Boundary Protection & Network Security Vocabulary

A comprehensive set of vocabulary flashcards covering key terms and concepts from the lecture on boundary protection, perimeter security, defense-in-depth, network devices, authentication, cryptography, vulnerabilities, incident response, and mitigation strategies.

Boundary Protection

Monitoring and controlling communication at a system’s external edge to prevent and detect unauthorized access.

Perimeter Network

A strategically enforced boundary within a network where security policy is applied to control traffic and usage.

Outermost (Untrusted) Perimeter

The network segment separating controlled assets from uncontrolled assets; the most insecure zone.

Internal (DMZ)

Perimeter segment between trusted and untrusted networks that enforces internal security policy for external exchanges.

Innermost (Trusted) Perimeter

The final protective network zone containing mission-critical devices and employing the most security layers.

Principle of Least Privilege (PoLP)

Granting users only the minimum access rights needed to perform their jobs.

Defense-in-Depth (DiD)

DoD approach using multiple, layered security controls across people, technology, and operations.

Trusted Communication Path

Secure, firewall-controlled link established between remote users and internal resources.

Series Security Configuration

Placing security controls one after another so every attack is examined by each control.

Parallel Security Configuration

Placing security controls side-by-side; wider but shallower protection than series configuration.

Proxy Server

Device/application that breaks client-server connections, forwarding approved traffic and hiding internal addresses.

Gateway

Intermediate system that enables communication between dissimilar networks by converting protocols, speeds, or codes.

Guard System

Trusted mechanism that filters data exchanged between systems operating at different security levels.

Firewall

Perimeter security device that permits or blocks network traffic based on prescribed rules.

Encrypted Tunneling

Encapsulating one network protocol inside another to send protected data across an untrusted network.

Virtual Private Network (VPN)

Secure connection over a public network that gives the impression of a dedicated private link.

VPN Gateway

Network device that bridges and secures traffic between multiple networks within a VPN infrastructure.

VPN Concentrator

High-capacity appliance that creates, manages, and encrypts numerous VPN tunnels for remote or site-to-site access.

Voice Protection System (VPS)

Firewall-like system for phone lines that blocks war-dialers, unauthorized modems, and other voice threats.

Secure Real-Time Transport Protocol (SRTP)

Profile of RTP providing confidentiality, authentication, and replay protection for real-time audio/video.

Internet Protocol Security (IPSec)

Layer-3 suite that provides encryption and integrity via ESP, AH, IKE, and related protocols.

Encapsulating Security Payload (ESP)

IPSec component that offers encryption and optional authentication of packet payloads.

Authentication Header (AH)

IPSec component that authenticates IP packets without encrypting the payload.

Internet Key Exchange (IKE)

Protocol suite used by IPSec to negotiate security associations and exchange keys.

Host-based IDS (HIDS)

Intrusion detection that monitors activities within a single host’s OS, files, and processes.

Network-based IDS (NIDS)

Intrusion detection that captures and analyzes packets traversing a network segment.

Intrusion Detection System (IDS)

Tool that scans, audits, and alerts on signs of unauthorized or malicious activity.

Intrusion Prevention System (IPS)

Active control that blocks or mitigates detected attacks in real time.

Signature-based Detection

Identifying threats by matching activity to known attack patterns.

Anomaly-based Detection

Identifying threats by flagging behavior that deviates from an established baseline.

Policy-based Detection

Identifying violations of administrator-defined security policies.

Misuse Detection

Comparing observed actions to a database of known attack signatures to spot insider or external abuse.

Authentication Factor: Something You Know

Knowledge-based credential such as a password, PIN, or passphrase.

Authentication Factor: Something You Have

Possession-based credential such as a CAC, hardware token, or key fob.

Authentication Factor: Something You Are

Inherent biometric trait like fingerprint, iris pattern, or facial geometry.

Authentication Factor: Something You Do

Behavioral characteristic such as keystroke dynamics or gait pattern.

Authentication Factor: Somewhere You Are

Location-based attribute verified by GPS data, IP address, or physical presence.

Two-Factor Authentication (2FA)

Verification method requiring credentials from two different authentication factors.

Multi-Factor Authentication (MFA)

Verification method requiring credentials from three or more different authentication factors.

Symmetric Cryptography

Encryption that uses the same secret key for both encryption and decryption.

Asymmetric Cryptography

Encryption that uses a public key to encrypt or sign data and a private key to decrypt or verify.

Public Key

Widely shared key used to encrypt data for, or verify signatures from, a specific entity.

Private Key

Secret key held only by its owner, used to decrypt data or create digital signatures.

Access Control List (ACL)

Table defining which users or systems can access specific resources and in what way.

Identity-Based Access Control (IBAC)

Restricting access based directly on authenticated user identities.

Mandatory Access Control (MAC)

Access model in which a central authority enforces security labels and clearances.

Discretionary Access Control (DAC)

Access model where resource owners determine permissions for subjects.

Role-Based Access Control (RBAC)

Access model granting permissions based on organizational roles.

Attribute-Based Access Control (ABAC)

Access model using policies that evaluate attributes of subjects, objects, and environment.

Malware

Any software inserted with intent to compromise confidentiality, integrity, or availability.

Virus

Self-replicating code that attaches to files or programs and spreads to other hosts.

Worm

Standalone self-replicating program that spreads across networks, often consuming resources.

Trojan Horse

Program with a useful appearance that secretly performs malicious actions.

Spyware

Software covertly installed to collect user or organization information without consent.

Logic Bomb

Malicious code that triggers a harmful function when specific conditions are met.

Spam

Unsolicited bulk electronic messages, often used to distribute malware or phishing links.

Denial of Service (DoS)

Attack that overwhelms a target with traffic or requests, disrupting normal service.

Distributed Denial of Service (DDoS)

DoS attack launched from multiple compromised systems (botnet) under centralized control.

Evil Twin Attack

Rogue wireless access point mimicking a legitimate SSID to steal credentials.

Jamming

Emission of interference on wireless frequencies to render WLAN communication unusable.

Bluejacking

Sending unsolicited messages over a Bluetooth connection.

Bluesnarfing

Hijacking a Bluetooth connection to steal data during or after device pairing.

Computer Security Incident Response Team (CSIRT)

Designated group that investigates and responds to computer security incidents.

Incident Response Plan (IRP)

Documented strategy outlining how an organization prepares for and handles security incidents.

IRP Phase: Preparation

Pre-incident activities such as policy, training, and tool acquisition to enable effective response.

IRP Phase: Detection and Analysis

Identifying and confirming that an event is a security incident requiring action.

IRP Phase: Containment, Eradication, and Recovery

Limiting damage, removing threats, and restoring systems to normal operation.

IRP Phase: Post-Event Activity

Lessons learned, documentation, and improvements after incident resolution.

Security Technical Implementation Guide (STIG)

DISA configuration standard used to secure DoD information systems and software.

CAT I Severity

Most critical STIG finding that allows immediate system compromise; demands urgent fix.

CAT II Severity

STIG finding with high potential for unauthorized access; important but less urgent than CAT I.

CAT III Severity

STIG finding that degrades security measures but poses lower immediate risk than CAT I/II.

Integrated Network Operations & Security Center (I-NOSC)

AF organization that monitors, coordinates, and directs network security actions across bases.

Unified Master Gold Disk (UMGD)

DISA-approved software set used to verify system compliance and detect vulnerabilities.

Fault Tolerance

System property allowing continued operation despite component failures.

RAID (Redundant Array of Independent Disks)

Storage technology that combines multiple disks for redundancy and/or performance.