Glossary of Home Cybersecurity Terms

The terminology used across residential cybersecurity spans networking, device security, identity protection, and incident response — drawing from standards maintained by federal agencies, academic researchers, and industry bodies. This reference defines and contextualizes the core terms a homeowner, property professional, or security researcher encounters when assessing or improving the security posture of a residential environment. Each definition is grounded in the classification frameworks published by bodies including the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA). Precise terminology matters because ambiguity in this sector leads directly to misconfigured defenses and unaddressed attack surfaces.

Definition and scope

Home cybersecurity terminology covers three overlapping domains: network infrastructure, endpoint and device security, and identity and data protection. Terms within each domain carry specific technical meanings that differ — sometimes substantially — from casual usage.

Attack surface refers to the total set of points in a system where an unauthorized actor could attempt to extract data or introduce malicious input. In a residential context, the attack surface includes the router, every connected device, accounts with reused credentials, and unpatched firmware. NIST defines the attack surface in NIST SP 800-53 Rev 5 under the System and Communications Protection (SC) control family.

Firmware is the low-level software embedded in hardware devices — routers, smart locks, thermostats, and cameras included. Unlike operating system software, firmware often requires manufacturer-issued updates and cannot be patched through standard app stores. Unpatched firmware is one of the primary vectors documented in CISA advisories for residential IoT exploitation.

Encryption is the process of encoding data so that only authorized parties with the correct decryption key can read it. The two most relevant forms for homeowners are:
- In-transit encryption (e.g., WPA3 on Wi-Fi, TLS on web traffic)
- At-rest encryption (e.g., encrypted hard drives and cloud backups)

VPN (Virtual Private Network) creates an encrypted tunnel between a device and a remote server, masking traffic from local network observers and the ISP. The security value of a residential home VPN depends entirely on the trustworthiness and jurisdiction of the VPN provider.

Malware is an umbrella term covering any software designed to disrupt, damage, or gain unauthorized access to a system. Subcategories include:

1. Ransomware — encrypts victim files and demands payment for decryption keys
2. Spyware — covertly collects user data, including keystrokes and browsing history
3. Adware — injects advertising content, often as a delivery mechanism for more harmful payloads
4. Trojans — disguise themselves as legitimate software while executing malicious functions
5. Worms — self-replicate across networks without requiring user interaction

How it works

Residential cybersecurity defenses operate across three functional layers: perimeter controls, endpoint controls, and behavioral controls.

Perimeter controls govern what traffic enters and exits the home network. The primary perimeter device is the router, which may include a built-in firewall. A firewall inspects incoming and outgoing packets based on rule sets — blocking traffic that matches known threat signatures or violates defined policies. CISA's guidance on router security settings specifically identifies disabling WPS (Wi-Fi Protected Setup) and remote management as baseline hardening steps.

Endpoint controls address individual devices — laptops, smartphones, smart TVs, and IoT sensors. Antivirus and anti-malware software performs signature-based and heuristic detection of malicious code. Patch management — the systematic application of software and firmware updates — closes known vulnerabilities before threat actors can exploit them. The CVE (Common Vulnerabilities and Exposures) database, maintained by MITRE Corporation and sponsored by CISA, catalogs known vulnerabilities with standardized identifiers (e.g., CVE-2021-44228 for Log4Shell).

Behavioral controls include authentication policies and user practices. Multi-factor authentication (MFA) requires at least 2 of the following factor categories:

1. Something the user knows (password, PIN)
2. Something the user has (hardware token, authenticator app)
3. Something the user is (biometric: fingerprint, face recognition)

NIST SP 800-63B, the Digital Identity Guidelines, governs authentication assurance levels and is the primary federal reference for MFA implementation standards.

DNS (Domain Name System) translates human-readable domain names into IP addresses. DNS filtering — offered by services such as CISA's free Protective DNS program — blocks resolution of known malicious domains before a connection is established, providing a pre-infection layer of protection.

Common scenarios

Phishing is a social engineering attack delivered via email, SMS (smishing), or voice call (vishing) that manipulates recipients into disclosing credentials or installing malware. The Federal Trade Commission (FTC) identifies phishing as the leading vector for residential identity theft complaints in its annual Consumer Sentinel Network data.

Credential stuffing occurs when attackers use large datasets of previously breached username-password pairs — obtained from data brokers or dark web markets — to attempt automated logins across unrelated services. Homeowners who reuse passwords across accounts are disproportionately exposed. Reviewing password management practices and enabling two-factor authentication directly mitigates this vector.

Man-in-the-Middle (MitM) attacks intercept communications between two parties — for example, between a homeowner's laptop and their bank — to eavesdrop or alter data. Unencrypted public Wi-Fi is the most common enabler; residential networks running outdated WEP or WPA encryption are also vulnerable.

Default credential exploitation occurs when IoT devices retain factory-set usernames and passwords (commonly "admin/admin" or "admin/password"). Attackers use automated scanners — including the Shodan search engine — to identify exposed devices still running default credentials. This is a documented entry point for smart home device compromise.

Rogue access points are unauthorized Wi-Fi networks that mimic the SSID of a trusted network to intercept device connections. A guest visiting a home and connecting to a spoofed network could inadvertently expose credentials or facilitate lateral movement into the home network.

Decision boundaries

Understanding where one security concept ends and another begins is operationally significant for selecting controls and assigning responsibility.

Firewall vs. Intrusion Detection System (IDS): A firewall enforces access control rules — it blocks or permits traffic based on policy. An IDS monitors traffic passively and generates alerts when patterns match known attack signatures. A firewall prevents; an IDS detects. Some residential routers bundle both functions under the label "IDS/IPS" (Intrusion Prevention System adds active blocking to detection).

Encryption vs. Authentication: Encryption protects data from unauthorized reading. Authentication verifies identity before granting access. A device can be encrypted but have weak authentication (rendering encryption less useful if an attacker can guess the PIN), or it can have strong authentication but transmit data unencrypted over the network.

Privacy vs. Security: These terms are frequently conflated. Security refers to technical controls preventing unauthorized access. Privacy refers to governance of how personal data is collected, stored, and shared. A smart doorbell may be technically secure (no exploitable firmware vulnerabilities) while still raising privacy concerns if video data is transmitted to and retained by a third-party cloud provider under permissive terms.

WPA2 vs. WPA3: Both are Wi-Fi encryption protocols defined by the Wi-Fi Alliance. WPA2 uses AES-CCMP encryption and remains widely deployed. WPA3, finalized in 2018, introduces Simultaneous Authentication of Equals (SAE) to replace the Pre-Shared Key (PSK) handshake, eliminating offline dictionary attacks against captured handshakes. Devices manufactured after 2020 are generally required to support WPA3 to receive Wi-Fi Alliance certification. Networks that include older devices unable to support WPA3 may run in WPA2/WPA3 transition mode, which reduces the security gain.

Zero-day vs. Known vulnerability: A zero-day (0-day) vulnerability is one unknown to the software vendor at the time of exploitation — no patch exists. A known vulnerability is cataloged in the CVE database and typically has a corresponding patch. Most residential compromises exploit known vulnerabilities on unpatched systems, not zero-days, making patch management the higher-priority control for the residential sector.

Professionals assessing residential cybersecurity posture — including those listed in the cybersecurity listings directory — apply these definitional boundaries when scoping assessments, recommending tools, and reporting findings to homeowners or insurers.

References

• NIST SP 800-53 Rev 5 — Security and Privacy Controls for Information Systems
• NIST SP 800-63B — Digital Identity Guidelines: Authentication and Lifecycle Management
• CISA — Home Network Security Guidance
• CISA — Protective DNS Program
• FTC Consumer Sentinel Network Data Book
• MITRE CVE Program
• Wi-Fi Alliance — WPA3 Specification
• NIST National Vulnerability Database (NVD)