Glossary of Terms: Infrastructure

These are the common terms used for describing a network of web servers (infrastructure).

Application

A type of asset that is attributed to an organization. This type includes a publisher’s mobile application offering, as depicted by the Mobile Application Security risk vector.

Bitsight Curated Rating

Made up of the resulting network footprint, as outlined in the network mapping process.

Classless Inter-Domain Routing (CIDR) Block

A type of asset that is attributed to an organization. CIDR notation is a way of specifying IP addresses and the associated routing prefix. It appends a slash character to the address and the decimal number of leading bits of the routing prefix, e.g., 193.168.2.0/24 for IPv4, (193.168.2.0-193.168.2.255) and 2001:db8::/32 for IPv6.

Company-Provided Assets

Infrastructure (IP addresses and CIDR blocks) provided to Bitsight by a user from the organization to define their infrastructure.

Custom Infrastructure

A subnet of infrastructure (IP addresses and CIDR blocks) customized by users within an organization for infrastructure tagging purposes.

Domain

A type of asset that is attributed to an organization. Refer to your domain registrar’s database to get domain information, including:

• Availability
• Ownership
• Creation Details
• Expiration details
• Name Servers

Example: The example.com attribute associates www.example.com, mail.example.com, and wizard.secure-login.example.com as individual assets for a single organization.

End Date

The date when infrastructure is no longer attributed to a company. Removal is captured through an automated process and then marked with an end date (Bitsight End Date).

Possible reasons for removing infrastructure:

• Stale DNS records.
• Expired infrastructure.
• The infrastructure is identified as never having belonged to the company.

Internet Protocol Address (IP Address)

A type of asset that is attributed to an organization. It is depicted as a series of numbers for uniquely identifying computers connected to the Internet (e.g., 74.125.226.16 for google.com).

Media Access Control Address (MAC Address)

A colon or hyphen-separated, hexadecimal number assigned as a unique identifier for connected devices or network interface controllers (NIC).

Peer Group

A group of companies that are within an industry or sub-industry, of similar or particular size.

Primary Rating

A self-published rating that the publishing organization believes best reflects its security posture and communicates it to third parties.

Request Date

A.k.a. Start Date

The date when a company-provided asset is submitted.

Start Date

The date when infrastructure starts being attributed.

Self-published Rating

Consist of CIDR blocks, IP addresses, and domains that are specifically selected by the company itself, rather than curated by Bitsight (Bitsight curated). This has its own Security Rating report.

Service Set Identifier (SSID)

The primary name associated with a Wi-Fi network, assigned by the network administrator. It is not a unique identifier. They are commonly assigned to be easily identifiable for the users of the wireless network.