30/03/2025 17:34 about:blank
Introduction to Cybersecurity Tools and Cyberattacks
Module 4 Glossary: Identity and Physical Controls
Welcome! This alphabetized glossary contains the names and definitions of specialized terms used across this course. These terms are essential for working in the
industry, participating in user groups, and participating in other certificate programs.
Estimated reading time: 9 minutes
Term Definition
Access control A security feature that restricts and regulates who can view or use resources in a computing system.
Access management A framework of processes and technologies to control and monitor users' access to information and technology resources.
A directory service by Microsoft for Windows domain networks. AD is a central repository for managing and securing network
Active Directory (AD)
resources, enabling streamlined collaboration, and simplifying IT management tasks.
A cybersecurity solution that uses AI techniques to analyze data collected from various physical security sensors and devices and
Artificial intelligence (AI)
detect anomalies and potential threats in real-time. These security systems can also learn and adapt to new threats, making them
security systems
more effective in preventing security breaches.
Attribute-based access An access control approach that manages access rights within an organization's network. ABAC uses attributes to determine access,
control (ABAC) which may pertain to the user, the resource they want to access, the action they want to take, or the environmental context.
Authentication The process of confirming the identity of a user, device, or system attempting to access a network or resource.
Authorization The process of granting or denying rights to access resources and perform actions within a system or network.
An innovative approach to authentication that uses user behavior patterns like typing rhythm and mouse movements to continuously
Behavioral biometrics
authenticate users in a subtle yet powerful way without disrupting their workflow.
A method of confirming an individual's identity based on their unique physical or behavioral traits, such as fingerprints, typing
Biometric authentication
rhythms, iris patterns, facial contours, and so on.
A digitally signed document that verifies identity and can be stored on devices or physical tokens for secure communication and
Certificate
authentication.
Challenge handshake
authentication protocol A secure, cryptographic authentication protocol that verifies the identity of a user through a three-way handshake process.
(CHAP)
A security breach that occurs when unauthorized individuals access a database and extract, modify, or erase sensitive information
Database breach
stored within it.
A security model used to assign ownership or regulate access to objects such as files and directories. Owners can distribute rights
Discretionary access
and permissions for these objects. DAC is a familiar access control model, especially for those who manage their personal
control (DAC)
computers.
A security technology used to identify unauthorized or suspicious drone activity around your facility's airspace. These systems can
Drone detection system detect, track, and, in some cases, neutralize drones that potentially threaten physical security or are being used for surveillance
purposes without permission.
A tactic in which attackers can retrieve documents or devices thrown away by an organization that may still contain sensitive
Dumpster diving
information.
Electrostatic discharge A set of measures, such as grounding, anti-static mats, wristbands, and ESD-safe workstations, taken to prevent damage to
(ESD) protection electronic components and devices and minimize the risks associated with ESD.
Encryption The process of converting information into code, rendering the original content unreadable to those without the key to decrypt it.
Extensible authentication A widely used authentication protocol that offers various methods to authenticate users in wireless networks. EAP is often used to
protocol (EAP) secure remote access points, such as Wi-Fi hotspots and virtual private networks (VPNs).
The first open authentication standard developed by the FIDO alliance, comprising technology giants like Google, Microsoft,
Fast identity online
PayPal, and others. FIDO specifications were created to overcome the limitations of traditional password-based authentication
(FIDO)
methods and enhance security, privacy, and user experience.
Fence A physical barrier that limits unauthorized access to sensitive areas.
An example of discretionary access controls (DACs) where administrators delegate authority to users, allowing them to dictate
File access controls
access permissions to various resources. Linux and Windows use permissions like read, write, and execute to control file access.
Geolocation and time- A series of security protocols implemented to enhance security by restricting access based on the user's location or the time of the
based restrictions access attempt.
A security technique that encrypts data stored on laptops and portable devices, which is especially useful in the event of theft or loss
Hard disk encryption
of devices.
Hashed password A one-way encryption of your passwords, essential for securing password storage and authentication systems.
A set of policies, technologies, and processes used to manage digital identities and regulate resource access within an organization's
Identity and access
IT environment. It encompasses four key elements (4As): administration (identity management), authentication, authorization
management
(access management), and audit.
about:blank 1/3
�30/03/2025 17:34 about:blank
Term Definition
A set of techniques and materials used to strategically conceal critical infrastructure like call and data centers to diminish visibility
Industrial camouflage
and vulnerability to physical attacks.
An advanced surveillance system that uses artificial intelligence (AI) and machine learning (ML) algorithms to monitor and analyze
Intelligent perimeter
activity around your facility's perimeter. These security systems can differentiate between harmless entities and potential threats and
security system
provide real-time alerts and responses to security personnel, enabling rapid action.
An open-source authentication protocol developed by the Massachusetts Institute of Technology (MIT) that uses strong encryption
to protect user credentials exchanged between the client and server. One of the most notable applications of Kerberos is in
Kerberos
Microsoft Windows Active Directory (AD) environments, where it plays a primary role in authenticating user identities and
regulating access to network resources.
Key distribution center
A trusted third-party server that verifies user identities, serving as a centralized component of the Kerberos authentication protocol.
(KDC)
Lightweight directory
A software application that provides access to a centralized directory database using the LDAP protocol. LDAP servers store and
access protocol (LDAP)
organize directory information in a hierarchical structure called a directory tree.
server
A security mechanism that enforces access regulations as determined by an administrator. Users cannot alter file access permissions
Mandatory access control
or modify the established security protocols. MAC is commonly employed in government and military environments where security
(MAC) system
and confidentiality of information are of utmost importance.
Mantrap door A physical security system that controls access into sensitive areas by allowing only one individual to pass through at a time.
Message-digest algorithm An authentication method used in networking protocols, particularly in older versions of the point-to-point protocol (PPP), for
(MD5) challenge establishing connections across networks like dial-up or VPNs.
Multifactor A security process that requires additional verification factors like one-time passwords (OTPs) or biometric verification along with
authentication (MFA) usernames and passwords to enhance security.
Passkey A secret code used to gain access to a protected system, device, or network.
Password manager A software application that securely stores and manages passwords and other sensitive authentication data.
A form of cyberattack where hackers try to deceive individuals into sharing sensitive information like usernames, passwords, credit
Phishing
card numbers, or other personal data.
Pretty good privacy
A data encryption system used for securing emails, files, and other forms of digital communication.
(PGP)
Public key infrastructure
A collection of hardware, software, and processes used to manage and secure digital certificates and public-private key pairs.
(PKI)
Remote authentication A client-server protocol used for remote user authentication and authorization. RADIUS is commonly used in enterprise networks
dial-in user service to authenticate users before granting them access and in wireless networks and VPNs to allow secure authentication for remote
(RADIUS) users.
A robot designed to patrol and monitor facilities, providing an additional layer of security. These robots have advanced sensors and
Robotic security guard cameras to detect potential intruders or suspicious activity in real-time. They can also traverse through narrow spaces and staircases,
making them ideal for securing large buildings.
A widely implemented access control model that assigns system permissions to users based on their organizational role rather than
Role-based access control
their identity. This approach simplifies administration by allowing access rights to be managed through roles, which can be easily
(RBAC)
assigned and changed based on an employee's current responsibilities and job function.
An access control model that applies specific rules or access control lists (ACLs) to different objects or resources. The system
Rule-based access control
examines these lists when an access attempt is made to determine whether such access should be permitted. The most common
(RuBAC)
example of RuBAC is firewall rules.
A cryptographic key that serves as an alternative to traditional usernames and passwords for enhanced security. These keys securely
Secure shell (SSH) Key
store cryptographic key pairs for securely logging in to remote servers.
Secure sockets layer A cryptographic protocol used to secure communications over the internet, ensuring data transmitted between a web browser and a
(SSL) web server remains encrypted and confidential.
A single component within a more extensive IT infrastructure, which, on failure, can cause the entire system to malfunction or
Single point of failure
become unavailable.
An authentication process that allows users to access multiple applications with a single set of login credentials, reducing password
Single sign-on (SSO)
fatigue and the risk of credential reuse across services.
Single sign-on (SSO) A special software designed for logging in with a single, complex password that you remember. The SSO manager then remembers
manager the password for all the other systems.
Single-factor A security method that requires users to provide only a single form of verification, such as entering a username and password, to
authentication gain access to a system, application, or service.
A pocket-sized card equipped with a microprocessor chip and employing various interfaces. Smartcards can securely store
Smartcard
credentials and perform cryptographic operations, adding another layer of protection.
Tailgating A physical security breach where attackers follow authorized individuals into restricted areas without being noticed.
A process used in setting up transmission control protocol (TCP) connections between two network devices, usually a client and a
Three-way handshake
server. This process involves three stages: synchronize (SYN), synchronize-acknowledge (SYN-ACK), and acknowledge (ACK).
about:blank 2/3
�30/03/2025 17:34 about:blank
Term Definition
A physical device that generates one-time passwords (OTPs) for use in two-factor authentication or multifactor authentication
Token card (MFA) systems. Tokens can connect through a USB or wireless methods like Bluetooth to authenticate an identity by presenting a
certificate or other relevant data.
Transport layer security A cryptographic protocol that succeeds the earlier secure sockets layer (SSL) protocol. TLS secures communication over a
(TLS) computer network, ensuring privacy, data integrity, and authentication between two communicating applications.
Vandalism A behavior that involves deliberate destruction of physical infrastructure, risking data loss or system unavailability.
Virtual private network A technology that encrypts your internet traffic and obscures your IP address and geographical location. You can use a VPN to
(VPN) reroute your internet connection through a secured server, which then interfaces with the wider internet on your behalf.
about:blank 3/3
