Term | Definition |
3-leg perimeter configuration | A configuration whereby the DMZ is usually attached to a separate connection of the company firewall. Therefore, the firewall has three connections—one to the company LAN, one to the DMZ, and one to the Internet. |
application-level gateway (ALG) | A firewall technology that supports address and port translation and checks whether the type of application traffic is allowed |
back-to-back configuration | A configuration that has a DMZ situated between two firewall devices, which could be black box appliances or Microsoft Internet Security and Acceleration (ISA) Servers. |
caching proxy | A server or device that tries to serve client requests without actually contacting the remote server. |
circuit-level gateway | Technology used within a firewall that, once the connection has been made, packets can flow between the hosts without further checking. Circuit-level gateways hide information about the private network, but they do not filter individual packets. |
demilitarized zone (DMZ) | A small network that is set up separately from a company’s private local area network and the Internet. Also known as a perimeter network. |
extranet | Similar to an intranet except that it is extended to users outside a company and possibly to entire organizations that are separate from or lateral to the company. |
Firewalls | A device or server that is primarily used to protect one network from another. |
Internet content filter | Technology that can filter out various types of Internet activities, such as access to certain Web sites, email, instant messaging, and so on. |
Internet Engineering Task Force (IETF) | An organization that develops and promotes Internet standards. |
Intranet | A private computer network or single Web site that an organization implements in order to share data with employees around the world. |
IP proxy | Technology that secures a network by keeping machines behind it anonymous; it does this through the use of NAT. |
Layer 2 Tunneling Protocol (L2TP) | VPN technology that has quickly gaining popularity due to the inclusion of IPSec as its security protocol. |
NAT filtering | that can filter traffic according to ports (TCP and UDP). |
network intrusion detection system (NIDS) | A device that can detect malicious network activities (e.g., port scans and DoS attacks) by constantly monitoring network traffic. The NIDS will then report any issues that it finds to a network administrator as long as it is configured properly. |
network intrusion prevention system (NIPS) | A device designed to inspect traffic, and, based on its configuration or security policy, it can remove, detain, or redirect malicious traffic in addition to simply detecting it. |
packet filtering | A type of firewall that inspects each packet that passes through the firewall and accepts or rejects it based on a set of rules such as IP addresses and ports. |
perimeter network | A small network that is set up separately from a company’s private local area network and the Internet. Also known as a DMZ. |
Point-to-Point Tunneling Protocol (PPTP) | A commonly used VPN protocol, which is less secure then L2TP with IPsec. |
stateful packet inspection (SPI) | Technology used in today’s firewalls that keeps track of the state of network connections by examining the header in each packet. It should be able to distinguish between legitimate and illegitimate packets. |
virtual private network (VPN) | A connection between two or more computers or devices that are not on the same private network. |
Web 2.0 | An interactive type of web experience compared to the previous version 1.0. Web 2.0 allows users to interact with each other and act as contributors to Web sites as well. |
World Wide Web (WWW) | An enormous system of interlinked hypertext documents that can be accessed with a web browser. |