Technical Glossary – Internet-safeguarding.com

Technical Glossary

0-9

4G: 4G refers to the fourth generation of cellular network technology (mobile phone networks), which offers faster data speeds and higher capacity compared to 3G.

Long Term Evolution (LTE) is the most common technology used to implement 4G networks. LTE offers speeds of up to 100 Mbps in motion and 1 Gbps when stationary, although these are rarely experienced.

5G: 5G (fifth-generation) cellular technology is the latest advancement in wireless communication, building upon 4G LTE and offering significantly faster speeds, lower latency and increased network capacity.
5G delivers significantly faster data rates than 4G, with lower latency and is designed to scale more effectively.

Adware….: Adware is software that displays unwanted advertisements on your device, often without your knowledge or consent. It can generate revenue for its developers by serving ads, and can also collect data about your online activity to personalize these ads. Adware can be in the form of pop-ups, banners, or changes to non-malicious websites.
Some adware can track your online behaviour, including the websites you visit, to deliver targeted ads.
Some aware can redirect all web traffic or just queries to particular websites to facilitate monitoring, profiling and other revenue generation techniques.

Android: Android is a mobile operating system primarily used on smartphones and tablets. It’s based on the Linux kernel and is developed by Google.

Anonymous Proxy: An anonymous proxy is a type of proxy server that masks the user’s IP address, location, and online identity, making it harder for websites to track their activity. It acts as an intermediary between the user’s device and the internet, routing requests through the proxy’s IP address instead of the user’s. This helps protect user privacy and allows for accessing content that may be restricted based on location.

How it Works:
Routing Traffic:
When a user sends a request to a website, the request is first routed through the anonymous proxy server instead of directly from the user’s computer.
IP Address Hiding:
The proxy server’s IP address is used instead of the user’s original IP address, which makes the user’s location and identity more difficult to track.
Privacy Protection:
This helps protect user privacy by concealing their identity and location from websites they visit, according to Smartproxy.

Uses:
Privacy and Anonymity:
Anonymous proxies can be used to browse the internet without revealing personal information or location, according to Smartproxy,.
Bypassing Geographic Restrictions:
They can be used to access websites or services that may be restricted based on location, according to Smartproxy,.
Avoiding IP Blocks and Rate Limits:
In some cases, they can be used to avoid having your IP address blocked or rate limited by websites.
Data Scraping:
Some companies use anonymous proxies in web scraping to hide their IP address and avoid being blocked,

Important Risks:
Not Fully Anonymous:
While anonymous proxies can hide your IP address and location, they are not completely anonymous, as some information about your activity may still be visible to the proxy provider.
Security Risks:
Using free or untrusted proxy services can expose your data to security risks.

Apple Inc.: Apple Inc. is a multinational technology company known for its consumer electronics, software, and services, headquartered in Cupertino, California. Founded in 1976, it designs, manufactures, and markets smartphones, personal computers, tablets, wearables, and accessories. Apple also offers various services like payment processing, digital content, cloud storage and advertising.

Bandwidth: Bandwidth has many meanings, depending in the context, Internet bandwidth refers to the maximum amount of data that can be transmitted over a network connection within a specific time frame. It’s often measured in bits per second (bps) or its multiples, such as megabits per second (Mbps) or gigabits per second (Gbps). Think of it as the capacity of a highway for data traffic.

Bandwidth use is also a measure of how much Internet traffic a use is using instantaneously, or over a given period of time, for example, a user is using 35Mbps of bandwidth to stream that movie in 4K, or a user as used 34 GB (gigabytes) of bandwidth today.

BitTorrent: A BitTorrent, or torrent is a file distribution system, allowing the peer-to-peer download and upload of files, although it has legitimate uses, it is primarily used for sharing and downloading files, often in an obfuscated way.
A Torrent file is often downloaded from an website or other location to start the process of downloading the desired content.

Any file may be transferred in this way, so controlling torrent is an important part of a security and safeguarding posture.

CDN / Content Delivery Network: A Content Delivery Network (CDN) is a geographically distributed network of servers that caches and delivers web content to users, improving website performance by reducing latency and improving user experience. CDNs work by storing copies of website content (like images, videos, and HTML) on servers located closer to users’ geographical locations. This reduces the distance that data needs to travel to reach a user, leading to faster loading times and a better user experience.

Often Geographically Distributed:
CDNs consist of many servers, known as “edge servers,” strategically placed around the world, often in data centres.
Some offer hosted ‘compute’ and or other servers / services at the same locations.

Caching:
These edge servers store copies of website content, allowing users to access the content from the nearest server, significantly reducing the distance data has to travel.

Improved Performance:
By minimising the distance between the user and the server, CDNs reduce latency and improve website loading times.

Enhanced User Experience:
Faster loading times lead to a better user experience, as users are less likely to abandon a website or e-commerce site if it loads quickly.

Reduced Load on Origin Server:
CDNs also help reduce the load on the website’s origin server by handling a large portion of the content delivery, improving the reliability and stability of the website.

Cost Savings:
By optimising content delivery, CDNs can help reduce bandwidth and hosting costs for websites.

Increased Security:
CDNs can also help protect websites against some types of cyberattacks, such as Distributed Denial of Service (DDoS) attacks, by distributing the traffic across multiple servers and Implementing WAF / WAAP functionality.

VPNs:
Some CDN’s allow VPNs to connect through their infrastructure, evading firewall and content controls and making them difficult to detect and block.

co-sourcing: Co-sourcing, similar to outsourcing, where an external partner works alongside the in-house team, who retain overall control of the process

Content Control & Classification: Website content control and classification involve categorizing website content for various purposes, including security, parental controls, and organizational needs.
This process helps in managing access to websites, blocking or allowing access based on predefined categories, and improving user experience.

How Website Content Control and Classification Work:
1. Categorization:
Websites are classified into categories based on their content, such as malicious, adult, job searching, or news.
2. Filtering and Blocking:
Content filters use these classifications to control access to specific categories or individual websites.
3. Security Applications:
Categorization enables security tools to identify and block phishing sites, malware distribution sites, and other malicious content.
4. Parental Controls:
Parents can use website classification to set up filters that block or allow access to specific categories, ensuring a safer online experience for their children.
5. Organizational Use:
Organizations may block certain categories like social media or job searching to improve employee productivity or comply with regulations.

While there are dedicated solutions to provide this functionality, NGFWs often provide this as a subscription service.

Domain Name Service (DNS): Domain Name Service or DNS has been an essential part of the Internet since 1985, essentially locating computers and services from human friendly names, it is also critical for email delivery, SPAM control, service entitlement verification and many other key Internet components depend on it.
Monitoring and filtering hosts and domains is an important component to an effective Internet safeguarding disposition.

Firewall: A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predefined security rules. Its primary function is to act as a barrier between a trusted internal network and untrusted external networks, like the Internet. Firewalls inspect data packets and determine whether to allow, block, or drop them based on established criteria, protecting network devices from potential threats, and controlling user access to services and applications.

Geo Location: Geo Location is the term used for technology or data used to geolocate a user or device, this is sometimes IP address based, but more commonly and accurately, Geo location is performed by access location hardware such as GPS on a mobile device, or services that have Geo mapped Wifi SSID’, using a mobile devices list of accessible Wifi SSID’s and signal strengths can pinpoint a device to a few meters accuracy.
More localised location can be performed with Bluetooth beacons or similar technology, more commonly used to advertise to device local to a retail outlet.

HTTP: HTTP stands for Hypertext Transfer Protocol, the foundation protocol for transferring data on the World Wide Web.
It’s used to exchange files like HTML documents, images, and videos between web servers and browsers.
HTTP has evolved through various versions, including HTTP/1.0, HTTP/1.1, HTTP/2, and the latest HTTP/3.
HTTP itself is not secure, HTTPS (Hypertext Transfer Protocol Secure) uses encryption (TLS/SSL) to protect data transmission.

iPad: Apple Inc’s tabled handheld computer device.

iPhone: Apple Inc.’s popular mobile smartphone.

IPsec: IPsec stands for Internet Protocol Security. It’s a suite of protocols used to secure IP network communications by authenticating and encrypting IP packets. IPsec is commonly used in virtual private networks (VPNs) to create secure, encrypted tunnels for data transmission.
Some commercial VPN’s offer IPsec as a protocol option.
IPsec uses protocols like Internet Key Exchange (IKE) to establish secure connections and exchange cryptographic key.

L2TP: L2TP, or Layer 2 Tunneling Protocol, is a networking protocol used to create secure tunnels for data transmission over public networks, often used in conjunction with VPNs. While L2TP itself doesn’t provide encryption, it’s frequently paired with encryption protocols like IPsec to secure VPN connections.

Malware: Malware, short for malicious software, refers to any software designed to harm or disrupt computer systems, networks, or devices. It includes various types like viruses, ransomware, and trojans. Malware can be used to steal data, disrupt operations, gain unauthorised access, or demand ransoms (Ransomware).

Mobile Device Management (MDM): Mobile Device Management (MDM) is a method organisations use to securely manage and control mobile devices, like smartphones, tablets, and laptops, used by employees to access business-critical data. It involves monitoring, managing and securing these devices from a central location, enabling IT administrators to update software, enforce policies and remotely wipe or lock lost or stolen devices.

Key aspects of MDM:
Device Enrollment:
MDM typically involves enrolling devices into the management platform, which allows the IT team to track and manage them.
Remote Management:
MDM enables IT to remotely push out software updates, security patches, and new applications to devices.
Policy Enforcement:
MDM can enforce security policies, such as requiring passcodes, restricting app installations, or controlling access to certain features.
Security Features:
MDM provides tools to protect devices, including remote wipe, device locking, and monitoring device compliance with organizational policies.
Compliance and Visibility:
MDM helps organizations stay compliant with industry regulations and provides visibility into device usage and security status.
BYOD Support:
MDM is crucial for managing Bring Your Own Device (BYOD) environments, where employees, students etc. use their personal devices for work or in a controlled environment.

Network Access Control (NAC): Network Access Control (NAC) is a security approach that restricts access to a network based on defined policies and rules. It ensures that only authorized users and devices can connect to the network and only to the resources they are permitted to access.
NAC helps protect against unauthorised access, malware, and other security threats by enforcing policies on endpoints and monitoring network activity.
Often deployed alongside MDM.

Next Generation Firewall: A next-generation firewall (NGFW) is a security appliance that goes beyond traditional firewall functionality by adding application-level inspection, intrusion prevention, user awareness and advanced threat intelligence. It examines network traffic more deeply than traditional firewalls, looking beyond IP addresses, ports, and protocols to identify and block malicious activity at the application layer.

NGFWs can make security decisions based on the context of network traffic, such as the user, device, and application, providing more targeted and effective security policies.

NGFWs often leverage threat intelligence feeds to identify and block known malicious IP addresses, domains, and other indicators of compromise. Our products are often deployed on NGFWs.

Nudity: Nudity is the state of wearing no clothing. Often a category of web site classification used for content control.

OpenVPN: OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.
OpenVPN is often use by commercial VPNs and Individual VPN installations.

Outsourcing: Outsourcing is the business practice of engaging with a third party to perform services that were traditionally performed in-house by the organisation’s own employees.

Pornography: Pornography can be defined as “material [e.g., pictures, films, videos or text] deemed sexual, given the context, that has the primary intention of sexually arousing the consumer, and is produced and distributed with the consent of all persons involved”.). Central to the legal definition of pornography is the consent of all persons involved. Therefore, materials that were produced or distributed without the consent of at least one person involved (Examples: “revenge porn”, “child pornography”) are excluded from the definition of pornography.
Pornography is best defined as a medium, such as a picture, video, or text, that is intended to be treated as sexually arousing pornography is often framed as an aid for sexual arousal.
Using pornography means to intentionally look at, watch, read, or listen to sexually arousing material (pictures, videos, films, written text or audio) which depicts nudity and/or explicit sexual behaviour.

PPTP: PPTP, Point-to-Point Tunnelling Protocol, a legacy VPN protocol used for establishing secure remote connections over the internet. It’s known for its ease of setup and speed, but it’s also considered outdated due to its security vulnerabilities and the availability of more secure alternatives. Some Commercial VPN vendors still support it.

Proxy: In networking, a proxy server acts as an intermediary between a client and a server, managing requests and response.
It can be used to cache web content, filter traffic, and hide the client’s IP address
See ‘Anonymous Proxy’ for more specific detail.

QUIC: QUIC is a more modern protocol designed by Google to make the web traffic faster and more efficient. It’s on by default in Google Chrome and other browsers and used by a growing number of websites and applications.
Firewalls do not currently recognize QUIC traffic as ‘web’ traffic, therefore content classification and filtering does not work.

In order to maintain effective policy control QUIC traffic must be blocked, which can be achieved by using the firewalls application library for QUIC, or by blocking UDP ports 80 and 443.

How to Block QUIC with SonicWall
How to Block QUIC with Sophos XG
How to Block QUIC with Fortinet Fortigate
How to Block QUIC with Palo Alto Networks
How to Block QUIC with WatchGuard

In May 2021, the IETF standardised QUIC in RFC 9000, supported by RFC 8999, RFC 9001 and RFC 9002.
DNS-over-QUIC is also possible.

Ransomware: Ransomware is a type of malware that encrypts the victim’s personal data until a ransom is paid.
Difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are commonly used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Sometimes the original files can be retrieved without paying the ransom due to implementation mistakes, leaked cryptographic keys or a complete lack of encryption in the ransomware.

Remote Desktop (protocol): RDP, or Remote Desktop Protocol, is a network communication protocol developed by Microsoft that allows users to control another computer remotely.
It enables users to connect to a remote computer and interact with its graphical user interface as if they were sitting directly in front of it.
For obvious reasons, controlling RDP and other forms of Remote Desktop enablement is important.

Safeguarding: Safeguarding is the practice of protecting people’s health, well-being, and human rights, especially children, young peopl, and vulnerable adults, from harm, abuse and neglect.

Social Media: Social media refers to websites and applications that facilitate communication, community-based input, interaction, content-sharing, and collaboration.
These platforms enable users to connect with others, share information, and create virtual communities.
Common examples include Facebook, Instagram, X (formerly Twitter), YouTube, and TikTok.
Social media has evolved beyond just connecting with friends and family, now serving as a platform for news dissemination, entertainment, and even commerce.

Also commonly used to widely profile users, deliver targeted advertising and content to users, disseminate lies / untruths or niche positions.
Social media sites often host other categories of content, for example porn sites may have a presence on social media.

Social media may subject children and teenagers to inappropriate influence for example:

Comparing themselves to perfect images online leads to lower self-esteem when teens feel negative about their appearance, or their lives.
Influence impulsive behaviour, for example to buy products, drugs, be rules by ‘likes’, publish inappropriate or illegal content, engage in risky or inappropriate behaviour.
A perpetrator or victim of Cyberbullying, stalking etc.
Intellectual isolation cause by “filter bubbles“.
Misinformation, hate speech, inappropriate unmoderated content, direct messaging.

The United States Surgeon General released a social media advisory in 2023 about social media and mental health.

SoftEther: A VPN, SoftEther VPN (“SoftEther” means “Software Ethernet”) is one of the world’s most powerful and easy-to-use multi-protocol VPN software. It runs on Windows, Linux, Mac, FreeBSD and Solaris.
a Design goal of SoftEther is the “Penetrate firewalls”

SSL: SSL, which stands for Secure Sockets Layer, is a security protocol that encrypts data transmitted between a client and a server, most commonly used to secure web connections.
While technically superseded by TLS (Transport Layer Security), the term “SSL” is still widely used and understood and often in common use synonymously for TLS.

SSTP: SSTP, or Secure Socket Tunneling Protocol, is a VPN protocol developed by Microsoft that uses SSL/TLS encryption to create a secure tunnel between a client and a server.
It’s designed to provide secure communication over the internet by encapsulating Point-to-Point Protocol (PPP) traffic within an SSL/TLS channel.
SSTP is particularly useful for bypassing firewalls and web proxies that might block other VPN protocols.

Still Used by some commercial VPN providers.

TLS: Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.
A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP).
TLS was proposed by the Internet Engineering Task Force (IETF), an international standards organisation, the first version of the protocol was published in 1999.
The most recent version is TLS 1.3, which was published in 2018

TOR Browser: A TOR browser is software that allows users to browse the Internet with a relatively high degree of privacy. The network and browser take their name from the fact that they direct all web activity through several routers—called nodes—much like going through the layers of an onion, making it difficult to track and identify users.
However, there is a close association between Tor and the dark web because the Tor browser is often used for illicit activity, even though there was never any intention for Tor to enable criminality. Although the Tor browser is legal in many countries, some do not allow residents to access the network.

TOR Network: TOR, an acronym for The Onion Router, is essentially an overlay network that masks online traffic between a client and the TOR exit node, obfuscating that traffic and providing a degree of privacy by obscuring the source of the traffic.
Many organisations block or restrict traffic from the TOR network, or enforce additional checks on TOR like CAPTHA.
It is typically hard to block completely, slow, high latency and not suitable for large uploads or downloads.

URL Filtering: URL filtering is a web filtering technique that restricts access to specific websites or web pages by checking the URL against a list of blocked or allowed URLs. This method helps organizations control employee internet usage, block malicious sites, and manage bandwidth consumption. It can be used to prevent access to inappropriate content, protect against phishing and malware, and improve productivity.

NGFWs often include content control based on URL filtering.
Often this does NOT work for QUIC based web traffic.

Virtual Private Network (VPN): A VPN, or Virtual Private Network, is a software service that creates a secure, encrypted tunnel for your internet traffic, making it harder for hackers to intercept your data. It also masks your IP address, making it appear as if you are browsing from a different location.

How it Works:
Encrypted Tunnel:
When you connect to a VPN, your internet traffic is encrypted and routed through a secure tunnel to a VPN server.

IP Address Masking:
The VPN server’s IP address, not your own, is shown to the websites you visit.

Enhanced Privacy:
This makes it harder for third parties, like your internet service provider or hackers, to see what you’re doing online.

Bypassing Restrictions:
VPNs can also help you bypass website blocks and censorship in some countries.

Commonly used to:
Bypass organisation content controls in schools, colleges and workplaces.
Bypass geo restricted content controls, for example streaming services.

Virus (Computer): A computer virus is a type of malicious software, or malware, that is designed to spread between computers and cause damage to data and software. It’s similar to a biological virus in that it can replicate and spread from one device to another.
Computer viruses aim to disrupt systems, cause operational issues, and result in data loss or leakage.

VPS / Virtual Private Server: A Virtual Private Server (VPS) is a virtualized server environment that offers a more powerful and flexible hosting option than shared hosting, providing a dedicated server instance on a physical server.
It’s like renting a slice of a physical server’s resources, giving you control over your software, applications and operating system.
A cost effective, easily accessible choice for people hosting their own VPN servers.

Wifi: Wi-Fi is a wireless networking technology that uses radio waves to provide network access and allows devices to connect and communicate with each other without cables.
It’s a common standard based on IEEE 802.11 protocols and is widely used in homes, businesses, and public spaces.
Commonly synonymous with “Internet access”, even though that is not technically correct.

Wireguard: A modern VPN protocol.
WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances.
Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
Widely used by Commercial VPNs.

Wuckfitt: Too many organisations have at least one of these.

YouTube: YouTube is an American social media and online video sharing platform owned by Google.
Access is often restricted as video content controls are not guaranteed and it’s often a distraction for adults and children alike.
Also note that adverts displayed in YouTube can be based on user profiling, your personal browsing influences this and can lead to embarrassment when displaying video content to people or using it as a teaching aid.

This glossary aims to provide an appropriate level of explaination and detail for our audience, with links provided to more detailed data or authoritative sources, although we have taken the time to check and link to worthwhile external data sources, We are not responsible for the accuracy or content published in external links, their privacy disposition or their cookie use.