Browse Definitions :

Network security

Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.

NET - SCR

  • network access control (NAC) - Network access control (NAC), also called network admission control, is a method to bolster the security, visibility and access management of a proprietary network.
  • network analyzer (protocol analyzer or packet analyzer) - A network analyzer -- also called a network protocol analyzer or packet analyzer -- is a software application, dedicated appliance or feature set within a network component used in network performance troubleshooting or to enhance protection against malicious activity within a corporate network.
  • network attack surface - Every point of network interaction is a part of the network attack surface.
  • network behavior anomaly detection (NBAD) - Network behavior anomaly detection (NBAD) is the continuous monitoring of a proprietary network for unusual events or extraordinary trends.
  • network operations center (NOC) - A network operations center (NOC) is a centralized place from which enterprise information technology (IT) administrators -- either internal or third party -- supervise, monitor and maintain a telecommunications network.
  • network perimeter - A network perimeter is the boundary between the private and locally managed-and-owned side of a network and the public and usually provider-managed side of a network.
  • network scanning - Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network protocol to signal devices and await a response.
  • network vulnerability scanning - A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.
  • next-generation firewall (NGFW) - A next-generation firewall (NGFW) is part of the third generation of firewall technology that can be implemented in hardware or software.
  • NICE Framework - The National Initiative for Cybersecurity Education Cybersecurity Workforce Framework (NICE Framework) is a reference resource that classifies the typical skill requirements and duties of cybersecurity workers.
  • Nimda - First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the Internet, spreading through four different methods, infecting computers containing Microsoft's Web server, Internet Information Server (IIS), and computer users who opened an e-mail attachment.
  • nonrepudiation - Nonrepudiation ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information.
  • object ID (OID) - An object identifier (OID) is an unambiguous, long-term name for any type of object or entity.
  • OCSP (Online Certificate Status Protocol) - OCSP (Online Certificate Status Protocol) is one of two common schemes for maintaining the security of a server and other network resources.
  • OCTAVE - OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a security framework for determining risk level and planning defenses against cyber assaults.
  • offensive security - Offensive security is a proactive and antagonistic approach to protecting computer systems, networks and individuals from attacks.
  • one-time pad - In cryptography, a one-time pad is a system in which a private key generated randomly is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.
  • one-time password (OTP) - A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or login session.
  • OneID - OneID is a digital identity management service that provides a repository for usernames and passwords, eliminating the need for people to remember numerous arcane character sequences.
  • open security - Open security is an approach to safeguarding software, hardware and other information system components with methods whose design and details are publicly available.
  • Open Source Hardening Project - The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code.
  • Open System Authentication (OSA) - Open System Authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • OpenAppID - OpenAppID is an application-layer network security plugin for the open source intrusion detection system Snort.
  • OpenPGP - OpenPGP is an open and free version of the Pretty Good Privacy (PGP) standard that defines encryption formats to enable private messaging abilities for email and other message encryption.
  • organizational unit (OU) - An organizational unit (OU) is a container within a Microsoft Active Directory domain which can hold users, groups and computers.
  • OWASP Top Ten - The OWASP Top Ten is a list of the 10 most dangerous current Web application security flaws, along with effective methods of dealing with those flaws.
  • owned - Owned, in common slang, means decisively defeated, with the implication of domination and possession.
  • palm vein recognition - Palm vein recognition is a biometric authentication method based on the unique patterns of veins in the palms of people’s hands.
  • passive attack - A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities.
  • passive reconnaissance - Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems.
  • passive scanning - Passive scanning is a method of vulnerability detection that relies on information gleaned from network data that is captured from a target computer without direct interaction.
  • passphrase - A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that is used in creating a digital signature (an encoded signature that proves to someone that it was really you who sent a message) or in an encryption or a decryption of a message.
  • password - A password is a string of characters used to verify the identity of a user during the authentication process.
  • password blacklist - A password blacklist is a list of words disallowed as user passwords due to their commonplace use.
  • password cracking - Password cracking is the process of using an application program to identify an unknown or forgotten password to a computer or network resource.
  • password entropy - Password entropy is a measurement of how unpredictable a password is.
  • password hardening - Password hardening is any one of a variety of measures taken to make it more difficult for an intruder to circumvent the authentication process.
  • password strength meter - A password strength meter is an indicator, either in graphical or text form, of the strength of a password as entered by a user.
  • PCI DSS merchant levels - Merchant levels are used by the payment card industry (PCI) to determine risk levels and determine the appropriate level of security for their businesses.
  • PCI forensic investigator program - A PCI forensic investigator program is a certification process for companies wishing to become eligible to perform investigations into data breaches on payment card industry (PCI) networks.
  • PCI gap assessment - A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS).
  • PEAP (Protected Extensible Authentication Protocol) - PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • peer-to-peer botnet (P2P botnet) - A peer-to-peer botnet is a decentralized group of malware-compromised machines working together for an attacker’s purpose without their owners’ knowledge.
  • pen testing (penetration testing) - A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique organizations use to identify, test and highlight vulnerabilities in their security posture.
  • Pen Testing as a Service (PTaaS) - Pen testing as a service (PTaaS) is a cloud service that provides information technology (IT) professionals with the resources they need to conduct and act upon point-in-time and continuous penetration tests.
  • personal health record (PHR) - A personal health record (PHR) is a collection of health-related information that is documented and maintained by the individual it pertains to.
  • pharming - Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent.
  • phlashing - Phlashing is a permanent denial of service (PDoS) attack that exploits a vulnerability in network-based firmware updates.
  • phreak - A phreak is someone who breaks into the telephone network illegally, typically to make free long-distance phone calls or to tap phone lines.
  • physical attack surface - The physical attack surface is the totality of the security vulnerabilities in a given system that are available to an attacker in the same location as the target.
  • piggybacking - Piggybacking, in a wireless communications context, is the unauthorized use of a wireless LAN.
  • ping sweep (ICMP sweep) - A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
  • piracy - Software piracy is the illegal copying, distribution, or use of software.
  • PKI (public key infrastructure) - PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates.
  • plaintext - In cryptography, plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted.
  • policy-based management - Policy-based management is an administrative approach that is used to simplify the management of a given endeavor by establishing policies to deal with situations that are likely to occur.
  • polymorphic virus - A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.
  • POODLE Attack - The POODLE attack, also known as CVE-2014-3566, is an exploit used to steal information from secure connections, including cookies, passwords and any of the other type of browser data that gets encrypted as a result of the secure sockets layer (SSL) protocol.
  • port 9875 (port of doom) - Port 9875 is a port often associated with setting up VoIP communications.
  • Port Address Translation (PAT) - Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address.
  • port mirroring (roving analysis port) - Port mirroring is an approach to monitoring network traffic that involves forwarding a copy of each packet from one network switch port to another.
  • presence technology - Presence technology is a type of application that makes it possible to locate and identify a computing device wherever it might be, as soon as the user connects to the network.
  • Presidential Policy Directive 21 (PPD-21) - Presidential Policy Directive 21 (PPD-21) is an infrastructure protection and resilience directive in the United States that aims to strengthen and secure the country's critical infrastructure.
  • Pretty Easy Privacy (pEp) - Pretty Easy Privacy (pEp) is an open source encryption tool designed to make it simple for users to protect their online communications.
  • Pretty Good Privacy (PGP) - Pretty Good Privacy or PGP is a popular program used to encrypt and decrypt email over the Internet, as well as authenticate messages with digital signatures and encrypted stored files.
  • principle of least privilege (POLP) - The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what are strictly required to do their jobs.
  • privacy - On the Internet, privacy, a major concern of users, can be divided into these concerns: What personal information can be shared with whom Whether messages can be exchanged without anyone else seeing them Whether and how one can send messages anonymously Personal Information Privacy Most Web users want to understand that personal information they share will not be shared with anyone else without their permission.
  • private certificate authority (CA) - Private CA stands for private certificate authority and is an enterprise specific certificate authority that functions like a publicly trusted CA but is exclusively run by or for the enterprise.
  • private key - A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data.
  • privilege escalation attack - A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.
  • privileged access management (PAM) - Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization's critical information and resources.
  • Project Vault - Project Vault is a secure minicomputer contained on a Micro SD card; Vault is under development at Google ATAP, the company’s lab group for disruptive technologies.
  • promiscuous mode - In computer networking, promiscuous mode is a mode of operation, as well as a security, monitoring and administration technique.
  • proof of concept (PoC) exploit - A proof of concept (PoC) exploit is a non-harmful attack against a computer or network.
  • proxy firewall - A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.
  • proxy hacking - Proxy hacking, also known as proxy hijacking, is an attack technique designed to supplant an authentic Web page in a search engine's index and search results pages.
  • public key - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • public key certificate - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • Public-Key Cryptography Standards (PKCS) - The Public-Key Cryptography Standards (PKCS) are a set of intervendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI).
  • PUP (potentially unwanted program) - A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it.
  • quantum key distribution (QKD) - Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys only known between shared parties.
  • RADIUS (Remote Authentication Dial-In User Service) - RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
  • rainbow table - A rainbow table is a listing of all possible plaintext permutations of encrypted passwords specific to a given hash algorithm.
  • RAT (remote access Trojan) - A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer.
  • Regulation of Investigatory Powers Act (RIPA) - RIPA (Regulation of Investigatory Powers Act) is a law enacted in the United Kingdom in 2000 to govern the interception and use of electronic communications.
  • remote deposit capture (RDC) - Remote deposit capture (RDC) is a system that allows a customer to scan checks remotely and transmit the check images to a bank for deposit, usually via an encrypted Internet connection.
  • retina scan - Retina scanning is a biometric verification technology that uses an image of an individual’s retinal blood vessel pattern as a unique identifying trait for access to secure installations.
  • reverse brute-force attack - A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network.
  • Rich Internet Application (RIA) - A rich Internet application (RIA) is a Web application designed to deliver the same features and functions normally associated with deskop applications.
  • Rijndael - Rijndael (pronounced rain-dahl) is the algorithm that has been selected by the U.
  • risk-based authentication (RBA) - Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised.
  • rogue employee - A rogue employee is a worker who undermines the organization that employs him by failing to comply with its business rules and policies.
  • role-based access control (RBAC) - Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.
  • rootkit - A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
  • RSA algorithm (Rivest-Shamir-Adleman) - The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network such as the internet.
  • RSA Security - RSA Security is a United States-based organization that creates encryption, network and computer security products.
  • S-HTTP (Secure HTTP) - S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web.
  • salt - In password protection, salt is a random string of data used to modify a password hash.
  • SAML (Security Assertion Markup Language) - The Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • SANS Institute - The SANS Institute maintains the largest repository of security information in the world and is also the largest certification body.
SearchCompliance
  • pure risk

    Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain.

  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

  • chief risk officer (CRO)

    The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory ...

SearchSecurity
  • encryption key

    In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted ...

  • payload (computing)

    In computing, a payload is the carrying capacity of a packet or other transmission data unit.

  • script kiddie

    Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
Close