magic links
Magic links are a type of password-less login that allow users to log in by clicking a link that’s emailed to them (rather than typing in their username and password). Once the user clicks the link, they are granted access to the service.
malware
Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.
malware signature detection
This is a method of virus detection that involves identifying malware by comparing code in a program to the code of known virus types that have already been encountered, analysed and recorded in a database.
mobile device management solutions
Mobile device management software (MDM) allows an organisation to centrally monitor, manage, and secure all their mobile devices.
multi-factor authentication
Two-factor(2FA), multi-factor authentication(MFA) or 2 step verification (2SV) adds an extra step to the basic log-in procedure for online accounts. Your password is a single factor of authentication, the second factor could be a number sent to your mobile phone or authenticator app or your fingerprint or face. Multi-factor authentication means a hacker cannot access your account with a password alone; it makes your account more secure.
View the NCSC definition of Multi-factor authentication
networking equipment
Electronic devices which are required for communication and interaction on a computer network. eg hubs, switches, routers, bridges, gateways, multiplexers, transceivers and firewalls
network software
Network software describes the software used to design and implement a modern network. Examples may include network storage software, patch management software, security surveillance software, asset management software, deployment and migration software and virtualisation software.
OAuth 2.0
OAuth 2.0 (standing for ‘Open Authorisation’) is a method of authentication that allows customers to sign in to a new service using their existing account with another, usually a well-known service provider (such as Apple, Facebook or Google). This is often referred to as single sign on (SSO).
one-time passwords (OTPs)
One-time passwords (OTPs) are similar to magic links in that the user doesn't need to remember a password. Instead, users are sent (via SMS or email) a single-use password to log in with, or asked to generate one using an app.
operating systems
An operating system is software that is usually pre-loaded on a computer. It is essential for the computer to operate as it manages the computer's memory and processes, as well as all of its software and hardware. Examples are, Microsoft Windows, macOS, and Linux.
organisational data or services
organisational data
Any electronic data belonging to the organisation. e.g. emails, office documents, database data, financial data.
organisational services
Any software applications (apps), cloud applications, cloud services, virtual desktops and mobile device management solutions owned or subscribed to by the organisation. e.g web applications, MS 365, Google Workspace, MDM Containers, Citrix Desktop, VDI solutions, RDP desktop.
PaaS cloud services
Platform as a service is a cloud computing model where a third-party provider delivers hardware and software tools over the internet to be used as a platform for customers to develop apps.
Examples of PaaS are, AWS Elastic Beanstalk, Windows Azure, Heroku, Google App Engine and OpenShift.
port (hardware)
Computer hardware is the physical part of a computing system such as a laptop, monitor, keyboard, cables etc. A port in the hardware is the jack or receptacle for an external device to plug into. These are standardised for each purpose. Some common ports are Universal Serial Bus ports, USB-C ports, Ethernet ports or DisplayPorts. Examples of external devices attached via ports are the mouse, keyboard, monitor, microphone and speakers.
port (software)
Vastly different types of data flow to and from a computer over the same network connection, software based ports are used by programs and services to exchange information and help computers understand what to do with the data they receive. Ports are standardised across all network-connected devices, with each port assigned a number. Most ports are reserved for certain roles or ‘protocols’ — for example, all Hypertext Transfer Protocol (HTTP) messages go to port 80. This is the way internet communications platforms such as web browsers ask for the information they need to load a website.
An IP address and a port number work together to exchange data on a network. Whereas the IP address is used to determine the geographical location of that server, the port number determines which service or progam on that server it wants to use. Port numbers allow targeting of specific services or applications within those devices, for example, a computer can simultaneously load HTTP webpages using port 80, transfer an MP3 recording using port 21 (the File Transfer Protocol FTP) and send email from an email server using the SMTP Port 25.
plug-ins
Plug-ins are small applications that allow you to view certain types of content within your web browser. Examples are Adobe Reader, which lets you view PDF files in your browser, and Apple QuickTime which allows users to play particular multimedia files.
public key cryptography
Also called asymmetric encryption, a message is encrypted and decrypted using mathematically related but different keys.
How it works: Using complicated mathematics on a computer, a user generates two keys for use in sharing and receiving encrypted data. One key is made public, available to anyone who asks for it. The other key is the private key and is never shared with anyone else. In this method, a person can encrypt a message using the receiver’s public key, but it can be decrypted only by the receiver's private key. Public key cryptography is extremely useful for establishing secure communications over the Internet.
Remote Desktop Protocol
Remote Desktop Protocol (RDP). Remote Desktop Protocol enables a user of a computer in one location to access a computer or server somewhere else. This is often used by technicians to support users and to carry out maintenance tasks.
Port 3389 is the port for Remote Desktop Protocol; is a common attack route for ransomware and should only be used on internal networks. There is no good business reason to have this port open for external use as it is extremely hard to make secure.
rooting
Rooting is the process of gaining “root access” to a device. Similar to jailbreaking, but this is generally performed on Android devices.
router
When you signed up for an internet service plan, your internet service provider (e.g. Sky, BT, or Virgin Media) sends you a small box to plug in. This device is your 'router' and is the key part of your network, as the router's job is to move data between your devices and other networks.
SaaS cloud services
Software as a service is a cloud service where providers host the applications and make them available to users over the internet. With SaaS, organisations do not have to download any software to their existing IT infrastructure.
Examples of SaaS are, Google Workspace, Dropbox, Salesforce, Cisco WebEx, Concur and GoToMeeting.
safe list
This is a list of internet addresses, protocols or applications that you know is safe to use and that you need to access. The list can be added to certain types of software, which receive communication from people you don’t know, so that anything that is not in the ‘safe list’ is blocked from being passed on, opened or installed. These lists may be used to filter email, to filter communications coming into a company network, limit a browser to specific websites or to limit which apps a mobile phone user is able to install.
physical servers, virtual server
A server is a computer that provides a particular job or 'functionality' to other computers. This could be hosting web pages, storing user's email addresses to send and receive email messages, or storing files that can be accessed by other computers on a network. A physical server can be housed on the premises of an organisation or accessed remotely at a (cloud) data centre.
By installing a piece of software called a hypervisor on a physical server, the resources from one server can be divided up, and used in different functions. Each divided part of the server can be given its own operating system and applications. This process turns the divided sections of the server into virtual machines (VM) and the server as a whole into a virtual server (VS).
scripts
Coding, or programming is the umbrella term for the language used to write instructions that a computer or computer program can understand. Within that area, there are specific kinds of coding, one of which is scripting. Scripting languages are used to give instructions to programs (like websites) that are running on a computer and help make content dynamic. Many of today’s most popular coding languages are scripting languages, such as JavaScript, PHP, Ruby, Python.
segregated network
A segregated network is a network which has been partitioned into smaller networks. Access to data and devices can then be controlled using rules to limit access. For the purpose of Cyber Essentials, devices and software that can not apply the controls should be placed in a network segment with no internet access.
thin clients
Thin clients are a type of very simple computer holding only a base operating system. They are often used to connect to virtual desktops because they are cheaper and easier to maintain than regular computers. It is possible to modify some thin clients to operate more like PCs, and because they do connect to the internet, this can create security complications. Cyber Essentials requires thin clients to be supported and receiving security updates.
Examples of thin clients are, Dell WYSE 3000 3040 thin client, Raspberry Pi, Intel Ghost Canyon NUC, Lenovo ThinkCentre M625q, HP T430 thin client.
throttling
Throttling is the process of limiting the number of log-in requests or attempts a user can make in a certain period.
trusted platform module (TPM)
A TPM is a physical or embedded computer technology that can securely store important information such as passwords, fingerprints, certificates or encryption keys that can be used to authenticate the PC or laptop.
unsupported/ legacy
When software gets to a certain age, the manufacturer will cease to create and send out patches. The age of software that this occurs varies significantly between vendor. At this point, the software is classed as ‘unsupported’, ‘legacy’ or ‘end of life’ as it is no longer supported and therefore no longer secure to use. Not only are the vulnerabilities left un-patched, but they become common knowledge for hackers who create programmes and services to make them easy to exploit, even for criminals with low levels of technical expertise.
USB key
A physical USB security key is a small physical device that looks like a USB thumb drive, and works in addition to your password on sites that support it. The key is a 'second factor', which means you use it in addition to your password. After logging in normally, sites that support it will ask you to briefly insert the key into a USB port and tap the button with your finger.
virtualisation
Virtualisation is the technology that allows us to create a software-based or a ‘virtual’ version of a computer. It involves using the hardware of a computer or server, overlaying it with some specialist software and creating multiple ‘virtual’ machines within it. The virtual machines use the hardware of the single actual machine. For each virtual machine, an amount of CPU (processer), RAM ( memory) and storage space is allocated from the machine’s hardware. The total amount of CPU, RAM and storage on the virtual machines cannot exceed what is available on the hardware.
virtual desktop solutions/user interactive desktops
A virtual desktop is a computer that you access and operate either hosted on-premises or as part of a cloud service. The resources of the computer, such as the hardware, the operating system, the processing power and the applications are shared with multiple users and a preconfigured desktop is created which can be shared remotely, on almost any device.
A virtual desktop infrastructure(VDI) is a network of servers that provides a standard preconfigured desktop for your users and is centrally administered by your IT administrators. Examples are Citrix Virtual Apps and Desktops, Microsoft Remote Desktop Services, VMware Horizon, and Amazon Workspaces.
virtual machines
Virtualisation allows the power from one server to be divided up, and used in different functions. Each divided part of the server can be given its own operating system and applications. This turns the divided sections of the server into virtual machines (VM) and the server as a whole into a virtual server (VS). This process utilises the resources of a physical server in a very efficient way.
VLAN
Your Local Area Network (LAN) is everything inside of the router that your internet service provider has given you to connect to the wider internet. It might include all the computers, mobile devices and IoT devices in your home or office.
VLAN stands for Virtual Local Area Network. It is a technology that allows you to split a network into segments. Computers, servers and other network devices can be connected or separated regardless of their physical location. Even if these devices are scattered in different locations, it wouldn't matter because a VLAN can group them into separate virtual networks. You can use VLANs to improve network security by essentially putting all sensitive information and the users who have access to it on a separate network. No other types of information can travel on that VLAN and only authorised users have access to it.
vulnerabilities
Software is made up of thousands of lines of code which is how the computer interprets information to complete its functions. In every 1000 lines of code there is on average 10-15 errors. Most of these errors are not noticeable to you as the user, however, each error is a potential opening for cyber criminals to access your data. These openings are often called ‘vulnerabilities’. Within a piece of software’s functioning life span, as soon as an error or ‘vulnerability’ is discovered, the manufacturer creates some additional code to correct the error. This is known as ‘patching’. All modern software will need to ‘update’ on a regular basis (at least every 14 days) as part of its maintenance. This ensures that the latest vulnerabilities that have been discovered are patched within 14 days of the update being made available by the software vendor. Software that is no longer supported by the manufacturer or no longer receiving updates, will have vulnerabilities which pose a security risk to the network it is connected to.
web browser
A browser is an application program that provides a way to look at and interact with all the information on the World Wide Web. eg Microsoft Edge, Internet Explorer, Google Chrome, Mozilla Firefox, and Apple Safari.