Home Cybersecurity Glossary of Key Terms

Home cybersecurity terminology spans network protocols, device classifications, threat taxonomies, and regulatory frameworks that govern residential digital environments. Precise definitions distinguish protective measures from compensating controls, and help homeowners, service professionals, and researchers navigate vendor claims, insurance requirements, and incident response decisions. This reference catalogs core terms structured by definition, operational mechanism, use scenario, and decision logic — serving the Home Cyber Listings ecosystem and the professionals and consumers who rely on it.

Definition and scope

Home cybersecurity, as a service sector, covers the protection of residential networks, connected devices, personal data, and digital identities from unauthorized access, exploitation, or disruption. The sector intersects physical security, telecommunications regulation, and consumer data protection law.

Key foundational terms within this scope:

Attack surface — The sum of all digital entry points on a residential network, including routers, smart TVs, thermostats, cameras, and any device assigned an IP address. The National Institute of Standards and Technology (NIST SP 800-30 Rev 1) defines attack surface in terms of system exposure to threat sources.

Threat vector — A path or means by which a threat actor gains access to a target system. In residential contexts, common vectors include unpatched firmware, default credentials, and phishing emails targeting home office devices.

Vulnerability — A weakness in system design, implementation, or configuration that can be exploited. NIST maintains the National Vulnerability Database (NVD) with standardized Common Vulnerability Scoring System (CVSS) severity ratings for publicly disclosed vulnerabilities.

Patch — A software or firmware update that remediates a known vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) maintains a Known Exploited Vulnerabilities catalog that identifies patches with active exploitation confirmed in the field.

Encryption — The transformation of plaintext data into ciphertext using a cryptographic algorithm and key. For residential Wi-Fi, WPA3 (Wi-Fi Protected Access 3) is the current standard established by the Wi-Fi Alliance, replacing the compromised WEP and WPA2-TKIP protocols.

Authentication — The process of verifying identity before granting access. Multi-factor authentication (MFA) combines at least 2 of the following 3 factor categories: something known (password), something possessed (hardware token or phone), something inherent (biometric).

How it works

Residential cybersecurity operates across 4 functional layers, each with distinct terminology:

Network perimeter — The router and modem form the first defensive boundary. Terms here include firewall (packet filtering rules governing inbound and outbound traffic), NAT (Network Address Translation, which masks internal IP addresses), and DNS filtering (blocking resolution of known malicious domains before connections are established).
Device layer — Each connected device carries its own firmware, software stack, and credential system. Relevant terms include IoT (Internet of Things — devices with embedded computing and network capability, typically lacking robust security controls), endpoint (any device that communicates on a network), and hardening (the process of reducing a device's attack surface by disabling unnecessary services and changing default settings).
Data layer — Covers the information transmitted, stored, or processed within the home environment. Terms include data at rest (stored data, e.g., on a local hard drive or NAS device), data in transit (data moving across a network), and end-to-end encryption (E2EE — encryption where only communicating endpoints hold decryption keys, not intermediaries).
Identity layer — Governs who or what can authenticate to devices and services. Terms include credential stuffing (automated injection of breached username/password pairs against login portals), session hijacking (theft of authenticated session tokens), and identity theft (the fraudulent acquisition and use of personal identifying information, regulated federally under 18 U.S.C. § 1028).

Common scenarios

Understanding terminology requires grounding in the residential threat scenarios where terms apply in practice. The Home Cyber Directory Purpose and Scope outlines the service landscape within which these events occur.

Scenario 1 — Router compromise via default credentials: An attacker scans public IP ranges for routers using factory-default usernames and passwords. Once authenticated, the attacker installs persistent malware, redirects DNS queries to malicious servers, or intercepts unencrypted traffic. The relevant terms are: default credentials, DNS hijacking, man-in-the-middle (MitM) attack, and persistence mechanism.

Scenario 2 — Smart device exploitation: A residential IP camera running unpatched firmware is discovered via Shodan (a public search engine indexing internet-connected devices). The attacker exploits a known CVE (Common Vulnerabilities and Exposures identifier) to gain shell access. Terms: CVE, zero-day (a vulnerability exploited before a patch is available), lateral movement (using one compromised device to access others on the same network).

Scenario 3 — Phishing targeting home office systems: A spear-phishing email — a targeted message impersonating a trusted institution — delivers a malicious link or attachment to a home worker. Execution installs a RAT (Remote Access Trojan), giving the attacker persistent backdoor access. Terms: phishing, spear-phishing, RAT, payload, command-and-control (C2) infrastructure.

Scenario 4 — Data breach through cloud-connected devices: A smart home hub syncs resident data to a vendor cloud. A breach of that cloud exposes device usage patterns, location data, and stored credentials. The FTC Act Section 5 and, for California residents, the California Consumer Privacy Act (CCPA) govern data handling obligations in these contexts.

Decision boundaries

Certain term pairs require clear definitional separation to avoid misapplication in service contracts, insurance claims, or incident reports. The How to Use This Home Cyber Resource page addresses how these distinctions map to service provider categories.

Vulnerability vs. exploit: A vulnerability is a latent weakness; an exploit is active code or technique that takes advantage of it. A system can carry thousands of vulnerabilities without any being exploited. Insurance and liability determinations often hinge on whether an exploitable vulnerability was publicly known and unpatched at the time of an incident.

Antivirus vs. EDR: Antivirus software uses signature-based detection to identify known malware by matching file hashes to a database. Endpoint Detection and Response (EDR) uses behavioral analysis, telemetry logging, and threat hunting to identify both known and novel threats. For home environments, the distinction matters when evaluating protection adequacy for home office or high-value asset contexts.

WPA2 vs. WPA3: Both are Wi-Fi encryption standards. WPA2 using AES-CCMP remains widely deployed but is vulnerable to PMKID offline dictionary attacks identified in 2018. WPA3 introduces Simultaneous Authentication of Equals (SAE), eliminating the offline attack vector. The Wi-Fi Alliance formally released WPA3 certification in 2018.

Backup vs. recovery: A backup is a copy of data; recovery is the validated ability to restore from that copy within an acceptable time. The recovery time objective (RTO) and recovery point objective (RPO) define the operational parameters — terms drawn from business continuity frameworks including NIST SP 800-34 Rev 1.

Incident vs. breach: NIST SP 800-61 Rev 2 defines a security incident as any event that threatens the confidentiality, integrity, or availability of a system. A breach, under statutes such as the Health Insurance Portability and Accountability Act (HIPAA) and state notification laws, specifically requires unauthorized acquisition of protected data. Not all incidents constitute breaches; all breaches are incidents.

References

📜 7 regulatory citations referenced · 🔍 Monitored by ANA Regulatory Watch · View update log