While security is an essential factor in any organization’s network operations, it can also be a complicated and confusing topic.
To get started, begin with network security terms and phrases. The following glossary includes some common network security terms — including firewall and VPN — as well as newer terms and technologies, such as software-defined perimeter. IT teams that understand these network security terms can learn which technologies and techniques work best for their networks and better combat network security attacks.
This brief network security glossary is an essential starting point for security novices. Dive into the software, attacks, systems and processes that all play a role in network security.
An index of network security terms
Blockchain. Blockchain is a system that records data transactions within a peer-to-peer network — where each node functions as both client and server. Each node can access the record to avoid a single point of failure, which can benefit organizations with network appliances from different vendors and organizations that manage networks through a centralized controller. Although blockchain might not be a traditional network security technology, it shows potential to track and secure configuration changes and records.
Demilitarized zone. A LAN’s DMZ is the physical or logical subnet that blocks the LAN from untrusted networks and provides secure access to public internet services. External-facing resources are within the DMZ, and users can access these resources from the internet, but they can’t access the LAN. A DMZ comprises one or two firewalls with at least three network interfaces, and IT teams can control the security at each DMZ segment.
Denial-of-service attack. A DoS attack is when an attacker bombards a network with traffic to overwhelm resources and prohibit authorized users from accessing the resources and devices. Signs of this threat include degrading network performance and higher spam email volume. DoS attacks have several variations, including a distributed DoS attack, where the traffic comes from a larger number of sources. To protect against DoS attacks, IT teams should implement prevention planning, security assessments, protection tools and backup.
Firewall. A firewall is software or firmware that prevents unauthorized traffic from accessing the network. Firewalls provide a set of rules about which data packets can come and go from the network to lower the risk of harmful packets or network security threats. This architecture is changing due to new network technologies, traffic patterns and perimeters.
Microsegmentation. Network security professionals use microsegmentation to split a network into smaller pieces — or segments — to simplify overall security upkeep of the network, even in cloud environments or data centers. This process makes it harder for attackers to compromise entire networks. Microsegmentation also works best in systems that already deploy virtualization.
Network access control. NAC limits user and endpoint access to network resources in order to strengthen security. NAC systems regulate permitted user actions and are ideal for networks that can tightly control user environments.
Network encryption. Network encryption is implemented through IPsec and applies encrypted — or coded — services at the transfer layer, which is between the data link and application levels, or OSI Layers 3 and 4. Users cannot see network encryption, and it only encrypts data in transit, so network encryption operates independently from other types of encryption.
Software-defined perimeter. SDP is a secure, private overlay network that controls access to resources based on user identity and specified policies. SDPs conceal systems and resources within the perimeter, so they can’t be seen from outside. This technology connects authorized users and devices over the internet to servers and applications in cloud environments or data centers.
VPN. A virtual private network uses encrypted connections to connect authorized users to a network and its resources. VPNs are commonly available in two forms: remote access VPNs and site-to-site VPNs. Remote access VPNs use IPsec or Secure Sockets Layer to securely enable remote users to send and receive data as if they were directly connected to the network. The VPN software runs on individual, remote devices and permits individual remote employees safe access to their organization’s main network. Site-to-site VPNs enable separate locations and their multiple users to securely connect, communicate and share with each other.
Zero-trust network. All traffic attempting to access a zero-trust network must endure strict identity and device verification even if the traffic source is inside the network. Zero-trust networks provide users with the least amount of access possible and use microsegmentation to segment the network. Each zero-trust segment also has individual access requirements that the IT team configures based on organizational policy.