Browse — Entity Type · Network
allDataSystemNetworkIdentityCredentialPhysicalProcessCapabilityOrganizationFrameworkEventMetricVulnerabilityThreatControlFindingRequirementRoleArtifactUnknown
232 terms
TermTypeDefinitionClassificationsUpdated
Access pathnounThe logical route that an end user takes to access computerized information Scope Note: Typically includes a route through the operating system, telecommunications software, selected application software and the access control systemNetwork
Access PointnounA device that logically connects wireless client devices operating in infrastructure to one another and provides access to a distribution system, if connected, which is typically an organization’s enterprise wired network.Network
Ad Hoc NetworknounA wireless network that dynamically connects wireless client devices to each other without the use of an infrastructure device, such as an access point or a base station.Network
Address Resolution ProtocolnounAddress Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address to a physical machine address that is recognized in the local network. A table, usually called the ARP cache, is used to maintain a correlation between each MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions.Network
AnalognounA transmission signal that varies continuously in amplitude and time and is generated in wave formation Scope Note: Analog signals are used in telecommunicationsNetwork
Application layernounIn the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that effective communication with another application program in a network is possible. Scope Note: The application layer is not the application that is doing the communication; a service layer that provides these services.Network
ARPANETnounAdvanced Research Projects Agency Network, a pioneer packet-switched network that was built in the early 1970s under contract to the US Government, led to the development of today's Internet, and was decommissioned in June 1990.Network
Asynchronous transfer modenounThe method of transmitting bits of data one after another with a start bit and a stop bit to mark the beginning and end of each data unit. Can also mean automated teller machine.Network
Autonomous SystemnounOne or more routers under a single administration operating the same routing policy.Network
Black CorenounA communication network architecture in which user data traversing a global Internet Protocol (IP) network is end-to-end encrypted at the IP layer. Related to striped core.NetworkRegulatedCUI
Border Gateway ProtocolnounAn inter-autonomous system routing protocol. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP).Network
boundary protection devicenounA device with appropriate mechanisms that: (i) facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system); and/or (ii) provides information system boundary protection.NetworkRegulated
BridgenounData link layer device developed in the early 1980s to connect local area networks (LANs) or create two separate LAN or wide area network (WAN) network segments from a single segment to reduce collision domains Scope Note: A bridge acts as a store-and-forward device in moving frames toward their destination. This is achieved by analyzing the MAC header of a data packet, which represents the hardware address of an NIC.Network
Broadcast AddressnounAn address used to broadcast a datagram to all hosts on a given network using UDP or ICMP protocol.Network
Circuit Switched NetworknounA circuit switched network is where a single continuous physical circuit connected two endpoints where the route was immutable once set up.Network
Computer NetworknounA collection of host computers together with the sub-network or inter-network through which they can exchange data.Network
Cut-ThroughnounCut-Through is a method of switching where only the header of a packet is read before it is forwarded to its destination.Network
cyberspacenounA global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.Network
Demilitarized zonenounPerimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks.Network
Demilitarized zone (DMZ)nounA computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet.Network
dial-up connectivitynounThe state of being connect through standard phone line and analog modem to access the Internet at data transfer rates (DTR) of up to 56 Kbps.Network
Digital subscriber line (DSL)nounA technology that uses existing copper telephone lines and advanced modulation schemes to provide high-speed telecommunications to businesses and homes.Network
DomainnounAn environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture.Network
Domain NamenounA domain name locates an organization or other entity on the Internet. For example, the domain name "www.sans.org" locates an Internet address for "sans.org" at Internet point 199.0.0.2 and a particular host server named "www". The "org" part of the domain name reflects the purpose of the organization or entity (in this example, "organization") and is called the top-level domain name. The "sans" part of the domain name defines the organization or entity and together with the top-level is called the second-level domain name.Network
Domain name systemnounA hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail serversNetwork
Dynamic portsnounDynamic and/or private ports--49152 through 65535: Not listed by IANA because of their dynamic nature.Network
Dynamic Routing ProtocolnounAllows network devices to learn routes. Ex. RIP, EIGRP Dynamic routing occurs when routers talk to adjacent routers, informing each other of what networks each router is currently connected to. The routers must communicate using a routing protocol, of which there are many to choose from. The process on the router that is running the routing protocol, communicating with its neighbor routers, is usually called a routing daemon. The routing daemon updates the kernel's routing table with information it receives from neighbor routers.Network
Echo ReplynounAn echo reply is the response a machine that has received an echo request sends over ICMP.Network
Echo RequestnounAn echo request is an ICMP message sent to a machine to determine if it is online and how long traffic takes to get to it.Network
Electronic Access PointnounA Cyber Asset interface on an Electronic Security Perimeter that allows routable communication between Cyber Assets outside an Electronic Security Perimeter and Cyber Assets inside an Electronic Security Perimeter.NetworkRegulatedCUI
Electronic Security PerimeternounThe logical border surrounding a network to which Critical Cyber Assets are connected and for which access is controlled.NetworkRegulatedCUI
Encapsulation security payloadnounProtocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP can be used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and (limited) traffic flow confidentiality. (RFC 4303) Scope Note: The ESP header is inserted after the IP header and before the next layer protocol header (transport mode) or before an encapsulated IP header (tunnel mode).Network
Enclave BoundarynounPoint at which an enclave’s internal network service layer connects to an external network’s service layer, i.e., to another enclave or to a Wide Area Network (WAN).NetworkRegulated
encrypted connectionnounA connection between a computer and another computer where the traffic between the two systems have been encrypted.Network
Encrypted NetworknounA network on which messages are encrypted (e.g., using DES, AES, or other appropriate algorithms) to prevent reading by unauthorized parties.NetworkRestricted
Ephemeral PortnounAlso called a transient port or a temporary port. Usually is on the client side. It is set up when a client application wants to connect to a server and is destroyed when the client application terminates. It has a number chosen at random that is greater than 1023.Network
EthernetnounA popular network protocol and cabling scheme that uses a bus topology and carrier sense multiple access/collision detection (CSMA/CD) to prevent network failures or collisions when two devices try to access the network at the same timeNetwork
Exterior Gateway ProtocolnounA protocol which distributes routing information to the routers which connect autonomous systems.Network
external connectionnounA link between a system within the organizational boundaries and a secondary (or multiple) system(s) outside of the organizational boundaries.NetworkRegulated
external connectivitynounA computer or network connection to an outside, uncontrolled network that is unprotected by perimeter security, e.g., a modem connection to a network computer.NetworkRegulated
external routable connectivitynounThe ability to access a Bulk Electric System Cyber System from a Cyber Asset that is outside of its associated Electronic Security Perimeter via a bi-directional routable protocol connection.NetworkRegulated
ExtranetnounA private network that uses Web technology, permitting the sharing of portions of an enterprise’s information or operations with suppliers, vendors, partners, customers, or other enterprises.Network
FedwirenounThe Federal Reserve Bank's nationwide real time gross settlement electronic funds and securities transfer network. Fedwire® is a credit transfer system. Each funds transfer is settled individually against an institution's reserve or clearing account on the books of the Federal Reserve. The transaction is considered an irrevocable payment as it is processed.NetworkRegulated
Fibre channelnounA high performance serial link supporting its own, as well as higher-level protocols such as the small computer system interface, high performance parallel interface framing protocol and intelligent peripheral interface. The Fibre Channel standard addresses the need for very fast transfers of large amounts of information. The fast (up to 1 Giga byte per second) technology can be converted for LAN technology by adding a switch specified in the Fibre Channel standard that handles multipoint addressing. Fibre Channel gives users one port that supports both channel and network interfaces, unburdening the computers from large number of input and output (I/O) ports. Fibre Channel provides control and complete error checking over the link.Network
File Transfer ProtocolnounA protocol used to transfer files over a Transmission Control Protocol/Internet Protocol (TCP/IP) network (Internet, UNIX, etc.)Network
File transfer protocol (FTP)nounA standard high-level protocol for transferring files from one computer to another, usually implemented as an application level program.Network
Filtering RouternounAn inter-network router that selectively prevents the passage of data packets according to a security policy. A filtering router may be used as a firewall or part of a firewall. A router usually receives a packet from a network and decides where to forward it on a second network. A filtering router does the same, but first decides whether the packet should be forwarded at all, according to some security policy. The policy is implemented by rules (packet filters) loaded into the router.Network
FingernounA protocol to lookup user information on a given host. A Unix program that takes an e-mail address as input and returns information about the user who owns that e-mail address. On some systems, finger only reports whether the user is currently logged on. Other systems return additional information, such as the user's full name, address, and telephone number. Of course, the user must first enter this information into the system. Many e-mail programs now have a finger utility built into them.NetworkPII
firewallnounA hardware/software capability that limits access between networks and/or systems in accordance with a specific security policy.Network
firewall and router configuration standardnounThe organizational document that defines the parameters for each Configurable Item on each of the organization's router and firewall components, and then how each of those individual components should be configured as a part of the overall networking system.Network
Firewall Control ProxynounThe component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination.Network
firewall rulenounFirewall rules examine the control information in individual packets. The rules either block or allow those packets based on rules that are defined on these pages. Firewall rules are assigned directly to computers or to policies that are in turn assigned to a computer or collection of computers.Network
Forward ProxynounForward Proxies are designed to be the server through which all requests are made.Network
Fragment OffsetnounThe fragment offset field tells the sender where a particular fragment falls in relation to other fragments in the original larger packet.Network
Frame relaynounA high-performance wide area network protocol that operates at the physical and data link layers of the Open Systems Interconnect (OSI) reference model. Frame Relay is an example of a packet-switched technology. Packet-switched networks enable end stations to dynamically share the network medium and the available bandwidth. Frame relay uses existing T-1 and T-3 lines and provides connection speeds from 56 Kbps to T-1.Network
Fully-Qualified Domain NamenounA Fully-Qualified Domain Name is a server name with a hostname followed by the full domain name.Network
GatewaynounInterface providing compatibility between networks by converting transmission speeds, protocols, codes, or security measures.Network
Gateway servernounA computer (server) that connects a private network to the private network of a servicer or other business.Network
Global Information InfrastructurenounWorldwide interconnections of the information systems of all countries, international and multinational organizations, and international commercial communications.Network
HopnounEach step of a trip a data packet takes from its origination to its destination. For example, on the Internet a data packet may go through several routers before reaching its final destination.Network
HTTP ProxynounAn HTTP Proxy is a server that acts as a middleman in the communication between HTTP clients and servers.Network
HTTPSnounWhen used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually SSL.Network
HubnounSimple devices that pass all data traffic in both directions between the LAN sections they link. Hubs forward every message they receive to the other sections of the LAN, even those that do not need to go there.Network
Human firewallnounA person prepared to act as a network layer of defense through education and awarenessNetwork
Hypertext Transfer ProtocolnounA communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit hypertext markup language (HTML), extensible markup language (XML) or other pages to client browsersNetwork
Hypertext Transfer Protocol SecurenounA protocol for accessing a secure web server, whereby all data transferred are encrypted.Network
IEEE 802.11nounA family of specifications developed by the Institute of Electrical and Electronics Engineers (IEEE) for wireless local area network (WLAN) technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients.Network
Integrated Systems Digital Networking (ISDN)nounA hierarchy of digital switching and transmission systems that provides voice, data, and image in a unified manner. Integrated Systems Digital Networking (ISDN) is synchronized so that all digital elements communicate in the same protocol at the same speed.Network
interconnectivitynounThe state or quality of being connected together. The interaction of a financial institution's internal and external systems and applications and the entities with which they are linked.NetworkRegulated
Internal "trusted" zonenounA channel in which the end points are known and data integrity is protected in transit. Depending on the communications protocol used, data privacy may be protected in transit. Examples include SSLIP security and a secure physical connection.NetworkInternal
Internal NetworknounA network where 1) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or 2) cryptographic encapsulation or similar security technology implemented between organization-controlled endpoints provides the same effect (at least with regard to confidentiality and integrity). An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned.NetworkInternal
InternetnounThe Internet is the single, interconnected, worldwide system of commercial, governmental, educational, and other computer networks that share (a) the protocol suite specified by the Internet Architecture Board (IAB), and (b) the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN).Network
internet accessnounInternet access refers to the means by which users connect to the Internet, and includes the following components: (1) The transmission of information as common carriage; (2) The transmission of information as part of a gateway to an information service, when that transmission does not involve the generation or alteration of the content of information, but may include data transmission, address translation, protocol conversion, billing management, introductory information content, and navigational systems that enable users to access information services, and that do not affect the presentation of such information to users; and (3) Electronic mail services (e-mail).NetworkInternal
Internet Control Message ProtocolnounA set of protocols that allow systems to communicate information about the state of services on other systems Scope Note: For example, ICMP is used in determining whether systems are up, maximum packet sizes on links, whether a destination host/network/port is available. Hackers typically use (abuse) ICMP to determine information about the remote site.Network
Internet Message Access ProtocolnounA protocol that defines how a client should fetch mail from and return mail to a mail server. IMAP is intended as a replacement for or extension to the Post Office Protocol (POP). It is defined in RFC 1203 (v3) and RFC 2060 (v4).Network
Internet protocolnounStandard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.Network
Internet protocol (IP)nounIP is a standard format for routing data packets between computers. IP is efficient, flexible, routable, and widely used with many applications, and is gaining acceptance as the preferred communication protocol.Network
Internet Small Computer System Interface (iSCSI)nounAn Internet protocol based storage networking standard for linking data storage facilities, used to facilitate. iSCSI is data transfers over intranets and to manage storage over long distances.Network
Internetwork Packet Exchange/Sequenced Packet ExchangenounIPX is layer 3 of the open systems interconnect (OSI) model network protocol; SPX is layer 4 transport protocol. The SPX layer sits on top of the IPX layer and provides connection-oriented services between two nodes on the network.Network
IntranetnounA private network that is employed within the confines of a given enterprise (e.g., internal to a business or agency).NetworkInternal
IP Authentication HeadernounProtocol used to provide connectionless integrity and data origin authentication for IP datagrams (hereafter referred to as just integrity) and to provide protection against replays. (RFC 4302). Scope Note: AH ensures data integrity with a checksum that a message authentication code, such as MD5, generates. To ensure data origin authentication, AH includes a secret shared key in the algorithm that it uses for authentication. To ensure replay protection, AH uses a sequence number field within the IP authentication header.Network
IP SecuritynounSuite of protocols for securing Internet Protocol (IP) communications at the network layer, layer 3 of the OSI model by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for cryptographic key establishment.Network
KMI Protected ChannelnounA KMI Communication Channel that provides 1) Information Integrity Service; 2) either Data Origin Authentication Service or Peer Entity Authentication Service, as is appropriate to the mode of communications; and 3) optionally, Information Confidentiality Service.NetworkRegulatedCUI
Layer 2 Forwarding ProtocolnounAn Internet protocol (originally developed by Cisco Corporation) that uses tunneling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user.Network
Layer 2 switchesnounData link level devices that can divide and interconnect network segments and help to reduce collision domains in Ethernet-based networksNetwork
Layer 2 Tunneling ProtocolnounAn extension of the Point-to-Point Tunneling Protocol used by an Internet service provider to enable the operation of a virtual private network over the Internet.Network
Layer 3 and 4 switchesnounSwitches with operating capabilities at layer 3 and layer 4 of the open systems interconnect (OSI) model. These switches look at the incoming packet’s networking protocol, e.g., IP, and then compare the destination IP address to the list of addresses in their tables, to actively calculate the best way to send a packet to its destination.Network
Layer 4-7 switchesnounUsed for load balancing among groups of servers Scope Note: Also known as content-switches, content services switches, web-switches or application- switches.Network
Lightweight Directory Access ProtocolnounA software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet.Network
Link StatenounWith link state, routes maintain information about all routers and router-to-router links within a geographic area, and creates a table of best routes with that information.Network
Local area networknounCommunication network that serves several users within a specified geographic area Scope Note: A personal computer LAN functions as a distributed processing system in which each computer in the network does its own processing and manages some of its data. Shared data are stored in a file server that acts as a remote disk drive for all users in the network.Network
Loopback AddressnounThe loopback address (127.0.0.1) is a pseudo IP address that always refer back to the local host and are never sent out onto a network.Network
Low Impact External Routable ConnectivitynounDirect user-initiated interactive access or a direct device-to-device connection to a low impact BES Cyber System(s) from a Cyber Asset outside the asset containing those low impact BES Cyber System(s) via a bi-directional routable protocol connection. Point-to-point communications between intelligent electronic devices that use routable communication protocols for time-sensitive protection or control functions between Transmission station or substation assets containing low impact BES Cyber Systems are excluded from this definition (examples of this communication include, but are not limited to, IEC 61850 GOOSE or vendor proprietary protocols).NetworkRegulatedCDI
MAC AddressnounA physical address; a numeric value that uniquely identifies that network device from every other device on the planet.Network
MAC headernounRepresents the hardware address of an network interface controller (NIC) inside a data packetNetwork
Media access controlnounA unique identifier assigned to network interfaces for communications on the physical network segmentNetwork
Metropolitan area networknounA data network intended to serve an area the size of a large cityNetwork
Microwave technologynounNarrowband technology that requires a direct line-of-sight to transmit voice and data communications and is used to integrate a broad range of fixed and mobile communication networks.Network
Multi-HomednounYou are "multi-homed" if your network is directly connected to two or more ISP's.Network
National Information InfrastructurenounNationwide interconnection of communications networks, computers, databases, and consumer electronics that make vast amounts of information available to users. It includes both public and private networks, the Internet, the public switched network, and cable, wireless, and satellite communications.NetworkRegulated
Netmasknoun32-bit number indicating the range of IP addresses residing on a single IP network/subnet/supernet. This specification displays network masks as hexadecimal numbers. For example, the network mask for a class C IP network is displayed as 0xffffff00. Such a mask is often displayed elsewhere in the literature as 255.255.255.0.Network
networknounInformation system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.Network
Network address translationnounA routing technology used by many firewalls to hide internal system addresses from an external network through use of an addressing schema.Network
Network basic input/output systemnounA program that allows applications on different computers to communicate within a local area network (LAN).Network
Network Front-EndnounDevice implementing protocols that allow attachment of a computer system to a network.Network
Network news transfer protocolnounUsed for the distribution, inquiry, retrieval, and posting of Netnews articles using a reliable stream-based mechanism. For news-reading clients, NNTP enables retrieval of news articles that are stored in a central database, giving subscribers the ability to select only those articles they wish to read. (RFC 3977)Network
network portnounA network port is a process-specific or an application-specific software construct serving as a communication endpoint, which is used by the Transport Layer protocols of Internet Protocol suite, such as User Diagram Protocol (UDP) and Transmission Control Protocol (TCP).NetworkRegulated
Open Shortest Path FirstnounOpen Shortest Path First is a link state routing algorithm used in interior gateway routing. Routers maintain a database of all routers in the autonomous system with links between the routers, link costs, and link states (up and down).Network
Overt ChannelnounCommunications path within a computer system or network designed for the authorized transfer of data. See Covert Channel.Network
Packet Switched NetworknounA packet switched network is where individual packets each follow their own paths through the network from one endpoint to another.Network
Packet switchingnounThe process of transmitting messages in convenient pieces that can be reassembled at the destinationNetwork
Peer-to-peer (P2P)nounPeer-to-peer communication, the communications that travel from one user's computer to another user's computer without being stored for later access on a server. E-mail is not a P2P communication since it travels from the sender to a server, and is retrieved by the recipient from the server. On-line chat, however, is a P2P communication since messages travel directly from one user to another.Network
Permanent virtual circuit (PVC)nounPVC is a pathway through a network that is predefined and maintained by the end systems and nodes along the circuit, but the actual pathway through the network may change due to routing problems. The PVC is a fixed circuit that is defined in advance by the public network carrier. Refer to switched virtual circuit for an additional virtual circuit option.Network
Personal FirewallnounA utility on a computer that monitors network activity and blocks communications that are unauthorized.Network
Physically Isolated NetworknounA network that is not connected to entities or systems outside a physically controlled space.NetworkRestricted
PiconetnounA small Bluetooth network created on an ad hoc basis that includes two or more devices.Network
Point-of-sale (POS) networknounA network of institutions, debit cardholders, and merchants that permit consumers to make direct payment electronically at the place of purchase. The funds are withdrawn from the account of the cardholder.NetworkRegulatedPCI
Point-to-Point ProtocolnounA protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. It packages your computer's TCP/IP packets and forwards them to the server where they can actually be put on the Internet.Network
Point-to-Point Tunneling ProtocolnounA protocol (set of communication rules) that allows corporations to extend their own corporate network through private "tunnels" over the public Internet.Network
portnounA physical entry or exit point of a cryptographic module that provides access to the module for physical signals, represented by logical information flows (physically separated ports do not share the same physical pin or wire).NetworkRegulated
port rangenounIn computer networking, a designated range of port numbers. Port numbers are divided into three ranges: well-known ports, registered ports, and dynamic or private ports.Network
Post Office Protocol, Version 3nounAn Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.Network
PreamblenounA preamble is a signal used in network communications to synchronize the transmission timing between two or more systems. Proper timing ensures that all systems are interpreting the start of the information transfer correctly. A preamble defines a specific series of transmission pulses that is understood by communicating systems to mean "someone is about to transmit data". This ensures that systems receiving the information correctly interpret when the data transmission starts. The actual pulses used as a preamble vary depending on the network communication technology in use.Network
Private AddressingnounIANA has set aside three address ranges for use by private or non-Internet connected networks. This is referred to as Private Address Space and is defined in RFC 1918. The reserved address blocks are: 10.0.0.0 to 10.255.255.255 (10/8 prefix) 172.16.0.0 to 172.31.255.255 (172.16/12 prefix) 192.168.0.0 to 192.168.255.255 (192.168/16 prefix)Network
Protected Distribution SystemnounWire line or fiber optic system that includes adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to permit its use for the transmission of unencrypted information through an area of lesser classification or control.NetworkRegulatedCUI
ProtocolnounSet of rules and formats, semantic and syntactic, permitting information systems to exchange information.Network
Protocol EntitynounEntity that follows a set of rules and formats (semantic and syntactic) that determines the communication behavior of other entities.Network
ProxynounA proxy is an application that “breaks” the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it. This effectively closes the straight path between the internal and external networks making it more difficult for an attacker to obtain internal addresses and other details of the organization’s internal network. Proxy servers are available for common Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail Transfer Protocol (SMTP) proxy used for email.Network
Proxy AgentnounA software application running on a firewall or on a dedicated proxy server that is capable of filtering a protocol and routing it between the interfaces of the device.Network
Proxy servernounA server that services the requests of its clients by forwarding those requests to other servers.Network
public networknounA network established and operated by a third party telecommunications provider for specific purpose of providing data transmission services for the public. Data over public networks can be intercepted, modified, and/or diverted while in transit. Examples of public networks include, but are not limited to, the Internet, wireless, and mobile technologies.NetworkPublic
Public switched telephone networknounA communications system that sets up a dedicated channel (or circuit) between two points for the duration of the transmission.Network
Registered portsnounRegistered ports--1024 through 49151: Listed by the IANA and on most systems can be used by ordinary user processes or programs executed by ordinary usersNetwork
RepeatersnounA physical layer device that regenerates and propagates electrical signals between two network segments Scope Note: Repeaters receive signals from one network segment and amplify (regenerate) the signal to compensate for signals (analog or digital) distorted by transmission loss due to reduction of signal strength during transmission (i.e., attenuation)Network
Reverse Address Resolution ProtocolnounRARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server's Address Resolution Protocol table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use.Network
Reverse ProxynounReverse proxies take public HTTP requests and pass them to back-end webservers to send the content to it, so the proxy can then send the content to the end-user.Network
Robust Security NetworknounA wireless security network that only allows the creation of Robust Security Network Associations (RSNAs).Network
Robust Security Network AssociationnounA logical connection between communicating IEEE 802.11 entities established through the IEEE 802.11i key management scheme, also known as the four-way handshake.Network
RouternounA LAN/WAN device operating at Layers 1 (physical), 2 (data link), and 3 (network) of the OSI 7 Layer Reference Model.Network
Routing Information ProtocolnounRouting Information Protocol is a distance vector protocol used for interior gateway routing which uses hop count as the sole metric of a path's cost.Network
ScatternetnounA chain of piconets created by allowing one or more Bluetooth devices to each be a slave in one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be networked over an extended distance.Network
Secure DNSnounConfiguring and operating DNS servers so that the security goals of data integrity and source authentication are achieved and maintained.Network
Secure ShellnounNetwork protocol that uses cryptography to secure communication, remote command line log-in, and remote command execution between two networked computers.Network
Secure Socket LayernounA protocol used for protecting private information during transmission via the Internet. Note: SSL works by using a public key to encrypt data that's transferred over the SSL connection. Most Web browsers support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https:” instead of “http:.”NetworkRegulatedPCI
Secure Socket Layer (SSL)nounA protocol that is used to transmit private documents through the Internet.Network
Secure Sockets LayernounA protocol that is used to transmit private documents through the Internet Scope Note: The SSL protocol uses a private key to encrypt the data that are to be transferred through the SSL connection.NetworkRegulated
Simple Mail Transfer ProtocolnounThe standard electronic mail (e-mail) protocol on the InternetNetwork
Simple Network Management ProtocolnounThe protocol governing network management and the monitoring of network devices and their functions. A set of protocols for managing complex networks.Network
Small Computer Systems Interface (SCSI)nounSmall computer systems interface (pronounced "scuzzy"). A standard way of interfacing a computer to disk drives, tape drives, and other devices that require high-speed data transfer. Also, a secondary SAN protocol that allows computer applications to talk to storage devices.Network
SocketnounThe socket tells a host's IP stack where to plug in a data stream so that it connects to the right application.Network
Socket PairnounA way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port.Network
SOCKSnounA protocol that a proxy server can use to accept requests from client users in a company's network so that it can forward them across the Internet. SOCKS uses sockets to represent and keep track of individual connections. The client side of SOCKS is built into certain Web browsers and the server side can be added to a proxy server.Network
Source PortnounThe port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is made.Network
Source routing specificationnounA transmission technique where the sender of a packet can specify the route that packet should follow through the networkNetwork
Static RoutingnounStatic routing means that routing table entries contain information that does not change.Network
Storage area network (SAN)nounA high-speed special-purpose network (or sub-network) that connects different types of data storage devices with associated data servers on behalf of a larger network of users.Network
Straight-Through CablenounA straight-through cable is where the pins on one side of the connector are wired to the same pins on the other end. It is used for interconnecting nodes on the network.Network
Striped CorenounA network architecture in which user data traversing a core IP network is decrypted, filtered and re-encrypted one or more times. Note: The decryption, filtering, and re-encryption are performed within a “Red gateway”; consequently, the core is “striped” because the data path is alternately Black, Red, and Black.NetworkRegulatedCUI
Sub NetworknounA separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.Network
Subnet MasknounA subnet mask (or number) is used to determine the number of bits used for the subnet and host portions of the address. The mask is a 32-bit value that uses one-bits for the network and subnet portions and zero-bits for the host portion.Network
SwitchnounA device that connects more than two LAN segments that use the same data link and network protocol.Network
Switched NetworknounA communications network, such as the public switched telephone network, in which any user may be connected to any other user through the use of message, circuit, or packet switching and control devices. Any network providing switched communications service.Network
Switched virtual circuit (SVC)nounSVC is a temporary connection between workstations that is disabled after communication is complete. Refer to Permanent Virtual Circuit (PVC) for an additional communication method using circuits.Network
SwitchesnounTypically associated as a data link layer device, switches enable local area network (LAN) segments to be created and interconnected, which has the added benefit of reducing collision domains in Ethernet-based networks.Network
SynchronizationnounSynchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame.Network
Synchronous Optical NETwork (SONET)nounSONET is a standard for telecommunications transmissions over fiber optic cables. SONET is self-healing so that if a break occurs in the lines, it can use a back-up redundant ring to ensure that the transmission continues. SONET networks can transmit voice and data over optical networks.Network
System InterconnectionnounThe direct connection of two or more IT systems for the purpose of sharing data and other information resources.NetworkRegulated
Time to LivenounA value in an Internet Protocol packet that tells a network router whether or not the packet has been in the network too long and should be discarded.Network
TransmissionnounThe state that exists when information is being electronically sent from one location to one or more other locations.Network
Transmission Control ProtocolnounA connection-based Internet protocol that supports reliable data transfer connections Scope Note: Packet data are verified using checksums and retransmitted if they are missing or corrupted. The application plays no part in validating the transfer.Network
Transmission Control Protocol/Internet ProtocolnounProvides the basis for the Internet; a set of communication protocols that encompass media access, packet transport, session communication, file transfer, electronic mail (e-mail), terminal emulation, remote file access and network managementNetwork
Transmission control protocol/Internet protocol (TCP/IP)nounA communication standard for transmitting data packets from one computer to another. TCP/IP is used on the Internet and other networks. The two parts of TCP/IP are TCP, which deals with constructions of data packets, and IP, which routes them from machine to machine.Network
Transport Layer SecuritynounAn authentication and security protocol widely implemented in browsers and Web servers.Network
TrunkingnounTrunking is connecting switched together so that they can share VLAN information between them.Network
Trusted ChannelnounA channel where the endpoints are known and data integrity is protected in transit. Depending on the communications protocol used, data privacy may be protected in transit. Examples include SSL, IPSEC, and secure physical connection.Network
Trusted PortsnounTrusted ports are ports below number 1024 usually allowed to be opened by the root user.Network
Trusted zonenounA channel in which the end points are known and data integrity is protected in transit. Depending on the communications protocol used, data privacy may be protected in transit. Examples include secure socket layer, internet protocol security and a secure physical connection.Network
Tunnel modenounUsed to protect traffic between different networks when traffic must travel through intermediate or untrusted networks. Tunnel mode encapsulates the entire IP packet with and AH or ESP header and an additional IP header.Network
TunnelingnounTechnology enabling one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.Network
Uniform Resource Locator (URL)nounAbbreviation for "Uniform (or Universal) Resource Locator." A way of specifying the location of publicly available information on the Internet, in the form: protocol://machine:port number/filename. Often the port number and/or filename are unnecessary.Network
User Datagram ProtocolnounA connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability Scope Note: A data request by the client is served by sending packets without testing to verify whether they actually arrive at the destination, not whether they were corrupted in transit. It is up to the application to determine these factors and request retransmissions.Network
Virtual local area networknounLogical segmentation of a LAN into different broadcast domains Scope Note: A VLAN is set up by configuring ports on a switch, so devices attached to these ports may communicate as if they were attached to the same physical network segment, although the devices are located on different LAN segments. A VLAN is based on logical rather than physical connections.Network
Virtual local area network (VLAN)nounLogical segmentation of a LAN into different broadcast domains.Network
Virtual private networknounProtected information system link utilizing tunneling, security controls (see Information Assurance), and endpoint address translation giving the impression of a dedicated lineNetworkRegulated
Virtual private network (VPN)nounA computer network that uses public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network.Network
Voice FirewallnounA physical discontinuity in a voice network that monitors, alerts and controls inbound and outbound voice network activity based on user-defined call admission control (CAC) policies, voice application layer security threats or unauthorized service use violations.Network
Voice over Internet Protocol (VoIP)nounThe transmission of voice telephone conversations using the Internet or Internet Protocol networks.Network
Voice-over Internet ProtocolnounAlso called IP Telephony, Internet Telephony and Broadband Phone, a technology that makes it possible to have a voice conversation over the Internet or over any dedicated Internet Protocol (IP) network instead of over dedicated voice transmission linesNetwork
Well-know portsnounWell-known ports--0 through 1023: Controlled and assigned by the Internet Assigned Numbers Authority (IANA), and on most systems can be used only by system (or root) processes or by programs executed by privileged users. The assigned ports use the first portion of the possible port numbers. Initially, these assigned ports were in the range 0-255. Currently, the range for assigned ports managed by the IANA has been expanded to the range 0-1023.NetworkPublicInfo
Wide area networknounA computer network connecting different remote locations that may range from short distances, such as a floor or building, to extremely long transmissions that encompass a large region or several countriesNetwork
Wireless Access PointnounA device that acts as a conduit to connect wireless communication devices together to allow them to communicate and create a wireless network.Network
Wireless Application ProtocolnounA standard that defines the way in which Internet communications and other advanced services are provided on wireless mobile devices.Network
Wireless application protocol (WAP)nounA data transmission standard to deliver wireless markup language (WML) content.Network
Wireless communicationnounThe transfer of signals from place to place without cables, usually using infrared light or radio waves.Network
Wireless gateway servernounA computer (server) that transmits messages between a computer network and a cellular telephone or other wireless access device.Network
Wireless local area networknounA group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each WLAN component—including client devices, APs, and wireless switches—is secured throughout the WLAN lifecycle, from initial WLAN design and deployment through ongoing maintenance and monitoring.Network
Wireless TechnologynounTechnology that permits the transfer of information between separated points without physical connection. Note: Currently wireless technologies use infrared, acoustic, radio frequency, and optical.Network
World Wide WebnounThe global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.Network