Asset Inventory — Lexicon, Glossary of Terminology

March 29, 2019

Post by Jeremiah Grossman

‘Asset Inventory’ is starting to catch on fast in Information Security. The reason for all the interest and market growth is simple: You cannot secure what you don’t know you own.

The reality is the vast majority of organizations simply do not have an inventory of their Internet-accessible assets, such as websites, name servers, mail servers, IoT devices, etc — or even their Intranet assets for that matter (desktops, printers, servers, etc). They don’t know where those assets are, what they do, who is responsible for them, or much of anything. As any security expert would agree, the lack of an asset inventory is a huge gap for any organization and is arguably the largest and most important unsolved problem in the industry.

And as we can expect from any new emerging industry, there will be a smattering of new technical terminology, some with conflicting and overlapping definitions, and a lot of redefining existing terms. Inevitably this causes a lot of confusion, which should be avoided. What’s needed is the start of a new lexicon for the asset inventory space in how knowledge is captured and communicated to others — a glossary of terms if you will.

Below I’ve drafted a starting list of the most common terms and what they mean. This will be a work in progress.

Asset

A domain name, subdomain, or IP addresses and/or combination thereof of a device connected to the Internet or internal network. An asset may include, but not limited to web servers, name servers, IoT devices, network printers, etc.

Example: foo.tld, bar.foo.tld, x.x.x.x

Asset Inventory

A complete collection of an organization’s assets and associated metadata of each asset.

Asset Management

Asset management refers to monitoring, configuring, and maintaining of assets.

Attack Surface

From the network perspective of an adversary, the complete asset inventory of an organization including all actively listening services (open ports) on each asset.

Discovery

Discovery refers to the act of identifying assets.

Domain Name

A domain name is a label that identifies a network domain. Domain names are used to identify Internet resources, such as computers, networks, and services, with an easy-to-remember text label that is easier to memorize than the numerical addresses used in the Internet protocols.

Example: foo.tld is the domain name of URL http://www.foo.tld/index.html

External

Refers to the accessibility of an asset that can be connected to from across the Internet.

Host

A device connected to a network that communicates with other hosts on the network. 

Hostname

A unique name given to any device that is connected to a specific computer network, typically appended to a domain name, and resolves to an IP-address using the Domain Name System (DNS).

Example: ‘bar’ is the hostname of bar.foo.tld.

Internal

Refers to the accessibility of an asset that cannot be connected to from across the Internet, and generally resides on an internal network (i.e. Intranet).

Orphaned Hostname

A hostname that no longer resolves to an IP-address.

Internet-accessible, internet-connected, internet-facing

Refers to an asset that can be connected to over the Internet. While the terms above are often used interchangeably, Internet-accessible considered the preferred term.

Metadata

A set of data that describes and gives information about an asset. Metadata may include, but not limited to geolocation, operation system, open ports, service banners, TLS certificate details, etc.

Reconnaissance / Recon

The act of finding assets

Routable / Non-Routable

Refers to a type of IP-address where network traffic can be routed to over the Internet. As defined by RFC-1918, there are certain IP-address ranges where network traffic cannot be routed to over the Internet, which are referred to as ‘non-routable’ IP-addresses or ‘private’ IP-space

Non-Routable IP-Addresses (RFC-1918)
10.0.0.0 – 10.255.255.255  (10/8 prefix)
172.16.0.0 – 172.31.255.255  (172.16/12 prefix)
192.168.0.0 – 192.168.255.255 (192.168/16 prefix)

Subdomain

A subdomain is a domain name with a hostname appended, which is sometimes more accurately described as a fully qualified domain name (FQDN).

Example: bar.foo.tld

Top-Level Domain (TLD)

Refers to the last segment of a domain name, the part following immediately after the “dot” symbol. The most common and familiar TLDs are .com, .net, and .org. 

Example: TLD is the Top-Level Domain name of the domain name bar.foo.tld

There are many other TLDs, such as .co.uk and co.jp, which are technically not TLDs because they are not located at the ‘top level’ of the domain. These types of domains which are referred to as effective TLDs (eTLDS) because they serve a branching point for domain name registrars.

Virtual Host

Refers to a method for hosting multiple hostnames or domain names, with separate handling of each name, on a single server.