Glossary N

NAC enforces security policy on devices before allowing them to connect to the network, checking for patch compliance, antivirus status, and certificate validity. It can quarantine non-compliant devices to a remediation VLAN and uses 802.1X authentication with a RADIUS server. NAC is a key control for preventing compromised or unmanaged devices from accessing internal resources.

Network Access Control Lists are stateless packet filters applied at the subnet boundary in cloud Virtual Private Clouds that control inbound and outbound traffic based on protocol, port ranges, and IP CIDR ranges. Unlike security groups (stateful, instance-level), NACLs evaluate each packet independently and process rules in order. NACLs provide a defense-in-depth layer for blocking known malicious IP ranges and restricting traffic flows between subnets that security groups cannot enforce.

A NAT (Network Address Translation) gateway allows instances in private subnets to initiate outbound connections to the internet while preventing inbound connections from being initiated from outside. It translates private IP addresses to the gateway's public IP for outbound traffic. NAT gateways are essential for private subnet instances that need to download updates or call external APIs without public IP exposure.

NATS is a lightweight, high-performance open-source messaging system designed for cloud-native and edge deployments. NATS supports publish-subscribe, request-reply, and queue group patterns with minimal overhead. NATS JetStream adds persistence, consumer acknowledgment, and replay capabilities to the core NATS server, providing Kafka-like streaming semantics with simpler operations.

NDR solutions monitor network traffic using machine learning and behavioral analysis to detect threats that bypass perimeter controls. They analyze east-west (lateral) and north-south traffic to identify command-and-control communications, data exfiltration, and lateral movement. NDR provides network-level visibility that complements EDR's endpoint telemetry.

A virtual network interface (ENI in AWS, NIC in Azure/GCP) is a logical networking component that attaches to a compute instance and provides IP addressing, security group membership, and network connectivity. Instances can have multiple network interfaces for network segmentation or to achieve higher aggregate bandwidth. ENIs are independently configurable and can be moved between instances.

Kubernetes Network Policies are API objects that control which pods can communicate with each other and with external endpoints using label selectors. By default, Kubernetes allows all pod-to-pod communication; applying a default-deny NetworkPolicy and explicitly allowing only required traffic implements micro-segmentation. Network policies require a compatible CNI plugin (Calico, Cilium, or others) to be enforced — they are defined in the API but have no effect without a policy-capable CNI.

NGFWs extend traditional stateful packet inspection with application-layer visibility, intrusion prevention, SSL/TLS inspection, and user identity awareness. Unlike legacy firewalls that only filter by port and IP, NGFWs can identify and control specific applications (e.g., block Dropbox but allow OneDrive) and enforce policies based on user identity from directory services.

NIDS analyzes network packets in real time to detect attack signatures, protocol anomalies, and suspicious traffic patterns. Snort and Suricata are widely deployed open-source NIDS engines that process millions of packets per second. NIDS provides a network-level sensor that feeds alerts into SIEM platforms for correlation with endpoint and application events.

NIST SP 800-53 is a comprehensive catalog of security and privacy controls for federal information systems, organized into 20 control families covering areas from access control to supply chain risk management. It is the control baseline for FedRAMP authorizations and FISMA compliance. Private sector organizations also reference 800-53 for rigorous security control implementation.

The NIST CSF is a voluntary framework providing organizations with a common language and structured approach to managing cybersecurity risk. Version 2.0 organizes activities into six functions: Govern, Identify, Protect, Detect, Respond, and Recover. It's widely adopted by private sector organizations as a self-assessment and communication tool for cybersecurity risk management.

A node pool is a group of Kubernetes worker nodes within a cluster that share the same machine type, OS image, labels, and taints. Node pools enable heterogeneous clusters where GPU nodes for ML workloads coexist with general-purpose nodes for web services. Separate node pools allow fine-grained scaling, upgrade strategies, and cost optimization using spot instances for fault-tolerant workloads.

Notary is a CNCF project that provides a framework for cryptographically signing and verifying container images and other artifacts stored in OCI registries. Notary v2 (now called Notation) modernizes the original Docker Content Trust implementation with a more flexible signing model. Image signing with Notary ensures that only images from trusted sources are deployed.

npm audit is a built-in Node.js package manager command that scans a project's dependency tree against the npm security advisory database for known vulnerabilities. It reports vulnerability severity, affected packages, and available remediation. Running npm audit in CI pipelines provides automated visibility into vulnerable dependencies and can be configured to fail builds above a specified severity threshold.

Nuclei is an open-source, template-based vulnerability scanner developed by ProjectDiscovery that enables rapid scanning for CVEs, misconfigurations, and exposed services. Its YAML-based template format allows the community to publish thousands of detection templates covering web vulnerabilities, network services, and cloud misconfigurations. Nuclei's speed and extensibility make it popular for bug bounty hunters, penetration testers, and continuous attack surface monitoring.

The NVD is the U.S. government repository of standards-based vulnerability management data maintained by NIST. It enriches CVE records with CVSS scores, CPE applicability statements, and CWE classifications. Security tools and SCA scanners pull NVD data to map vulnerabilities to specific software versions in a given environment.

NVMe is a storage protocol designed for SSDs that communicates over PCIe, delivering far lower latency and higher IOPS than the SATA interface it replaces. Cloud instance store volumes and high-performance block storage tiers use NVMe to deliver hundreds of thousands of IOPS with sub-millisecond latency. NVMe instance storage is ephemeral — data is lost when the instance stops.