Kategoriler
Incele Network Security terms for siber guvenlik profesyonelleri.
A network device or software agent that passively gathers, aggregates, and forwards network flow records (such as NetFlow, IPFIX, or sFlow) for traffic analysis, anomaly detection, or forensic investigation. See NIST SP 800-137 and IETF RFC 3954.
Terimi gorThe setup of a network of decoy systems and services designed to lure, detect, and analyze attacker behavior.
Terimi gorThe identification and categorization of network traffic patterns that deviate from established baselines to detect potential threats, as described in NIST SP 800-94 and MITRE ATT&CK.
Terimi gorA security control that enforces policy, filtering, or access restrictions at a specific network interface, segmenting and protecting traffic based on interface context. See NIST SP 800-41r1.
Terimi gorThe process of collecting, monitoring, and analyzing metadata about network traffic flows to detect anomalies and threats.
Terimi gorAn observed deviation from established patterns of normal network activity that may indicate the presence of malicious activity, policy violations, or security incidents.
Terimi gorThe application of technical controls to regulate and restrict user, device, or service access to network resources, enforcing security policy compliance in accordance with NIST SP 800-53 AC-3 and ISO/IEC 27001 Annex A.9.
Terimi gorEncryption mechanisms applied to the entire data path within a network fabric, ensuring confidentiality and integrity of traffic between distributed nodes. Referenced in NIST SP 800-207 and IETF RFC 7387.
Terimi gorThe proactive process of searching for hidden threats or adversaries within network traffic using behavioral analytics, threat intelligence, and hypothesis-driven investigation, as described in NIST SP 800-61 and MITRE ATT&CK.
Terimi gorThe collection, normalization, and consolidation of network telemetry data (such as flow records, logs, or metrics) from multiple sources for analysis and monitoring. Referenced in NIST SP 800-137 and IETF RFC 7011.
Terimi gorThe original source Autonomous System (AS) that advertises a specific IP prefix into the global BGP routing table, validated through RPKI and other mechanisms. Specified in IETF RFC 6811, 7115, and NIST SP 800-189.
Terimi gorA DNS infrastructure designed for high availability, redundancy, and resistance to attacks or failures, ensuring continued name resolution even under adverse conditions. Referenced in NIST SP 800-207 and ISO/IEC 27001.
Terimi gorA security technique requiring a dynamic, pre-defined sequence of connection attempts to specific ports before granting access to a protected network service, as described in IETF RFC 6191 and SANS controls.
Terimi gorThe process of monitoring and identifying covert data exfiltration or command-and-control channels hidden within DNS queries, as defined in NIST SP 800-83 and referenced in MITRE ATT&CK T1071.004.
Terimi gorThe process of verifying each link in the DNSSEC signature chain from root to record to ensure domain name authenticity and integrity, as defined in IETF RFC 4033–4035 and NIST SP 800-81r2.
Terimi gorA cryptographic foundation embedded in hardware (e.g., TPM, HSM, or secure enclave) that provides immutable security anchors for system boot, identity, and cryptographic operations. Referenced in NIST SP 800-164 and ISO/IEC 11889.
Terimi gorContinuous inspection and analysis of lateral (intra-network) data flows within an organization's internal environment to detect, prevent, and respond to unauthorized movement or lateral attacks, as specified in NIST SP 800-207 and MITRE ATT&CK lateral movement techniques.
Terimi gorA network defense technique that restricts or monitors traffic based on access vectors such as protocol, port, and direction, to minimize attack surface. See NIST SP 800-41r1.
Terimi gorA technique where ephemeral (temporary) TCP/UDP ports are assigned randomly to reduce the risk of port prediction attacks, as defined in IETF RFC 6056 and NIST SP 800-77.
Terimi gorThe process of monitoring and controlling outgoing network traffic to block unauthorized, malicious, or policy-violating data transfers, typically implemented at the firewall or gateway.
Terimi gorThe identification and monitoring of unauthorized communication channels that exploit legitimate network protocols or resources to leak information. Referenced in NIST SP 800-53 (SC-7(19)), ISO/IEC 27002:2022, and CIS Controls v8.
Terimi gorA hardware or virtual device that creates a copy of network traffic for out-of-band monitoring, analytics, and security inspection, supporting scalable visibility across distributed network environments. Referenced in NIST SP 800-137 and IETF RFC 8326.
Terimi gorA centralized facility or platform that aggregates, correlates, and analyzes cybersecurity indicators (such as IOCs) from multiple sources to support threat detection, incident response, and situational awareness.
Terimi gorA designated network segment where interfaces connect to untrusted networks or devices, typically requiring strict security controls and monitoring per NIST SP 800-41 and CIS Control 13.
Terimi gorA dedicated security appliance or cloud service that monitors, filters, and blocks malicious email content (spam, phishing, malware) before it reaches the recipient's mailbox.
Terimi gorA logically separated, secured network built on top of an existing network to provide enhanced security controls and isolation, as per NIST SP 800-207 and RFC 6819.
Terimi gorAn encrypted, authenticated communication pathway used for transmitting privileged commands or control signals, as described in NIST SP 800-53 SC-8 and IETF RFC 4949.
Terimi gorThe practice of applying security controls, segmentation, and encrypted communication to the networking layer between containers in cloud-native or virtualized environments, minimizing exposure to lateral movement and unauthorized access.
Terimi gorThe practice of transmitting data packets across networks in a manner that maintains confidentiality, integrity, and authenticity as defined by NIST SP 800-53 and IETF RFC 4301.
Terimi gorA security-hardened network device or configuration that manages and filters traffic entering or leaving the network perimeter, typically enforcing access controls, threat inspection, and routing. Referenced in NIST SP 800-41r1, IETF RFC 4271.
Terimi gorA documented set of secure settings and parameters for systems or applications, serving as a reference point for compliance, hardening, and continuous monitoring. Described in NIST SP 800-128, CIS Controls v8, ISO/IEC 27002.
Terimi gorA cryptographic process that ensures only trusted, signed firmware and software are loaded during system startup, preventing boot-level malware as described in NIST SP 800-147 and UEFI specifications.
Terimi gorThe application of mandatory HTTP response headers (such as CSP, HSTS, X-Frame-Options) to protect web applications from attacks like XSS, clickjacking, and downgrade attacks.
Terimi gorThe integration and automation of security processes, tools, and workflows to accelerate detection, investigation, and response, as described in NIST SP 800-61 and CIS Control 18.
Terimi gorReal-time inspection of network traffic by security appliances placed directly in the data path to identify and block threats.
Terimi gorA dedicated network gateway or proxy that directs traffic to and from honeypot resources, isolating deceptive assets from production systems and facilitating monitoring and analysis of attacker behavior.
Terimi gorA network defense strategy to restrict or cut off network access for a compromised or suspicious host to prevent lateral movement and further infection. Referenced in NIST SP 800-61r2 and CIS Controls v8.
Terimi gorThe process of reconstructing fragmented IP packets into their original form for delivery, inspection, or security analysis, as described in IETF RFC 791, 815, and NIST SP 800-94.
Terimi gorA security scan that evaluates systems for indicators of compromise (IoCs), persistent threats, or policy violations, as defined in NIST SP 800-115 and MITRE ATT&CK.
Terimi gorA cryptographic protocol property ensuring that compromise of long-term keys does not compromise past session keys, as required in TLS 1.2+, NIST SP 800-56A, and IETF RFC 8446.
Terimi gorThe collective security controls, policies, and operational measures implemented at an Internet Exchange Point (IXP) to protect member networks from unauthorized access, route leaks, and attacks, per ENISA IXP Security Guide.
Terimi gorThe process of isolating endpoints identified as compromised or non-compliant by assigning them to a dedicated VLAN with restricted network access for remediation or further investigation.
Terimi gorEncryption mechanism where both endpoints authenticate each other and establish encrypted transport, as defined in NIST SP 800-52 and RFC 5246 (TLS).
Terimi gorAn approach that uses multiple, overlapping security controls at different layers (network, application, endpoint) to protect assets.
Terimi gorThe process of verifying that the source IP address of a packet is legitimate and not spoofed, typically enforced at network ingress. Defined in IETF BCP 38/84, NIST SP 800-189.
Terimi gorA security proxy that enforces access controls and authentication based on user or device identity before allowing access to internal resources, as specified in NIST SP 800-207 and Google BeyondCorp architecture.
Terimi gorA communications channel used by attackers or malware to issue instructions to compromised hosts, or by defenders for authorized remote administration, as described in NIST SP 800-61 and MITRE ATT&CK T1071.
Terimi gorThe formal process of testing and certifying that a cryptographic module meets defined security standards such as FIPS 140-3, NIST SP 800-140A, and ISO/IEC 19790, ensuring proper encryption, key management, and operational controls.
Terimi gorA set of rules that define fine-grained network zones and enforce isolation between workloads to limit lateral movement.
Terimi gorA network architecture approach in which communications between microservices are isolated into distinct, secured segments to reduce lateral movement and enforce least-privilege access in distributed environments.
Terimi gorAn email security policy (MTA-STS) that enforces strict encrypted transport (typically via TLS) between Mail Transfer Agents, reducing risk of interception and downgrade attacks during email delivery.
Terimi gorA core component of network access control (NAC) systems, responsible for evaluating endpoint posture, enforcing security policies, and granting or denying network access based on compliance.
Terimi gorThe process of isolating or restricting the impact of an active security incident to prevent further spread, as described in NIST SP 800-61 and ISO/IEC 27035.
Terimi gorThe automatic exchange of cyber threat indicators between organizations and trusted partners using standardized formats (e.g., STIX/TAXII) as specified in NIST SP 800-150 and DHS AIS.
Terimi gorThe process of collecting and analyzing network packet data to detect threats, troubleshoot issues, and validate security policies. Referenced in NIST SP 800-115 and SANS Incident Handling.
Terimi gorThe process of attaching accurate time information to network packets for logging, monitoring, forensic analysis, and latency measurement, as described in IETF RFC 7384 and NIST SP 800-137.
Terimi gorLimiting the potential impact of a security breach by isolating assets and implementing controls that constrain the effects of an incident. See NIST SP 800-207 (Zero Trust) and CIS Controls.
Terimi gorA logical component in access control architectures (e.g., ABAC, RBAC) that evaluates access requests against policy rules and renders authorization decisions, per NIST SP 800-207 and XACML.
Terimi gorA network security practice dividing network resources or data access based on user or device roles, enforcing least privilege and segmentation boundaries per NIST SP 800-207 and ISO/IEC 27001.
Terimi gorA set of mechanisms that verify the authenticity and correctness of network routing information to prevent route hijacking, spoofing, or accidental misconfigurations. Referenced in IETF RFC 6811, 8205, and NIST SP 800-189.
Terimi gorThe systematic mapping and simulation of possible routes an adversary might take to compromise assets, used to assess risk and prioritize defenses. Documented in MITRE ATT&CK, NIST SP 800-160, and ENISA guides.
Terimi gorThe division of a physical network into multiple logical networks using virtualization techniques to isolate traffic and enforce policy.
Terimi gorA secure, encrypted connection established over a public or untrusted network, forming a logical link that protects data in transit between endpoints. Based on principles in NIST SP 800-77 and IETF VPN RFCs.
Terimi gorThe application and monitoring of access control policies that govern traffic between network segments to minimize unauthorized lateral movement, as specified in NIST SP 800-207 Zero Trust Architecture.
Terimi gorEnd-to-end encryption of communications between services within a service mesh architecture, typically using mutual TLS (mTLS), as recommended in NIST SP 800-204 and CNCF Service Mesh Whitepaper.
Terimi gorDeliberate use of decoys, traps, and misinformation within an organization's environment to detect, divert, and analyze adversary behavior, enhancing detection and response capabilities.
Terimi gorA security model centered on the assumption that no user or device, inside or outside the network perimeter, is trusted by default and must be continuously authenticated and authorized.
Terimi gorSecurity mechanisms (e.g., firewalls, gateways) deployed at network perimeters to monitor and filter inbound and outbound traffic.
Terimi gorA security control that runs browser sessions in isolated, remote containers or sandboxes to protect endpoints from web-based threats, preventing direct execution of malicious code on the user’s device.
Terimi gorA cryptographic protocol designed to provide secure communication over a computer network, protecting data in transit via authentication, encryption, and integrity mechanisms. Defined in IETF RFC 5246/8446, NIST SP 800-52r2, ISO/IEC 27002.
Terimi gorA documented, repeatable procedure outlining hypothesis-driven threat hunting steps, data sources, detection logic, and response actions for proactive threat discovery. Referenced in SANS Threat Hunting Framework, NIST SP 800-61, and MITRE ATT&CK.
Terimi gorThe analytic process of using one indicator (such as an IP, domain, or hash) as a starting point to discover related threat infrastructure, actors, or campaigns, facilitating deeper investigation.
Terimi gorTechniques used by threat actors to evade or bypass security detection mechanisms such as IDS, IPS, or endpoint protection. Documented in MITRE ATT&CK (T1202, T1036) and NIST SP 800-61.
Terimi gorA network device or service that decrypts incoming TLS traffic at the network edge, forwarding unencrypted traffic internally to simplify management, as described in NIST SP 800-52r2 and IETF RFC 9340.
Terimi gorA system or module that automatically identifies, categorizes, and labels network traffic based on protocols, applications, or security policies, enabling granular network monitoring and enforcement. Referenced in NIST SP 800-137 and CIS Control 13.
Terimi gorA dynamic network management technique that adjusts packet flows based on real-time bandwidth, latency, or application priority, optimizing performance and enforcing policy. See NIST SP 800-115 and IETF RFC 2637.
Terimi gorThe automated coordination and execution of security responses that dynamically adjust based on incident severity and context, as described in NIST SP 800-61 and MITRE ATT&CK.
Terimi gorA secured network device or service that brokers and controls remote user access to internal organizational resources, enforcing strong authentication and monitoring, as defined in NIST SP 800-77 and ISO/IEC 27033.
Terimi gorA formalized set of procedures and controls for isolating endpoints exhibiting signs of compromise or non-compliance from the production network, often enforced via NAC or endpoint security tools.
Terimi gorThe process of systematically identifying, cataloging, and updating all IT and OT assets within an organization's environment for risk management and compliance per NIST SP 800-53 CM-8, ISO/IEC 27002, and CIS Control 1.
Terimi gorThe separation of the data forwarding path from management and control planes within network infrastructure to improve security and reduce risk of compromise. Defined in NIST SP 800-207 and IETF RFC 7426.
Terimi gorA VPN configuration that allows some traffic to be routed through the secure VPN tunnel while other traffic accesses the Internet directly, as described in NIST SP 800-77 and IETF RFC 4026.
Terimi gorTechniques and controls designed to detect and stop an adversary’s efforts to move laterally within a network after initial compromise.
Terimi gorThe process of identifying unauthorized lateral movement within a network, typically by monitoring for abnormal access or connection patterns between hosts. Referenced in MITRE ATT&CK (T1075), NIST SP 800-61, and CIS Controls.
Terimi gorA cybersecurity framework that dynamically creates one-to-one network connections between users and resources using identity-based access and encrypted tunnels, making internal services invisible to unauthorized users.
Terimi gorThe process of generating real-time alerts whenever a user or process attempts to gain higher-level access than authorized, often indicating a potential compromise, as outlined in NIST SP 800-53 AC-6 and MITRE ATT&CK T1068.
Terimi gorThe separation and monitoring of administrative sessions from standard user sessions to prevent misuse of privileged access, as outlined in NIST SP 800-53 AC-6 and ISO/IEC 27002.
Terimi gorAn implementation of IPsec that leverages routing protocols to establish secure tunnels between network endpoints, supporting dynamic topology and policy-based traffic protection as outlined in IETF RFC 4301 and NIST SP 800-77.
Terimi gorAutomated or manual actions taken to identify and prevent the flow of network traffic identified as malicious, including threats such as malware, phishing, and command-and-control traffic, as described in NIST SP 800-41 and CIS Control 9.
Terimi gorA security mechanism that detects and blocks the reuse of captured ciphertext to prevent replay attacks in encrypted communications, as outlined in NIST SP 800-38A and IETF RFC 4303.
Terimi gorA process that enables the examination of encrypted network traffic to detect threats, enforce policies, and prevent data leakage, while maintaining privacy and regulatory compliance. Documented in NIST SP 800-115 and ISO/IEC 27002.
Terimi gor