Network Security Glossary

A set of rules on a network device that determines which traffic is allowed or denied based on source, destination, protocol, or port.

A prolonged, targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period to steal data.

The process of verifying the identity of a user, device, or system before granting access to network resources.

The process of determining what resources and operations an authenticated user or system is permitted to access.

A network of compromised computers (bots) controlled remotely by an attacker, commonly used to launch DDoS attacks or distribute malware.

A trusted entity that issues digital certificates to verify the identity of organizations, servers, and users in a Public Key Infrastructure.

A method of examining the full data payload of network packets as they pass through an inspection point, enabling detection of malicious content beyond header information.

A layered security strategy that deploys multiple defensive mechanisms so that if one layer is compromised, additional layers continue to protect the system.

A physical or logical subnetwork that separates an internal local area network from untrusted external networks, typically hosting public-facing services.

The process of converting readable data (plaintext) into an encoded format (ciphertext) that can only be decoded by authorized parties possessing the correct key.

A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

A security mechanism set up as a decoy to attract attackers, detect unauthorized access attempts, and gather intelligence about attack techniques.

A device or software application that monitors a network for malicious activity or policy violations and produces alerts.

A network security tool that monitors traffic and actively blocks detected threats in addition to generating alerts.

A security principle that restricts user and system access rights to only the minimum permissions necessary to perform their required tasks.

Malicious software designed to damage, disrupt, or gain unauthorized access to a computer system. Includes viruses, worms, trojans, ransomware, and spyware.

An authentication method that requires users to provide two or more verification factors from different categories to gain access.

A technique that remaps IP addresses by modifying packet headers in transit, commonly used to allow multiple devices on a private network to share a single public IP address.

The act of capturing data packets as they travel across a network for the purpose of analysis, troubleshooting, or unauthorized interception.

An authorized simulated cyberattack against a computer system or network performed to evaluate and identify security vulnerabilities.

Security Information and Event Management; a solution that collects, correlates, and analyzes log data from across an organization's infrastructure to detect security incidents.

Transport Layer Security (and its predecessor Secure Sockets Layer) is a cryptographic protocol designed to provide secure communication over a computer network.

Virtual Local Area Network; a logical subdivision of a physical network that groups devices into separate broadcast domains for improved security and traffic management.

Virtual Private Network; a service that creates an encrypted connection over a less secure network, providing privacy and anonymity for the user's internet traffic.

A security framework requiring all users and devices to be authenticated, authorized, and continuously validated before being granted access to applications and data.