Network Security terms

60 terms

• Firewall

  A network security device or software that monitors and controls inbound and outbound traffic based on a defined ruleset, separating trusted from untrusted networks.

• Next-Generation Firewall (NGFW)

  An advanced firewall that combines stateful inspection with application awareness, integrated IPS, user-identity controls, and TLS inspection to enforce richer policies.

• Web Application Firewall (WAF)

  A reverse-proxy filter that inspects HTTP/HTTPS traffic to block web attacks such as SQL injection, XSS, and bot abuse before they reach the application.

• Stateful Firewall

  A firewall that tracks the state of active connections in a connection table and allows return traffic that matches an established session.

• Stateless Firewall

  A firewall that evaluates each packet independently against static rules, without tracking the state of connections.

• Packet Filtering

  A network-security technique that inspects each packet's header fields and allows or drops it based on a static ruleset.

• Deep Packet Inspection (DPI)

  An inspection technique that examines the full payload of network packets — not just headers — to identify applications, content, and threats.

• Intrusion Detection System (IDS)

  A passive security control that monitors network or host activity for malicious behaviour and raises alerts without blocking traffic.

• Intrusion Prevention System (IPS)

  An inline security control that detects malicious traffic and actively blocks, resets, or scrubs it in real time.

• Host-Based IDS (HIDS)

  An intrusion-detection agent installed on a server or endpoint that monitors local files, processes, logs, and system calls for malicious activity.

• Network-Based IDS (NIDS)

  An intrusion-detection sensor that inspects traffic captured from a network segment to identify malicious patterns and policy violations.

• Signature-Based Detection

  A detection method that compares observed traffic, files, or behaviour against a database of known-bad patterns (signatures) to flag malicious activity.

• Anomaly-Based Detection

  A detection approach that builds a baseline of normal activity and flags deviations from it as potentially malicious.

• Honeypot

  A decoy system or service deliberately exposed to attract attackers, observe their techniques, and divert them from production assets.

• Honeynet

  A controlled network of interconnected honeypots designed to study attacker behavior across a realistic, multi-host environment.

• Honeytoken

  Honeytoken — definition coming soon.

• Canary Token

  Canary Token — definition coming soon.

• Demilitarized Zone (DMZ)

  Demilitarized Zone (DMZ) — definition coming soon.

• Network Segmentation

  Network Segmentation — definition coming soon.

• Microsegmentation

  Microsegmentation — definition coming soon.

• Zero Trust Network

  Zero Trust Network — definition coming soon.

• VPN (Virtual Private Network)

  VPN (Virtual Private Network) — definition coming soon.

• Site-to-Site VPN

  Site-to-Site VPN — definition coming soon.

• Remote Access VPN

  Remote Access VPN — definition coming soon.

• SSL VPN

  SSL VPN — definition coming soon.

• IPsec

  IPsec — definition coming soon.

• OpenVPN

  OpenVPN — definition coming soon.

• WireGuard

  WireGuard — definition coming soon.

• TLS (Transport Layer Security)

  TLS (Transport Layer Security) — definition coming soon.

• SSL (Secure Sockets Layer)

  SSL (Secure Sockets Layer) — definition coming soon.

• Mutual TLS (mTLS)

  An extension of TLS in which both the client and the server present X.509 certificates so that each side cryptographically authenticates the other.

• SSL Stripping

  A man-in-the-middle attack that silently downgrades a victim's HTTPS connection to plain HTTP so the attacker can read and modify the traffic.

• HTTPS

  HTTPS — definition coming soon.

• HTTP Strict Transport Security (HSTS)

  A web security policy delivered via an HTTP response header that tells browsers to access a domain only over HTTPS for a declared period of time.

• Certificate Pinning

  A technique in which an application hard-codes an expected certificate or public key and refuses TLS connections that do not match, defeating rogue or compromised CAs.

• Public Key Infrastructure (PKI)

  The combined system of policies, software, hardware and trusted authorities used to issue, distribute, validate and revoke digital certificates that bind identities to public keys.

• Certificate Authority (CA)

  A trusted entity that issues and signs digital certificates, binding cryptographic public keys to verified identities such as domain names or organisations.

• Certificate Revocation List (CRL)

  A signed, periodically published list of digital certificates that a CA has invalidated before their natural expiry, used by relying parties to detect revoked certs.

• OCSP (Online Certificate Status Protocol)

  An HTTP-based protocol that lets a client query a CA's responder in real time to determine whether a specific X.509 certificate is valid, revoked or unknown.

• X.509 Certificate

  A standard structure for a digital certificate that binds a public key to an identity through a signature from a trusted certificate authority.

• Self-Signed Certificate

  A digital certificate that is signed with the same private key whose public counterpart it contains, with no external certificate authority involved.

• Wildcard Certificate

  An X.509 certificate whose subject name uses an asterisk to cover any single label under a given domain, such as *.example.com.

• Extended Validation Certificate

  A TLS certificate issued only after a CA performs a strict, standardised verification of the legal identity, physical existence and authority of the requesting organisation.

• DNSSEC

  A set of DNS extensions that cryptographically sign zone data so resolvers can verify the authenticity and integrity of DNS responses.

• DNS over HTTPS (DoH)

  A protocol that carries DNS queries and responses over an encrypted HTTPS connection, protecting them from eavesdropping and tampering on the local network.

• DNS over TLS (DoT)

  DNS over TLS (DoT) — definition coming soon.

• Proxy Server

  Proxy Server — definition coming soon.

• Reverse Proxy

  Reverse Proxy — definition coming soon.

• Forward Proxy

  Forward Proxy — definition coming soon.

• Transparent Proxy

  Transparent Proxy — definition coming soon.

• Network Access Control (NAC)

  Network Access Control (NAC) — definition coming soon.

• IEEE 802.1X

  IEEE 802.1X — definition coming soon.

• RADIUS

  RADIUS — definition coming soon.

• TACACS+

  TACACS+ — definition coming soon.

• Port Knocking

  Port Knocking — definition coming soon.

• Network Address Translation (NAT)

  Network Address Translation (NAT) — definition coming soon.

• Port Forwarding

  Port Forwarding — definition coming soon.

• WPA3

  WPA3 — definition coming soon.

• WEP (Wired Equivalent Privacy)

  WEP (Wired Equivalent Privacy) — definition coming soon.

• WPA2

  WPA2 — definition coming soon.