Network security

Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security token - A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.
  • session ID - A session ID, also called a session token, is a unique identifier that a web server assigns to a user for the duration of the current session.
  • shadow password file - A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
  • Shared Key Authentication (SKA) - Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • Shodan - Shodan (Sentient Hyper-Optimised Data Access Network) is a search engine designed to map and gather information about internet-connected devices and systems.
  • shoulder surfing - Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
  • SIM card - A SIM card, also known as a subscriber identity module, is a smart card that stores identification information that pinpoints a smartphone to a specific mobile network.
  • single sign-on (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • smart home - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
  • smishing (SMS phishing) - Smishing -- or Short Message Service (SMS) phishing -- is a social engineering tactic cybercriminals use to trick people into divulging sensitive information over text messages.
  • SMS spam (cell phone spam or short messaging service spam) - SMS spam (sometimes called cell phone spam) is any junk message delivered to a mobile phone as text messaging through the Short Message Service (SMS).
  • snooping - Snooping, in a security context, is unauthorized access to another person's or company's data.
  • Snort - Snort is an open source network intrusion detection system (NIDS) created by Sourcefire founder and former CTO Martin Roesch.
  • social engineering penetration testing - Social engineering penetration testing is the practice of deliberately conducting typical social engineering scams on employees to ascertain the organization's level of vulnerability to this type of exploit.
  • software-defined perimeter (SDP) - A software-defined perimeter, or SDP, is a security technique that controls access to resources based on identity and forms a virtual boundary around networked resources.
  • spear phishing - Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
  • SS7 attack - An SS7 attack is a security exploit that takes advantage of a weakness in the design of SS7 (Signaling System 7) to enable data theft, eavesdropping, text interception and location tracking.
  • stack overflow - A stack overflow is a type of buffer overflow error that occurs when a computer program tries to use more memory space in the call stack than has been allocated to that stack.
  • stateful inspection - Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
  • stealth virus - A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • storage security - Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks and unavailable to other entities.
  • strong password - A strong password is one that is designed to be hard for a person or program to guess.
  • SWIFT FIN message - SWIFT FIN is a message type (MT) that transmits financial information from one financial institution to another.
  • SYN flood attack - A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.
  • SYN scanning - SYN scanning is a tactic that a malicious hacker can use to determine the state of a communications port without establishing a full connection.
  • Temporal Key Integrity Protocol (TKIP) - Temporal Key Integrity Protocol (TKIP) is an encryption protocol included in the Institute of Electrical and Electronics Engineers (IEEE) 802.
  • threat actor - A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that affects -- or has the potential to affect -- an organization's security.
  • token - In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver's esteem for the recipient.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Trojan horse - In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.
  • trusted computing base (TCB) - A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations.
  • tunneling or port forwarding - Tunneling or port forwarding is the transmission of data intended for use only within a private -- usually corporate -- network through a public network in such a way that the public network's routing nodes are unaware that the transmission is part of a private network.
  • user account provisioning - User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system.
  • virtual firewall - A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment.
  • virtual local area network hopping (VLAN hopping) - Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of a VLAN by sending packets to a port not usually accessible from an end system.
  • virtual machine escape - A virtual machine escape is an exploit in which an attacker runs code on a VM that lets the operating system (OS) running within it break out and interact directly with the hypervisor.
  • virtual private cloud (VPC) - A virtual private cloud (VPC) is the logical division of a service provider's public cloud multi-tenant architecture to support private cloud computing.
  • virus (computer virus) - A computer virus is a type of malware that attaches itself to a program or file.
  • virus hoax - A virus hoax is a false warning about a computer virus.
  • virus signature (virus definition) - A virus signature, also known as a 'virus definition,' is a piece of code with a unique binary pattern that identifies a computer virus or family of viruses.
  • voice squatting - Voice squatting is an attack vector for voice user interfaces, or VUIs, that exploits homonyms -- words that sound the same, but are spelled differently -- and input errors -- words that are mispronounced.
  • vulnerability and patch management - Vulnerability management is a pro-active approach to managing network security.
  • vulnerability disclosure - Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware.
  • WannaCry ransomware - WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system.
  • war driving (access point mapping) - War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks (WLANs) while driving around a city or elsewhere.
  • What are social engineering attacks? - Social engineering is an attack vector that relies heavily on human interaction and often involves psychological manipulation of people into breaking normal security procedures and best practices to gain unauthorized access.
  • What is a block cipher? - A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
  • What is a botnet? - A botnet is a collection of internet-connected devices -- including PCs, servers, mobile devices and internet of things (IoT) devices -- infected and controlled by a common type of malware, often unbeknownst to their owners.
  • What is a buffer overflow? How do these types of attacks work? - A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold.
  • What is a certificate authority (CA)? - A certificate authority (CA) is a trusted entity that issues digital certificates to authenticate content sent from web servers.
  • What is a certificate revocation list (CRL) and how is it used? - A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date.
  • What is a cloud access security broker (CASB)? - A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure.
  • What is a computer exploit? - A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system.
  • What is a denial-of-service attack? - A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it impossible for legitimate users to access computer systems, networks, services or other IT resources.
  • What is a disaster recovery plan (DRP)? - A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume operations after an unplanned incident.
  • What is a DMZ in networking? - In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks -- usually, the public internet.
  • What is a hacker? - A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.
  • What is a honeypot? How it protects against cyberattacks - A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to help organizations detect, deflect and study hacking attempts to gain unauthorized access to IT.
  • What is a next-generation firewall (NGFW)? - A next-generation firewall (NGFW) is part of the third generation of firewall technology that can be implemented in hardware or software.
  • What is a password? - A password is a string of characters used to verify the identity of a user during the authentication process.
  • What is a potentially unwanted program (PUP)? - A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.
  • What is a private cloud? Definition and examples - Private cloud is a type of cloud computing that delivers advantages similar to public cloud, including scalability and self-service, but through a proprietary architecture.
  • What is a private key? - A private key, also known as a secret key, is a variable in cryptography used with an algorithm to encrypt or decrypt data.
  • What is a proxy firewall? - A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.
  • What is a public key and how does it work? - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • What is a public key certificate? - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • What is a rootkit? - A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
  • What is a session key? - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • What is a spam trap? - A spam trap is an email address that's used to identify and monitor spam email.
  • What is a stream cipher? - A stream cipher is an encryption method in which data is encrypted one byte at a time.
  • What is a threat intelligence feed? - A threat intelligence feed, also known as a TI feed, is an ongoing stream of data related to potential or current threats to an organization's security.
  • What is a web application firewall (WAF)? WAF explained - A web application firewall (WAF) is a firewall that is meant to protect web applications against common web-based threats.
  • What is an attack vector? - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server to deliver a payload or malicious outcome.
  • What is an initialization vector? - An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks.
  • What is an intrusion detection system (IDS)? - An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered.
  • What is application allowlisting? - Application allowlisting, previously known as 'application whitelisting,' is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.
  • What is authentication, authorization and accounting (AAA)? - Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
  • What is biometric verification? - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
  • What is biometrics? - Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.
  • What is Blowfish? - Blowfish is a variable-length, symmetric, 64-bit block cipher.
  • What is cipher block chaining (CBC)? - Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.
  • What is cloud security? - Cloud security, or cloud computing security, is a set of policies, practices and controls deployed to protect cloud-based data, applications and infrastructure from cyberattacks and cyberthreats.
  • What is cryptography? - Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.
  • What is cryptology? - Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
  • What is cyber hijacking? - Cyber hijacking, or computer hijacking, is a type of network security attack in which the threat actor takes control of computer systems, software programs and network communications.
  • What is cyber hygiene and why is it important? - Cyber hygiene, or cybersecurity hygiene, is a set of practices individuals and organizations perform regularly to maintain the health and security of users, devices, networks and data.
  • What is cybercrime and how can you prevent it? - Cybercrime is any criminal activity that involves a computer, network or networked device.
  • What is cybersecurity? - Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats.
  • What is Data Encryption Standard (DES)? - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
  • What is Domain-based Message Authentication, Reporting and Conformance (DMARC)? - The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol is one leg of the tripod of internet protocols that support email authentication methods.
  • What is DomainKeys Identified Mail (DKIM)? - DomainKeys Identified Mail (DKIM) is a protocol for authenticating email messages using public key cryptography to protect against forged emails.
  • What is elliptical curve cryptography (ECC)? - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.
  • What is EM shielding (electromagnetic shielding)? - EM shielding (electromagnetic shielding) is the practice of surrounding electronics and cables with conductive or magnetic materials to guard against incoming or outgoing emissions of electromagnetic frequencies (EMF).
  • What is email spam and how to fight it? - Email spam, also known as 'junk email,' refers to unsolicited email messages, usually sent in bulk to a large list of recipients.
  • What is email spoofing? - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
  • What is Extensible Authentication Protocol (EAP)? - Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet.