Categories
Browse Network Security terms for cybersecurity professionals.
The collection, normalization, and consolidation of network telemetry data (such as flow records, logs, or metrics) from multiple sources for analysis and monitoring. Referenced in NIST SP 800-137 and IETF RFC 7011.
View termThe separation and monitoring of administrative sessions from standard user sessions to prevent misuse of privileged access, as outlined in NIST SP 800-53 AC-6 and ISO/IEC 27002.
View termA technique where ephemeral (temporary) TCP/UDP ports are assigned randomly to reduce the risk of port prediction attacks, as defined in IETF RFC 6056 and NIST SP 800-77.
View termThe process of generating real-time alerts whenever a user or process attempts to gain higher-level access than authorized, often indicating a potential compromise, as outlined in NIST SP 800-53 AC-6 and MITRE ATT&CK T1068.
View termAn observed deviation from established patterns of normal network activity that may indicate the presence of malicious activity, policy violations, or security incidents.
View termThe process of collecting and analyzing network packet data to detect threats, troubleshoot issues, and validate security policies. Referenced in NIST SP 800-115 and SANS Incident Handling.
View termThe process of collecting, monitoring, and analyzing metadata about network traffic flows to detect anomalies and threats.
View termThe application and monitoring of access control policies that govern traffic between network segments to minimize unauthorized lateral movement, as specified in NIST SP 800-207 Zero Trust Architecture.
View termThe application of technical controls to regulate and restrict user, device, or service access to network resources, enforcing security policy compliance in accordance with NIST SP 800-53 AC-3 and ISO/IEC 27001 Annex A.9.
View termA security model centered on the assumption that no user or device, inside or outside the network perimeter, is trusted by default and must be continuously authenticated and authorized.
View termA DNS infrastructure designed for high availability, redundancy, and resistance to attacks or failures, ensuring continued name resolution even under adverse conditions. Referenced in NIST SP 800-207 and ISO/IEC 27001.
View termThe process of isolating endpoints identified as compromised or non-compliant by assigning them to a dedicated VLAN with restricted network access for remediation or further investigation.
View termThe integration and automation of security processes, tools, and workflows to accelerate detection, investigation, and response, as described in NIST SP 800-61 and CIS Control 18.
View termAutomated or manual actions taken to identify and prevent the flow of network traffic identified as malicious, including threats such as malware, phishing, and command-and-control traffic, as described in NIST SP 800-41 and CIS Control 9.
View termAn encrypted, authenticated communication pathway used for transmitting privileged commands or control signals, as described in NIST SP 800-53 SC-8 and IETF RFC 4949.
View termA communications channel used by attackers or malware to issue instructions to compromised hosts, or by defenders for authorized remote administration, as described in NIST SP 800-61 and MITRE ATT&CK T1071.
View termThe proactive process of searching for hidden threats or adversaries within network traffic using behavioral analytics, threat intelligence, and hypothesis-driven investigation, as described in NIST SP 800-61 and MITRE ATT&CK.
View termA centralized facility or platform that aggregates, correlates, and analyzes cybersecurity indicators (such as IOCs) from multiple sources to support threat detection, incident response, and situational awareness.
View termEnd-to-end encryption of communications between services within a service mesh architecture, typically using mutual TLS (mTLS), as recommended in NIST SP 800-204 and CNCF Service Mesh Whitepaper.
View termEncryption mechanisms applied to the entire data path within a network fabric, ensuring confidentiality and integrity of traffic between distributed nodes. Referenced in NIST SP 800-207 and IETF RFC 7387.
View termEncryption mechanism where both endpoints authenticate each other and establish encrypted transport, as defined in NIST SP 800-52 and RFC 5246 (TLS).
View termThe process of isolating or restricting the impact of an active security incident to prevent further spread, as described in NIST SP 800-61 and ISO/IEC 27035.
View termA network defense strategy to restrict or cut off network access for a compromised or suspicious host to prevent lateral movement and further infection. Referenced in NIST SP 800-61r2 and CIS Controls v8.
View termSecurity mechanisms (e.g., firewalls, gateways) deployed at network perimeters to monitor and filter inbound and outbound traffic.
View termThe process of systematically identifying, cataloging, and updating all IT and OT assets within an organization's environment for risk management and compliance per NIST SP 800-53 CM-8, ISO/IEC 27002, and CIS Control 1.
View termAn implementation of IPsec that leverages routing protocols to establish secure tunnels between network endpoints, supporting dynamic topology and policy-based traffic protection as outlined in IETF RFC 4301 and NIST SP 800-77.
View termReal-time inspection of network traffic by security appliances placed directly in the data path to identify and block threats.
View termThe identification and monitoring of unauthorized communication channels that exploit legitimate network protocols or resources to leak information. Referenced in NIST SP 800-53 (SC-7(19)), ISO/IEC 27002:2022, and CIS Controls v8.
View termThe process of identifying unauthorized lateral movement within a network, typically by monitoring for abnormal access or connection patterns between hosts. Referenced in MITRE ATT&CK (T1075), NIST SP 800-61, and CIS Controls.
View termThe process of monitoring and identifying covert data exfiltration or command-and-control channels hidden within DNS queries, as defined in NIST SP 800-83 and referenced in MITRE ATT&CK T1071.004.
View termA security scan that evaluates systems for indicators of compromise (IoCs), persistent threats, or policy violations, as defined in NIST SP 800-115 and MITRE ATT&CK.
View termAn approach that uses multiple, overlapping security controls at different layers (network, application, endpoint) to protect assets.
View termTechniques used by threat actors to evade or bypass security detection mechanisms such as IDS, IPS, or endpoint protection. Documented in MITRE ATT&CK (T1202, T1036) and NIST SP 800-61.
View termThe process of monitoring and controlling outgoing network traffic to block unauthorized, malicious, or policy-violating data transfers, typically implemented at the firewall or gateway.
View termA network defense technique that restricts or monitors traffic based on access vectors such as protocol, port, and direction, to minimize attack surface. See NIST SP 800-41r1.
View termA security control that enforces policy, filtering, or access restrictions at a specific network interface, segmenting and protecting traffic based on interface context. See NIST SP 800-41r1.
View termThe setup of a network of decoy systems and services designed to lure, detect, and analyze attacker behavior.
View termThe application of mandatory HTTP response headers (such as CSP, HSTS, X-Frame-Options) to protect web applications from attacks like XSS, clickjacking, and downgrade attacks.
View termA process that enables the examination of encrypted network traffic to detect threats, enforce policies, and prevent data leakage, while maintaining privacy and regulatory compliance. Documented in NIST SP 800-115 and ISO/IEC 27002.
View termThe automatic exchange of cyber threat indicators between organizations and trusted partners using standardized formats (e.g., STIX/TAXII) as specified in NIST SP 800-150 and DHS AIS.
View termA documented set of secure settings and parameters for systems or applications, serving as a reference point for compliance, hardening, and continuous monitoring. Described in NIST SP 800-128, CIS Controls v8, ISO/IEC 27002.
View termA documented, repeatable procedure outlining hypothesis-driven threat hunting steps, data sources, detection logic, and response actions for proactive threat discovery. Referenced in SANS Threat Hunting Framework, NIST SP 800-61, and MITRE ATT&CK.
View termThe process of attaching accurate time information to network packets for logging, monitoring, forensic analysis, and latency measurement, as described in IETF RFC 7384 and NIST SP 800-137.
View termA cryptographic protocol property ensuring that compromise of long-term keys does not compromise past session keys, as required in TLS 1.2+, NIST SP 800-56A, and IETF RFC 8446.
View termA dynamic network management technique that adjusts packet flows based on real-time bandwidth, latency, or application priority, optimizing performance and enforcing policy. See NIST SP 800-115 and IETF RFC 2637.
View termThe systematic mapping and simulation of possible routes an adversary might take to compromise assets, used to assess risk and prioritize defenses. Documented in MITRE ATT&CK, NIST SP 800-160, and ENISA guides.
View termContinuous inspection and analysis of lateral (intra-network) data flows within an organization's internal environment to detect, prevent, and respond to unauthorized movement or lateral attacks, as specified in NIST SP 800-207 and MITRE ATT&CK lateral movement techniques.
View termA system or module that automatically identifies, categorizes, and labels network traffic based on protocols, applications, or security policies, enabling granular network monitoring and enforcement. Referenced in NIST SP 800-137 and CIS Control 13.
View termDeliberate use of decoys, traps, and misinformation within an organization's environment to detect, divert, and analyze adversary behavior, enhancing detection and response capabilities.
View termThe original source Autonomous System (AS) that advertises a specific IP prefix into the global BGP routing table, validated through RPKI and other mechanisms. Specified in IETF RFC 6811, 7115, and NIST SP 800-189.
View termThe automated coordination and execution of security responses that dynamically adjust based on incident severity and context, as described in NIST SP 800-61 and MITRE ATT&CK.
View termA security-hardened network device or configuration that manages and filters traffic entering or leaving the network perimeter, typically enforcing access controls, threat inspection, and routing. Referenced in NIST SP 800-41r1, IETF RFC 4271.
View termA dedicated network gateway or proxy that directs traffic to and from honeypot resources, isolating deceptive assets from production systems and facilitating monitoring and analysis of attacker behavior.
View termThe identification and categorization of network traffic patterns that deviate from established baselines to detect potential threats, as described in NIST SP 800-94 and MITRE ATT&CK.
View termA cybersecurity framework that dynamically creates one-to-one network connections between users and resources using identity-based access and encrypted tunnels, making internal services invisible to unauthorized users.
View termThe analytic process of using one indicator (such as an IP, domain, or hash) as a starting point to discover related threat infrastructure, actors, or campaigns, facilitating deeper investigation.
View termA formalized set of procedures and controls for isolating endpoints exhibiting signs of compromise or non-compliance from the production network, often enforced via NAC or endpoint security tools.
View termA set of rules that define fine-grained network zones and enforce isolation between workloads to limit lateral movement.
View termA security technique requiring a dynamic, pre-defined sequence of connection attempts to specific ports before granting access to a protected network service, as described in IETF RFC 6191 and SANS controls.
View termTechniques and controls designed to detect and stop an adversary’s efforts to move laterally within a network after initial compromise.
View termA security mechanism that detects and blocks the reuse of captured ciphertext to prevent replay attacks in encrypted communications, as outlined in NIST SP 800-38A and IETF RFC 4303.
View termA security proxy that enforces access controls and authentication based on user or device identity before allowing access to internal resources, as specified in NIST SP 800-207 and Google BeyondCorp architecture.
View termA network device or service that decrypts incoming TLS traffic at the network edge, forwarding unencrypted traffic internally to simplify management, as described in NIST SP 800-52r2 and IETF RFC 9340.
View termA secured network device or service that brokers and controls remote user access to internal organizational resources, enforcing strong authentication and monitoring, as defined in NIST SP 800-77 and ISO/IEC 27033.
View termA dedicated security appliance or cloud service that monitors, filters, and blocks malicious email content (spam, phishing, malware) before it reaches the recipient's mailbox.
View termA logical component in access control architectures (e.g., ABAC, RBAC) that evaluates access requests against policy rules and renders authorization decisions, per NIST SP 800-207 and XACML.
View termA cryptographic foundation embedded in hardware (e.g., TPM, HSM, or secure enclave) that provides immutable security anchors for system boot, identity, and cryptographic operations. Referenced in NIST SP 800-164 and ISO/IEC 11889.
View termA logically separated, secured network built on top of an existing network to provide enhanced security controls and isolation, as per NIST SP 800-207 and RFC 6819.
View termThe practice of applying security controls, segmentation, and encrypted communication to the networking layer between containers in cloud-native or virtualized environments, minimizing exposure to lateral movement and unauthorized access.
View termLimiting the potential impact of a security breach by isolating assets and implementing controls that constrain the effects of an incident. See NIST SP 800-207 (Zero Trust) and CIS Controls.
View termThe process of reconstructing fragmented IP packets into their original form for delivery, inspection, or security analysis, as described in IETF RFC 791, 815, and NIST SP 800-94.
View termThe practice of transmitting data packets across networks in a manner that maintains confidentiality, integrity, and authenticity as defined by NIST SP 800-53 and IETF RFC 4301.
View termA network security practice dividing network resources or data access based on user or device roles, enforcing least privilege and segmentation boundaries per NIST SP 800-207 and ISO/IEC 27001.
View termThe division of a physical network into multiple logical networks using virtualization techniques to isolate traffic and enforce policy.
View termThe separation of the data forwarding path from management and control planes within network infrastructure to improve security and reduce risk of compromise. Defined in NIST SP 800-207 and IETF RFC 7426.
View termThe collective security controls, policies, and operational measures implemented at an Internet Exchange Point (IXP) to protect member networks from unauthorized access, route leaks, and attacks, per ENISA IXP Security Guide.
View termA cryptographic protocol designed to provide secure communication over a computer network, protecting data in transit via authentication, encryption, and integrity mechanisms. Defined in IETF RFC 5246/8446, NIST SP 800-52r2, ISO/IEC 27002.
View termA network device or software agent that passively gathers, aggregates, and forwards network flow records (such as NetFlow, IPFIX, or sFlow) for traffic analysis, anomaly detection, or forensic investigation. See NIST SP 800-137 and IETF RFC 3954.
View termA security control that runs browser sessions in isolated, remote containers or sandboxes to protect endpoints from web-based threats, preventing direct execution of malicious code on the user’s device.
View termA core component of network access control (NAC) systems, responsible for evaluating endpoint posture, enforcing security policies, and granting or denying network access based on compliance.
View termA hardware or virtual device that creates a copy of network traffic for out-of-band monitoring, analytics, and security inspection, supporting scalable visibility across distributed network environments. Referenced in NIST SP 800-137 and IETF RFC 8326.
View termAn email security policy (MTA-STS) that enforces strict encrypted transport (typically via TLS) between Mail Transfer Agents, reducing risk of interception and downgrade attacks during email delivery.
View termA network architecture approach in which communications between microservices are isolated into distinct, secured segments to reduce lateral movement and enforce least-privilege access in distributed environments.
View termA VPN configuration that allows some traffic to be routed through the secure VPN tunnel while other traffic accesses the Internet directly, as described in NIST SP 800-77 and IETF RFC 4026.
View termA secure, encrypted connection established over a public or untrusted network, forming a logical link that protects data in transit between endpoints. Based on principles in NIST SP 800-77 and IETF VPN RFCs.
View termThe process of verifying each link in the DNSSEC signature chain from root to record to ensure domain name authenticity and integrity, as defined in IETF RFC 4033–4035 and NIST SP 800-81r2.
View termThe process of verifying that the source IP address of a packet is legitimate and not spoofed, typically enforced at network ingress. Defined in IETF BCP 38/84, NIST SP 800-189.
View termA set of mechanisms that verify the authenticity and correctness of network routing information to prevent route hijacking, spoofing, or accidental misconfigurations. Referenced in IETF RFC 6811, 8205, and NIST SP 800-189.
View termThe formal process of testing and certifying that a cryptographic module meets defined security standards such as FIPS 140-3, NIST SP 800-140A, and ISO/IEC 19790, ensuring proper encryption, key management, and operational controls.
View termA cryptographic process that ensures only trusted, signed firmware and software are loaded during system startup, preventing boot-level malware as described in NIST SP 800-147 and UEFI specifications.
View termA designated network segment where interfaces connect to untrusted networks or devices, typically requiring strict security controls and monitoring per NIST SP 800-41 and CIS Control 13.
View term