R is for …

Red Team

Just as penetration testers try to get access to an organisation electronically, red teams try to get physical access to the organisation. They use a combination of Open Source Intelligence gathering and social engineering to get access.

These teams are typically engaged by senior management to test processes such as visitor registration, tailgating, signing in, staff challenging non-wearers of passes etc.

Remote access

As the name suggests, this is the process of providing access to systems from a remote location. For example, many people are given access to their work systems when not in the office. This uses remote access tools including VPNs and Two Factor Authentication, or a combination of multiple tools. It means you don’t physically have to be in the office to access your work systems.

RAT

A Remote Access Trojan (RAT) is a piece of malware which enables attackers to gain control of a target machine from a remote location. When attackers use phishing techniques, the first step after a link is created is often to implement a RAT. This enables an attacker to get access to the device and carry on their attack using other tools.

Router

A router is a network device which examines network traffic and forwards it to the most appropriate part of the network.

 

N is for …

Network

This is an often used phrase, but what exactly is a network? In its simplest form, it is several computers connected to each other. In a single building, these would typically form a Local Area Network (LAN), or if several offices are connected together these would be called a Wide Area Network (WAN).There are several different network components, such as routers, switches and firewalls. These will be explained in the relevant posts on this site.

Non-repudiation

Non-repudiation means that an event or action can be attributed to a person or process and cannot be denied.

This is a cornerstone of information security, but doesn’t attract the same attention as the CIA triad for example. Without it, it would be impossible to prove without doubt who was responsible for something.

One of the reasons you typically have a unique username and password at work is so that audit logs can show what actions were carried out using your account. If you share your password with others, then it is difficult to prove that you were the only one using your account. This can have negative as well as positive connotations, but we’ll look at them when we talk about passwords.