Cybersecurity Glossary

Network Access Control. A security approach that enforces policies on devices seeking to access network resources, verifying compliance before granting access.

The practice of dividing a computer network into smaller subnetworks to improve security by limiting lateral movement and containing breaches.

Network Address Translation. A method of modifying network address information in IP packet headers while in transit, commonly used to map private addresses to public ones.

The capture, recording, and analysis of network traffic to investigate security incidents, policy violations, and criminal activity.

A network protocol developed by Cisco for collecting IP traffic information and monitoring network flow, widely used for network traffic analysis and security monitoring.

Number used once. A random or pseudo-random value used in cryptographic communications to prevent replay attacks and ensure that old communications cannot be reused.

An attack that captures NTLM authentication attempts and relays them to another server, allowing the attacker to authenticate as the victim on the target system.

Network Mapper. An open-source tool used for network discovery and security auditing, capable of host discovery, port scanning, service detection, and OS fingerprinting.

An open-source web server scanner that performs comprehensive tests against web servers for multiple known vulnerabilities, misconfigurations, and outdated software.

National Institute of Standards and Technology. A US agency that develops cybersecurity standards, guidelines, and best practices for federal and private sector organizations.

NIST Cybersecurity Framework. A voluntary framework providing guidance for managing and reducing cybersecurity risk based on existing standards and best practices.

A hardware device inserted at a specific point in a network to monitor traffic in real time, providing a copy of network data for analysis and security monitoring.

Network Time Protocol. A protocol for synchronizing clocks of computer systems over packet-switched networks, critical for accurate security log timestamps.

Network traffic that flows between a data center and external networks, typically passing through perimeter security controls.

The arrangement of nodes and connections in a computer network, including physical and logical layouts that affect security posture.

Access Control List. A set of rules applied to network interfaces that filter traffic based on source and destination addresses, ports, and protocols.

An advanced firewall that combines traditional firewall capabilities with application awareness, intrusion prevention, and cloud-delivered threat intelligence.

A technique where an attacker uses a compromised system as a relay point to access other systems on the same network that are not directly accessible.

NT LAN Manager. A suite of Microsoft security protocols for authentication, integrity, and confidentiality, largely superseded by Kerberos but still present in legacy systems.

A voluntary framework developed by NIST that provides guidelines for managing and reducing cybersecurity risk based on existing standards.

Network and Information Security Directive 2. An EU directive that establishes cybersecurity requirements for essential and important entities across member states.

Attacks targeting Near Field Communication technology, including eavesdropping, data manipulation, and relay attacks on contactless payments and access cards.

A security principle where access to information is restricted to individuals who require it to perform their specific duties or roles.

A DDoS attack leveraging Network Time Protocol servers to amplify traffic directed at a target using the monlist command.

A large block of unused IP addresses monitored to observe unsolicited traffic patterns, scanning activity, and malware propagation.

The process of systematically identifying and cataloging hosts, services, and resources on a target network during reconnaissance.

A government-sponsored threat actor that conducts cyber operations to advance national interests including espionage and sabotage.

Network Detection and Response. A security solution that monitors network traffic in real time to detect threats, investigate incidents, and automate responses.

Security technology that monitors network traffic patterns to detect anomalies indicative of threats, policy violations, or operational issues.

The practice of separating critical systems from general network access to reduce the attack surface and contain potential breaches.

Security techniques that deploy decoy systems, services, and data to mislead attackers and detect intrusion attempts.

An attack using null byte characters to truncate strings in web applications, bypassing file extension checks and other validations.

An attack targeting NoSQL databases through injection of malicious queries, exploiting the query language of databases like MongoDB.

A backdoor embedded in a neural network model during training that activates when specific trigger patterns are present in the input.

Security considerations for Network Function Virtualization where network services run as software on commodity hardware.

An isolated network environment used to safely detonate and analyze suspicious files and URLs without risking production systems.

Cybercriminals who specialize in gaining unauthorized access to corporate networks and selling that access to other threat actors.

Self-replicating malware that spreads across networks by exploiting vulnerabilities in network services without requiring user interaction.

A catalog of security and privacy controls for federal information systems, providing comprehensive security requirements.

Security requirements for protecting controlled unclassified information in nonfederal systems and organizations.

Network-based Intrusion Detection System. An IDS deployed at strategic network points to monitor all traffic flowing through that segment.

Security technology that enforces endpoint compliance policies before allowing devices to connect to the network.

The automatic isolation of non-compliant or infected devices into a restricted network segment until remediated.

The rapid assessment of network security incidents to determine scope, severity, and priority of response actions.

A device that aggregates, filters, and distributes network traffic from TAPs and SPAN ports to monitoring tools.

The process of gathering information from Windows networks using NetBIOS name resolution and session queries.

A covert device or software placed on a target network during a penetration test to provide persistent access.

A hidden vulnerability implanted in a neural network during training that causes targeted misclassification when a specific trigger is present.

Software that continuously watches network traffic and device status to detect performance issues and security anomalies.

A documented snapshot of normal network behavior including traffic patterns and performance metrics used for anomaly detection.

Using carefully crafted text to manipulate AI systems that process natural language, including prompt injection and jailbreaking.

The ability to see and understand all traffic, devices, and activities across a network for security monitoring.