Network-Security

A firewall is a security control that filters network traffic based on defined rules so unauthorized or unnecessary communication can be limited.

A web application firewall inspects and filters HTTP traffic to help protect web applications from malicious or unwanted requests.

An intrusion detection system monitors traffic or activity for suspicious patterns and generates alerts without necessarily blocking the activity itself.

An intrusion prevention system inspects traffic for suspicious patterns and can automatically block or stop activity that matches defined prevention logic.

A virtual private network creates protected connectivity between devices or networks over a less trusted path such as the public internet.

Zero trust network access provides narrower, identity-aware access to applications without assuming that network location alone should grant broad trust.

Network segmentation divides networks into smaller zones so traffic can be controlled more tightly and security incidents are easier to contain.

Microsegmentation applies very granular traffic controls between workloads or services so access is limited to specific allowed communications.

A demilitarized zone is a network area used to place externally reachable services away from more sensitive internal systems.

A bastion host is a specially hardened system used as a controlled access point into sensitive environments.

Deep packet inspection examines packet contents and metadata more closely than basic header-based traffic filtering.

Network access control is the practice of deciding which users or devices can join a network and under what conditions.

Egress filtering is the practice of controlling which outbound network connections systems are allowed to make.

East-west traffic is network communication that happens between internal systems rather than between an internal system and the outside world.

DNS filtering is the practice of controlling domain name resolution so users and systems are blocked from reaching known malicious or unwanted destinations.

Email security is the set of controls used to protect email systems, messages, users, and workflows from compromise, fraud, malware, and data exposure.

Domain Name System Security Extensions adds authenticity and integrity protection to DNS data so resolvers can detect certain forms of tampering or spoofing.

SSH, or Secure Shell, is a protocol used to securely administer remote systems and move command-line traffic over an encrypted connection.

Full packet capture is the recording of complete network packets so teams can inspect the contents and context of network communication in detail.

Network telemetry is the operational data that describes network activity, health, communication patterns, and security-relevant traffic behavior.

An allowlist is a rule set that permits only specified users, applications, addresses, domains, commands, or other approved items.

A denylist is a rule set that blocks specified users, applications, addresses, domains, or other items while allowing the rest unless another rule stops them.

A man-in-the-middle attack is an interception scenario where an attacker places themselves between communicating parties to observe, alter, or relay traffic without proper authorization.

Email authentication is the set of controls used to help mail systems evaluate whether a message was sent by an authorized source and handled in an expected way.