The FREE Cybersecurity Glossary by Thor Pedersen!

Authentication Header (AH): A protocol used in internet security to authenticate the sender of a message and ensure data integrity. It is part of the Internet Protocol Security (IPSec) suite, providing packet-level authentication for secure communications over IP networks. However, AH does not encrypt the data.

Authentication Server (AS) (in Kerberos): In the Kerberos network authentication protocol, the Authentication Server is a key component that provides the initial verification of a principal's (user or service) credentials. When a principal attempts to authenticate, it communicates with the AS, which checks the provided information against a database of users. If the credentials are valid, the AS issues a Ticket Granting Ticket (TGT) encapsulated within a message that can only be decrypted by the principal's secret key. The TGT is then used to request access to other network services without resending the principal's credentials, improving security and efficiency. The AS's role is crucial in establishing a trusted basis for further secure communications within the Kerberos-protected network environment.

Blind Test in Penetration Testing: The pentest method in which security professionals simulate an actual attack on a system, with limited information provided about the target beforehand. This approach is designed to mimic the real-world tactics and techniques of potential attackers, who typically have no inside information. It allows organizations to get a realistic understanding of their security vulnerabilities and how well their detection and response mechanisms perform under such conditions.

Block Cipher: A method of encrypting data where plaintext is divided into fixed-size blocks, typically 64 or 128 bits, which are then encrypted one block at a time using a specific key. Common block ciphers include AES (Advanced Encryption Standard) and DES (Data Encryption Standard). Block ciphers provide strong security by ensuring each block of data is encrypted independently, making unauthorized decryption more difficult.

Blowfish: A symmetric-key block cipher invented by Bruce Schneier in 1993. Designed as a general-purpose algorithm, it uses variable-length keys, making it ideal for both domestic and exportable use. Despite its age, Blowfish remains widely utilized due to its speed, simplicity, and security. However, its successor, Twofish, offers enhancements such as larger block sizes and additional security features.

Bypass Label Processing (BLP): A mechanism in some security models that permits bypassing security checks under specific conditions to enhance system performance. Used primarily in high-performance environments for low-risk data or operations, BLP requires careful consideration and compensating controls to manage potential security risks.