IT Dictionary

An AI system that can autonomously plan, execute multi-step tasks, use tools, and make decisions to accomplish a goal with minimal human guidance.

An agentless automation tool that configures servers, deploys applications, and orchestrates IT tasks using simple YAML playbooks over SSH.

A set of rules and protocols that allows different software applications to communicate with each other and share data or functionality.

A protocol that maps an IP address to a physical MAC address on a local network so devices can actually deliver frames to each other.

A copy of data stored separately from the original, used to restore systems and files after data loss from hardware failure, deletion, ransomware, or disaster.

The maximum amount of data that can be transmitted over a network connection in a given period, typically measured in megabits or gigabits per second.

A hardened server that acts as the single, controlled entry point for SSH access to an internal network. All connections to internal hosts must route through the Bastion, creating one audited choke point.

The routing protocol that determines how data travels between autonomous systems on the internet, often called the 'postal service of the internet.'

A network of compromised devices (bots) controlled remotely by an attacker to carry out coordinated attacks like DDoS, spam, or credential stuffing.

An attack that systematically tries every possible combination of credentials until finding one that works, relying on computational power rather than cleverness.

Storing frequently accessed data in a fast, temporary location so future requests can be served without repeating the original expensive operation.

A trusted entity that issues and signs digital certificates, cryptographically vouching that a public key belongs to a specific identity. The foundation of PKI trust chains.

A fixed-length string produced by running a file through a hash function, used to verify the file has not been corrupted or modified.

The practice of automatically building, testing, and deploying code changes whenever developers push updates, catching bugs early and shipping faster.

The delivery of computing resources (servers, storage, databases, networking) over the internet on a pay-as-you-go basis instead of owning physical hardware.

A lightweight, portable package that bundles an application with its dependencies and runs in an isolated process on the host OS, sharing the kernel.

A globally distributed network of servers that caches and delivers content from the location closest to each user, reducing latency and origin load.

The maximum amount of text (measured in tokens) that a language model can read and consider at once when generating a response.

A browser security mechanism that controls which websites can make requests to your API, preventing unauthorized cross-origin data access.

A scheduled task on a Linux system that runs automatically at specified times or intervals, used for backups, maintenance scripts, and recurring automation.

An attack that tricks a victim's browser into submitting an authenticated request to a target site without the user's knowledge or intent.

An attack that injects malicious JavaScript into a web page viewed by other users, allowing session theft, defacement, or redirection.

A standardized identifier for publicly known cybersecurity vulnerabilities, enabling organizations to track and prioritize security patches.

A physical facility that houses servers, networking equipment, and storage systems, providing the power, cooling, and connectivity they need to operate.

A distributed denial-of-service attack that overwhelms a target with traffic from many sources simultaneously, making it unavailable to legitimate users.

The router a device sends traffic to when the destination is outside its own local network.

A protocol that automatically assigns IP addresses and network settings to devices when they connect to a network.

A plan and set of procedures for restoring IT systems and data after a catastrophic event like a hardware failure, cyberattack, or natural disaster.

The system that translates human-readable domain names into IP addresses so devices can find each other on a network.

A platform that packages applications into containers, providing a standardized way to build, ship, and run software consistently across any environment.

A numerical representation of text (or other data) as a list of numbers that captures its meaning, enabling similarity comparison and semantic search.

The process of converting readable data into an unreadable format using a mathematical algorithm and a key, so only authorized parties can access it.

A named value stored outside your code that configures application behavior, commonly used for API keys, database URLs, and deployment settings.

The process of further training a pre-trained AI model on a specific dataset to specialize it for a particular task, domain, or style.

A security device or software that monitors and controls incoming and outgoing network traffic based on predefined rules.

A distributed version control system that tracks changes to files over time, enabling collaboration, branching, and complete history of every modification.

A free tool that uses asymmetric cryptography to sign files and verify their authenticity, confirming both who published a file and that it has not been modified.

A query language and runtime for APIs that lets clients request exactly the data they need in a single request, instead of relying on fixed server-defined endpoints.

A high-performance, open-source RPC framework that uses Protocol Buffers over HTTP/2 to enable efficient, strongly-typed communication between services.

When an AI model generates confident, plausible-sounding information that is factually incorrect, fabricated, or not grounded in its training data or provided context.

A physical device with a tamper-resistant chip that generates and stores cryptographic keys. The private key never leaves the hardware, making it immune to software-based credential theft.

A three-digit number returned by a web server indicating whether a request succeeded, failed, or requires further action.

Software that creates and manages virtual machines by abstracting physical hardware resources and allocating them to isolated guest operating systems.

A network protocol used for diagnostic and error-reporting purposes, best known as the protocol behind the ping and traceroute tools.

A property where performing the same operation multiple times produces the same result as performing it once, critical for reliable systems.

The structured process of detecting, containing, eradicating, and recovering from a cybersecurity incident to minimize damage and prevent recurrence.

The process of running a trained AI model to generate predictions or outputs from new input data, as opposed to training the model.

A unique numerical label assigned to every device on a network, used to identify it and route traffic to the correct destination.

A lightweight, human-readable data format used to exchange structured information between systems, based on JavaScript object syntax.

A compact, self-contained token that encodes identity and claims in three Base64URL-encoded segments, signed to prevent tampering.

An open-source platform for automating the deployment, scaling, and management of containerized applications across clusters of machines.

A Linux kernel module that turns the Linux operating system itself into a Type 1 hypervisor, enabling hardware-accelerated virtual machines.

A neural network trained on massive text datasets that can understand and generate human language, powering tools like ChatGPT and Claude.

The time delay between sending a request and receiving the first byte of the response, typically measured in milliseconds.

A hierarchical directory protocol used to store and query identity information such as users, groups, and devices across a network.

A device or service that distributes incoming network traffic across multiple servers to prevent any single server from becoming overwhelmed.

A unique hardware identifier assigned to every network interface, used to deliver data frames on a local network segment.

Malicious software designed to damage, disrupt, or gain unauthorized access to a computer system, including viruses, ransomware, trojans, and worms.

An attack where an adversary secretly intercepts and potentially modifies communications between two parties who each believe they are communicating directly with the other.

An open standard for connecting AI assistants to external data sources and tools, enabling them to access real-time information and take actions.

A security method that requires two or more verification factors to prove your identity, making stolen passwords alone insufficient for access.

A technique that translates private IP addresses to a public IP address so multiple devices on a local network can share a single internet connection.

A networking protocol that synchronizes clocks across computer systems to within milliseconds of Coordinated Universal Time (UTC) using a hierarchy of time sources.

A network file sharing protocol that lets you access files on a remote server as if they were on your local machine.

An authorization framework that lets users grant third-party applications limited access to their accounts without sharing their password.

A seven-layer framework that describes how data travels from an application on one device to an application on another device across a network.

A small unit of data transmitted over a network, containing both the payload (actual data) and headers with routing information.

An authorized simulated cyberattack against a system to identify vulnerabilities before real attackers do, performed by security professionals.

A social engineering attack that uses fraudulent emails, messages, or websites to trick people into revealing passwords, financial information, or installing malware.

A tool that checks whether another device on a network is reachable and how long the round trip takes.

Personal Identity Verification - a US government standard (FIPS 201) for smart card authentication. Defines a set of key slots on a chip for different cryptographic purposes: login, signing, and encryption.

A standard C API (also called Cryptoki) for interacting with hardware cryptographic devices like smart cards and HSMs. OpenSC implements PKCS#11 for YubiKeys, allowing SSH, browsers, and other applications to use hardware-backed keys.

Public Key Infrastructure - the complete system of policies, roles, hardware, software, and procedures needed to create, manage, distribute, and revoke digital certificates and manage public-key encryption.

A numbered endpoint on a device that identifies a specific application or service, allowing multiple network services to run on the same IP address.

An attack where an adversary gains higher access permissions than originally granted, escalating from a normal user to administrator or root.

The practice of designing and refining inputs to AI language models to get more accurate, useful, and consistent outputs.

A technique that improves AI responses by retrieving relevant information from your own documents and feeding it to the model alongside the question.

A technique that restricts how many requests a client can make to an API within a time window, protecting services from abuse and overload.

A pattern language for matching, searching, and manipulating text, used in everything from input validation to log analysis.

An architectural style for web APIs that uses standard HTTP methods to create, read, update, and delete resources identified by URLs.

A server that sits in front of backend servers and forwards client requests to them, hiding the backend infrastructure from the outside world.

A method of restricting system access based on assigned roles rather than individual user permissions, simplifying management at scale.

A platform that collects, correlates, and analyzes log data from across your infrastructure to detect security threats and support incident investigation.

An authentication scheme that lets users log in once and gain access to multiple independent systems without re-entering credentials for each one.

A protocol for collecting and organizing information about managed network devices, enabling centralized monitoring of routers, switches, and servers.

An attack that inserts malicious SQL code into application inputs to manipulate or extract data from a database.

A cryptographic protocol for secure remote login, command execution, and file transfer over an unsecured network.

The encryption protocols that secure data in transit between a client and server, powering HTTPS and most encrypted internet communication.

A number that tells a device which part of an IP address identifies the network and which part identifies the specific device.

An attack that compromises a trusted software vendor, library, or update mechanism to distribute malicious code to all downstream users.

The init system and service manager for most modern Linux distributions, responsible for booting the system and managing running services.

A transport protocol that guarantees reliable, ordered delivery of data between two devices by establishing a connection before sending.

A parameter that controls how random or deterministic an AI model's output is, with lower values producing focused answers and higher values producing creative ones.

An infrastructure-as-code tool that lets you define cloud resources (servers, networks, databases) in configuration files and provision them automatically.

The smallest unit of text that a language model processes, typically a word, part of a word, or a punctuation mark.

A diagnostic tool that maps the path packets take from your device to a destination, showing every router hop and the latency at each step.

The neural network architecture behind modern AI language models, using a self-attention mechanism to process all input tokens simultaneously.

A lightweight transport protocol that sends data without establishing a connection first, prioritizing speed over guaranteed delivery.

A software-based emulation of a complete computer that runs its own operating system and applications, isolated from the host hardware.

A virtual local area network that segments a single physical switch into multiple isolated broadcast domains without needing separate hardware.

A virtual private network that creates an encrypted tunnel between your device and a remote network, protecting your traffic from interception.

A firewall that operates at the application layer (Layer 7) to protect web applications from attacks like SQL injection and cross-site scripting.

An HTTP callback that automatically sends data to a URL when a specific event occurs, enabling real-time communication between applications.

A protocol that establishes a persistent, full-duplex communication channel between a browser and server over a single TCP connection, enabling real-time data exchange.

The standard format for digital certificates. An X.509 certificate binds a public key to an identity and is signed by a Certificate Authority to prove that binding is legitimate.

A human-readable data format used for configuration files, favored for its clean syntax with indentation instead of brackets and braces.

A security model that eliminates implicit trust based on network location. Every access request is verified explicitly, regardless of whether the requester is inside or outside the network perimeter.

A software vulnerability that is unknown to the vendor and has no patch available, giving defenders zero days to prepare before it can be exploited.

A combined filesystem and volume manager that provides built-in data integrity verification, snapshots, compression, and RAID-like redundancy.