1. A firewall that identifies the specific application in network traffic rather than just the port number, enabling per-application policy decisions at OSI Layer 7
2. A network zone positioned between the internet and the internal network that hosts publicly accessible services while preventing internet traffic from reaching internal systems
3. An IPS detection method that compares traffic against a database of known attack patterns and triggers when an exact match is found; effective against known threats but blind to novel attacks
4. A default-deny rule enforced at the bottom of a firewall rule base that drops all traffic not explicitly matched by any earlier rule