January 03, 2024
AAA – Authentication, Authorization, and Accounting
A general framework for controlling accessibility to data on computer systems, enforcing security and control policies, auditing usage, and providing the information necessary for all accountability for access and usage. These combined processes, when applied, are important for effective and safe network management and overall security.
ACL – Access Control List
A set of rules that either allow access to a computer, the data therein, and or all the associated data environment. It is also a set of rules that denies all or partial access.
There are two types of ACL’s generally:
- Filesystem ACLs: Filters that manage access to directories or files in a computer system. A filesystem ACL gives the operating system instructions as to the users that are allowed to access the system, as well as the access and data privileges they are entitled to once they are inside.
- Networking ACLs: Networking ACL’s manage access to a network. This provides instructions to switches and routers as to the kinds of traffic and devices that the user can be allowed to interface within the network.
AMTD – Automated Moving Target Defense
(also see MTD) The automated concept of controlling change across multiple system dimensions in order to increase uncertainty of targets, change the attack surfaces and increase apparent complexity for attackers, to reduce their window of opportunity, change target visibility and increase the time costs of their probing and attack efforts. This also helps expose attack attempts and methods.
APT – Advanced Persistent Threat
An organized cyberattack by a group of skilled, sophisticated threat actors. APTs are not “hit and run” attacks. Attackers plan their campaign carefully against strategic targets and carry it out over a prolonged period of time. APTs are compound attacks involving multiple stages and a variety of attack techniques. Many common attack vectors were initially introduced as parts of an APT campaign with zero-day exploits and malware, customized credential theft, and lateral movement tools as the most prominent examples. APT campaigns tend to involve multiple attack patterns and multiple access points.
APT attacker goals, and consequences faced by organizations, include:
- Theft of intellectual property
- Theft of classified data
- Theft of Personally Identifiable Information (PII) or other sensitive data like Health (PHI) or credit (PCI) information!
- Sabotage, for example, database deletion or Encryption (see Ransomware)
- Complete site takeover
- Obtaining data on infrastructure for reconnaissance purposes
- Obtaining credentials to critical systems
- Access to sensitive or incriminating communications
ARP – Address Resolution Protocol
ARP translates the software address (IP address) to the physical address (MAC address when a computing device is on a network) of every host connected to the network. Applications and software connected to the Internet use IP addresses to send information. Meanwhile, the communication between systems happens through hardware addresses, also known as MAC or physical addresses. Without ARP, software and devices would not be able to send data to each other.
AVG – Average Virtual Gateway
Used in Cisco’s GLPB proprietary solution for load balancing and redundancy in the network. Only one AVG is available in each GLPB group and it’s responsible for replying (Plus assigning) the local MAC addresses to the initial ARP requests for the Virtual IP address (VIP). AVG assigns a different virtual MAC address to the Active Virtual Forwarders (AVFs). This is done when the AVG replies to the initial ARP request from the group host. ARP replies are unicast and are not heard by other hosts on the same broadcast segment. AVF is responsible for the routing traffic received from assigned hosts. The host may use the same virtual MAC address of an AVF, as long as it stays reachable with no timeout.
BaaS – Backend as a Service
BaaS allows developers to focus on the front-end of their applications and leverage back-end services and applications without building or maintaining them. BaaS and serverless computing share some similarities but are not the same.
BDPU – Bridge Data Protocol Unit
BaaS allows developers to focus on the front-end of their applications and leverage back-end services and applications without building or maintaining them. BaaS and serverless computing share some similarities but are not the same.
BGP – Border Gateway Protocol
This is the protocol that enables the global data packet routing system of the Internet. It manages how packets get routed from network to network by exchanging routing (like your GPS routes used to reach a physical destination) and reachability information among edge network routers of autonomous systems (AS). Attributes that may include: Highest weight/value, Current reachability, hop counts (if set), local router preferences, time-to-live settings, and oldest path are considered. BGP networking is based on the TCP/IP model at Layer 4 (in the Open Systems Interconnection (OSI Model)) to control the network layer (Layer 3 – the Internet layer) inter-network communications. In essence, BGP provides connectivity information that can be used to derive Internet packet forwarding tables that help to route packets to their correct destinations.
BooTP – Bootstrap Protocol
This protocol was used by a configuration server to automatically assign an IP address to a network device. Parts of BooTP have been superseded by DHCP (Dynamic Host Configuration Protocol). BooTP it is still used today even though it was originally released in 1985 to replace RARP! When a computer boots up it sends BooTP broadcasts out to get its IP address assignment. You will see BooTP, UDP and DHCP activity on ports 67 and 68.
BSSID – Basic Service Set Identifier
BSSID stands for Basic Service Set Identifier, and it’s the MAC physical address of the access point or wireless router that is used to connect to the WiFi.
CaaS – Container as a Service
CaaS is a category of cloud services where the service provider offers customers the ability to manage and deploy containerized applications and clusters. CaaS is sometimes viewed as a special sub-type of the infrastructure-as-a-service (IaaS) cloud service delivery model, but where the main commodity is containers rather than physical hardware and virtual machines.
CASB – Cloud Access Security Broker
An on-premises, or cloud-based security policy enforcement point, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies. This handles multiple types of security policy enforcement. Security policies may include authentication, single sign-on, basic authorization, access levels, credential and usage mapping, device profiling/types, encryption, tokenization, logging, alerting, malware detection/prevention etc…
CDN – Content Delivery Network
CDNs are formalized content cache systems that are used to deliver content to users efficiently and as locally as possible. A CDN may be used, for example, to deliver streaming video services. This is a physical or virtual network focused on delivering every network event that has any content we use. The CDNs are invisible but make sure everything we do is delivered.
CDP – Cisco Discovery Protocol
A unique Cisco proprietary data link layer (layer 2 of the OSI) protocol that helps with Cisco device inventory. CDP runs between direct/physically connected Cisco network entities (routers, switches, remote access devices, IP telephones etc.) to supply an inventory of devices with information about their direct connected neighbors.
CDR – Content Disarm and Reconstruction
CDR proactively protects end-users from potentially dangerous content by deleting executable content. CDR is also known as Threat Extraction. This is a unique method of protection as it does not rely on detection visibility like other security focused solutions as it deletes all active content included.
CI/CD – Continuous Integration and Continuous Deployment
In the Cloud services, the methods for the orchestration of custom data buckets and control of content delivery networks (CDNs).
CIDR – Classless Inter-Domain Routing
Sometimes called Super Netting, CIDR performs the task of subnetting, which saves a lot of IP addresses. CIDR makes networks more efficient and helps delay the exhaustion of the IPv4 address system. It is a method for saving IP address in delivering content. Addresses are not bound by class; CIDR can organize IP addresses into subnets and that saves wasting many IP addresses!
The term “cloud” refers to a network of remote servers that are accessed over the Internet to store, manage, and process data. It provides on-demand computing resources and services, such as storage, applications, and infrastructure, without requiring direct user management or physical presence. Some say this is the most dangerous data storage today!
CS – Cyber Security
The name and practices needed to protect computer systems, networks (physical, virtual and or hard), and corporate and protected data from unauthorized access, attacks, and damage. It involves implementing rules and technology measures to ensure access control, confidentiality, integrity, availability, protection and resilience of digital assets. Sometimes called Data Security, Network Security, etc.
CSPM – Cloud Security Posture Management
This cloud-focused arena is a segment for security tools designed to identify misconfiguration issues and compliance risks in the cloud. CSPM helps continuously monitor cloud infrastructure for gaps in security policy enforcement. Gartner coined the term and described CSPM as a category of security products that help automate security and provide compliance assurance in the cloud. CSPM is used by organizations that have adopted a cloud-first strategy and want to extend their security best practices to hybrid cloud and multi-cloud environments. While CSPM is mostly associated with IaaS, the technology can also be used to minimize configuration mistakes and reduce compliance risks in SaaS and PaaS environments.
DDoS – Distributed Denial-of-Service
A Distributed Network Attack is designed to exploit the limits of a network to prevent the company, etc. from carrying out business functions and capabilities. It is a data flood attack to overcome the ability of targeted networks to respond to legitimate requests, services and normal business.
DDoS DPI – Deep Packet Inspection
For Distributed Denial-of-Service attacks – DDoS DPI equipment and services can help block several types and causes of a DDOS attack and resulting network issues. DPI in general is a way to reveal malware as it enters the network and with regards to DDOS attacks, can detect worms as they try to get into networks, as well as detecting IoT/IIoT inside attacks.
DHCP – Dynamic Host Configuration Protocol
This protocol helps automate the process of configuring devices for communications on an IP network by automatically assigning an IP addresses and other required communication parameters to devices being connected to the network using a client–server architecture and using network services, such as Domain Name Services (DNS), Network Time Protocol (NTP), and any communication protocol based on UDP or TCP. It has superseded BooTP, but BooTP is still used in the computer boot process. One can see the DHCP negotiations on ports 67 and 68.
DLP – Data Loss Prevention
DLP is the practice (sometimes theoretically) of establishing rules set for detecting and preventing data breaches or exfiltration or unwanted destruction or encryption and leakage of sensitive data of all kinds from corporate to medical data. This is the fundamental of Network Data Security practices!
DMVPN – Dynamic Multipoint VPN
An application that allows data exchanges on a secure network without the use of a central VPN server or router. This creates a mesh VPN protocol that can be applied selectively to connections or spokes being utilized in the business concurrently. Each different site (or spoke) can connect to one another securely without individual setups.
DNS – Domain Name System
A system that translates domain names into IP addresses that browsers and other Internet applications use to load Internet pages, etc. providing viewer access/visibility. One needs an address to send Mail or Data too.
DPC – Deep Packet Content
DPC refers to the payload of packets at different layers of the Internet protocol stack. It involves inspecting the payload, including text, files, or multimedia data, to extract specific information, apply content-based filtering or policies, and perform deep-level analysis for various purposes, such as content filtering, data loss prevention, or compliance monitoring.
DPI – Deep Packet Inspection
DPI is a network monitoring and filtering technique that examines the contents of data packets. It allows for granular analysis of packet headers and payloads to gain insight into network traffic, detect specific applications or protocols, and identify potential security threats or policy violations.
Please Note: Following are several different advanced and focused DPI devices and methods to protect the network in different places and in the many different areas. This information should be self-explanatory:
DPI-AS – Deep Packet Inspection for Autonomous Systems (network routing and management)
DPI-DNS – Deep Packet Inspection for Domain Name System traffic
DPI – Deep Packet Inspection for Enhanced Traffic Intelligence – 5G network slicing
DPI-FTP – Deep Packet Inspection for File Transfer Protocol traffic
DPI-HTTP – Deep Packet Inspection for Hypertext Transfer Protocol traffic
DPI-IM – Deep Packet Inspection for Instant Messaging traffic
DPI-POP3 – Deep Packet Inspection for Post Office Protocol version 3 traffic
DPI-RTSP – Deep Packet Inspection for Real-Time Streaming Protocol traffic
DPI-SIP – Deep Packet Inspection for Session Initiation Protocol trafficDPI-SMTP – Deep Packet Inspection for Simple Mail Transfer Protocol traffic
DPI-SSH – Deep Packet Inspection for Secure Shell traffic
DPI-VPN – Deep Packet Inspection for Virtual Private Networks
DRaaS – Disaster Recovery as a Service
This third-party cloud service provides for restoration of corrupted data or disaster recovery of all kinds, including Ransomware remediation.
DSCP – Differentiated Services Code Point
This part of the Quality-of-Service configuration on routers is the Differentiated Services (DiffServ) field. The six most significant bits of the DiffServ 8 bits are the DSCP field for classifying and managing data traffic and providing QoS standards required. DSCP can provide for low latency for important data and best effort for other non-critical data flows. DSCP replaces the older Type of Service (ToS).
EDR – Endpoint Detection and Response
A cybersecurity technology, also known as ETDR – Endpoint Threat Detection and Response, is mainly focused on endpoint continuous monitoring looking for aberrant behavior for threat detection and alerts.
EGP – Exterior Gateway Protocol
An older generic protocol is/was used to exchange reachability between Internet gateways to different systems. EGP was originally use by ARPANET but is no longer popular and was replaced by BGP and other advanced protocols.
EIGRP – Enhanced Interior Gateway Routing Protocol
Enhanced Cisco version of IGRP and BGP “Routing table with shortest path information” allows routers to exchange network and management informational changes much faster. Using only Hello packets for normal routing operation with quick changes updates with only the needed information not the entire route table and using the enhanced Diffused Update Algorithm for quicker and more accurate shortest path calculations.
FaaS – Function as a Service
Advanced cloud service that involves providing customers with a platform to develop service-oriented applications where they may test, run, and manage their applications. The costs are similar to other “X”aaS services which are charged on the actual run-time of the services and functions that are run.
FDC – Fault Detection and Classification
To detect abnormal behavior and classify for administrative review.
FIM – File Integrity Monitoring
A technique where certain files and or logs are monitored for any file changes or modifications. If any changes are detected, alerts are sent to security personnel for review and actions. Changes could indicate a breach or hacking.
FWaaS – FireWall as a Service
A cloud-based service that provides hyperscale, next-generation firewall (NGFW) capabilities, which may include web filtering and other advanced threat protection services.
GLBP – Gateway Load Balancing Protocol
A Cisco round-robin load balancing protocol that protects data traffic from a failed router or circuit, like the Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP), which allows for packet load sharing between a group of redundant routers (tables)/gateways using a virtual gateway (AVG-Average Virtual Gateway) to manage the load distribution for each member using a virtual MAC address.
GRE – Generic Routing Encapsulation
A packet tunneling protocol originally created by Cisco for encapsulating data packets that use one routing protocol inside the packets of another protocol.
GTP – GPRS Tunneling Protocol
General Packet Radio Services is a protocol to allow data network, and Internet transmission of data (IPv4, IPv6, PPP packets) from the cell domain and other radio services, including GSM, UMTS, LTE and 5G NR and other radio networks. There are 3 basic standards to provide for these services – GTP-C, GPT-U and GTP’ (prime).
HAN – Health Alert Network
A network for the CDC and other health organizations to communicate urgent health alerts, messages and information to WWW and local agencies, as well as to the public.
HSRP – Hot Standby Router Protocol
One of the two most popular Cisco router redundancy protocols. The other is VRRP – Virtual Router Redundancy Protocol. This Cisco protocol allows a network to have two or more routers for backup/redundancy, while giving the network the illusion of just one router where only one router is active at a time.
HTTP – Hypertext Transfer Protocol
An application layer protocol that is an essential part of the WWW that links us through webpages.
HTTPS – Hypertext Transfer Protocol Secure
The secure/encrypted (public and SSL encryption) version of HTTP.
IaaS – Infrastructure as a Service
One of three types of cloud-as-a-service options (see PaaS, SaaS) which offers computing, storage and networking services on a demand-as-needed basis. Sometimes, corporation need more network functionality and IaaS can provide as-needed and pay-as-needed.
IAM – Identity and Access Management
A “MUST” business security discipline that enables the right people, software, and hardware to have access to only the authorized tools required to perform their duties. These procedures prevent granting them access to functions that present a security risk to the corporate network.
ICMP – Internet Control Message Protocol
An error-reporting protocol that network devices, such as routers, intermediary devices and hosts, use to communicate error information or updates to other routers or hosts and is used to generate error messages to the source IP address when network problems prevent delivery of IP data packets. ICMP creates and sends messages to the source IP address indicating that a gateway to the Internet, such as a router, service or host, cannot be reached for packet delivery. ICMP can also be used to troubleshoot Internet connections using ping and traceroute functions.
IDF – Intermediate Distribution Frame
A rack-mounted cable distribution solution. It is a physical rack used for mounting network and telecommunications equipment.
IDS – Intrusion Detection System (often used in conjunction with DPI)
A hardware and software device/solution or set of devices used to detect an intrusion or vulnerability exploits against a target application or network.
IEEE – The Institute for Electrical Electronic Engineers
A highly prestigious professional organization. The IEEE is dedicated to advancing technology for the benefit of humanity. There are 3 levels of professional membership other than student level – Member, Senior and Fellow.
The standards part of the IEEE, where standards/recommendations are written and collective technology is shared.
IGMP – Internet Group Management Protocol
There are two types of IGMP – V1 and V2. This is a protocol that allows several devices to share one IP address so they can all receive the same data broadcast. IGMP is an IPv4 network layer protocol used to set up multicasting on networks, which allows and manages the devices to join or leave the multicast group membership and is not a multicast routing protocol.
IGP – Interior Gateway Protocol
There are two categories of IP routing protocols: Interior gateway protocol (IGP) and Exterior gateway protocol (EGP). If the routing protocol is designed to be used in a single autonomous system, it comes under the IGP definition. If a routing protocol is designed and intended to be used in between different (2 or more) autonomous systems, it comes under the EGP definition.
IMAP – Internet Message Access Protocol
A standard email retrieval (incoming) protocol. It allows email messages to be stored on a mail server and allows the recipient to view and manipulate them as though they were stored locally on their computers or other devices.
IoT – Internet of Things
Physical objects/devices embedded with sensors and actuators that communicate with and through computing networks which allows the physical world like temperature, pressure, etc., to be digitally monitored and or controlled.
IP – Internet Protocol
The protocol that supports data to be sent from one computer to another without being directly connected. IP is protocol that defines the modern Internet.
IPS – Intrusion Prevention System (often used in conjunction with DPI)
These systems fall into one of three categories: Host Based Intrusion Detection Systems (HIDS), Network Based Intrusion Detection Systems (NIDS), and a combination of the two. Sometimes IPS is called IDPS, which is Intrusion Detection Prevention System. These both are designed to monitor a network for any known malicious activities or activity that is attempting to exploit a known vulnerability.
These systems can do many things to mitigate attacks or intrusions including:
- Sending an alarm and report notification to the administrator
- Dropping the malicious packets
- Blocking traffic from the source address
- Resetting the connection
- Help in configuring firewalls to prevent future attacks
IPSec – Internet Protocol Security
A set of communication rules/protocols to set up secure connections over a network. Internet Protocol (IP) is the common standard that determines how data travels over the Internet. IP sec adds encryption and authentication to secure the connection and data sent.
IPSec VPN – Internet Protocol Security VPN
Where the IPSec protocol is used to create encrypted tunnels on the Internet. It provides end-to-end encryption, which means data is scrambled at the sending computer and unscrambled at the receiving server
ISP – Internet Service Provider
A company that provides access to the Internet to homes and businesses.
ITAM –Information Technology Asset Management (ITAM)
ITAM is the management process of full-cycle care of the corporation’s/organization’s business data assets. The ITAM process fully accounts for one’s data cycle from original deployment, maintenance, upgraded legally (i.e., Credit card, personal information…etc.) as needed and at the end of value cycle full protection against retrieval and total disposal of the data. This cycle may be mandated by law (i.e., GDPR, State, Federal and country laws) or the lack of business value,
ITDR – Identity Threat Detection and Response
Gartner defines ITDR as “a security discipline that encompasses threat intelligence – with best practices, a knowledge base, tools, and processes to protect identity systems. It works by implementing detection mechanisms, investigating suspicious posture changes and activities, and responding to attacks to restore the integrity of the identity infrastructure.”
L2TP – Layer 2 Tunneling Protocol
An extension of the Point-to-Point Tunneling Protocol (PPTP) used by Internet service providers to enable virtual private networks (VPNs) to ensure security and privacy of the data transported.
L7 DPI – Layer 7 Deep Packet Inspection
Deep Packet Inspection of all Layer 7 data.
LACP – Link Aggregation Control Protocol
IEEE 802.3ad standard that allows the user to combine numerous physical Ethernet links into one logical link, allows multiple ports collectively as a single channel or multiple physical ports as one port.
LDAP – Lightweight Directory Access Protocol
LDAP has two main goals: 1) to store data in the LDAP directory and 2) to authenticate users to allow access to the directory. LDAP servers store the identity data for authenticating users to use an application or access to user data.
LLM – Large Language Models
Specialized Machine Learning algorithms that model languages for the purposes of language output generation. Sometimes referred to as Generative AI.
LOS – Line of Sight
Where one can see from their position physically or from their access point in a network. Also, line of sight refers to the ability of a transmitter to literally see the receiver or vice-versa. It is not specific to access points.
MAC – Media (or Medium) Access Control
This layer 2 network policy is for data transfer that regulates how data is transmitted between two computing devices. MAC refers to pretty much any layer 2 access method, not just Ethernet, for example. MACs are conventions for media access control that incorporate rules for device transmission and reception.
The MAC protocol tries to ensure the non-collision of data being transferred between two computer/network devices. Data collisions are not good and can disrupt overall communications.
MAF – A Multi-Access Function
A cyber security access protocol to secure access requiring more than one action to log in or get access to a network or data function.
MAN – Metropolitan Area Network
There are two types on MANS – hard and wireless (WMAN). Both are located in a local, but wider than one building area where they can communicate without intervention of another carrier. A campus wide network is the best example. This is usually within a 5-to-10-mile (or so) area, but directly connected.
MBaaS – Mobile Backend-as-a-Service
A mobile access method to the cloud used by programmers and developers using specific and standard Application Programming Interfaces (APIs)(I.e. Android/iOS) and Software Development Kits (SDK’s), which help in lowering costs, but raises hackability. This allows organizations that want to utilize off-premise servers to use MBaaS to connect their application’s backend access resources.
MDF – Main Distribution Frame
The main demarcation point between the internal network and the external transport or WAN domain. If one is going from the inside network (LANS) to the outside network (WANS) they probably have an MDF. Inside physically segmented networks there can be a LAN distribution panel or Frame.
MDP – Markov Decision Process
A rules-based decision process used for automation decision making for data and network tools, i.e. with smart tools like Firewalls, DPI, DCM, SIEMs, IoT, IIoT, etc. which use these smart algorithms for establishing rules for passing or deleting data packets and recognition of aberrant activity.
MDR – Managed Detection and Response
Estimates believe 60% of organizations will be actively using remote threat disruption and containment capabilities delivered as MDR. However, a specific definition has NOT been established. Gartner defines MDR as where a vendor provides customers with remotely delivered, human-led SOC functions for the purposes of incident reporting, rapid detection, analysis and investigation of threats, as well as remote mitigative responses to those threats. Services may be added or subtracted as required.
MIMO – Multiple-Input Multiple-Output
This wireless technology uses multiple transmit and receive antennas, which are simultaneously used for transmission and reception, allowing increased data channel capacity. MIMO uses the spatial frequency diversity present in the standard WiFi, cellular or direct RF modulation techniques present in the channels between multiple transmit and receive antenna pairs.
MIMO is designed to provide high data rate with reliable communications to a large number of wireless terminals using a shared wireless (RF) medium like antennas using a multiple access channel (MAC – NOT Medium Access Control) such as in the cellular arena.
There are several versions of MIMO – i.e. MIMO-OFDMA Terahertz for IoT and IIoT networks often called THz MIMO OFDM for THz level transmission modulation method called Orthogonal Frequency Division Multiplexing (OFDM) systems, MU-MIMO – Multi User-MIMO, MIMO (IRS) Intelligent Reflecting Surface that uses two effective solutions for compensating the large pathloss in THz (6Ghz up) radio systems.
Other variants are – Sequential Parametric
These include Convex Approximation (SPCA), Simultaneous Wireless Information and Power Transfer (SWIPT) for advance power and control method and others that identify the different modulation and beam forming types for higher speed control of IoT and IIoT applications.
MPLS – Multi-Protocol Label Switching
This layer 2.5 IP protocol uses Labels rather than regular Router tables to get unique encrypted data to only the receiving user it is assigned to and much faster. Kind of like a VPN! The MPLS header is added to the packet that lies between layers 2 and 3, thus a 2.5-layer protocol. This is much faster than reading long router tables.
MPLS DPI – Deep Packet Inspection for Multi-Protocol Label Switching Networks
This is another of the many DPI applications that read into network MPLS data to find aberrant behavior, dangerous data, dangerous outside addresses, bad paths, aberrant connections, etc.
MSTP – Multiple Spanning Tree Protocol
The IEEE 802.1’s standard that allows a single physical network switch to support multiple spanning-tree connecting instances. This is very useful for companies with lots of VLANs in the network and wants to communicate with separate spanning-tree instances for different groups of VLANs.
MTD – Moving Target Defense
See AMTD above.
MTU – Maximum Transmission Unit
Sets the largest packet (PDU) size, specified in octets (eight-bit bytes –Two nibbles- even though ASCII only uses the first 7 of the bits) that can be sent in a TCP packet or frame per transmission. There is just under 4Gb in an IPv6 JumboGram. There are different MTU’s for different transport modes, like IPv4 versus IPv6, versus WiFi versus Ethernet Jumbo Frames, etc. Ethernet has a minimum frame size of 64 bytes, comprising an 18-byte header and a payload of 46 bytes. It also has a maximum frame size of 1518 bytes; in which case the payload is 1500 bytes.
NAC – Network Access Control
This rules-based security solution uses unique access protocols to keep unauthorized users and devices out of a private network. These also give restricted access to the devices, which are compliant with network security policies. It is sometimes known as Network Admission Control. It handles network management and security that implements security policy, compliance, and management of access control to a network. These software rules, along with DPI and other hard security devices, can help keep a network safe, but NAC alone is NOT sufficient to fully protect a network.
NAS – Network Attached Storage
Centralized network devices (i.e., hard drives) which allow multiple network users to store files over a TCP/IP network. They are sometimes called a NAS box, NAS unit, NAS server, or NAS head.
NAT – Network Address Translation
This technique is used to help alleviate the limited number of IPv4 addresses. NAT was originally intended as a short-term solution to alleviate the shortage of available IPv4 addresses until IPv6 would be the common protocol, which has not happened. NAT is a method of having multiple non-unique, private IP inside addresses sharing one public IP address. By using NAT, devices on a private network can communicate with devices on a public network without the need for each device to have its own unique IP address. NAT uses port numbers to aid in mapping from internal (RFC 1918) IP addresses to globally unique, routable IP addresses. The future is IPv6 that has a large enough address field to give a unique IP address for every 1 square inch on the earth and more.
NBAR – Network-Based Application Recognition
A Cisco application that is an advanced application recognition engine for servers that utilize several classification techniques and has the ability to quickly update its classification rules for access and control. It uses Deep Packet Inspection to determine which traffic category the data flow belongs to. Used in conjunction with other features, it may then program the internal application-specific integrated circuits (ASICs) to handle a specific flow and added security for “REAL” data flows.
NETSCOUT provides state-of-the-art solutions that help minimize disruptions by monitoring and trending network traffic for Internet circuits and VPN gateways. This includes metrics for traffic volume, dropped packets, and errors provide early warning of potential and aberrant issues. Also, many attack prevention and mitigation capabilities – i.e., Ransomware, DDoS and other attacks,
A network protocol developed by Cisco for collecting IP traffic information and monitoring network flow. By analyzing NetFlow data, you can get a picture of network traffic flow and volume.
NFV – Network Function Virtualization
This technology employs inbuilt kernel features, re-extended Berkeley Packet Filter (eBPF) to fast filter and make decisions on every packet to pass or delete in the layer 2 environment. This implementation saves both system resources and network and decision latency, which is the largest issue in Autonomous DPI-like filtering systems.
NGFW – Next-Generation Firewall (leveraging DPI for advanced network security)
These Firewalls are much smarter than previous versions and can implement protection through Layer-7 of the OSI model. They also have many and MUCH smarter features and deeper threat recognition visibility with greatly expanded action ques with higher-speed recognition.
NIDS – Network Intrusion Detection System
Promiscuous, inside network systems that only “sniff” the traffic looking for issues and protection policies. Another part of NIDS are the Reporting and Alerting pieces.
NIPS – Network Intrusion Prevention System
A network security tool or solution that monitors the network 24×7. It works by recognizing, preventing and interrupting aberrant network events, attacks and controls behavior. These are very complex solutions that when added to DPI solutions and Firewalls can help prevent network damage, breaches, malware and MUCH more!
NTP – Network Time Protocol
This application by David Mills (1981) runs under UDP and provides universal network time synchronization. This application synchronizes with Stratum 0 atomic and GPS clocks to unify date and time stamps on all data packets and flows to under100ms.
OSI – Open Systems Interconnection
A conceptual model from the International Organization for Standardization (ISO) that describes the common seven layers that computer systems use to communicate over a network/Internet
Graphic courtesy of Wikipedia “The Best Knowlege Place”
OSPF – Open Shortest Path First
This Open Standard RFC – 2823 – is part of the Interior Gateway Protocol (IGP) group. This link-state routing protocol first uses the Shortest Path First (SPF) or the Dijkstra algorithm to calculate the best route for each packets flow method. Devices running OSPF protocol must establish neighbor relationships (Neighborhood Tables) before exchanging route but not tables. OSPF devices have 3 important tables for best effort direction of packets, The first is the neighborhood table, Topology table – the Topology of the internal networks involved and the routing/forwarding tables – the best-known route that has been successful.
P2P DPI – Deep Packet Inspection for Peer-to-Peer traffic
A protection and monitoring method for P2P data flows. To use DPI focused for real-time data and analysis of packet contents for stateful protocol identification, flow monitoring, application monitoring, session monitoring, policy enforcement, use and usage control, quality of service, security, traffic management, and similar data protection functions.
PA – Packet Analysis
PA involves the inspection and examination of individual network packets to understand network behavior, troubleshoot issues, and gain insights into network performance, security, and protocols. It includes analyzing packet headers, payload, timing, and the relationships between packets to detect anomalies, diagnose problems, and optimize network performance.
PaaS – Platform-as-a-Service
A service in which cloud developers rent or are provided by the cloud provider everything that is required to build needed applications. They basically are relying on their cloud provider to offer the correct development tools, infrastructure, and operating systems. This is one of the three service models of cloud computing. The three models of cloud computing are PaaS (above), SaaS (Software-as-a-Service) which refers to full applications that are hosted in the cloud and maintained by the SaaS vendor and IaaS (Infrastructure-as-a-Service), which refers to cloud computing infrastructure and access to servers, storage, etc. which are managed by their cloud vendor.
PACE – Packet Analysis and Content Extraction
Where one uses a packet monitoring, capture and analysis system to visualize and analyze their network flows by packets and metadata. The devices must be able to capture packets and allow for the extraction of data for deep data analysis including performance. Open-source packet capture solutions are very limited in access speed, have no way to address loss or dropped data and can-do limited extraction. Few devices can extract Metadata, automatically analyze performance, find and capture aberrant data, record data leaks, do network forensics, Real Data Extraction and much more like NETSCOUT’s Sniffer and nGenius solutions or WireShark.
PAF – Packet Analysis Framework
A data capture and analysis architecture that has100% visibility of ALL data, aberrant behavior recognition, performance details and storage solution. This may also include Deep Packet Inspection devices, as well as the diagnostic capability.
PAM – Packet Analysis Module
MUST be included in any PAF solution as the real-time, 100% data analysis piece.
PAT – Port Address Translation
Another method of address conservation like NAT – Network Address Translation. PAT permits multiple devices on a LAN to be mapped to a single public IP address by using port numbers. PAT plus NAT can add many extra levels of address safety and reduce internal address exhaustion.
PCAP – Packet Capture- A File Format for storage of Captured Packets
This file type contains packet data captured by a network monitoring tool and is used in post-analytics of the recorded network characteristics, dynamics and much more. PCAP files are the most common storage format for data files, but are only as accurate as the tools recording them. If your tool cannot capture and store full duplex high-speed data then the files are useless. Garbage in, garbage out! Computer-based software is only good for network speeds of less than gigabit rates.
PDU – Protocol Data Unit
In networking, a PDU is a single unit of information transmitted among peer entities of a network at a given layer of protocol. Every protocol has its own PDUs. It carries the protocol-control information and/or user data. The PDU is the unit of exchange between communicating entities. The PDU is the envelope of the carried data or control information.
PDU – Power Data Unit
Another type of a PDU is a device for controlling provided AC electrical power in a data center. The most basic PDUs are power strips with or without surge protection.
PNT – Positioning, Navigation, and Timing
PNT is necessary for the functioning of the nation’s critical infrastructure. All communications use PNT standards for everything from Internet to monitoring systems, etc. Whether for civil, commercial, or military use, nearly all sectors rely on accurate PNT information to provide services definitions, as there are MANY types on PNT.
PoE – Power over Ethernet
Any of several standards and/or ad hoc systems that pass electric power (DC) along with data on twisted-pair Ethernet cabling. The delimiter is that PoE cannot power high-end machines like routers, switches, etc., and in some conditions the power transfer causes noise that can seriously affect the data integrity. Powered Devices (PD) are small power demand devices i.e., IP phones and IP cameras. IEEE 802.3af, also known as standard PoE, operates at a voltage range of 44-57V and supplies a current of 10-350mA. In this standard, the maximum power output of a port is limited to 15.4W. Distance is another limiting factor in using PoE.
POP – Post Office Protocol
Originally released as a standard of Internet mail in 1984 it has been updated to POPv3. This is the Internet standard that allows one to download email messages from an email server to a computer or cell phone, notebooks, etc.
POTS – Plain Old Telephone Service
Sometimes referred to as PSTN, or public switched telephone network. These were hard wired (twisted pair copper wired) voice grade analog telephone communications through hard wired handsets.
PPP – Point-to-Point Protocol
The Point-to-Point Protocol (PPP) directly connects two network devices to two networks at the data link layer using transport connections like ISDN, DSL through a Wide area net.
PPTP – Point-to-Point Tunneling Protocol
A mostly obsolete technique for implementing virtual private networks on port 1723. It had many data protection issues and is not used much.
PTP – Precision Time Protocol
This IEEE standard 1588-2019 is known as version V2.1. This timing protocol is accurate up to less than a microsecond and is usually measured in nanoseconds – .000,000,001 seconds where NTP is accurate, under ten milliseconds – .010 seconds. PTP is used to coordinate time sensitive environments, like stock trading and manufacturing, where timing is important with IoT and IIoT robots in production lines and streaming environments like video conferencing where voice and video must be coordinated.
QoS – Quality of Service
In networks, QoS means regulating network resources in the degree of packet loss, network jitter and latency, plus the overall performance of cloud, or computer network services and the tools/technologies that guarantee the network’s ability to run high-priority operations. There are three general models used when applying Quality of Service (QoS). These are:
- Best Effort – No special needs – No QoS needed or requested
- DiffServ Differentiated Services – QoS is implemented on a “hop by hop” basis where we use the ToS byte of IP packets for classification needs
- IntServ Integrated Services – A signaling process, like RSVP where network flows can request a certain bandwidth, delay, etc. that is required for the flow
This is especially important in automation control environments like IoT and IIoT.
RADIUS – Remote Authentication Dial-In User Service
Usually used with the IEEE 802.1x authentication standard. This is a client-server networking protocol that facilitates communications between a central server and individual users who want to gain access to the network access server (NAS). The NAS then verifies the user’s information through the RADIUS authentication server. The authentication information may include details, such as a username, a password, and an IP address, etc.
RARP – Reverse Address Resolution Protocol
An obsolete computer communication protocol used by a client computer to request its Internet Protocol (IPv4) address from a computer network. It has been replaced by BooTP and DHCP.
RDP – Remote Desktop Protocol
This Microsoft protocol was developed to allow a host computer to connect and control another remote computer through the network to help and fix Windows issues. RDP is sometimes called Windows Remote Desktop or Windows Terminal Server and is among the most commonly exploited access for ransomware and malicious attackers. It is a very dangerous access and remote-control technology and should be removed to help stop this as an attack origin which requires open ports on a public address than can be highly dangerous!
RIP – Routing Information Protocol
RIP uses a single routing methodology to measure the distance between the source and the destination network. RIP is a classless routing protocol that is capable of advertising subnet mask information and uses multicast to send routing updates. RIPv2 sends the entire routing table with updates every 30 seconds. RIP is mainly used on small networks because it is very simple to configure and maintain, but lacks the advanced features of other routing protocols like OSPF or EIGRP.
RSTP – Rapid Spanning Tree Protocol
This IEEE 802.1w standard is an advancement over STP and follows a strict set of rules by which the switches decide the best way to forward the traffic on the network free from any redundancy, preventing bridge loops and broadcast storms and allows for the rapid recovery of failed links in a network. It is a complex improvement and is backwards capable to the STP standard. It has been revised many times, thus adding to its complexity.
RSVP – Resource Reservation Protocol
This protocol requests for a certain level of QoS, delay, bandwidth, jitter or services end-to-end, that is mostly controlled by the routers in a network. Admission Control is used to permit or deny the request. Once the communication is complete, the resources are released. RSVP conforms to the QoS model definitions and standards.
RUM – Real User Monitoring
RUM is a performance monitoring process that collects detailed data about a user’s interaction with an application. Real user monitoring collects data on a variety of metrics.
SaaS – Software as a Service
A subscription-based application that is accessed remotely and may also be called Web-based, On-Demand or Hosted software.
SAN – Storage Area Network
SANs are rapidly becoming the most common storage architectures used by enterprises. SANs allow for business-critical applications that require high-throughput and low-latency shared storage. This allows for consistent modalities and other cyber security processes with methods to meet today’s security, data protection, and recovery requirements.
SDN – Software-Defined Networking
A newer technology that allows one to manage a network through software. Network managers can configure, manage, secure, and optimize their network resources very quickly through software, allowing them to meet their current physical network needs or the control plane of the network.
SDNs are operated through devices that manage packet processing through efficient software-based encoding rather than through more conventional programming methods. P4 is a language used, e.g., by OpenFlow SDNs.
SDP – Session Description Protocol
This SIP data unit is used to specify the transferring media format, the codec, and protocol where the voice and video streams are carried by RTP (Real-Time Transport Protocol) or SRTP the secure version of RTP.
SDU – Service Data Unit
SDU is the data or control information carried to a device or user using the PDU. See PDU! Theservice data unit(SDU) is the unit of data to be delivered over data networks. The SDU can be thought of as the message to be delivered by the next lower protocol layer – the PDU. See also PDU – Payload Data Unit.
Software Defined Wide Area Networks – A large WAN network that is configured, managed (i.e. controlled) and protected without hardware.
SFTP – Secure (SSH) File Transfer Protocol
This secure FTP (File Transfer Protocol) is used to provide file access, transfer and management securely using the SSH and FTP protocols.
SIEM – Security Information and Event Management
These systems are threat recognition/detection, compliance measuring, event logging and incident recognition solutions. Each version comes with varying degrees of capabilities for recognition, incident management, reporting/logging and dashboard capabilities.
SIP – Session Initiation Protocol
A layer 7 protocol used for initiating, maintaining, and terminating voice, video and messaging Internet telephony communication sessions. It is also used in LTE
SLA – Service Level Agreement
An agreement/contract between customer and provider with the parameters of service and measurement methods.
SMB – Server Message Block
This protocol enables the sharing of network elements like printers, files and other inter-process elements.
SMTP – Simple Mail Transfer Protocol
This protocol is used by to manage the transfer of Internet mail between senders and receivers.
SNMP – Simple Network Management Protocol
This application layer protocol is used to monitor and manage network elements i.e., computers, routers, switches, etc.
SOC – Security Operations Center
This centralized area is focused on threat detection, mitigation and recovery.
SSCS – Software Supply Chain Security
A strategy by which supply organizations detect, identify, analyze and/or mitigate associated risks and attacks within the supply control plane using the monitored digital signatures and artifacts within the supply network. This strategy combines risk management and cybersecurity principles to assess supply chain risks and implement measures to block, mitigate, or remediate issues no matter the origin, inside or outside the supply chain network.
SSE – Security Service Edge
(Gartner Definition) – a solution and process that secures access to the web, cloud services and private applications. Capabilities include access control, threat protection, data security, security monitoring, and acceptable-use control enforced by network-based and API-based integration. SSE is primarily delivered as a cloud-based service, and may include on-premises or agent-based components. SSE is considered a subset of the (SASE) Secure Access Service Edge framework. SSE can include Secure Web Gateway (SWG), Zero trust Network Access (ZTNA), Cloud Access Security Broker (CASB) and also Firewall-as-a-Service (FWaaS)
SSH – Secure Shell
An IETF standard is for encryption communicating over an unsecure client-server environment-based network. It is mostly used for remote login (User Name and Password authentication) to establish a secure connection between computers, servers and browsers and for command-line execution within the connection. Note: SSH also refers to the UNIX (Wikipedia definition) design to replace Telnet and for unsecured remote Unix shell protocols, such as the Berkeley Remote Shell (rsh) and the related rlogin and rexec protocols, which all use insecure, plaintext transmission of authentication tokens.
SSID – Service Set Identifier
The Identifier that allows for unique WiFi network naming.
SSL – Secure Sockets Layer
This is/was a cryptographic protocol used to authenticate Internet connections, but has mostly been replaced by Transport Layer Security, or TLS around 1999.
SSO – Single Sign-On
Allows users to use one set of network identification credentials to access several sites, databases, and other controlled access environments. Today, most security environments require at least 2 access credentials.
STP – Spanning Tree Protocol – IEEE 802.1D algorithm
STP is to ensure that you do not create network deadly layer 2 loops when you have redundant switch paths in your network and prevent broadcast storms. Switches exchanging BPDU messages with other switches to detect loops, and then removes the loop by shutting down selected bridge/switch interfaces. This algorithm guarantees that there is one and only one active path between two network devices.
SWG – Secure Web Gateway
A security solution focused on preventing unsecured Internet traffic from entering an internal network and enforcing corporate access policies to prevent web-based attacks and threats.
TACACS+ – Terminal Access Controller Access-Control System Plus
A Cisco full-encryption protocol (broader than Radius, which only encrypts passwords) that encrypts all packets, thus providing control over the authorization of commands. TACACS+ requires access to an authentication server to validate users access to the network and the data.
TCP/IP – Transmission Control Protocol/Internet Protocol
A suite of data network communication protocols originally invented by Vint Cerf and Rob Kahn in the 1970’s used to interconnect network devices and computers on the Internet and in private networks. Much evolved since then, it is used to interconnect network devices and computers in multiple network environments. TCP/IP is used on the Internet and in private networks.
TCPDUMP (TCP Dump)
A command line (C) utility that allows one to capture and analyze network traffic using a computer. It has speed limitations, minimal analytics and limited visualizations.
TFTP – Trivial File Transfer Protocol
A simple non-authentication protocol that provides very basic file transfer. TFTP is not like FTP, which has sophisticated protection and authentication algorithms.
TLS – Transport Layer Security – RFC 6347
A cryptographic method that provides authentication, privacy and data integrity between two communicating computers
UDP – User Datagram Protocol
A transport layer protocol for configuring packets to be transported/sent across data networks. TCP is a connection-based protocol and UDP is connectionless. Both ride over the IP layer of protocol.
UTM – Unified Threat Management (incorporating DPI as part of its security features)
Deployed at the network perimeter or edge. These devices scan all data in and out of the network. Using deep packet inspection (DPI), a UTM solution gains full visibility into all network packets to identify incoming threats and blocks dangerous web/user requests. UTM can provide a single dashboard for security teams to manage and update, thus providing the ability to rapidly recognize threats.
VIP or VIPA – Virtual IP Address
IP addresses that are not connected to physical machines or interfaces. These soft assigned addresses can rotate among nodes in a Content Gateway cluster. It is not uncommon for one machine to represent multiple IP addresses on the same subnet. When incoming data packets are sent to the VIP address, they are then routed to real, actual and factual network interfaces.
VLAN – Virtual Local Area Network
VLAN is an overlay network that organizes groups of users/devices together that share a virtual LAN. The purpose is to isolate and deliver traffic to each device or logical group. i.e., a department, floor, campus, etc.
VLSM – Variable Length Subnet Masking
A method of utilizing IPv4 addresses by adding Subnet addresses. Subnetting is the process of dividing a single large network into multiple small networks known as subnets. The primary purpose of subnetting is to help relieve network congestion and improve efficiency in the utilization of the relatively small network address space available in IPv4.
VoIP – Voice over Internet Protocol
This involves IP digitized voice (analog) calls over a digital network. This protocol supports digitized analog signals over an IP-based network.
VPLS – Virtual Private LAN Service
A Multipoint-to-Multipoint Layer 2 VPN encrypted service that connects multiple branches of a Client, like a company group or department, in a single logical switched architecture over a service providers IP/MPLS network.
VPN – Virtual Private Network
A mechanism or tunneling protocol that creates a secure connection between computing devices and/or a computer network or between two networks. It is designed to hide communications and may use a variety of encryption methods.
VRRP – Virtual Router Redundancy Protocol
VRRP eliminates the single point of failure inherent in the static default routed environment by managing L3 and routers creating redundant paths through the LAN network. See also HSRP.
VTP – VLAN Trunking Protocol
A multiplexing protocol that allows users to transmit many VLAN’s traffic as opposed to just one link at a time.
WAF – Web Application Fire
employing DPI to inspect and protect web traffic
WAN – Wide Area Network – Using TCP
Transmission Control Protocol using many LANs can communicate to other networks remotely. A network of networks i.e. the Internet. This includes many methods – Frame Relay, MPLS, and many more methods, but TCP is the primary today.
WAP – Wireless Access Point
A networking device that allows wireless-capable (WiFi) devices to connect to a wired network.
WEP – Wired Equivalent Privacy
A method to protect WiFi data by encrypting the data so outsiders who are not inside the encrypted network will not be able to read the messages or data contained within. An older method was WPA and the newer and safer is WPA2.
Open-Source Protocol Analyzer – Started as Ethereal by Gerald Combs – The best Open-source data packet capture and data analyzer!
WLAN – Wireless Local Area Network
A wireless network (using radio or infrared signals instead of traditional network cabling) that allows two or more devices to be wirelessly connected to form a local area network for access to the Internet or private network.
WLC – Wireless LAN Controller
A network device used to monitor and manage wireless access points in a network!
WPA – Wi-Fi Protected Access
A security standard to help secure computing devices equipped with wireless access to connect to the Internet. WPA was developed by the Wi-Fi Alliance to provide more sophisticated data encryption and better user authentication than Wired Equivalent Privacy (WEP), the original WiFi security standard. WPA was initially released in 2003. The Wi-Fi Alliance defined WPA as a response to serious weaknesses found in the WEP protocol. A more secure version, WPA2, was released in 2004. In 2018, the Wi-Fi Alliance announced the release of WPA’s third and current version, WPA3.
WPA2 – WiFi Protected Access II
Interval WiFi data security method.
WPA3 – WiFi Protected Access III
The latest security for WiFi devices to access the LAN network and data protection.
WPS – WiFi Protected Setup
WPS was originally called WiFi Simple Config. WPS is a network security standard to create a secure wireless home network simply and easily. Created by Cisco and introduced in 2006, it was designed to make it easy to add new devices to an existing WiFi network without entering long passphrases.
WWAN – Wireless Wide Area Network
WWAN is a network connection used in conjunction with mobile communication technologies, such as WIMAX, CDMA, and GSM. Any user with a WWAN card can connect to and access the Internet. WWAN uses 128-bit encryption and is very secure.
WWW or W3 or just the Web
World Wide Web – is part of the Internet and founded by Tim Berners-Lee and is the leading information service on the Internet. If you search the Internet, you are using the WWW.
ZTNA – Zero Trust Network Access
This network security solution provides secure remote access to the corporate network’s applications, data, and services based on VERY clearly defined access control policies. Only specific users can access certain applications and/or data and only after stringent authentication.