Firewall
a device that protects an internal network from access by unauthorized users on an external network.,
Packet filtering firewall
a firewall that analyzes each network packet destined for inside or outside the network.,
Stateful inspection firewall
A firewall that filters packets and maintains a record of the connections that pass through the firewall.
Application-level firewall
a firewall that is aware of specific applications and services such as DNS and SMTP. This allows the firewall to analyze network traffic and apply access rules that are specific to that application. ,
Network Address Translation (NAT)
allows internal networks to be hidden behind a single Internet IP address.
Router
a network device that connects several networks together and relays data between them.,
Switch
a network device used to segment networks into more manageable sections and relays packets between the segments.,
Load balancer
a network device that helps evenly distribute the flow of network traffic to other hosts.,
Proxy server
a network server or device that accepts and forwards requests from clients to other servers.,
Content security appliance
an integrated security appliance used by small to medium-sized organizations to scan all the network traffic for spam, malicious code, and inappropriate file sharing.", aka all-in-one
URL filtering
a predefined list of sites that are allowed or blocked as required by policy.,
Content filtering
content filtering can ensure that messages with specific identifying information can be blocked from being sent out side of the organization.,
Web security Gateway
a device that provides content filtering and application level security to protect end users from accessing dangerous websites that are infected with worms and spyware or middleware in addition to providing a simple web proxy and caching service.,
Intrusion detection system (IDS)
a system that monitors your network activity for suspicious behavior and can indicate if someone is trying to break in to or damage your network.,
Intrusion prevent tension system (IPS)
an active detection system that in addition to reporting an attack may also shut down the network connections or services that are being attacked.,
Intrusion detection system (IDS)
a passive detection system that notifies or alerts administrators of an intrusion.,
Signature-based monitoring
a monitoring method that contains a pre-defined signature database of known attacks that have appeared previously. ,
Behavior-based monitoring
a monitoring method that recognizes behavioral anomalies in hardware performance that exceed that thresholds of a normal baseline.,
Heuristic-based monitoring
a monitoring method that uses an initial database of known attack types but dynamically alters their signatures based on learned behavior of inbound and outbound network traffic.,
Rule-based monitoring
a monitoring method similar to firewall access control rules. The administrator creates rules and determines the actions to take when those rules are transgressed.,
Protocol analyzer
a standalone application used to monitor and capture network data at the packet and frame level.,
Demilitarized Zone (DMZ)
an area of the network where publicly accessible Internet systems should be located.,
Intranet
a locally available network that is not accessible from the public Internet.,
Extranet
an extension of your private network that enables other companies or networks to share information. These are often referred to as business to business communications or networks.,
Network Access Control (NAC)
software that allows your network devices to allow or deny access to clients based on predefined access policies.,
Network Address Translation (NAT)
a networking technique that allows private IP addresses on your internal network to be translated into a routable address for communication on the Internet. ,
Subnet
used to break larger networks down into more manageable sub networks greatly reducing the amount of network chatter and broadcasts that are sent to all systems on the network.,
Virtual local area network (VLAN)
a type of logical network that exists as a subset of a larger physical network..,
Port-based virtual local area network
uses the specific port of a network switch to configure virtual local area networks.,
MAC address-based virtual local area network
clients and their respective VLAN memberships are matched using the Mac address of their network card.
Protocol-based VLAN
clients and their respective VLAN memberships are matched using the client's IP address or by the type of traffic the client is generating.
VPN concentrator
a device or server that is responsible for managing the encrypted VPN tunnel between a client computer and the network or between two networks in different geographical occasions.,
Telephony
traditional switched telephone services.,
Voice over IP (VoIP)
technology that uses the TCP/IP protocol to communicate over data networks for basic phone services
Virtualization
a technology that allows computers to host and run additional virtual computers.
Cloud computing
a distributed service-based model where all aspects of a network, from the platform, to the software, to the entire infrastructure can be provided as distributed web services.