Network security

Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.
  • pharming - Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent.
  • ping sweep (ICMP sweep) - A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
  • plaintext - In cryptography, plaintext is usually ordinary readable text before it is encrypted into ciphertext or after it is decrypted.
  • polymorphic virus - A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.
  • POODLE Attack - The POODLE attack, also known as CVE-2014-3566, is an exploit used to steal information from secure connections, including cookies, passwords and any of the other type of browser data that gets encrypted as a result of the secure sockets layer (SSL) protocol.
  • Presidential Policy Directive 21 (PPD-21) - Presidential Policy Directive 21 (PPD-21) is an infrastructure protection and resilience directive in the United States that aims to strengthen and secure the country's critical infrastructure.
  • Pretty Good Privacy (PGP) - Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.
  • principle of least privilege (POLP) - The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs.
  • private certificate authority (CA) - Private CA stands for private certificate authority and is an enterprise specific certificate authority that functions like a publicly trusted CA but is exclusively run by or for the enterprise.
  • private key - A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data.
  • privileged access management (PAM) - Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization's critical information and resources.
  • promiscuous mode - In computer networking, promiscuous mode is a mode of operation, as well as a security, monitoring and administration technique.
  • proof of concept (PoC) exploit - A proof of concept (PoC) exploit is a nonharmful attack against a computer or network.
  • proxy firewall - A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.
  • proxy hacking - Proxy hacking is a cyber attack technique designed to supplant an authentic webpage in a search engine's index and search results pages to drive traffic to an imitation site.
  • public key - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • Public-Key Cryptography Standards (PKCS) - Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15.
  • quantum key distribution (QKD) - Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys only known between shared parties.
  • RADIUS (Remote Authentication Dial-In User Service) - RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
  • rainbow table - A rainbow table is a password hacking tool that uses a precomputed table of reversed password hashes to crack passwords in a database.
  • ransomware as a service (RaaS) - Ransomware as a service (RaaS) is a subscription-based business model that enables affiliates to launch ransomware attacks by accessing and using pre-developed ransomware tools.
  • RAT (remote access Trojan) - A RAT (remote access Trojan) is malware an attacker uses to gain full administrative privileges and remote control of a target computer.
  • remote access - Remote access is the ability for an authorized person to access a computer or network from a geographical distance through a network connection.
  • retina scan - Retina scanning is a biometric authentication technology that uses an image of an individual's retinal blood vessel pattern as a unique identifying trait for access to secure installations.
  • reverse brute-force attack - A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network.
  • Rich Internet Application (RIA) - A rich Internet application (RIA) is a Web application designed to deliver the same features and functions normally associated with deskop applications.
  • Rijndael - Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm.
  • rootkit - A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
  • RSA algorithm (Rivest-Shamir-Adleman) - The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network, such as the internet.
  • scareware - Scareware is a type of malware tactic used to manipulate victims into downloading or buying potentially malware-infested software.
  • screened subnet - A screened subnet, or triple-homed firewall, refers to a network architecture where a single firewall is used with three network interfaces.
  • script kiddie - Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses.
  • secure access service edge (SASE) - Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native security technologies and delivers them as a single cloud service.
  • Secure Electronic Transaction (SET) - Secure Electronic Transaction (SET) is a system and electronic protocol to ensure the integrity and security of transactions conducted over the internet.
  • Secure File Transfer Protocol (SSH File Transfer Protocol) - SFTP is a term that refers to either Secure File Transfer Protocol or SSH File Transfer Protocol, and is a computing network protocol for accessing and managing files on remote systems.
  • Security Assertion Markup Language (SAML) - Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • security audit - A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria.
  • security clearance - A security clearance is an authorization that allows access to information that would otherwise be forbidden.
  • security identifier (SID) - In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate.
  • security incident - A security incident is an event that could indicate that an organization's systems or data have been compromised or that security measures put in place to protect them have failed.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.
  • security policy - A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets.
  • security posture - Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security token - A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.
  • session ID - A session ID, also called a session token, is a unique identifier that a web server assigns to a user for the duration of the current session.
  • shadow password file - A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
  • Shared Key Authentication (SKA) - Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • Shodan - Shodan (Sentient Hyper-Optimised Data Access Network) is a search engine designed to map and gather information about internet-connected devices and systems.
  • shoulder surfing - Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
  • SIM card - A SIM card, also known as a subscriber identity module, is a smart card that stores identification information that pinpoints a smartphone to a specific mobile network.
  • single sign-on (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • smart home - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
  • smishing (SMS phishing) - Smishing -- or Short Message Service (SMS) phishing -- is a social engineering tactic cybercriminals use to trick people into divulging sensitive information over text messages.
  • SMS spam (cell phone spam or short messaging service spam) - SMS spam (sometimes called cell phone spam) is any junk message delivered to a mobile phone as text messaging through the Short Message Service (SMS).
  • snooping - Snooping, in a security context, is unauthorized access to another person's or company's data.
  • Snort - Snort is an open source network intrusion detection system (NIDS) created by Sourcefire founder and former CTO Martin Roesch.
  • social engineering - Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations or for financial gain.
  • social engineering penetration testing - Social engineering penetration testing is the practice of deliberately conducting typical social engineering scams on employees to ascertain the organization's level of vulnerability to this type of exploit.
  • software-defined perimeter (SDP) - A software-defined perimeter, or SDP, is a security technique that controls access to resources based on identity and forms a virtual boundary around networked resources.
  • spear phishing - Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
  • SS7 attack - An SS7 attack is a security exploit that takes advantage of a weakness in the design of SS7 (Signaling System 7) to enable data theft, eavesdropping, text interception and location tracking.
  • stack overflow - A stack overflow is a type of buffer overflow error that occurs when a computer program tries to use more memory space in the call stack than has been allocated to that stack.
  • stateful inspection - Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
  • stealth virus - A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • storage security - Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks and unavailable to other entities.
  • strong password - A strong password is one that is designed to be hard for a person or program to guess.
  • SWIFT FIN message - SWIFT FIN is a message type (MT) that transmits financial information from one financial institution to another.
  • SYN flood attack - A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.
  • SYN scanning - SYN scanning is a tactic that a malicious hacker can use to determine the state of a communications port without establishing a full connection.
  • Temporal Key Integrity Protocol (TKIP) - Temporal Key Integrity Protocol (TKIP) is an encryption protocol included in the Institute of Electrical and Electronics Engineers (IEEE) 802.
  • threat actor - A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that affects -- or has the potential to affect -- an organization's security.
  • threat modeling - Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system.
  • token - In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver's esteem for the recipient.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Transport Layer Security (TLS) - Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications.
  • Trojan horse - In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.
  • trusted computing base (TCB) - A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations.
  • tunneling or port forwarding - Tunneling or port forwarding is the transmission of data intended for use only within a private -- usually corporate -- network through a public network in such a way that the public network's routing nodes are unaware that the transmission is part of a private network.
  • Twofish - Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits.
  • user account provisioning - User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system.
  • virtual firewall - A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment.
  • virtual local area network hopping (VLAN hopping) - Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of a VLAN by sending packets to a port not usually accessible from an end system.
  • virtual machine escape - A virtual machine escape is an exploit in which an attacker runs code on a VM that lets the operating system (OS) running within it break out and interact directly with the hypervisor.
  • virtual private cloud (VPC) - A virtual private cloud (VPC) is the logical division of a service provider's public cloud multi-tenant architecture to support private cloud computing.
  • virus (computer virus) - A computer virus is a type of malware that attaches itself to a program or file.
  • virus hoax - A virus hoax is a false warning about a computer virus.
  • virus signature (virus definition) - A virus signature, also known as a 'virus definition,' is a piece of code with a unique binary pattern that identifies a computer virus or family of viruses.
  • voice squatting - Voice squatting is an attack vector for voice user interfaces, or VUIs, that exploits homonyms -- words that sound the same, but are spelled differently -- and input errors -- words that are mispronounced.
  • vulnerability and patch management - Vulnerability management is a pro-active approach to managing network security.
  • vulnerability disclosure - Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware.
  • WannaCry ransomware - WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system.
  • war driving (access point mapping) - War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks (WLANs) while driving around a city or elsewhere.
  • Web application firewall (WAF) - A web application firewall (WAF) is a firewall that monitors, filters and blocks Hypertext Transfer Protocol (HTTP) traffic as it travels to and from a website or web application.
  • What is a block cipher? - A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
  • What is a cloud access security broker (CASB)? - A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure.
  • What is a computer exploit? - A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system.