General networking terms¶

2LD (Second-level Domain): Part of the naming convention for domain names. For example, in example.com, example is the second-level domain of the .com TLD (Top level domain)
3LD (Third-level Domain): For example, in www.mydomain.com, www is the third-level domain
ACK (Acknowledgment Code): A unique signal sent by a computer to show that it has successfully transmitted data
ACL (Access Control List): A set of rules governing access to a particular object or system resource
Active Directory / AD: Proprietary directory service offered by Microsoft, which allows for centralized management of users, devices, and other IT assets
API (Application Programming Interface): A software component that allows applications to share data and functionality
ARP (Address Resolution Protocol): Protocol that maps a dynamic IP address to a physical machine’s permanent MAC address in a local area network (LAN)
CA (Certification Authority): A trusted entity that issues, signs, and stores digital certificates
CDP (Cisco Discovery Protocol): Protocol used by Cisco devices to allow neighboring networking devices to learn about each other
CIDR (Classless Inter-Domain Routing): An IP addressing method that improves the efficiency of allocating IP addresses
CLI (Command-line Interface): A text-based interface for applications and operating systems that allows a user to enter commands
Collector: SIEMs, Flow Collectors, SNMPTrap Receivers, or other network management systems that analyze data forwarded from networked devices
DHCP (Dynamic Host Configuration Protocol): Network management protocol used to automatically assign IP addresses and other communication parameters to devices on an Internet protocol network
DNS (Domain Name System): A system by which computers and other devices on the Internet or Internet protocol networks are uniquely identified using names matched to their IP addresses
Egress: Traffic that exits a device or network
Endpoint: An entity (device, service, node, etc.) at the end of a network communication channel
Encapsulated Remote SPAN (ERSPAN): Encapsulates mirrored traffic in GRE (Generic Routing Encapsulation) and sends it over Layer 3 networks
ESX (Elastic Sky X): A pre-configured, ready-to-deploy virtual machine (VM) designed to run on VMware ESX or ESXi
Exporter: A networked device such as a router, switch, or server that generates data and sends it to the flow collector device
Fault tolerance: A system’s ability to continue operating without interruptions in the event of hardware or software failure
FQDN (Fully Qualified Domain Name): The complete address of a computer, host, or any other entity on the Internet
GRE (Generic Routing Encapsulation): A tunneling protocol developed by Cisco Systems
Hyper-V: A pre-configured, ready-to-deploy virtual machine designed to run on Microsoft Hyper-V, typically packaged in VHD/VHDX format
ICMP (Internet Control Message Protocol): A protocol used for devices within the network to determine possible network issues
Identity Provider (IdP): A third-party entity and/or service that stores and manages identities and credentials for use by other websites, applications, or other digital resources
IP address: A unique numerical label assigned to a networked device
IPFIX (Internet Protocol Flow Information Export): A protocol intended to collect and analyze the flow data from supported network devices
KVM (Kernel-based Virtual Machine): A pre-configured virtual machine designed to run on KVM hypervisors, packaged in formats like QCOW2 or OVA for easy deployment in Linux-based virtualization environments
Latency: The latency of a network is the time it takes for a data packet to be transferred from its source to the destination
LDAP (Lightweight Directory Access Protocol): An open, cross-platform protocol used to access and maintain directory services for assets in an Internet protocol network
LLDP (Link Layer Discovery Protocol): A vendor-neutral protocol used by devices on IEEE 802 networks to advertise their identity, capabilities, and other information
MAC (Media Access Control) address: A unique hardware identifier typically assigned by manufacturers to network adapters and devices
MIB (Management Information Base): A database that stores information used for managing a network
MTTR (Mean Time to Resolution): The the average amount of time between the detection and remediation of a security threat or incident
NDR (Network Detection and Response): A cybersecurity solution that use machine learning to detect cyber threats and aid remediation
Network interface: A (physical or software-based) point of connection between a network entity and the rest of the network
NIC (Network Interface Card): Adapter that provides devices network connections, either wired or wireless
NID (Network Infrastructure Device): Any device, such as an access point, router, or switch, that provide the means for entities to communicate with each other over a network
NTP (Network Time Protocol): A networking protocol used to synchronize device clocks over the Internet
NXDOMAIN (No Existing Domain): An error message that means that a domain mentioned in the Domain Name System (DNS) query does not exist
Open port: A TCP or UDP port that has been configured to accept packets
OUI (Organizationally Unique Identifier): A unique 24-bit number in a MAC address that identifies the vendor or the manufacturer of the device
OVF (Open Virtualization Format): An open source standard for packaging and distributing virtual machines and software applications
Packet: A block of data transmitted across a network
PDU (Protocol Data Unit): An individual unit of information exchanged by entities on a network using the same protocol
PostgreSQL: An open-source relational database management system (RDBMS) that supports both SQL and JSON querying
PXE (Preboot Execution Environment): A network booting protocol that allows computers to boot from a network rather than a local storage device like a hard drive or USB
RADIUS (Remote Authentication Dial-In User Service): A client-server AAA (authentication, authorization, accounting) protocol used to manage remote user access to a network
Redundancy: The state of having duplicate or alternative services as backups to allow for continuous availability
REST API (Representational State Transfer Application Programming Interface): A set of rules that allows systems to communicate over the web using standard HTTP methods
Router: A device that forwards or routes data packets to devices on a network
Server: A system or device that provides resources, data, services, or applications to other devices over a network
Single Sign-On (SSO): Allows the integration of third-party authentication services for user access to the Plixer Endpoint Analytics web interface
SIP/RTP (Session Initiation Protocol/Real Time Protocol): SIP is the control protocol, and RTP is the payload protocol used to send and receive Voice over IP (VoIP)
SNMP (Simple Network Management Protocol): An IP network protocol used to collect data related to state and/or behavior from devices on a network
SNMP trap: An alert message that is initiated by an SNMP-enabled device to notify the management system of significant events or changes in status
Software agent: A persistent piece of software that performs certain actions and/or interacts with its environment on behalf of a user or another program
SPAN (Switched Port Analyzer): A dedicated port on a switch that takes a mirrored copy of network traffic from within the switch to be sent to a destination
SSDP (Simple Service Discovery Protocol): A network protocol used for advertising and discovering network services
SSH (Secure Shell Protocol): A network communication protocol that allows network services to be used securely over an unsecured network
SSL (Secure Sockets Layer): A protocol for establishing secure connections between networked devices
STIX (Structured Threat Information eXchange): An industry-standard file format for the exchange of threat information between organizations and platforms
Suricata: A network threat detection engine used to analyze network traffic and identify potential security threats
Switch: A device that connects devices in a network and allows them to communicate with each other
SYN scan: A port scanning technique that allows for the discovery of the status of a communications port without establishing a full connection
Syslog: A cross-platform network logging protocol used to send and/or receive alerts between different devices on a network
TAXII (Trusted Automated eXchange of Indicator Information): A protocol that allows the transmission of threat information, primarily in STIX format, between systems and organizations
TACACS+ (Terminal Access Controller Access-Control System): A protocol where the remote access server and the authentication server provide validation for users attempting to access the network
TLS handshake: The process that starts secure communication between a client and a server
TCP (Transmission Control Protocol): A connection-oriented protocol that enables the bidirectional exchange of messages between devices on the same network
TSIG (Transaction Signature): A protocol that secures DNS packets and allows a Domain Name System to authenticate updates to the DNS database
TTL (Time To Live): A field in the IP packet header that specifies the maximum number of hops (or router passes) a packet can take before being discarded
UDP (User Datagram Protocol): A communication protocol for transmitting messages between applications and programs in a network
Virtual appliance: A pre-configured virtual machine image with pre-installed software that is meant to serve a specific function
VoIP (Voice over Internet Protocol): A technology that allows voice calls using an internet connection
VPC (Virtual Private Cloud): A secure and private cloud hosted in a public cloud
VRF (Virtual Routing and Forwarding): A technology that separates routing tables to isolate management traffic to the management interface
Web server banner: A text-based greeting message, which includes information like open ports, services, and version numbers, returned by a web host