ZeroTier home
Login
Start for free

The Complete Glossary of Networking, Cybersecurity, and Cyberwarfare Terms

Networking can sound confusing. We’ve got you covered.

All
Cybersecurity
Cyberwarfare
Networking
Networking

3G

A mobile telecommunications standard offering data rates up to a few megabits per second, enabling mobile internet, video calls, and mobile TV.
Networking

4G

A broadband cellular network standard providing peak download rates of 100 Mbps (mobile) to 1 Gbps (stationary), powering HD mobile video and VoLTE.
Networking

5G

The latest generation of mobile networks, delivers faster internet speeds, lower delays, and support for more connected devices.
Networking

5Ge

A marketing name for an enhanced 4G LTE technology (with features like 256-QAM and 4×4 MIMO) that offers speeds approaching true 5G but is still LTE under the hood.
Networking

A Record

DNS record that maps a domain name to an IPv4 address.
Networking

AAAA Record

DNS record that maps a domain name to an IPv6 address.
Cybersecurity

Access Control List (ACL)

A list of permissions attached to an object specifying who or what has access to the object and what operations are allowed.
Cyberwarfare

Active Defense

Proactive measures taken to defend against cyber threats, such as threat hunting and deception techniques.
Networking

Address Resolution Protocol (ARP)

Protocol used to map an IP address to a physical MAC address.
Cybersecurity

Address Resolution Protocol (ARP) Spoofing

An attack that associates the attacker’s MAC address with the IP address of another host.
Cybersecurity

Advanced Persistent Threat (APT)

A sophisticated, long-term cyberattack targeting specific entities.
Cybersecurity

Adware

Software that displays unwanted advertisements on a user’s computer.
Cybersecurity

AES-NI

Advanced Encryption Standard New Instructions. Improves speed and security of AES encryption/decryption.
Cybersecurity

Air Gap

A security measure involving physically isolating a network from all other networks.
Cybersecurity

Algorithm

A set of rules or instructions used to solve a problem or perform a computation.
Networking

Analog Signal

A continuous signal that varies over time.
Cybersecurity

Anomaly Detection

Identifying deviations from normal behavior to detect potential security threats.
Cybersecurity

Antivirus

Software designed to detect, prevent, and remove malicious software.
Networking

API

Application Programming Interface: a set of tools and protocols that allow developers to interact with and control software programmatically.
Networking

Application Layer

Layer 7 of the OSI model, responsible for providing network services to applications.
Cybersecurity

Artificial Intelligence (AI)

Techniques enabling machines to perform tasks that normally require human intelligence; used for detection, response, and automation—by defenders and attackers.
Cybersecurity

Attack Surface

The total number of points where an attacker can try to enter a system.
Cybersecurity

Attack Vector

A method or pathway used by an attacker to gain unauthorized access to a system.
Cybersecurity

Attribution

Identifying the source of a cyberattack.
Cybersecurity

Audit Logs

Records of changes and activity within an application for monitoring and security.
Cybersecurity

Authentication

The process of verifying the identity of a user or device.
Cybersecurity

Authentication Token

A unique code used to verify identity and grant access to a ZeroTier network
Cybersecurity

Authorization

The process of granting access rights to resources based on identity.
Cybersecurity

Authorized Device

A device granted permission to access a specific network.
Cybersecurity

Availability

Ensuring that information is accessible when needed.
Cybersecurity

Backdoor

A hidden method to bypass normal security measures and gain unauthorized access.
Networking

Bandwidth

The amount of data that can be transmitted in a fixed amount of time, usually expressed in bits per second (bps).
Cybersecurity

Baseline

A standard for system security and performance against which changes are measured.
Cybersecurity

Bastion Host

A server designed to withstand attacks and provide access to an internal network from an external network.
Networking

Binary

A number system with two digits, 0 and 1, used in computing.
Networking

Bit

The smallest unit of data in a computer, representing a single binary value.
Cybersecurity

Black Hat

Malicious actor who compromises systems for illegal or unethical purposes.
Cybersecurity

Block Cipher

A method of encrypting data in fixed-size blocks.
Cybersecurity

Bot

An automated program that can perform tasks or be controlled remotely.
Cybersecurity

Bot Herder

A person or system that controls and manages a botnet.
Cybersecurity

Botnet

A network of compromised computers used to perform malicious tasks.
Networking

Bridge

A network device that connects two or more network segments.
Networking

Broadcast Domain

A logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer.
Cybersecurity

Brute Force Attack

An attack that tries every possible password combination to gain access.
Cybersecurity

Buffer Overflow

An error that occurs when data exceeds the allocated buffer size, potentially leading to system compromise.
Networking

BYOD

“Bring Your Own Device” a policy allowing users to connect personal devices to a ZeroTier-managed network.
Networking

Byte

A unit of digital information consisting of 8 bits.
Cyberwarfare

Cable Cutting

A physical attack targeting undersea or land-based internet cables to disrupt communications and network connectivity.
Networking

Cable Modem

A type of network bridge that provides bi-directional data communication via radio frequency channels on a cable television infrastructure.
Networking

Campus Area Network (CAN)

A network that spans multiple buildings (e.g., a university or business campus), interconnecting local area networks under one administrative domain.
Networking

Campus Area Network (CAN)

A computer network that interconnects multiple local area networks (LANs) within a limited geographical area.
Networking

Cat 1

Legacy voice-grade twisted pair (telephone); not used for Ethernet.
Networking

Cat 2

Legacy twisted pair up to ~4 Mb/s (e.g., early Token Ring); obsolete for Ethernet.
Networking

Cat 3

Twisted pair supporting 10BASE-T Ethernet (10 Mb/s) over short runs; largely obsolete.
Networking

Cat 4

Twisted pair cable supporting up to 16 Mbps. Used for early Token Ring networks; now obsolete.
Networking

Cat 5

Twisted pair cabling supporting up to 100 Mbps (100BASE-TX). Designed for Ethernet and data networks; largely replaced by Cat 5e.
Networking

Cat 5e

Improved Cat 5 standard with better crosstalk performance. Supports up to 1 Gbps (Gigabit Ethernet) at 100 MHz frequency.
Networking

Cat 6

Twisted pair cable supporting up to 10 Gbps over short distances (up to 55 m). Operates at 250 MHz, with tighter specifications for crosstalk and noise.
Networking

Cat 6A

Enhanced Cat 6 cable supporting full 10 Gbps Ethernet up to 100 meters. Operates at 500 MHz and offers improved shielding.
Networking

Cat 7

Shielded twisted pair (STP) cable supporting up to 10 Gbps at 600 MHz. Uses GG45 or TERA connectors instead of RJ-45.
Networking

Cat 8

High-performance shielded cable supporting up to 25/40 Gbps at 2000 MHz over short runs (up to 30 m). Primarily used in data centers.
Cybersecurity

Certificate

A digital file used to verify identity and enable secure communication, often issued by a trusted certificate authority.
Cybersecurity

Certificate Authority (CA)

An entity that issues digital certificates to verify identities.
Cybersecurity

CIA Triad

Confidentiality, Integrity, and Availability.
Cybersecurity

Cipher

An algorithm used for encryption or decryption.
Cybersecurity

Ciphertext

Encrypted data that is unreadable without the decryption key.
Cybersecurity

Classical Encryption

Standard encryption methods used today, such as RSA and AES, which may be vulnerable to future quantum computing attacks.
Cybersecurity

Clickjacking

Tricking users into clicking on a hidden link or button.
Networking

Cloud Computing

On-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user.
Networking

Collision Domain

A network segment connected by a shared medium or through repeaters where data packets can “collide” with one another.
Cyberwarfare

Command and Control (C2)

Infrastructure used by attackers to control compromised systems.
Cybersecurity

Confidentiality

Ensuring that information is accessible only to authorized individuals.
Networking

Connection-Oriented

A communication method that establishes a dedicated connection before data transfer.
Networking

Connectionless

A communication method that sends data without establishing a dedicated connection.
Networking

Controller

A device that manages the authentication and introduction of other devices to a ZeroTier network. A controller can be any device connected to the network in question.
Cybersecurity

Cookie Theft

Stealing session cookies (e.g., via XSS or malware) to hijack web sessions and impersonate users.
Cybersecurity

Countermeasure

An action taken to prevent or mitigate a security threat.
Cybersecurity

Cross-Site Request Forgery (CSRF)

An attack that tricks a user into performing an unwanted action.
Cybersecurity

Cross-Site Scripting (XSS)

An attack that injects malicious scripts into websites.
Cybersecurity

Crypto Agility

Designing systems so cryptographic algorithms/keys can be swapped or upgraded quickly (e.g., for post-quantum migration).
Cybersecurity

Cryptography

The practice of securing communication from third parties.
Cybersecurity

Cryptojacking

Unauthorized use of someone else’s computer to mine cryptocurrency.
Cybersecurity

Cyber Deterrence

Discouraging cyberattacks through the threat of retaliation.
Networking

Cyber Domain

The digital environment where communication and information exchange occur.
Cyberwarfare

Cyber Espionage

Using computer networks to gain unauthorized access to sensitive information for intelligence purposes, often on a government’s computer systems.
Cyberwarfare

Cyber Infrastructure

The interconnected systems that support the cyber domain.
Cyberwarfare

Cyber Operations

Actions taken in the cyber domain to achieve objectives.
Cyberwarfare

Cyber Strategy

A plan for using cyber capabilities to achieve objectives.
Cyberwarfare

Cyber Terrorism

The use of cyberattacks to achieve political or ideological goals.
Cyberwarfare

Cyber Warfare (or Cyberwarfare)

The use of cyberattacks against an enemy state’s computer or network systems, often state-sponsored.
Cybersecurity

Cybersecurity Maturity Model Certification (CMMC)

A DoD-mandated framework of cybersecurity requirements and assessments for defense contractors, organized into maturity levels.
Cybersecurity

Data Breach

Unauthorized access to sensitive or confidential information.
Networking

Data Center

A facility housing compute, storage, and networking infrastructure to run applications and services.
Cybersecurity

Data Encryption Standard (DES)

An early symmetric-key encryption algorithm.
Cybersecurity

Data Exfiltration

The unauthorized transfer of data from a system.
Cybersecurity

Data in Transit Security (DiTS)

Security measures that protect data while it’s moving between networks, devices, clouds etc, preventing interception or tampering during transmission.
Cybersecurity

Data Integrity Attack

An attack that alters data without authorization.
Networking

Data Link Layer

Layer 2 of the OSI model, responsible for node-to-node data transfer.
Cybersecurity

Data Loss Prevention (DLP)

A system that prevents sensitive data from leaving an organization’s network.
Cybersecurity

Data Manipulation

The act of altering data without authorization.
Networking

Data Packet

A unit of data transmitted over a network.
Networking

Data-centric Interoperability (DCI)

Systems interoperate by sharing well-defined data models/schemas and semantics rather than tight API coupling; emphasizes common data contracts.
Cybersecurity

Decryption

The process of converting encrypted data back into its original form.
Cybersecurity

Defense in Depth

A security strategy that uses multiple layers of defense, borrowed from real world military defensive strategy.
Cybersecurity

Demilitarized Zone (DMZ)

A network segment that sits between an internal network and an external network, providing an extra layer of security.
Cybersecurity

Denial of Service (DoS)

An attack that disrupts the availability of a network or service, usually by flooding a system with excess traffic.
Networking

Deployment

The setup and activation of ZeroTier on devices to enable secure network connectivity.
Networking

Device

Any device connected to a Zerotier network.
Networking

Device ID

A unique cryptographic ID assigned to each device when it joins its first ZeroTier network. This ID remains the same even if the device joins multiple networks or changes IP address.
Cybersecurity

Digital Certificate

An electronic document used to verify the identity of a website or individual.
Cybersecurity

Digital Signature

A mathematical technique used to validate the authenticity and integrity of a message or document.
Networking

Digital Subscriber Line (DSL)

A family of technologies that are used to transmit digital data over telephone lines.
Networking

Direct Connection

Peer-to-peer connection without intermediary servers for lower latency and higher speeds.
Cybersecurity

Distributed Denial-of-Service (DDoS)

A malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Networking

DNS Server

A server that translates domain names into IP addresses.
Networking

Domain

A named group of devices or resources managed as a unit, often identified by a unique domain name like example.com.
Networking

Domain Name System (DNS)

The phonebook of the Internet. It translates domain names to IP addresses.
Cybersecurity

Domain Name System (DNS) Spoofing

An attack that redirects traffic to a fake website.
Networking

Domain of Interpretation (DOI)

A shared set of rules or parameters that defines how security protocols, like IPsec, interpret and use things, such as algorithms, key management, and policies.
Cybersecurity

Drive-by Download

Malware that downloads automatically when a user visits a website.
Networking

Dynamic Host Configuration Protocol (DHCP)

A network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network.
Cybersecurity

Elliptical Curve Cryptography

A method of public-key encryption that uses the mathematics of elliptic curves to provide strong security with smaller key sizes.
Cybersecurity

Encryption

The process of converting information or data into a coded format, especially to prevent unauthorized access.
Networking

Ethernet

A family of computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN).
Cybersecurity

Exploit

Code that takes advantage of a vulnerability to gain access.
Networking

Failover

Automatic switching to a backup connection or path to keep the network running if the original connection fails or is interrupted.
Cyberwarfare

Federal Information Processing Standards (FIPS)

A set of standards and guidelines issued by the National Institute of Standards and Technology (NIST) for federal government computer systems. FIPS standards are developed to ensure computer security and interoperability.
Networking

Federated

A system where multiple independent networks or systems work together while maintaining their own control and data.
Networking

Federated Identity

A system that allows users to access multiple applications using a single set of credentials.
Networking

Fiber Optic

A technology that uses glass threads to transmit data.
Cybersecurity

FIPS-140

The U.S. standard series for validating cryptographic modules used by government and regulated industries; the current version is 140-3.
Cybersecurity

FIPS-140-2

Prior version of the crypto-module validation standard; being phased out in favor of 140-3.
Cybersecurity

FIPS-140-3

Current cryptographic module validation standard (aligns with ISO/IEC 19790).
Cybersecurity

FIPS-203

NIST’s ML-KEM (module-lattice KEM) post-quantum key establishment standard.
Cybersecurity

FIPS-204

NIST’s ML-DSA post-quantum digital signature standard (module-lattice–based).
Cybersecurity

FIPS-205

NIST’s SLH-DSA post-quantum digital signature standard (both hash-based and stateless).
Cybersecurity

Firewall

A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Cybersecurity

Firewall Rule

A set of instructions that defines what traffic is allowed or blocked.
Cybersecurity

Forensics

The process of investigating and analyzing digital evidence.
Cybersecurity

Forward Secrecy

A security feature that ensures session keys are not compromised even if long-term keys are exposed later.
Networking

FreeBSD

Operating system powering servers, desktops, and embedded platforms.
Networking

Full Duplex

A communication mode allowing simultaneous two-way transmission of data.
Networking

Gateway

A network node that connects two networks with different protocols.
Networking

Geostationary (GEO) Satellite

High-orbit satellite
Cybersecurity

Hacking

Gaining unauthorized access to a computer system or network.
Cybersecurity

Hacktivist

A threat actor motivated by political or social beliefs.
Networking

Half Duplex

A communication mode allowing for two-way transmission of data, but only one direction at a time.
Networking

HaLow

Sub-GHz Wi-Fi amendment optimized for long range and low power for IoT.
Networking

High Latency

Delay in network communication, typically measured in milliseconds.
Networking

Holepunching

A technique used to establish direct connections between devices behind NATs or firewalls.
Cybersecurity

Honeypot

A decoy system designed to attract and trap attackers.
Networking

Hop

A single router/switch traversal on the path from source to destination.
Networking

Host

Any endpoint (server, VM, container, device) with an IP address that sends/receives network traffic.
Networking

Hub

A device that connects multiple computers or other network devices together, acting as a common connection point for devices in a network.
Networking

Hub and Spoke

A network design where all devices connect through a central node (hub), rather than directly to each other.
Networking

Hypertext Transfer Protocol Secure (HTTPS)

Secure version of HTTP, using SSL/TLS for encryption.
Cybersecurity

Identity Provider (IdP)

A service that authenticates users and provides identity information to other services.
Cybersecurity

Identity Theft

Stealing someone’s personal information for fraudulent purposes.
Cybersecurity

Incident Response

The process of handling and recovering from a security incident.
Networking

Industrial Internet of Things (IIoT)

Industrial Internet of Things: connected devices and systems used in industrial settings, such as sensors, robotics, and control systems in factories or plants.
Cybersecurity

Insider Threat

A threat from someone within an organization.
Cybersecurity

Integrity

Ensuring that information is accurate and complete.
Networking

Internet Control Message Protocol (ICMP)

Protocol used by network devices to send error messages and operational information.
Networking

Internet of Things (IoT)

A network of connected physical devices that use sensors and software to collect and share data, enabling automation across homes, industries, and infrastructure.
Networking

Internet Registry / Registration (IR)

Regional Internet Registries (ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC) allocate/manage public IP address space and ASNs.
Cybersecurity

Intrusion Detection System (IDS)

A system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
Cybersecurity

Intrusion Prevention System (IPS)

A system that monitors network traffic for malicious activity or policy violations and takes automated actions to block or prevent them.
Networking

IP Address

A unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
Networking

IPAM

IP Address Management: the planning, tracking, and managing of IP address assignments within a network.
Networking

IPSec

A suite of protocols used to secure IP communications through encryption and authentication at the network layer.
Networking

IPv4 Auto-Assign

A feature that automatically assigns IPv4 addresses to devices on a network, simplifying configuration and management.
Networking

IPv6 Auto-Assign

A feature that automatically assigns IPv6 addresses to devices, enabling easier scaling and management of large networks.
Networking

JavaScript Object Notation (JSON)

A way to encode data, usually settings, for computer programs to understand.
Networking

Jitter

The variation in the delay of received packets.
Cybersecurity

Juice Jacking

A compromise where malware or data theft occurs via a public USB charging port or cable.
Cybersecurity

Key Management

Processes and tools for generating, distributing, storing, rotating, and retiring cryptographic keys securely.
Cybersecurity

Keylogger

Software that records every keystroke made by a user, typically to steal passwords or other sensitive information.
Cybersecurity

Keypair

A set of cryptographic keys, one public and one private, used to authenticate and secure communication between ZeroTier nodes.
Cybersecurity

Keystore

A protected repository (software or hardware) that stores cryptographic keys and/or certificates.
Networking

Latency

The delay before a transfer of data begins following an instruction for its transfer.
Networking

Layer 2 (Data Link Layer)

Provides node-to-node data transfer, framing, and error detection. Handles MAC addresses and switching within a local network.
Networking

Layer 3 (Network Layer)

Handles logical addressing and routing of packets between different networks.
Networking

Layer 4 (Transport Layer)

Manages end-to-end communication, reliability, and flow control between hosts.
Networking

Layer 5 (Session Layer)

Establishes, manages, and terminates communication sessions between applications.
Networking

Layer 6 (Presentation Layer)

Translates data formats, handles encryption/decryption, and compresses data for the application layer.
Networking

Layer 7 (Application Layer)

The top layer where users and applications interact with the network. Provides application-specific network services.
Cybersecurity

Least Privilege

The principle of granting users only the minimum access needed to perform their tasks.
Networking

Legacy VPN

Traditional, tunnel-based VPNs that backhaul traffic and require concentrators, often adding latency and operational overhead versus modern zero-trust/ZTNA approaches.
Networking

Linux

Family of open-source Unix-like OS based on the Linux kernel.
Networking

Load Balancer

A device that distributes network or application traffic across multiple servers.
Networking

Local Area Network (LAN)

A network that connects computers and devices in a limited geographical area such as a home, school, computer laboratory, or office building.
Cybersecurity

Logic Bomb

Code that executes a malicious action when specific conditions are met.
Networking

LoRa

Long Range is a spread spectrum modulation technique derived from chirp spread spectrum (CSS) technology. Semtech’s LoRa is a long-range, low-power wireless platform that has become the de facto wireless platform of the Internet of Things (IoT).
Networking

Low Earth Orbit (LEO) Satellite

A satellite orbiting between 160–2,000 km altitude, offering lower-latency communications than GEO satellites.
Networking

LPWAN

Low-Power Wide-Area Network is a term used to describe a variety of technologies that connect controllers and sensors to the Internet. Sigfox was the first service provider to use LPWAN to connect devices to the Internet.
Networking

LTE

Long Term Evolution is a term used for a type of 4G (4th generation) that delivers the fastest mobile Internet experience. You’ll usually see it called 4G LTE or 4G LTE-A (advanced)
Networking

LTE-M

Long Term Evolution Machine Type Communication, which includes eMTC (enhanced Machine Type Communication), is a type of low power wide area network (LPWAN) radio technology standard developed by 3GPP to enable a wide range of cellular devices and services specifically, for machine-to-machine and Internet of Things applications.
Networking

MAC Address

A unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment.
Networking

MAC Spoofing

The act of falsifying a device’s MAC address to bypass access controls.
Networking

macOS

OS developed by Apple Inc. for Macintosh computers.
Cybersecurity

Malware

Malicious software that is intended to damage or disable computers and computer systems.
Cybersecurity

Man-in-the-Middle (MitM) Attack

An attack where the attacker intercepts communication between two parties.
Cybersecurity

Memory Safe Languages

Programming languages designed to prevent common memory errors. Examples include Rust, Go, and Swift.
Cybersecurity

Memory Safety

A property of software that prevents bugs or attacks caused by accessing memory incorrectly, such as buffer overflows or use-after-free errors.
Networking

Mesh Networking

A network topology where each node relays data dynamically for others, providing redundant, self-healing paths.
Networking

Metropolitan Area Network (MAN)

A computer network that interconnects users with computer resources in a geographic area larger than that covered by even a large local area network (LAN) but smaller than the area covered by a wide area network (WAN).
Networking

Multi-Factor Authentication (MFA)

A security system that requires multiple forms of verification to grant access.
Networking

Multipath

The use of multiple physical or logical paths to transmit data between two endpoints to increase redundancy, reliability, or performance.
Networking

NAT Hole Punching

A technique to establish direct connections between devices behind NAT routers.
Networking

NAT Traversal

A technique that allows ZeroTier devices behind routers or firewalls to connect with each other across networks.
Cybersecurity

National Institute of Standards and Technology (NIST)

U.S. standards body that issues security guidelines and FIPS publications (e.g., cryptographic standards).
Cyberwarfare

National Security Agency (NSA)

U.S. signals intelligence and information security agency; develops guidance/standards for classified systems.
Networking

NDP

NDP (Neighbor Discovery Protocol) is a protocol used in IPv6 networks to discover other devices on the same local network, determine their link-layer addresses (like MAC addresses), find routers, and maintain reachability information.
Networking

Network

A system of interconnected devices that communicate and share processing power, resources, data, and services, amongst each other and with outside users.
Networking

Network Address Translation (NAT)

A method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) headers of packets while they are in transit across a traffic routing device.
Networking

Network Attached Storage (NAS)

File-level storage architecture making data accessible to networked devices.
Networking

Network ID

A unique 16-digit hexadecimal identifier for a ZeroTier virtual network.
Networking

Network Interface Card (NIC)

A computer hardware component that connects a computer to a computer network.
Networking

Network Monitoring

The use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages or other troubles.
Networking

Network Operations Center (NOC)

Centralized team/facility that monitors, operates, and troubleshoots networks and services 24×7.
Networking

Network Segmentation

The division of a computer network into smaller, logical, often isolated segments.
Cybersecurity

Network Sniffing

Intercepting and logging network traffic.
Networking

Network Topology

The arrangement of the elements (links, nodes, etc.) of a communication network.
Cybersecurity

Next-Generation Firewall (NGFW)

A security device that combines traditional firewall features with advanced capabilities like deep packet inspection, intrusion prevention, and application awareness
Networking

Node

A connection point, a redistribution point, or a communication endpoint.
Cybersecurity

NVR

A system that records video data from IP cameras over a network for surveillance and playback.
Cybersecurity

Observability

The ability to measure a system’s internal states by examining its outputs, enabling effective monitoring, debugging, and performance analysis.
Networking

Open Authorization (OAuth)

An open standard for access delegation that allows users to grant websites or applications limited access to their information without exposing passwords.
Networking

Open Source

Software whose source code is freely available for anyone to view, modify, and distribute.
Networking

Open Systems Interconnection (OSI) Model

A conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to their underlying internal structure and technology.
Networking

OpenID Connect (OIDC)

An identity layer built on top of OAuth 2.0 that allows clients to verify user identities and obtain basic profile information.
Networking

Operating System (OS)

Software supporting computer functions like task scheduling and peripheral control.
Networking

Operational Technology (OT)

refers to hardware and software that monitor or control physical systems.
Networking

Packet

A small segment of a larger message that is sent over a network.
Cybersecurity

Packet Filter

A firewall function that allows/blocks traffic based on header fields (IP, port, protocol, flags).
Networking

Packet Header

Metadata at the start of a frame/packet (addresses, protocol, length, etc.) used for forwarding and processing.
Networking

Packet Loss

The failure of one or more transmitted packets to arrive at their destination.
Cybersecurity

Patch

A software update that fixes vulnerabilities.
Cybersecurity

Patch Management

The process of applying software updates to fix vulnerabilities.
Networking

Peer

A remote ZeroTier node that your local node is communicating with.
Networking

Peer-to-Peer

A decentralized communications model where each device (peer) can act as both a client and a server, sharing resources directly without needing a central server.
Cybersecurity

Penetration (Pen) Testing

An authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.
Networking

Personal Area Network (PAN)

A network centered around an individual’s devices, typically within a few meters, often using Bluetooth or USB.
Cybersecurity

Phishing

A fraudulent social engineering attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
Networking

Physical IP

The actual IP address assigned to a device’s network interface, identifying it uniquely on a network.
Networking

Ping

Network utility testing host reachability over IP networks.
Networking

Port

A communication endpoint. At the software level within an operating system, a port is a logical construct that identifies a specific process or a type of network service.
Networking

Port Forwarding

Mapping an external port on a router to an internal IP address and port, enabling external access to services inside a private network.
Cybersecurity

Port Scanning

Probing a system for open ports and services.
Cybersecurity

Post-Quantum Cryptography

Refers to cryptographic algorithms designed to be secure against the potential threats posed by quantum computers.
Networking

Private Address

Non-routable address space for internal networks.
Cybersecurity

Private Key/Secret Key

A cryptographic key that is kept confidential and used to decrypt data or sign messages, ensuring secure communication in encryption systems.
Networking

Protocol

A set of rules governing the format and transmission of data in a network.
Networking

Proxy Server

A server that acts as an intermediary for requests from clients seeking resources from other servers.
Cyberwarfare

Psychological Warfare

The use of digital tactics to influence, manipulate, or intimidate opponents by spreading fear, misinformation, or doubt.
Cybersecurity

Public Key

A cryptographic key that can be shared openly and is used to encrypt data or verify digital signatures in public key encryption systems.
Cybersecurity

Public Key Infrastructure (PKI)

A system for managing digital certificates and public-key encryption.
Cybersecurity

Quantum Communications

Communication methods leveraging quantum phenomena (e.g., quantum key distribution) for eavesdropping-resistant key exchange.
Cybersecurity

Quantum Computing

An emerging technology that uses quantum mechanics to solve problems faster than classical computers, posing risks to current encryption methods.
Cybersecurity

Quantum Resilience

The ability of cryptographic systems to withstand attacks from quantum computers through the use of post-quantum algorithms.
Cybersecurity

Quantum Sensing

Using quantum effects to achieve ultra-precise measurements (timing, fields); has security and defense implications (e.g., navigation, detection).
Cybersecurity

Quantum-Safe

Designed to resist attacks from quantum computers by using cryptographic methods that remain secure in a post-quantum future.
Cybersecurity

Ransomware

Software that encrypts files and demands a ransom for their release.
Cybersecurity

Relationship-Based Access Control (ReBAC)

Access authorized based on relationships between entities (e.g., “owner-of,” “member-of”) rather than only static roles.
Networking

Repeater

A network device that receives a signal and retransmits it at a higher level or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances without degradation.
Cybersecurity

Replay Attack

Reusing captured valid traffic (e.g., messages or tokens) to fraudulently repeat or delay actions unless protected by nonces/timestamps.
Cybersecurity

Risk Assessment

Identifying and evaluating potential threats and vulnerabilities.
Cybersecurity

Robot-in-the-Middle (RitM)

Unmanned Man-in-the-Middle (MitM)
Cybersecurity

Role-Based Access Control (RBAC)

Granting permissions based on a user’s role (job function), enforcing least privilege.
Cybersecurity

Rootkit

A collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.
Networking

Route

The path that data takes across networks from a source to a destination, determined by routers and network configurations.
Cybersecurity

Route Injection

An attack that inserts false routing information into a network.
Networking

Router

A networking device that forwards data packets between computer networks.
Networking

Routing Table

A data table stored in a router or a networked computer that lists the routes to particular network destinations.
Cybersecurity

RSA

A widely used public key encryption method that secures data by using the mathematical properties of large prime numbers.
Cyberwarfare

Salt Typhoon

A China-nexus advanced persistent threat (APT) linked to cyber-espionage against telecom and other targets, noted by U.S. agencies and researchers.
Cybersecurity

Scareware

Software that tricks users into believing their computer is infected.
Cybersecurity

Script Kiddie

An unskilled threat actor who uses pre-made tools for malicious intent.
Cybersecurity

Secure Access Service Edge (SASE)

A security framework that combines networking and security functions in the cloud to provide secure access to applications and data.
Networking

Secure Shell (SSH)

A common protocol used to securely access and manage devices over a network.
Networking

Secure Sockets Layer (SSL)

An older protocol for encrypting data in transit, now largely replaced by TLS in modern networking deployments.
Cybersecurity

Security Audit

A systematic evaluation of the security of a company’s information system by measuring how well it conforms to an established set of criteria.
Cybersecurity

Security Awareness Training

Educating users about security threats and best practices.
Cybersecurity

Security Information and Event Management (SIEM)

A system that collects and analyzes security logs and events.
Cybersecurity

Security Service Edge (SSE)

A cloud-delivered security model (e.g., SWG, CASB, ZTNA) that secures access to the internet, SaaS, and private apps
Networking

Segmentation

Dividing a network into smaller, isolated segments (e.g., VLANs, subnets, micro-segments) to limit blast radius and improve performance/security.
Networking

Self-healing

The ability of a ZeroTier network to automatically find new paths and restore connections when links fail or network conditions change.
Cybersecurity

Session Hijacking

An attack where the attacker takes over an active session.
Networking

Simple Networking Management Protocol (SNMP)

Protocol for monitoring/configuring network devices via a manager/agent model (MIBs, GET/SET/TRAP).
Networking

Single Point of Failure (SPOF)

A component whose failure causes a large outage of a system or service.
Cybersecurity

Social Engineering

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Cyberwarfare

Software Defined Warfare (SDW)

The use of software-driven systems to control, coordinate, and adapt military operations across digital and physical domains.
Networking

Software-Defined Network/Networking (SDN)

A network architecture that separates network creation and control from hardware.
Cybersecurity

Spoofing

Masquerading as a trusted entity (e.g., IP, DNS, MAC, or email) to deceive systems or users.
Cybersecurity

Spyware

Software that aims to gather information about a person or organization without their knowledge, and that may send such information to another entity without the consumer’s consent.
Cybersecurity

SQL Injection

An attack that inserts malicious SQL code into a database query.
Networking

SSH

“Secure Shell” is a protocol used to securely access and manage devices over a network.
Networking

SSL

“Secure Sockets Layer” is an older protocol for encrypting data in transit, now largely replaced by TLS in modern ZeroTier deployments.
Networking

Starlink

A low-latency broadband satellite constellation by SpaceX providing high-speed Internet to remote areas.
Cyberwarfare

State-Sponsored Actor

A threat actor that is funded and directed by a government.
Networking

Static Routing

Manually configured routes that don’t change unless edited, as opposed to dynamic routing protocols.
Cybersecurity

Stealth Mode

Firewall setting preventing responses to ping requests, reducing visibility on the network.
Cyberwarfare

Stuxnet

A sophisticated computer worm that targeted Iranian nuclear facilities, widely considered the first known cyberweapon to cause physical damage.
Networking

Subnet

A segmented range of IP addresses within a network, used in ZeroTier to route traffic between virtual and physical networks.
Networking

Subnet Mask

A 32-bit mask used to divide an IP network into subnets, indicating which portion of the address is network and which is host.
Cybersecurity

Supply Chain

The network of vendors and service providers that support an organization, where vulnerabilities can be exploited to launch cyberattacks.
Cyberwarfare

Supply Chain Attack

An attack that targets vulnerabilities in the supply chain, either physical or software.
Networking

Switch

A networking device that connects devices on a computer network, typically a local area network (LAN).
Cybersecurity

Symmetric Encryption

Encryption method where the same key is used for both encryption and decryption.
Networking

Symmetric NAT

A type of network address translation that creates unique mappings for each connection, making direct peer-to-peer connections more difficult.
Networking

Test Address

IP blocks reserved for examples and documentation
Cybersecurity

Threat Actor

A person or entity that is responsible for an event or cyberattack that impacts the security of an organization.
Cybersecurity

Threat Intelligence

Information about potential threats and threat actors.
Networking

Throughput

The rate of production or the rate at which something is processed.
Networking

TLS

“Transport Layer Security” is a protocol that encrypts data in transit to ensure secure communication between ZeroTier components.
Networking

Transmission Control Protocol (TCP)

A standard that defines how to establish and maintain a network conversation via which application programs can exchange data.
Networking

Transport Layer Security (TLS)

A protocol that encrypts data in transit to ensure secure communication between ZeroTier components.
Cybersecurity

Trojan Horse

A type of malware or malicious software that is disguised as legitimate software.
Cybersecurity

Two-Factor Authentication (2FA)

A security system that requires multiple forms of verification to grant access.
Cybersecurity

Typosquatting

Registering domain names similar to legitimate ones to trick users.
Networking

Uniform Resource Locator (URL)

A standardized address that specifies the location of a resource on the internet and how to access it (scheme, host, path, etc.).
Networking

User Datagram Protocol (UDP)

A communications protocol used across IP networks, primarily for establishing low-latency and loss-tolerating connections between applications on the internet.
Networking

Virtual Local Area Network (VLAN)

Any broadcast domain that is partitioned and isolated in a computer network at the data link layer (Layer 2).
Networking

Virtual Private Network (VPN)

A Virtual Private Network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
Cybersecurity

Virus

A type of malicious software that replicates itself by modifying other computer programs and inserting its own code, often full copies of itself.
Networking

Voice over Internet Protocol (VoIP)

Transmitting voice communications over IP networks rather than the public switched telephone network.
Networking

VoLTE

Voice over Long-Term Evolution is a technology that uses virtually dedicated data packets to enable mobile voice calls over the LTE (Long Term Evolution) network as opposed to dedicated circuits which are traditionally used for voice calls.
Cybersecurity

Vulnerability

A weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system.
Networking

VXLAN

Virtual Extensible LAN is a tunneling protocol that enables the creation of virtual networks over existing Layer 3 infrastructure.
Cybersecurity

Watering Hole Attack

An attack that infects a website frequented by the target.
Networking

Web Hook

A user-defined callback that sends real-time data from one system to another when specific events occur.
Cybersecurity

White Hat

An ethical security professional who tests, defends, or hacks systems with authorization to validate and fix security issues.
Networking

Wi-Fi

A Wi-Fi network is a type of wireless local area network that utilizes radio waves to establish connections between computers and various devices, enabling seamless internet access. Based on the IEEE 802.11 standards.
Networking

Wide Area Network (WAN)

A telecommunications network that extends over a large geographical area for the primary purpose of computer networking.
Networking

Windows

Proprietary graphical OS families developed by Microsoft.
Cybersecurity

Wired Equivalent Privacy (WEP)

An obsolete encryption protocol for IEEE 802.11 WLANs, superseded by WPA/WPA2 due to security vulnerabilities.
Networking

Wireless Access Point (WAP)

A device that allows Wi-Fi clients to connect to a wired network by bridging wireless and wired segments.
Networking

WLAN

A Wireless Local-Area Network is a group of co-located computers or other devices that form a network based on radio transmissions rather than wired connections. A Wi-Fi network is a type of WLAN; anyone connected to Wi-Fi while reading this webpage is using a WLAN.
Cybersecurity

Worm

A self-replicating program that spreads across a network, usually to cause harm.
Cybersecurity

XSS Attack

Injecting malicious scripts into trusted websites so code runs in a victim’s local browser.
Cybersecurity

Zero Trust

A security model based on the principle of “never trust, always verify.” It assumes that no user or device, whether inside or outside the network perimeter, should be trusted by default. Instead, every access request is fully authenticated, authorized, and encrypted before granting access.
Cybersecurity

Zero Trust Network Architecture (ZTNA)

A set of cybersecurity principles used when planning and implementing a zero trust environment. ZTNA is not a single product but a set of concepts and ideas. It is a security model that assumes no implicit trust is granted to assets or user accounts based solely on their physical or network location (i.e., local area network versus internet) or asset ownership (enterprise or personally owned). Authentication and authorization are discrete functions performed before a session to an enterprise resource is established. ZTNA limits access to only explicitly authorized resources.
Cybersecurity

Zero-Day Exploit

An attack that exploits a previously unknown vulnerability in a computer application, operating system or piece of hardware.
3G
A mobile telecommunications standard offering data rates up to a few megabits per second, enabling mobile internet, video calls, and mobile TV.
4G
A broadband cellular network standard providing peak download rates of 100 Mbps (mobile) to 1 Gbps (stationary), powering HD mobile video and VoLTE.
5G
The latest generation of mobile networks, delivers faster internet speeds, lower delays, and support for more connected devices.
5Ge
A marketing name for an enhanced 4G LTE technology (with features like 256-QAM and 4×4 MIMO) that offers speeds approaching true 5G but is still LTE under the hood.
A Record
DNS record that maps a domain name to an IPv4 address.
AAAA Record
DNS record that maps a domain name to an IPv6 address.
Access Control List (ACL)
A list of permissions attached to an object specifying who or what has access to the object and what operations are allowed.
Active Defense
Proactive measures taken to defend against cyber threats, such as threat hunting and deception techniques.
Address Resolution Protocol (ARP)
Protocol used to map an IP address to a physical MAC address.
Address Resolution Protocol (ARP) Spoofing
An attack that associates the attacker’s MAC address with the IP address of another host.
Advanced Persistent Threat (APT)
A sophisticated, long-term cyberattack targeting specific entities.
Adware
Software that displays unwanted advertisements on a user’s computer.
AES-NI
Advanced Encryption Standard New Instructions. Improves speed and security of AES encryption/decryption.
Air Gap
A security measure involving physically isolating a network from all other networks.
Algorithm
A set of rules or instructions used to solve a problem or perform a computation.
Analog Signal
A continuous signal that varies over time.
Anomaly Detection
Identifying deviations from normal behavior to detect potential security threats.
Antivirus
Software designed to detect, prevent, and remove malicious software.
API
Application Programming Interface: a set of tools and protocols that allow developers to interact with and control software programmatically.
Application Layer
Layer 7 of the OSI model, responsible for providing network services to applications.
Artificial Intelligence (AI)
Techniques enabling machines to perform tasks that normally require human intelligence; used for detection, response, and automation—by defenders and attackers.
Attack Surface
The total number of points where an attacker can try to enter a system.
Attack Vector
A method or pathway used by an attacker to gain unauthorized access to a system.
Attribution
Identifying the source of a cyberattack.
Audit Logs
Records of changes and activity within an application for monitoring and security.
Authentication
The process of verifying the identity of a user or device.
Authentication Token
A unique code used to verify identity and grant access to a ZeroTier network
Authorization
The process of granting access rights to resources based on identity.
Authorized Device
A device granted permission to access a specific network.
Availability
Ensuring that information is accessible when needed.
Backdoor
A hidden method to bypass normal security measures and gain unauthorized access.
Bandwidth
The amount of data that can be transmitted in a fixed amount of time, usually expressed in bits per second (bps).
Baseline
A standard for system security and performance against which changes are measured.
Bastion Host
A server designed to withstand attacks and provide access to an internal network from an external network.
Binary
A number system with two digits, 0 and 1, used in computing.
Bit
The smallest unit of data in a computer, representing a single binary value.
Black Hat
Malicious actor who compromises systems for illegal or unethical purposes.
Block Cipher
A method of encrypting data in fixed-size blocks.
Bot
An automated program that can perform tasks or be controlled remotely.
Bot Herder
A person or system that controls and manages a botnet.
Botnet
A network of compromised computers used to perform malicious tasks.
Bridge
A network device that connects two or more network segments.
Broadcast Domain
A logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer.
Brute Force Attack
An attack that tries every possible password combination to gain access.
Buffer Overflow
An error that occurs when data exceeds the allocated buffer size, potentially leading to system compromise.
BYOD
“Bring Your Own Device” a policy allowing users to connect personal devices to a ZeroTier-managed network.
Byte
A unit of digital information consisting of 8 bits.
Cable Cutting
A physical attack targeting undersea or land-based internet cables to disrupt communications and network connectivity.
Cable Modem
A type of network bridge that provides bi-directional data communication via radio frequency channels on a cable television infrastructure.
Campus Area Network (CAN)
A computer network that interconnects multiple local area networks (LANs) within a limited geographical area.
Campus Area Network (CAN)
A network that spans multiple buildings (e.g., a university or business campus), interconnecting local area networks under one administrative domain.
Cat 1
Legacy voice-grade twisted pair (telephone); not used for Ethernet.
Cat 2
Legacy twisted pair up to ~4 Mb/s (e.g., early Token Ring); obsolete for Ethernet.
Cat 3
Twisted pair supporting 10BASE-T Ethernet (10 Mb/s) over short runs; largely obsolete.
Cat 4
Twisted pair cable supporting up to 16 Mbps. Used for early Token Ring networks; now obsolete.
Cat 5
Twisted pair cabling supporting up to 100 Mbps (100BASE-TX). Designed for Ethernet and data networks; largely replaced by Cat 5e.
Cat 5e
Improved Cat 5 standard with better crosstalk performance. Supports up to 1 Gbps (Gigabit Ethernet) at 100 MHz frequency.
Cat 6
Twisted pair cable supporting up to 10 Gbps over short distances (up to 55 m). Operates at 250 MHz, with tighter specifications for crosstalk and noise.
Cat 6A
Enhanced Cat 6 cable supporting full 10 Gbps Ethernet up to 100 meters. Operates at 500 MHz and offers improved shielding.
Cat 7
Shielded twisted pair (STP) cable supporting up to 10 Gbps at 600 MHz. Uses GG45 or TERA connectors instead of RJ-45.
Cat 8
High-performance shielded cable supporting up to 25/40 Gbps at 2000 MHz over short runs (up to 30 m). Primarily used in data centers.
Certificate
A digital file used to verify identity and enable secure communication, often issued by a trusted certificate authority.
Certificate Authority (CA)
An entity that issues digital certificates to verify identities.
CIA Triad
Confidentiality, Integrity, and Availability.
Cipher
An algorithm used for encryption or decryption.
Ciphertext
Encrypted data that is unreadable without the decryption key.
Classical Encryption
Standard encryption methods used today, such as RSA and AES, which may be vulnerable to future quantum computing attacks.
Clickjacking
Tricking users into clicking on a hidden link or button.
Cloud Computing
On-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user.
Collision Domain
A network segment connected by a shared medium or through repeaters where data packets can “collide” with one another.
Command and Control (C2)
Infrastructure used by attackers to control compromised systems.
Confidentiality
Ensuring that information is accessible only to authorized individuals.
Connection-Oriented
A communication method that establishes a dedicated connection before data transfer.
Connectionless
A communication method that sends data without establishing a dedicated connection.
Controller
A device that manages the authentication and introduction of other devices to a ZeroTier network. A controller can be any device connected to the network in question.
Cookie Theft
Stealing session cookies (e.g., via XSS or malware) to hijack web sessions and impersonate users.
Countermeasure
An action taken to prevent or mitigate a security threat.
Cross-Site Request Forgery (CSRF)
An attack that tricks a user into performing an unwanted action.
Cross-Site Scripting (XSS)
An attack that injects malicious scripts into websites.
Crypto Agility
Designing systems so cryptographic algorithms/keys can be swapped or upgraded quickly (e.g., for post-quantum migration).
Cryptography
The practice of securing communication from third parties.
Cryptojacking
Unauthorized use of someone else’s computer to mine cryptocurrency.
Cyber Deterrence
Discouraging cyberattacks through the threat of retaliation.
Cyber Domain
The digital environment where communication and information exchange occur.
Cyber Espionage
Using computer networks to gain unauthorized access to sensitive information for intelligence purposes, often on a government’s computer systems.
Cyber Infrastructure
The interconnected systems that support the cyber domain.
Cyber Operations
Actions taken in the cyber domain to achieve objectives.
Cyber Strategy
A plan for using cyber capabilities to achieve objectives.
Cyber Terrorism
The use of cyberattacks to achieve political or ideological goals.
Cyber Warfare (or Cyberwarfare)
The use of cyberattacks against an enemy state’s computer or network systems, often state-sponsored.
Cybersecurity Maturity Model Certification (CMMC)
A DoD-mandated framework of cybersecurity requirements and assessments for defense contractors, organized into maturity levels.
Data Breach
Unauthorized access to sensitive or confidential information.
Data Center
A facility housing compute, storage, and networking infrastructure to run applications and services.
Data Encryption Standard (DES)
An early symmetric-key encryption algorithm.
Data Exfiltration
The unauthorized transfer of data from a system.
Data in Transit Security (DiTS)
Security measures that protect data while it’s moving between networks, devices, clouds etc, preventing interception or tampering during transmission.
Data Integrity Attack
An attack that alters data without authorization.
Data Link Layer
Layer 2 of the OSI model, responsible for node-to-node data transfer.
Data Loss Prevention (DLP)
A system that prevents sensitive data from leaving an organization’s network.
Data Manipulation
The act of altering data without authorization.
Data Packet
A unit of data transmitted over a network.
Data-centric Interoperability (DCI)
Systems interoperate by sharing well-defined data models/schemas and semantics rather than tight API coupling; emphasizes common data contracts.
Decryption
The process of converting encrypted data back into its original form.
Defense in Depth
A security strategy that uses multiple layers of defense, borrowed from real world military defensive strategy.
Demilitarized Zone (DMZ)
A network segment that sits between an internal network and an external network, providing an extra layer of security.
Denial of Service (DoS)
An attack that disrupts the availability of a network or service, usually by flooding a system with excess traffic.
Deployment
The setup and activation of ZeroTier on devices to enable secure network connectivity.
Device
Any device connected to a Zerotier network.
Device ID
A unique cryptographic ID assigned to each device when it joins its first ZeroTier network. This ID remains the same even if the device joins multiple networks or changes IP address.
Digital Certificate
An electronic document used to verify the identity of a website or individual.
Digital Signature
A mathematical technique used to validate the authenticity and integrity of a message or document.
Digital Subscriber Line (DSL)
A family of technologies that are used to transmit digital data over telephone lines.
Direct Connection
Peer-to-peer connection without intermediary servers for lower latency and higher speeds.
Distributed Denial-of-Service (DDoS)
A malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DNS Server
A server that translates domain names into IP addresses.
Domain
A named group of devices or resources managed as a unit, often identified by a unique domain name like example.com.
Domain Name System (DNS)
The phonebook of the Internet. It translates domain names to IP addresses.
Domain Name System (DNS) Spoofing
An attack that redirects traffic to a fake website.
Domain of Interpretation (DOI)
A shared set of rules or parameters that defines how security protocols, like IPsec, interpret and use things, such as algorithms, key management, and policies.
Drive-by Download
Malware that downloads automatically when a user visits a website.
Dynamic Host Configuration Protocol (DHCP)
A network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network.
Elliptical Curve Cryptography
A method of public-key encryption that uses the mathematics of elliptic curves to provide strong security with smaller key sizes.
Encryption
The process of converting information or data into a coded format, especially to prevent unauthorized access.
Ethernet
A family of computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN).
Exploit
Code that takes advantage of a vulnerability to gain access.
Failover
Automatic switching to a backup connection or path to keep the network running if the original connection fails or is interrupted.
Federal Information Processing Standards (FIPS)
A set of standards and guidelines issued by the National Institute of Standards and Technology (NIST) for federal government computer systems. FIPS standards are developed to ensure computer security and interoperability.
Federated
A system where multiple independent networks or systems work together while maintaining their own control and data.
Federated Identity
A system that allows users to access multiple applications using a single set of credentials.
Fiber Optic
A technology that uses glass threads to transmit data.
FIPS-140
The U.S. standard series for validating cryptographic modules used by government and regulated industries; the current version is 140-3.
FIPS-140-2
Prior version of the crypto-module validation standard; being phased out in favor of 140-3.
FIPS-140-3
Current cryptographic module validation standard (aligns with ISO/IEC 19790).
FIPS-203
NIST’s ML-KEM (module-lattice KEM) post-quantum key establishment standard.
FIPS-204
NIST’s ML-DSA post-quantum digital signature standard (module-lattice–based).
FIPS-205
NIST’s SLH-DSA post-quantum digital signature standard (both hash-based and stateless).
Firewall
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Firewall Rule
A set of instructions that defines what traffic is allowed or blocked.
Forensics
The process of investigating and analyzing digital evidence.
Forward Secrecy
A security feature that ensures session keys are not compromised even if long-term keys are exposed later.
FreeBSD
Operating system powering servers, desktops, and embedded platforms.
Full Duplex
A communication mode allowing simultaneous two-way transmission of data.
Gateway
A network node that connects two networks with different protocols.
Geostationary (GEO) Satellite
High-orbit satellite
Hacking
Gaining unauthorized access to a computer system or network.
Hacktivist
A threat actor motivated by political or social beliefs.
Half Duplex
A communication mode allowing for two-way transmission of data, but only one direction at a time.
HaLow
Sub-GHz Wi-Fi amendment optimized for long range and low power for IoT.
High Latency
Delay in network communication, typically measured in milliseconds.
Holepunching
A technique used to establish direct connections between devices behind NATs or firewalls.
Honeypot
A decoy system designed to attract and trap attackers.
Hop
A single router/switch traversal on the path from source to destination.
Host
Any endpoint (server, VM, container, device) with an IP address that sends/receives network traffic.
Hub
A device that connects multiple computers or other network devices together, acting as a common connection point for devices in a network.
Hub and Spoke
A network design where all devices connect through a central node (hub), rather than directly to each other.
Hypertext Transfer Protocol Secure (HTTPS)
Secure version of HTTP, using SSL/TLS for encryption.
Identity Provider (IdP)
A service that authenticates users and provides identity information to other services.
Identity Theft
Stealing someone’s personal information for fraudulent purposes.
Incident Response
The process of handling and recovering from a security incident.
Industrial Internet of Things (IIoT)
Industrial Internet of Things: connected devices and systems used in industrial settings, such as sensors, robotics, and control systems in factories or plants.
Insider Threat
A threat from someone within an organization.
Integrity
Ensuring that information is accurate and complete.
Internet Control Message Protocol (ICMP)
Protocol used by network devices to send error messages and operational information.
Internet of Things (IoT)
A network of connected physical devices that use sensors and software to collect and share data, enabling automation across homes, industries, and infrastructure.
Internet Registry / Registration (IR)
Regional Internet Registries (ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC) allocate/manage public IP address space and ASNs.
Intrusion Detection System (IDS)
A system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
Intrusion Prevention System (IPS)
A system that monitors network traffic for malicious activity or policy violations and takes automated actions to block or prevent them.
IP Address
A unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
IPAM
IP Address Management: the planning, tracking, and managing of IP address assignments within a network.
IPSec
A suite of protocols used to secure IP communications through encryption and authentication at the network layer.
IPv4 Auto-Assign
A feature that automatically assigns IPv4 addresses to devices on a network, simplifying configuration and management.
IPv6 Auto-Assign
A feature that automatically assigns IPv6 addresses to devices, enabling easier scaling and management of large networks.
JavaScript Object Notation (JSON)
A way to encode data, usually settings, for computer programs to understand.
Jitter
The variation in the delay of received packets.
Juice Jacking
A compromise where malware or data theft occurs via a public USB charging port or cable.
Key Management
Processes and tools for generating, distributing, storing, rotating, and retiring cryptographic keys securely.
Keylogger
Software that records every keystroke made by a user, typically to steal passwords or other sensitive information.
Keypair
A set of cryptographic keys, one public and one private, used to authenticate and secure communication between ZeroTier nodes.
Keystore
A protected repository (software or hardware) that stores cryptographic keys and/or certificates.
Latency
The delay before a transfer of data begins following an instruction for its transfer.
Layer 2 (Data Link Layer)
Provides node-to-node data transfer, framing, and error detection. Handles MAC addresses and switching within a local network.
Layer 3 (Network Layer)
Handles logical addressing and routing of packets between different networks.
Layer 4 (Transport Layer)
Manages end-to-end communication, reliability, and flow control between hosts.
Layer 5 (Session Layer)
Establishes, manages, and terminates communication sessions between applications.
Layer 6 (Presentation Layer)
Translates data formats, handles encryption/decryption, and compresses data for the application layer.
Layer 7 (Application Layer)
The top layer where users and applications interact with the network. Provides application-specific network services.
Least Privilege
The principle of granting users only the minimum access needed to perform their tasks.
Legacy VPN
Traditional, tunnel-based VPNs that backhaul traffic and require concentrators, often adding latency and operational overhead versus modern zero-trust/ZTNA approaches.
Linux
Family of open-source Unix-like OS based on the Linux kernel.
Load Balancer
A device that distributes network or application traffic across multiple servers.
Local Area Network (LAN)
A network that connects computers and devices in a limited geographical area such as a home, school, computer laboratory, or office building.
Logic Bomb
Code that executes a malicious action when specific conditions are met.
LoRa
Long Range is a spread spectrum modulation technique derived from chirp spread spectrum (CSS) technology. Semtech’s LoRa is a long-range, low-power wireless platform that has become the de facto wireless platform of the Internet of Things (IoT).
Low Earth Orbit (LEO) Satellite
A satellite orbiting between 160–2,000 km altitude, offering lower-latency communications than GEO satellites.
LPWAN
Low-Power Wide-Area Network is a term used to describe a variety of technologies that connect controllers and sensors to the Internet. Sigfox was the first service provider to use LPWAN to connect devices to the Internet.
LTE
Long Term Evolution is a term used for a type of 4G (4th generation) that delivers the fastest mobile Internet experience. You’ll usually see it called 4G LTE or 4G LTE-A (advanced)
LTE-M
Long Term Evolution Machine Type Communication, which includes eMTC (enhanced Machine Type Communication), is a type of low power wide area network (LPWAN) radio technology standard developed by 3GPP to enable a wide range of cellular devices and services specifically, for machine-to-machine and Internet of Things applications.
MAC Address
A unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment.
MAC Spoofing
The act of falsifying a device’s MAC address to bypass access controls.
macOS
OS developed by Apple Inc. for Macintosh computers.
Malware
Malicious software that is intended to damage or disable computers and computer systems.
Man-in-the-Middle (MitM) Attack
An attack where the attacker intercepts communication between two parties.
Memory Safe Languages
Programming languages designed to prevent common memory errors. Examples include Rust, Go, and Swift.
Memory Safety
A property of software that prevents bugs or attacks caused by accessing memory incorrectly, such as buffer overflows or use-after-free errors.
Mesh Networking
A network topology where each node relays data dynamically for others, providing redundant, self-healing paths.
Metropolitan Area Network (MAN)
A computer network that interconnects users with computer resources in a geographic area larger than that covered by even a large local area network (LAN) but smaller than the area covered by a wide area network (WAN).
Multi-Factor Authentication (MFA)
A security system that requires multiple forms of verification to grant access.
Multipath
The use of multiple physical or logical paths to transmit data between two endpoints to increase redundancy, reliability, or performance.
NAT Hole Punching
A technique to establish direct connections between devices behind NAT routers.
NAT Traversal
A technique that allows ZeroTier devices behind routers or firewalls to connect with each other across networks.
National Institute of Standards and Technology (NIST)
U.S. standards body that issues security guidelines and FIPS publications (e.g., cryptographic standards).
National Security Agency (NSA)
U.S. signals intelligence and information security agency; develops guidance/standards for classified systems.
NDP
NDP (Neighbor Discovery Protocol) is a protocol used in IPv6 networks to discover other devices on the same local network, determine their link-layer addresses (like MAC addresses), find routers, and maintain reachability information.
Network
A system of interconnected devices that communicate and share processing power, resources, data, and services, amongst each other and with outside users.
Network Address Translation (NAT)
A method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) headers of packets while they are in transit across a traffic routing device.
Network Attached Storage (NAS)
File-level storage architecture making data accessible to networked devices.
Network ID
A unique 16-digit hexadecimal identifier for a ZeroTier virtual network.
Network Interface Card (NIC)
A computer hardware component that connects a computer to a computer network.
Network Monitoring
The use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages or other troubles.
Network Operations Center (NOC)
Centralized team/facility that monitors, operates, and troubleshoots networks and services 24×7.
Network Segmentation
The division of a computer network into smaller, logical, often isolated segments.
Network Sniffing
Intercepting and logging network traffic.
Network Topology
The arrangement of the elements (links, nodes, etc.) of a communication network.
Next-Generation Firewall (NGFW)
A security device that combines traditional firewall features with advanced capabilities like deep packet inspection, intrusion prevention, and application awareness
Node
A connection point, a redistribution point, or a communication endpoint.
NVR
A system that records video data from IP cameras over a network for surveillance and playback.
Observability
The ability to measure a system’s internal states by examining its outputs, enabling effective monitoring, debugging, and performance analysis.
Open Authorization (OAuth)
An open standard for access delegation that allows users to grant websites or applications limited access to their information without exposing passwords.
Open Source
Software whose source code is freely available for anyone to view, modify, and distribute.
Open Systems Interconnection (OSI) Model
A conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to their underlying internal structure and technology.
OpenID Connect (OIDC)
An identity layer built on top of OAuth 2.0 that allows clients to verify user identities and obtain basic profile information.
Operating System (OS)
Software supporting computer functions like task scheduling and peripheral control.
Operational Technology (OT)
refers to hardware and software that monitor or control physical systems.
Packet
A small segment of a larger message that is sent over a network.
Packet Filter
A firewall function that allows/blocks traffic based on header fields (IP, port, protocol, flags).
Packet Header
Metadata at the start of a frame/packet (addresses, protocol, length, etc.) used for forwarding and processing.
Packet Loss
The failure of one or more transmitted packets to arrive at their destination.
Patch
A software update that fixes vulnerabilities.
Patch Management
The process of applying software updates to fix vulnerabilities.
Peer
A remote ZeroTier node that your local node is communicating with.
Peer-to-Peer
A decentralized communications model where each device (peer) can act as both a client and a server, sharing resources directly without needing a central server.
Penetration (Pen) Testing
An authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.
Personal Area Network (PAN)
A network centered around an individual’s devices, typically within a few meters, often using Bluetooth or USB.
Phishing
A fraudulent social engineering attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
Physical IP
The actual IP address assigned to a device’s network interface, identifying it uniquely on a network.
Ping
Network utility testing host reachability over IP networks.
Port
A communication endpoint. At the software level within an operating system, a port is a logical construct that identifies a specific process or a type of network service.
Port Forwarding
Mapping an external port on a router to an internal IP address and port, enabling external access to services inside a private network.
Port Scanning
Probing a system for open ports and services.
Post-Quantum Cryptography
Refers to cryptographic algorithms designed to be secure against the potential threats posed by quantum computers.
Private Address
Non-routable address space for internal networks.
Private Key/Secret Key
A cryptographic key that is kept confidential and used to decrypt data or sign messages, ensuring secure communication in encryption systems.
Protocol
A set of rules governing the format and transmission of data in a network.
Proxy Server
A server that acts as an intermediary for requests from clients seeking resources from other servers.
Psychological Warfare
The use of digital tactics to influence, manipulate, or intimidate opponents by spreading fear, misinformation, or doubt.
Public Key
A cryptographic key that can be shared openly and is used to encrypt data or verify digital signatures in public key encryption systems.
Public Key Infrastructure (PKI)
A system for managing digital certificates and public-key encryption.
Quantum Communications
Communication methods leveraging quantum phenomena (e.g., quantum key distribution) for eavesdropping-resistant key exchange.
Quantum Computing
An emerging technology that uses quantum mechanics to solve problems faster than classical computers, posing risks to current encryption methods.
Quantum Resilience
The ability of cryptographic systems to withstand attacks from quantum computers through the use of post-quantum algorithms.
Quantum Sensing
Using quantum effects to achieve ultra-precise measurements (timing, fields); has security and defense implications (e.g., navigation, detection).
Quantum-Safe
Designed to resist attacks from quantum computers by using cryptographic methods that remain secure in a post-quantum future.
Ransomware
Software that encrypts files and demands a ransom for their release.
Relationship-Based Access Control (ReBAC)
Access authorized based on relationships between entities (e.g., “owner-of,” “member-of”) rather than only static roles.
Repeater
A network device that receives a signal and retransmits it at a higher level or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances without degradation.
Replay Attack
Reusing captured valid traffic (e.g., messages or tokens) to fraudulently repeat or delay actions unless protected by nonces/timestamps.
Risk Assessment
Identifying and evaluating potential threats and vulnerabilities.
Robot-in-the-Middle (RitM)
Unmanned Man-in-the-Middle (MitM)
Role-Based Access Control (RBAC)
Granting permissions based on a user’s role (job function), enforcing least privilege.
Rootkit
A collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.
Route
The path that data takes across networks from a source to a destination, determined by routers and network configurations.
Route Injection
An attack that inserts false routing information into a network.
Router
A networking device that forwards data packets between computer networks.
Routing Table
A data table stored in a router or a networked computer that lists the routes to particular network destinations.
RSA
A widely used public key encryption method that secures data by using the mathematical properties of large prime numbers.
Salt Typhoon
A China-nexus advanced persistent threat (APT) linked to cyber-espionage against telecom and other targets, noted by U.S. agencies and researchers.
Scareware
Software that tricks users into believing their computer is infected.
Script Kiddie
An unskilled threat actor who uses pre-made tools for malicious intent.
Secure Access Service Edge (SASE)
A security framework that combines networking and security functions in the cloud to provide secure access to applications and data.
Secure Shell (SSH)
A common protocol used to securely access and manage devices over a network.
Secure Sockets Layer (SSL)
An older protocol for encrypting data in transit, now largely replaced by TLS in modern networking deployments.
Security Audit
A systematic evaluation of the security of a company’s information system by measuring how well it conforms to an established set of criteria.
Security Awareness Training
Educating users about security threats and best practices.
Security Information and Event Management (SIEM)
A system that collects and analyzes security logs and events.
Security Service Edge (SSE)
A cloud-delivered security model (e.g., SWG, CASB, ZTNA) that secures access to the internet, SaaS, and private apps
Segmentation
Dividing a network into smaller, isolated segments (e.g., VLANs, subnets, micro-segments) to limit blast radius and improve performance/security.
Self-healing
The ability of a ZeroTier network to automatically find new paths and restore connections when links fail or network conditions change.
Session Hijacking
An attack where the attacker takes over an active session.
Simple Networking Management Protocol (SNMP)
Protocol for monitoring/configuring network devices via a manager/agent model (MIBs, GET/SET/TRAP).
Single Point of Failure (SPOF)
A component whose failure causes a large outage of a system or service.
Social Engineering
The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Software Defined Warfare (SDW)
The use of software-driven systems to control, coordinate, and adapt military operations across digital and physical domains.
Software-Defined Network/Networking (SDN)
A network architecture that separates network creation and control from hardware.
Spoofing
Masquerading as a trusted entity (e.g., IP, DNS, MAC, or email) to deceive systems or users.
Spyware
Software that aims to gather information about a person or organization without their knowledge, and that may send such information to another entity without the consumer’s consent.
SQL Injection
An attack that inserts malicious SQL code into a database query.
SSH
“Secure Shell” is a protocol used to securely access and manage devices over a network.
SSL
“Secure Sockets Layer” is an older protocol for encrypting data in transit, now largely replaced by TLS in modern ZeroTier deployments.
Starlink
A low-latency broadband satellite constellation by SpaceX providing high-speed Internet to remote areas.
State-Sponsored Actor
A threat actor that is funded and directed by a government.
Static Routing
Manually configured routes that don’t change unless edited, as opposed to dynamic routing protocols.
Stealth Mode
Firewall setting preventing responses to ping requests, reducing visibility on the network.
Stuxnet
A sophisticated computer worm that targeted Iranian nuclear facilities, widely considered the first known cyberweapon to cause physical damage.
Subnet
A segmented range of IP addresses within a network, used in ZeroTier to route traffic between virtual and physical networks.
Subnet Mask
A 32-bit mask used to divide an IP network into subnets, indicating which portion of the address is network and which is host.
Supply Chain
The network of vendors and service providers that support an organization, where vulnerabilities can be exploited to launch cyberattacks.
Supply Chain Attack
An attack that targets vulnerabilities in the supply chain, either physical or software.
Switch
A networking device that connects devices on a computer network, typically a local area network (LAN).
Symmetric Encryption
Encryption method where the same key is used for both encryption and decryption.
Symmetric NAT
A type of network address translation that creates unique mappings for each connection, making direct peer-to-peer connections more difficult.
Test Address
IP blocks reserved for examples and documentation
Threat Actor
A person or entity that is responsible for an event or cyberattack that impacts the security of an organization.
Threat Intelligence
Information about potential threats and threat actors.
Throughput
The rate of production or the rate at which something is processed.
TLS
“Transport Layer Security” is a protocol that encrypts data in transit to ensure secure communication between ZeroTier components.
Transmission Control Protocol (TCP)
A standard that defines how to establish and maintain a network conversation via which application programs can exchange data.
Transport Layer Security (TLS)
A protocol that encrypts data in transit to ensure secure communication between ZeroTier components.
Trojan Horse
A type of malware or malicious software that is disguised as legitimate software.
Two-Factor Authentication (2FA)
A security system that requires multiple forms of verification to grant access.
Typosquatting
Registering domain names similar to legitimate ones to trick users.
Uniform Resource Locator (URL)
A standardized address that specifies the location of a resource on the internet and how to access it (scheme, host, path, etc.).
User Datagram Protocol (UDP)
A communications protocol used across IP networks, primarily for establishing low-latency and loss-tolerating connections between applications on the internet.
Virtual Local Area Network (VLAN)
Any broadcast domain that is partitioned and isolated in a computer network at the data link layer (Layer 2).
Virtual Private Network (VPN)
A Virtual Private Network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
Virus
A type of malicious software that replicates itself by modifying other computer programs and inserting its own code, often full copies of itself.
Voice over Internet Protocol (VoIP)
Transmitting voice communications over IP networks rather than the public switched telephone network.
VoLTE
Voice over Long-Term Evolution is a technology that uses virtually dedicated data packets to enable mobile voice calls over the LTE (Long Term Evolution) network as opposed to dedicated circuits which are traditionally used for voice calls.
Vulnerability
A weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system.
VXLAN
Virtual Extensible LAN is a tunneling protocol that enables the creation of virtual networks over existing Layer 3 infrastructure.
Watering Hole Attack
An attack that infects a website frequented by the target.
Web Hook
A user-defined callback that sends real-time data from one system to another when specific events occur.
White Hat
An ethical security professional who tests, defends, or hacks systems with authorization to validate and fix security issues.
Wi-Fi
A Wi-Fi network is a type of wireless local area network that utilizes radio waves to establish connections between computers and various devices, enabling seamless internet access. Based on the IEEE 802.11 standards.
Wide Area Network (WAN)
A telecommunications network that extends over a large geographical area for the primary purpose of computer networking.
Windows
Proprietary graphical OS families developed by Microsoft.
Wired Equivalent Privacy (WEP)
An obsolete encryption protocol for IEEE 802.11 WLANs, superseded by WPA/WPA2 due to security vulnerabilities.
Wireless Access Point (WAP)
A device that allows Wi-Fi clients to connect to a wired network by bridging wireless and wired segments.
WLAN
A Wireless Local-Area Network is a group of co-located computers or other devices that form a network based on radio transmissions rather than wired connections. A Wi-Fi network is a type of WLAN; anyone connected to Wi-Fi while reading this webpage is using a WLAN.
Worm
A self-replicating program that spreads across a network, usually to cause harm.
XSS Attack
Injecting malicious scripts into trusted websites so code runs in a victim’s local browser.
Zero Trust
A security model based on the principle of “never trust, always verify.” It assumes that no user or device, whether inside or outside the network perimeter, should be trusted by default. Instead, every access request is fully authenticated, authorized, and encrypted before granting access.
Zero Trust Network Architecture (ZTNA)
A set of cybersecurity principles used when planning and implementing a zero trust environment. ZTNA is not a single product but a set of concepts and ideas. It is a security model that assumes no implicit trust is granted to assets or user accounts based solely on their physical or network location (i.e., local area network versus internet) or asset ownership (enterprise or personally owned). Authentication and authorization are discrete functions performed before a session to an enterprise resource is established. ZTNA limits access to only explicitly authorized resources.
Zero-Day Exploit
An attack that exploits a previously unknown vulnerability in a computer application, operating system or piece of hardware.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Infinitely scalable

From smart bulbs to spaceships, whether you have 10 users or 10,000, ZeroTier has an option that fits you.

See pricing
Connect with us
Connect with us
See pricing

Select your destination

New Central

For accounts or organizations created after Nov. 5, 2025.

Recommended for new users

Legacy Central

For old accounts created before Nov. 5, 2025.

For existing users

Not sure which to choose? Contact Support.