Network device security Definitions

  • A

    application whitelisting

    Application whitelisting is the practice of identifying applications that have been deemed safe for execution and restricting all other applications from running.

  • B

    bastion host

    On the Internet, a bastion host is the only host computer that a company allows to be addressed directly from the public network and that is designed to screen the rest of its network from security exposure.

  • bridge

    In telecommunication networks, a bridge is a product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or token ring).

  • D


    In network security, deperimeterization is a strategy for protecting a company's data on multiple levels by using encryption and dynamic data-level authentication.

  • digital certificate

    A digital certificate is an electronic "passport" allowing people, computers or organizations to exchange secure information over the Internet using the public key infrastructure (PKI).

  • distributed denial of service (DDoS) attack

    A distributed denial-of-service attack occurs when an attack originates from multiple computers or devices, usually from multiple different locations or networks.

  • E


    In computing, encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key.

  • F


    In computing, a firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a network.

  • Firewall Builder (Fwbuilder)

    Firewall Builder, also called Fwbuilder, is a vendor-neutral configuration and management application for firewalls that is intended primarily for Linux and that supports the OpenBSD Packet Filter, Cisco PIX Series security devices, iptables, and ipfilter.

  • I

    inline network device

    An inline network device is one that receives packets and forwards them to their intended destination.

  • integrated threat management

    Integrated threat management is a comprehensive approach to network security that addresses multiple types of malware, as well as blended threats and spam, and protects from intrusion at both the gateway and the endpoint levels... (Continued)

  • N

    next-generation firewall (NGFW)

    A next-generation firewall (NGFW) is a hardware- or software-based network security system that is able to detect and block sophisticated attacks by enforcing security policies at the application level, as well as at the port and protocol level.

  • O

    OCSP (Online Certificate Status Protocol)

    OCSP (Online Certificate Status Protocol) is one of two common schemes for maintaining the security of a server and other network resources.

  • P

    proxy firewall

    A proxy firewall is a network security system that protects network resources by filtering messages at the application layer. A proxy firewall may also be called an application firewall or gateway firewall.  

  • S

    screened subnet (triple-homed firewall)

    A screened subnet (also known as a 'triple-homed firewall') is a network architecture that uses a single firewall with three network interfaces... (Continued)