Cyber Glossary - B

Back Door (Backdoor) – Typically unauthorized hidden software or hardware mechanism used to circumvent security controls. (CNSSI-4009) (NISTIR)

---

Backdoor - An intentionally designed vulnerability that enables access to a computer system. SOURCE: Cyberspace Solarium Commission Final Report, 2020

---

Backtracking Resistance – Backtracking resistance is provided relative to time T if there is assurance that an adversary who has knowledge of the internal state of the Deterministic Random Bit Generator (DRBG) at some time subsequent to time T would be unable to distinguish between observations of ideal random bitstrings and (previously unseen) bitstrings that were output by the DRBG prior to time T. The complementary assurance is called Prediction Resistance. (SP 800-90A) (NISTIR)

---

Backup – A copy of files and programs made to facilitate recovery, if necessary. (SP 800-34; CNSSI-4009) (NISTIR)

---

Banner – Display on an information system that sets parameters for system or data use. (CNSSI-4009) (NISTIR)

---

Banner Grabbing – The process of capturing banner information—such as application type and version—that is transmitted by a remote port when a connection is initiated. (SP 800-115) (NISTIR)

---

Baseline – Hardware, software, databases, and relevant documentation for an information system at a given point in time. (CNSSI-4009) (NISTIR)

---

Baseline Configuration – A set of specifications for a system, or Configuration Item (CI) within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes. (SP 800-128) (NISTIR)

---

Baseline Security – The minimum security controls required for safeguarding an IT system based on its identified needs for confidentiality, integrity, and/or availability protection. (SP 800-16) (NISTIR)

---

Baselining – Monitoring resources to determine typical utilization patterns so that significant deviations can be detected. (SP 800-61) (NISTIR)

---

Basic Testing – A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object. Also known as black box testing. (SP 800-53A) (NISTIR)

---

Bastion Host – A special-purpose computer on a network specifically designed and configured to withstand attacks. (CNSSI-4009) (NISTIR)

---

Battlespace. The environment, factors, and conditions that must be understood to successfully apply combat power, protect the force, or complete the mission. This includes the air, land, sea, space, and the included enemy and friendly forces; facilities; weather; terrain; the electromagnetic spectrum; and the information environment within the operational areas and areas of interest. (JP 1-02) (Jt Pub 3-13)

---

Behavioral Outcome – What an individual who has completed the specific training module is expected to be able to accomplish in terms of IT security-related job performance. (SP 800-16) (NISTIR)

---

Behavior Monitoring - Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends. (Adapted from: DHS personnel) (NICCS)

Synonym(s): behavior monitoring

---

Benign Environment – A non-hostile location protected from external hostile elements by physical, personnel, and procedural security countermeasures. SOURCE: CNSSI-4009

---

Binding – Process of associating two related elements of information. (SP 800-32) (NISTIR)

An acknowledgement by a trusted third party that associates an entity’s identity with its public key. This may take place through (1) a certification authority’s generation of a public key certificate, (2) a security officer’s verification of an entity’s credentials and placement of the entity’s public key and identifier in a secure database, or (3) an analogous method. (SP 800-21) (NISTIR)

Process of associating a specific communications terminal with a specific cryptographic key or associating two related elements of information. (CNSSI-4009) (NISTIR)

---

Biometric – A physical or behavioral characteristic of a human being. (SP 800-32) (NISTIR)

A measurable physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all examples of biometrics. (FIPS 201) (NISTIR)

---

Biometric Information – The stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g., patterns.) (FIPS 201) (NISTIR)

---

Biometric System – An automated system capable of:

1) capturing a biometric sample from an end user;

2) extracting biometric data from that sample;

3) comparing the extracted biometric data with data contained in one or more references;

4) deciding how well they match; and 5) indicating whether or not an identification or verification of identity has been achieved. (FIPS 201) (NISTIR)

---

Big data – data sets which are too big to process and manage with commodity software tools in a timely way, and require bespoke processing capabilities to manage their volumes, speed of delivery and multiplicity of sources. (UK 2016)

---

Biometrics – Measurable physical characteristics or personal behavioral traits used to identify, or verify the claimed identity, of an individual. Facial images, fingerprints, and handwriting samples are all examples of biometrics. (CNSSI-4009) (NISTIR)

---

Bit – A contraction of the term Binary Digit. The smallest unit of information in a binary system of notation. (CNSSI-4009) (NISTIR)

A binary digit having a value of 0 or 1. (FIPS 180-4) (NISTIR)

---

Bitcoin – a digital currency and payment system. (UK 2016)

---

Bit Error Rate – Ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system. (CNSSI-4009) (NISTIR)

---

BLACK – Designation applied to encrypted information and the information systems, the associated areas, circuits, components, and equipment processing that information. See also RED. (CNSSI-4009) (NISTIR)

---

Black Box Testing – See Basic Testing. ((NISTIR)

---

Black Core – A communication network architecture in which user data traversing a global Internet Protocol (IP) network is end-to-end encrypted at the IP layer. Related to striped core. (CNSSI-4009) (NISTIR)

---

Blacklist – A list of email senders who have previously sent span to a user. (SP 800-114) (NISTIR)

A list of discrete entities, such as hosts or applications, that have been previously determined to be associated with malicious activity. (SP 800-94) (NISTIR)

---

Blacklisting – The process of the system invalidating a user ID based on the user’s inappropriate actions. A blacklisted user ID cannot be used to log on to the system, even with the correct authenticator. Blacklisting and lifting of a blacklisting are both security-relevant events. Blacklisting also applies to blocks placed against IP addresses to prevent inappropriate or unauthorized use of Internet resources. (CNSSI-4009) (NISTIR)

---

Blended Attack – A hostile action to spread malicious code via multiple methods. SOURCE: CNSSI-4009 Blinding – Generating network traffic that is likely to trigger many alerts in a short period of time, to conceal alerts triggered by a “real” attack performed simultaneously. (SP 800-94) (NISTIR)

---

Block – Sequence of binary bits that comprise the input, output, State, and Round Key. The length of a sequence is the number of bits it contains. Blocks are also interpreted as arrays of bytes. (FIPS 197) (NISTIR)

---

Block Cipher – A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm, the length of the input block is the same as the length of the output block. (SP 800-90) (NISTIR)

---

Block Cipher Algorithm – A family of functions and their inverses that is parameterized by a cryptographic key; the function maps bit strings of a fixed length to bit strings of the same length. (SP 800-67) (NISTIR)

---

Blue Team –

1. The group responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers (i.e., the Red Team). Typically the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period of time, 2) in a representative operational context (e.g., as part of an operational exercise), and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e., the White Team).
2. The term Blue Team is also used for defining a group of individuals that conduct operational network vulnerability evaluations and provide mitigation techniques to customers who have a need for an independent technical review of their network security posture. The Blue Team identifies security threats and risks in the operating environment, and in cooperation with the customer, analyzes the network environment and its current state of security readiness. Based on the Blue Team findings and expertise, they provide recommendations that integrate into an overall community security solution to increase the customer's cyber security readiness posture. Often times a Blue Team is employed by itself or prior to a Red Team employment to ensure that the customer's networks are as secure as possible before having the Red Team test the systems. (CNSSI-4009) (NISTIR)

---

Blacklist - A list of entities that are blocked or denied privileges or access. (Adapted from: DHS personnel) (NICCS)

Related Term(s): whitelist

---

Blue Team - A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).

Extended Definition: Also, a group that conducts operational vulnerability evaluations and recommends mitigation techniques to customers who need an independent technical review of their cybersecurity posture. (Adapted from: CNSSI 4009) (NICCS)

Related Term(s): Red Team, White Team

---

Border Gateway Protocol - A protocol designed to optimize routing of information exchanged through the internet. SOURCE: Cyberspace Solarium Commission Final Report, 2020

---

Bot – A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator. (NICCS)

Extended Definition: A member of a larger collection of compromised computers known as a botnet.

Synonym(s): zombie

Related Term(s): botnet

---

Bot Herder - Synonym(s): bot master

---

Bot Master - The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet. (NICCS)

Synonym(s): bot herder

---

Botnet - Definition: A collection of computers compromised by malicious code and controlled across a network without the owner’s knowledge or consent. (NICCS)

---

Boundary – Physical or logical perimeter of a system. (CNSSI-4009) (NISTIR)

---

Boundary Protection – Monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communication, through the use of boundary protection devices (e.g., proxies, gateways, routers, firewalls, guards, encrypted tunnels). (SP 800-53; CNSSI-4009) (NISTIR)

---

Boundary Protection Device – A device with appropriate mechanisms that: (i) facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system); and/or (ii) provides information system boundary protection. (SP 800-53) (NISTIR)

A device with appropriate mechanisms that facilitates the adjudication of different security policies for interconnected systems. (CNSSI-4009) (NISTIR)

---

Browsing – Act of searching through information system storage or active content to locate or acquire information, without necessarily knowing the existence or format of information being sought. (CNSSI-4009) (NISTIR)

---

Brute Force Password Attack – A method of accessing an obstructed device through attempting multiple combinations of numeric and/or alphanumeric passwords. (SP 800-72) (NISTIR)

---

Buffer Overflow – A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system. (SP 800-28; CNSSI-4009) (NISTIR)

---

Buffer Overflow Attack – A method of overloading a predefined amount of space in a buffer, which can potentially overwrite and corrupt data in memory. (SP 800-72) (NISTIR)

---

Bulk Encryption – Simultaneous encryption of all channels of a multichannel telecommunications link. (CNSSI-4009) (NISTIR)

---

Business Continuity Plan (BCP) – The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business functions will be sustained during and after a significant disruption. (SP 800-34) (NISTIR)

The documentation of a predetermined set of instructions or procedures that describe how an organization’s business functions will be sustained during and after a significant disruption. (CNSSI-4009) (NISTIR)

---

Business Impact Analysis (BIA) – An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption. (SP 800-34) (NISTIR)

An analysis of an enterprise’s requirements, processes, and interdependencies used to characterize information system contingency requirements and priorities in the event of a significant disruption. (CNSSI-4009) (NISTIR)

---

Bug - Definition: An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device. (Adapted from: NCSD Glossary) (NICCS)

---

Build Security In - Definition: A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks. (Adapted from: Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program (2011), US-CERT's Build Security In website.) (NICCS)

---

Byte - A unit of digital information consisting of 8 bits (binary digits - each bit corresponds to a choice between two alternatives). SOURCE: Cyberspace Solarium Commission Final Report, 2020