Browse Definitions :

Network security

Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.

CON - FUL

  • Conduit browser hijacker - Conduit is a browser hijacker that is usually installed without the user’s knowledge through a drive-by download.
  • Conficker - Conficker is a fast-spreading worm that targets a vulnerability (MS08-067) in Windows operating systems.
  • confidentiality, integrity and availability (CIA triad) - Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.
  • cookie poisoning - On the Web, cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft.
  • countermeasure - A countermeasure is an action, process, device, or system that can prevent, or mitigate the effects of, threats to a computer, server or network.
  • CRAM (challenge-response authentication mechanism) - CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP).
  • critical infrastructure and key resources (CIKR) - Critical infrastructure and key resources (CIKR) is the collective of natural and man-made resources, along with the systems for their processing and delivery, upon which a nation depends on for functioning.
  • critical infrastructure security - Critical infrastructure security is the area of concern surrounding the protection of systems, networks and assets whose continuous operation is deemed necessary to ensure the security of a given nation, its economy, and the public’s health and/or safety.
  • cryptographic checksum - A cryptographic checksum is a mathematical value (called a checksum) that is assigned to a file and used to "test" the file at a later date to verify that the data contained in the file has not been maliciously changed.
  • cryptographic nonce - A nonce is a random or semi-random number that is generated for a specific use.
  • cryptography - Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
  • cryptology - Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
  • cryptosystem - A cryptosystem is a structure or scheme consisting of a set of algorithms that converts plaintext to ciphertext to encode or decode messages securely.
  • cyber hijacking - Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications.
  • cyber hygiene - Cyber hygiene (or cybersecurity hygiene) is a cybersecurity practice that maintains the basic health and security of hardware and software.
  • cyber resilience - Cyber resilience is a concept that refers to the security that goes beyond defense and prevention to focus on response and resilience in moments of crisis.
  • cyber vigilantism - Cyber vigilantism is a rough approximation of law enforcement or an attempt at achieving justice or accomplishing something online through unauthorized channels.
  • cybercrime - Cybercrime is any criminal activity that involves a computer, networked device or a network.
  • Cybersecurity and Infrastructure Security Agency (CISA) - Cybersecurity and Infrastructure Security Agency (CISA) is the division of the Department of Homeland Security (DHS) that is tasked with defending the infrastructure of the internet and improving its resilience and security.
  • cyberwarfare - The generally accepted definition of cyberwarfare is the use of cyber attacks against a nation-state, causing it significant harm, up to and including physical warfare, disruption of vital computer systems and loss of life.
  • data availability - Data availability is a term used by computer storage manufacturers and storage service providers to describe how data should be available at a required level of performance in situations ranging from normal through disastrous.
  • Data Encryption Standard (DES) - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
  • data integrity - Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.
  • data protection management (DPM) - Data protection management (DPM) comprises the administration, monitoring and management of backup processes to ensure backup tasks run on schedule and data is securely backed up and recoverable.
  • data recovery agent (DRA) - A data recovery agent (DRA) is a Microsoft Windows user who has been granted the right to decrypt data that was encrypted by other users.
  • data splitting - Data splitting is an approach to protecting sensitive data from unauthorized access by encrypting the data and storing different portions of a file on different servers.
  • database activity monitoring (DAM) - Database activity monitoring (DAM) systems monitor and record activity in a database and then generate alerts for anything unusual.
  • deception technology - Deception technology is a class of security tools and techniques designed to prevent an attacker who has already entered the network from doing damage.
  • deep packet inspection (DPI) - Deep packet inspection (DPI) is an advanced method of examining and managing network traffic.
  • default password - Default passwords are commonly used for routers, access points, switches and firewalls.
  • denial-of-service attack - A denial-of-service (DoS) attack is a security event that occurs when an attacker makes it impossible for legitimate users to access computer systems, devices, services or other IT resources.
  • device attack - A device attack is an exploit in which the attacker takes advantage of a vulnerable device to gain network access.
  • dictionary attack - A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password.
  • Diffie-Hellman key exchange (exponential key exchange) - Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses a number raised to specific powers to produce decryption keys that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming.
  • digital certificate - A digital certificate, also known as a public key certificate, is used to cryptographically link ownership of a public key with the entity that owns it.
  • digital identity - A digital identity is the body of information about an individual, organization or electronic device that exists online.
  • digital signature - A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.
  • Digital Signature Standard (DSS) - Digital Signature Standard (DSS) is the digital signature algorithm(DSA) developed by the U.
  • DirectAccess - DirectAccess is a feature introduced in Windows Server 2008 R2 and Windows 7 that uses automated IPv6 and IPSec tunnels to allow remote users to access private network resources whenever they are connected to the Internet.
  • directory traversal - Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory.
  • disaster recovery plan (DRP) - A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident.
  • distributed denial-of-service (DDoS) attack - A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.
  • DMZ in networking - In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks -- usually, the public internet.
  • DNS amplification attack - A DNS amplification attack is a reflection-based distributed denial of service (DDos) attack.
  • DNS rebinding attack - DNS rebinding is an exploit in which the attacker uses JavaScript in a malicious Web page to gain control of the victim's router.
  • DNS redirection - DNS redirection is the controversial practice of serving a Web page to a user that is different from either the one requested or one that might reasonably be expected, such as an error page.
  • DNS Security Extensions (DNSSEC) - DNS Security Extensions (DNSSEC) are a set of Internet Engineering Task Force (IETF) standards created to address vulnerabilities in the Domain Name System (DNS) and protect it from online threats.
  • domain rotation - Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor.
  • dongle - A dongle (pronounced DONG-uhl) is a mechanism for ensuring that only authorized users can copy or use specific software applications, especially very expensive programs.
  • due diligence - Due diligence definition: Due diligence is the process of systematically researching and verifying the accuracy of a particular statement.
  • Dynamic ARP Inspection (DAI) - Dynamic ARP Inspection (DAI) is a security feature that verifies address resolution protocol (ARP) requests and responses in a network.
  • early warning system - An early warning system is technology and associated policies and procedures designed to predict and mitigate the harm of natural and human-initiated disasters.
  • eavesdropping - Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, videoconference or fax transmission.
  • egress filtering - Egress filtering is a process in which outbound data is monitored or restricted, usually by means of a firewall that blocks packets that fail to meet certain security requirements.
  • Electronic Code Book (ECB) - Electronic Code Book (ECB) is a simple mode of operation with a block cipher that's mostly used with symmetric key encryption.
  • Elk Cloner - Elk Cloner was the first computer virus known to have spread in the wild.
  • elliptical curve cryptography (ECC) - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys.
  • EM shielding (electromagnetic shielding) - EM shielding (electromagnetic shielding) is the practice of surrounding electronics and cables with conductive or magnetic materials to guard against incoming or outgoing emissions of electromagnetic frequencies (EMF).
  • email security gateway - An email security gateway is a product or service that is designed to prevent the transmission of emails that break company policy, send malware or transfer information with malicious intent.
  • email spoofing - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.
  • embedded device hacking - Embedded device hacking is the exploiting of vulnerabilities in embedded software to gain control of the device.
  • embedded system security - Embedded system security is a strategic approach to protecting software running on embedded systems from attack.
  • encoding and decoding - Encoding and decoding are used in many forms of communications, including computing, data communications, programming, digital electronics and human communications.
  • Encrypting File System (EFS) - The Encrypting File System (EFS) is a feature of the Windows 2000 operating system that lets any file or folder be stored in encrypted form and decrypted only by an individual user and an authorized recovery agent.
  • encryption - Encryption is the method by which information is converted into secret code that hides the information's true meaning.
  • encryption key management - Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys.
  • end-to-end encryption (E2EE) - End-to-end encryption (E2EE) is a method of secure communication that prevents third parties from accessing data while it's transferred from one end system or device to another.
  • endpoint authentication (device authentication) - Endpoint authentication is a security mechanism designed to ensure that only authorized devices can connect to a given network, site or service.
  • endpoint fingerprinting - Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional network endpoints such as smartcard readers, HVAC systems, medical equipment and IP-enabled door locks.
  • endpoint security (endpoint security management) - Endpoint security is an approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted.
  • endpoint security management - Endpoint security management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources.
  • enterprise risk management (ERM) - Enterprise risk management is the process of planning, organizing, directing and controlling the activities of an organization to minimize the deleterious effects of risk on its capital and earnings.
  • enterprise wipe - Enterprise wipe is a security feature offered by many Mobile Device Management (MDM) products which selectively erases only those device settings, user data, applications, and application data that were previously installed by that MDM.
  • ethical hacker - An ethical hacker, or white hat hacker, is an information security expert authorized by an organization to penetrate computing infrastructure to find security vulnerabilities a malicious hacker could exploit.
  • event - An event, in a computing context, is an action or occurrence that can be identified by a program and has significance for system hardware or software.
  • event handling - Event handling is the receipt of an event at some event handler from an event producer and subsequent processes.
  • event stream processing (ESP) - Event stream processing (ESP) is a software capacity designed to support implementation of event-driven architectures.
  • evil twin - An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate hot spot.
  • Extensible Authentication Protocol (EAP) - The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet.
  • Facebook scam - A Facebook scam is a post or page on the popular social networking site designed to deceive users and spread rapidly through their personal networks.
  • facial recognition - Facial recognition is a category of biometric software that maps an individual's facial features mathematically and stores the data as a faceprint.
  • Faraday cage - A Faraday cage is a metallic enclosure that prevents the entry or escape of an electromagnetic field (EM field).
  • fast flux DNS - Fast flux DNS is a technique that a cybercriminal can use to prevent identification of his key host server's IP address.
  • FBI Alert Number I-091015-PSA - FBI Alert Number I-091015-PSA is a public service announcement from the United States Federal Bureau of Investigation to inform individuals and organizations about the importance of Internet of Things (IoT) security, including potential vulnerabilities and protective measures that should be taken to mitigate risk associated with them.
  • FCAPS (fault, configuration, accounting, performance and security) - FCAPS (fault, configuration, accounting, performance and security) is a network management framework created by the International Organization for Standardization (ISO).
  • FFIEC compliance (Federal Financial Institutions Examination Council) - FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC).
  • FIDO (Fast Identity Online) - FIDO (Fast ID Online) is a set of technology-agnostic security specifications for strong authentication.
  • finger vein ID - Finger vein ID is a biometric authentication system that matches the vascular pattern in an individual's finger to previously obtained data.
  • firefighting - Firefighting is an emergency allocation of resources, required to deal with an unforeseen problem.
  • Firesheep - Firesheep is a Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks.
  • firewall - A firewall is software or firmware that prevents unauthorized access to a network.
  • firewall as a service (FWaaS) - Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic inspection capabilities to customers seeking to decommission or augment their existing network firewall appliances.
  • Five Eyes Alliance - The Five Eyes Alliance (abbreviated as FVEY in government documents) is a cooperative intelligence network that monitors the electronic communications of citizens and foreign governments.
  • flow routing - Flow routing is a network routing technology that takes variations in the flow of data into account to increase routing efficiency.
  • footprinting - In the study of DNA, footprinting is the method used to identify the nucleic acid sequence that binds with proteins.
  • frequency-hopping spread spectrum (FHSS) - Frequency-hopping spread spectrum (FHSS) transmission is the repeated switching of the carrier frequency during radio transmission to reduce interference and avoid interception.
  • friendly virus - A friendly virus is malware that is designed to be helpful in some way rather than destructive or annoying, as is typically the case with conventional viruses.
  • full-disk encryption (FDE) - What is full-disk encryption (FDE)?Full-disk encryption (FDE) is encryption at the hardware level.
  • geolocation - Geolocation is the detection of the physical location of an Internet connected computing device.
SearchCompliance
  • pure risk

    Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain.

  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

  • chief risk officer (CRO)

    The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory ...

SearchSecurity
  • encryption key

    In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted ...

  • payload (computing)

    In computing, a payload is the carrying capacity of a packet or other transmission data unit.

  • script kiddie

    Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
Close