- Target of Evaluation (TOE)A set of software, firmware, and/or hardware components that are the subject of a security evaluation process. The TOE defines the boundaries of the product or system to be tested, including its security functions, interfaces, and implementation. By establishing a TOE, evaluators can systematically identify vulnerabilities, assess risks, and verify the effectiveness of security controls.
- Tcpdump An open-source command-line tool used primarily on Unix and Linux-based systems for network monitoring and data analysis. It allows the user to intercept and display TCP/IP and other packets transmitted or received over a network to which the computer is attached. In terms of security, tcpdump can be used for analyzing network activity, troubleshooting network issues, and detecting network intrusion attempts or other suspicious activity.
- TCP/IP Hijacking An attack where an intruder takes control of an existing TCP/IP session between two entities. The attacker exploits vulnerabilities to insert themselves into the data stream, enabling them to intercept or manipulate the communication. This form of hijacking poses significant risks to data integrity and confidentiality.
- TCP/IP (Transmission Control Protocol/Internet Protocol) The suite of protocols that defines how devices communicate over networks, including the internet. TCP (Transmission Control Protocol) and IP (Internet Protocol) are the two primary protocols in the suite and are responsible for establishing connections, transmitting data, and routing packets across networks. Examples include using TCP/IP to send an email, to access a website, or to share files over a network.
- TCP Sequence Number Prediction Attack A cyberattack exploiting the sequential nature of TCP packets. Attackers predict the sequence numbers used in a TCP session to inject malicious data or take over the connection. This technique can compromise the session's integrity, potentially leading to data breaches or service disruptions.
- TCP SYN flood attack A type of denial-of-service (DoS) attack that aims to make a server unavailable by overwhelming it with connection requests. The attacker sends a series of TCP SYN (synchronization) packets to the target server, each appearing to come from a different source, which prompts the server to allocate resources to await the completion of each connection. However, the attacker never completes the connections, causing the server to become overwhelmed with incomplete connections and eventually making the server unavailable to legitimate users.
- Teardrop Attack A denial-of-service attack that targets the vulnerability in the IP packet reassembly process. The attacker sends fragmented IP packets with overlapping offset field values to the target system, which can cause the system to fail or crash when it tries to reassemble these malformed fragments. This attack exploits the fragmentation logic errors in older operating systems that do not handle such exceptions properly.
- Technical controls Security measures that are based on the use of technology, such as hardware, software, and networking components. They are used to protect against threats and vulnerabilities in a system or network. Examples include firewalls, intrusion detection systems, and encryption algorithms.
- Technical infrastructure security The protection of the underlying systems and services that support an organization's IT environment. This includes ensuring the security of servers, networks, databases, and other technical assets from threats such as malware, unauthorized access, and data breaches. Key elements of technical infrastructure security include patch management, secure configuration, access control, network security, and monitoring for signs of potential security incidents.
- Technical vulnerability information Details about a weakness or flaw in a system or application that can be exploited by an attacker. It is used by security professionals to identify and mitigate risks and by software developers to fix vulnerabilities. Examples include information about a buffer overflow exploit in a web application or a SQL injection attack on a database.
Share our FREE glossary with your friends and study buddies.
Disclaimer: The glossary is for informational purposes only, we are not liable for any errors or omissions, if you find errors please contact us.