Browse
Pick a domain to start
Each domain holds the concepts your team encounters most often. Definitions stay tight; team-relevant context lives on each term page.
Glossary domain
Networking
Routing, switching, segmentation, addressing, and protocols that keep team-managed networks operational.
Advanced
BGP (Border Gateway Protocol)
BGP is the routing protocol used to exchange reachability information between autonomous systems. It is the protocol that holds the public internet together and is also used inside large enterprises and cloud landing zones.
Beginner
DHCP (Dynamic Host Configuration Protocol)
DHCP automatically assigns IP addresses, subnet masks, default gateways, and DNS server addresses to devices when they join a network, instead of requiring static configuration on every endpoint.
Beginner
DNS (Domain Name System)
DNS is the distributed system that translates human-readable names like cbtnuggets.com into the IP addresses computers use to connect. Records of different types describe what each name points to.
Beginner
Firewall
A firewall is a network device or software that allows or denies traffic between zones based on a policy. Modern firewalls inspect Layer 3, Layer 4, and increasingly application and identity context.
Intermediate
NAT (Network Address Translation)
NAT rewrites the source or destination IP address (and often the port) of packets as they cross a device, most often translating private internal addresses to a public address used on the internet.
Intermediate
OSPF (Open Shortest Path First)
OSPF is a link-state interior gateway protocol that lets routers inside a single organization share topology information and compute the shortest path to every destination using the SPF (shortest path first) algorithm.
Beginner
Subnetting and CIDR
Subnetting splits an IP network into smaller blocks by extending the subnet mask. CIDR (Classless Inter-Domain Routing) is the notation that describes how many bits of the address identify the network.
Beginner
VLAN (Virtual LAN)
A VLAN is a logical broadcast domain configured on a switch that lets you separate one physical network into multiple isolated networks without running additional cables.
Intermediate
VPN (Virtual Private Network)
A VPN extends a private network across an untrusted network like the public internet by encrypting traffic between two endpoints and authenticating both sides of the tunnel.
Glossary domain
Security
Concepts your security and IT teams hit during incident response, audits, and access reviews.
Intermediate
IDS / IPS (Intrusion Detection and Prevention)
An intrusion detection system (IDS) inspects traffic or host activity and alerts on suspicious patterns. An intrusion prevention system (IPS) sits inline and can block the matching traffic instead of just alerting.
Intermediate
SIEM (Security Information and Event Management)
A SIEM is a system that ingests logs and events from across the environment, correlates them, and alerts security analysts on suspicious activity. Modern SIEMs combine analytics, search, and incident response workflows.
Beginner
SOC (Security Operations Center)
A Security Operations Center is the team and tooling that monitors, detects, and responds to security events. SOCs typically run 24x7 and combine analysts, engineers, and managers around a defined incident-response process.
Intermediate
TLS (Transport Layer Security)
TLS is the cryptographic protocol that authenticates servers (and optionally clients) and encrypts traffic between them. HTTPS is HTTP carried over TLS.
Intermediate
Zero Trust
Zero Trust is a security model that treats every user, device, and request as untrusted by default and verifies identity, device posture, and policy on each access decision instead of trusting the internal network.
Glossary domain
Identity & Access
Authentication, authorization, and identity-provider concepts that govern team and workforce access.
Beginner
Active Directory
Active Directory is Microsoft's on-premises directory service. It stores user, group, and computer objects and authenticates and authorizes them inside a Windows domain.
Beginner
Group Policy (GPO)
Group Policy is the Windows feature that delivers configuration and security settings to domain-joined users and computers. Each Group Policy Object (GPO) is a bundle of settings linked to a site, domain, or organizational unit.
Beginner
MFA (Multi-Factor Authentication)
MFA requires more than one factor — something you know, something you have, or something you are — before a user is granted access. It is the single highest-leverage control for stopping credential theft.
Beginner
Microsoft Entra ID (Azure AD)
Microsoft Entra ID is Microsoft's cloud identity platform, formerly Azure Active Directory. It authenticates users for Microsoft 365, Azure, and any SaaS app configured for federated SSO.
Intermediate
OAuth
OAuth is an authorization framework that lets one application access another on a user's behalf without sharing the user's password. The user grants an app a scoped access token after authenticating at the provider.
Beginner
RBAC (Role-Based Access Control)
RBAC grants permissions to roles and assigns users to roles instead of granting permissions directly. It scales access management by keeping permissions tied to job functions.
Intermediate
SAML (Security Assertion Markup Language)
SAML is an XML-based standard that lets an identity provider (IdP) tell a service provider that a user has authenticated, including signed assertions about who they are. It is the protocol behind most enterprise single sign-on integrations.
Glossary domain
Cloud
Cloud building blocks your team meets when running workloads on AWS, Azure, and Google Cloud.
Intermediate
AWS IAM
AWS Identity and Access Management (IAM) is the AWS service that controls who and what can act on AWS resources. It manages users, roles, groups, and the policies that grant or deny actions.
Intermediate
VPC (Virtual Private Cloud)
A VPC is a logically isolated network you provision inside a cloud provider. You control its address space, subnets, route tables, gateways, and security controls. Azure calls it a VNet; the concepts are nearly identical.
Glossary domain
DevOps & Platform
Containers, orchestration, automation, and delivery concepts your platform and DevOps teams operate.
Intermediate
CI/CD (Continuous Integration and Delivery)
CI/CD is the practice of automating software builds, tests, and releases through a pipeline. CI integrates code changes continuously; CD continuously delivers (manual gate) or deploys (no manual gate) those changes to environments.
Beginner
Docker (Containers)
Docker popularized containers as a way to package an application and its dependencies into a portable image, then run it as an isolated process on any compatible host. Containers are the unit of deployment for most modern apps.
Advanced
Kubernetes
Kubernetes is an open-source platform that runs and manages containerized applications across a cluster of machines. It schedules pods (one or more containers) onto worker nodes and keeps them running according to declarative manifests.
Glossary domain
Operations & Resilience
Availability, recovery, and incident concepts your IT operations team must agree on across roles.
Intermediate
High Availability
High availability is the design discipline of keeping services running even when individual components fail. It combines redundancy, automated failover, monitoring, and tested recovery procedures.
Beginner
ITIL (Service Management)
ITIL is a service management framework that defines processes for handling incidents, problems, changes, and service requests. ITIL 4 also adds practices around service value, governance, and continual improvement.
Beginner
Linux File Permissions
Linux file permissions are the read, write, and execute bits assigned to a file's owner, group, and others. They are managed with chmod, chown, and chgrp and are foundational to Linux security.
Beginner
RTO and RPO (Recovery Objectives)
RTO is the maximum acceptable downtime for a service before it must be restored. RPO is the maximum acceptable amount of data loss measured in time. Both are set by the business and drive technical recovery design.