Glossary¶
Plixer FlowPro Terms¶
- BotNet
- A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge
- Command and Control
- Command and Control cyberattacks (C2 or C&C) happen when bad actors infiltrate a system and install malware that lets them remotely send commands from a C2 server to infected devices
- Data exfiltration
- Unauthorized data transfer, either manually from a device or over a network
- DGA (Domain Generation Algorithms)
- Algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with the command and control servers
- DNS Data Leak
- DNS server requests that are visible to third parties
- Domain Reputation List
- List of domains that have been determined, with a high probability, to be “bad domains”
- DPI (Deep Packet Inspection)
- An advanced method of examining and managing network traffic, functioning at the application layer of the OSI model
- JA3 Signature
- A method to fingerprint an SSL/TLS client connection based on fields in the Client Hello message from the SSL/TLS handshake. So named as it was first published by John Althouse, Jeff Atkinson, and Josh Atkins from Salesforce in 2017.
- NXDOMAIN (No Existing Domain)
- Error message indicating that the domain is either not registered or invalid
- Observation Domain
- A value used by the collector device to group devices when receiving data sessions
- plixer.ini
- Plixer FlowPro configuration file.
- Trusted Domain list
- List of domains that are allowed on the network (whitelisted)
General Networking Terms¶
- 2LD (Second-level Domain)
- Part of the naming convention domain names. For example, in example.com, example is the second-level domain of the .com TLD (Top level domain)
- 3LD (Third-level Domain)
- For example, in www.mydomain.com, www is the third-level domain
- API (Application Programming Interface)
- A software component that allows applications to share data and functionality
- CA (Certification Authority)
- A trusted entity that issues, signs, and stores digital certificates
- CIDR (Classless Inter-Domain Routing)
- An Internet Protocol addressing method that improves the efficiency of allocating IP addresses. The
general way of representing the CIDR IP address is
a.b.c.d/n
withn
representing the number of bits used for the identification of the network. - CLI (Command-line Interface)
- A text-based interface for applications and operating systems that allows a user to enter commands and receive
- Collector
- SIEMs, Flow Collectors, SNMPTrap Receivers, or other network management systems that analyze data forwarded by the Plixer Replicator from other networked devices
- DNS (Domain Name System)
- The system by which computers and other devices on the Internet or Internet Protocol networks are uniquely identified using names matched to their IP addresses
- Egress
- Traffic that exits a device or network
- ERSPAN (Encapsulated Remote Switched Port Analyzer)
- A Cisco proprietary feature that brings generic routing encapsulation (GRE) for all captured traffic and allows it to be extended across Layer 3 domains
- Exporter
- A networked device such as a router, switch, or server that generates data and sends it to the Plixer Replicator for replication and forwarding
- Fault tolerance
- A system’s ability to continue operating without interruptions in the event of a hardware or software failure
- FQDN (Fully Qualified Domain Name)
- The comple domain name of a specific computer, host, or online presence. For example, Plixer’s website’s FQDN would be www.plixer.com
- GRE (Generic Routing Encapsulation)
- A tunneling protocol developed by Cisco Systems
- IP address
- A unique numerical label assigned to a networked device
- IPFIX (Internet Protocol Flow Information Export)
- A protocol that standardizes Internet Protocol flow information from networked devices
- Latency
- The latency of a network is the time it takes for a data packet to be transferred from its source to the destination
- LDAP (Lightweight Directory Access Protocol)
- An open, cross platform protocol used to authenticate and store information about users, groups, and applications
- MAC (Media Access Control) address
- A unique hardware identifier typically assigned by manufacturers to network adapters and devices
- NIC (Network Interface Card)
- Adapter that provides devices network connections, either wired or wireless
- OVF (Open Virtualization Format)
- An open-source standard for packaging and distributing virtual machines and software applications
- Packet
- A block of data transmitted across a network
- Redundancy
- Duplicated or alternative network devices and connections meant to serve as a failsafes against the primary service becoming unavailable
- Router
- A device that forwards or routes data packets to devices on a network
- Server
- A system or device that provides resources, data, services, or applications to other devices over a network
- SIP/RTP (Session Initiation Protocol/Real Time Protocol)
- SIP is the control protocol, and RTP is the payload protocol used to send and receive Voice over IP (VoIP)
- SSH (Secure Shell Protocol)
- A network communication protocol that allows network services to be used securely over an unsecured network
- SSL (Secure Sockets Layer)
- A protocol for establishing secure connections between networked devices
- Switch
- A device that connects devices in a network and allows them to communicate with each other
- Syslog
- A standard for message logging that allows a wide variety of networked devices to share the same repositories and management systems
- TLS handshake (Transport Layer Security)
- TLS is a network protocol used to ensure secure and private communications over the internet. A TLS handshake is the process that kicks off a communication session that uses TLS encryption
- UDP (User Datagram Protocol)
- A communication protocol used by applications to send messages to other hosts on an Internet Protocol network via low-latency, loss-tolerating connections
- Virtual appliance
- A pre-configured virtual machine image with pre-installed software meant to serve a specific function
- VoIP (Voice over Internet Protocol)
- A technology that allows voice calls using an internet connection