Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
289 Cards in this Set
- Front
- Back
|
66 block
|
Traditionally used in corporate environments for cross-connectingphone system cabling. As 10-Mbps LANs started to grow in popularity in thelate 1980s and early 1990s, these termination blocks were used to cross-connectCategory 3 UTP cabling. The electrical characteristics (specifically, crosstalk)of a 66 block, however, do not support higher-speed LAN technologies, such as100-Mbps Ethernet networks.
|
|
|
110 block
|
Because 66 blocks are subject to too much crosstalk for higherspeedLAN connections, 110 blocks can be used to terminate a cable (such as aCategory 5 cable) being used for those higher-speed LANs.
|
|
|
802.11a
|
Ratified in 1999, this standard supports speeds as high as 54 Mbps.Other supported data rates (which can be used if conditions are not suitable forthe 54-Mbps rate) include 6, 9, 12, 18, 24, 36, and 48 Mbps. The 802.11a standarduses the 5-GHz band and the OFDM transmission method.
|
|
|
802.11ac
|
An IEEE wireless networking standard operating in the 5GHz range, withincreased throughput compared to previous WiFi IEEE standards.
|
|
|
802.11b
|
Ratified in 1999, this standard supports speeds as high as 11 Mbps.However, 5.5 Mbps is another supported data rate. The 802.11b standard usesthe 2.4-GHz band and the DSSS transmission method.
|
|
|
802.11g
|
Ratified in 2003, this standard supports speeds as high as 54 Mbps.Like 802.11a, other supported data rates include 6, 9, 12, 18, 24, 36, and 48Mbps. However, like 802.11b, 802.11g operates in the 2.4-GHz band, whichallows it to offer backward compatibility to 802.11b devices. 802.11g can useeither the OFDM or DSSS transmission method.
|
|
|
802.11n
|
Ratified in 2009, this standard supports a variety of speeds, dependingon its implementation. Although the speed of an 802.11n network could approach300 Mbps (through the use of channel bonding), many 802.11n deviceson the market have speed ratings in the 130 to 150-Mbps range. Interestingly,an 802.11n WLAN can operate in the 2.4-GHz band, the 5-GHz band, or bothsimultaneously. 802.11n uses the OFDM transmission method.
|
|
|
acceptable use policy (AUP)
|
Identifies what users of a network are and arenot allowed to do on that network. For example, retrieving sports scores duringworking hours via an organization’s Internet connection might be deemed inappropriateby an AUP.
|
|
|
access control list (ACL)
|
Rules typically applied to router interfaces, which specifypermitted and denied traffic.
|
|
|
Address Resolution Protocol (ARP)
|
An ARP request is a broadcast asking forthe MAC address corresponding to a known IP address. An ARP reply contains therequested MAC address.
|
|
|
administrative distance (AD)
|
A routing protocol’s index of believability. Routingprotocols with a smaller AD are considered more believable than routing protocolswith a higher AD.
|
|
|
Advanced Encryption Standard (AES)
|
Released in 2001, AES is typically consideredthe preferred symmetric encryption algorithm. AES is available in 128-bitkey, 192-bit key, and 256-bit key versions.
|
|
|
anycast
|
An anycast communication flow is a one-to-nearest (from the perspectiveof a router’s routing table) flow.
|
|
|
application layer (OSI model)
|
Layer 7 of the OSI model, it provides applicationservices to a network. An important, and an often-misunderstood concept, is thatend-user applications do not reside at the application layer. Instead, the applicationlayer supports services used by end-user applications. Another function of the applicationlayer is advertising available services.
|
|
|
application layer (TCP/IP stack)
|
Addresses concepts described by Layers 5, 6,and 7 (that is, the session, presentation, and application layers) of the OSI model.
|
|
|
arp command
|
Can be used in either the Microsoft Windows or the UNIX environmentto see what a Layer 2 MAC address corresponds to in a Layer 3 IP address.
|
|
|
asset management
|
As related to networks, this is a formalized system of trackingnetwork components and managing the lifecycle of those components.
|
|
|
asymmetric encryption
|
With asymmetric encryption, the sender and receiver ofa packet use different keys.
|
|
|
Asynchronous Transfer Mode (ATM)
|
A Layer 2 WAN technology that interconnectssites using virtual circuits. These virtual circuits are identified by a pair ofnumbers, called the VPI/VCI pair. A virtual path identifier (VPI) identifies a logicalpath, which can contain multiple virtual circuits. A virtual circuit identifier (VCI)identifies the unique logical circuit within a virtual path.
|
|
|
Authentication Header (AH)
|
An IPsec protocol that provides authentication andintegrity services. However, it does not provide encryption services.
|
|
|
authentication server
|
In a network using 802.1X user authentication, an authenticationserver (typically, a RADIUS server) checks a supplicant’s credentials. If thecredentials are acceptable, the authentication server notifies the authenticator thatthe supplicant is allowed to communicate on a network. The authentication serveralso gives the authenticator a key that can be used to securely transmit data duringthe authenticator’s session with the supplicant.
|
|
|
authenticator
|
In a network using 802.1X user authentication, an authenticatorforwards a supplicant’s authentication request on to an authentication server. Afterthe authentication server authenticates the supplicant, the authenticator receives akey that is used to communicate securely during a session with the supplicant.
|
|
|
Automatic Private IP Addressing (APIPA)
|
Allows a networked device to selfassignan IP address from the 169.254.0.0/16 network. Note that this address is onlyusable on the device’s local subnet (meaning that the IP address is not routable).
|
|
|
availability
|
The measure of a network’s uptime.
|
|
|
baseline
|
A collection of data portraying the characteristics of a network undernormal operating conditions. Data collected while troubleshooting can then be contrastedagainst baseline data.
|
|
|
Basic Rate Interface (BRI)
|
A BRI circuit contains two 64-kbps B channels andone 16-Kbps D channel. Although such a circuit can carry two simultaneous voiceconversations, the two B channels can be logically bonded together into a single virtualcircuit (by using PPP’s multilink interface feature) to offer a 128-kbps data path.
|
|
|
basic service set (BSS)
|
WLANs that have just one AP are called BSS WLANs.BSS WLANs are said to run in infrastructure mode because wireless clients connectto an AP, which is typically connected to a wired network infrastructure. A BSSnetwork is often used in residential and SOHO locations, where the signal strengthprovided by a single AP is sufficient to service all of the WLAN’s wireless clients.
|
|
|
bit-error rate tester (BERT)
|
When troubleshooting a link where you suspect ahigh bit-error rate (BER), you can use a piece of test equipment called a bit-errorrate tester (BERT), which contains both a pattern generator (which can generate avariety of bit patterns) and an error detector (which is synchronized with the patterngenerator and can determine the number of bit errors) and can calculate a BER forthe tested transmission link.
|
|
|
black-hole router
|
A router that drops packets that cannot be fragmented and areexceeding the MTU size of an interface without notifying the sender.
|
|
|
block size
|
The number of IP addresses in a subnet, including the subnet’s addressand the subnet’s directed broadcast address.
|
|
|
Bootstrap Protocol (BOOTP)
|
A legacy broadcast-based protocol used by networkeddevices to obtain IP address information.
|
|
|
Border Gateway Protocol (BGP)
|
The only EGP in widespread use today. Infact, BGP is considered to be the routing protocol that runs the Internet, which isan interconnection of multiple autonomous systems. BGP is a path-vector routingprotocol, meaning that it can use as its metric the number of autonomous systemhops that must be transited to reach a destination network, as opposed to the numberof required router hops.From
|
|
|
borrowed bits
|
Bits added to a classful subnet mask.
|
|
|
buffer overflow
|
This attack occurs when an attacker leverages a vulnerability inan application, causing data to be written to a memory area (that is, a buffer) that’sbeing used by a different application.
|
|
|
bus topology
|
Typically, it uses a cable running through the area requiring connectivity,and devices to be networked can tap into that cable.
|
|
|
butt set
|
A piece of test equipment typically used by telephone technicians. Theclips on a butt set can connect to the tip and ring wires on a punch-down block (forexample, a 66 block or a 110 block) connecting to a telephone. This allows the technicianto check the line (for example, to determine whether a dial tone is present onthe line and determine whether a call can be placed from the line).
|
|
|
cable certifier
|
If you are working with existing cable and want to determine itscategory, or if you simply want to test the supported frequency range (and thereforedata throughput) of the cable, you can use a cable certifier.
|
|
|
cable modem
|
Attaches to the same coaxial cable (typically in a residence) thatprovides television programming. A cable modem can use predetermined frequencyranges to transmit and receive data over that coaxial cable.
|
|
|
cable tester
|
A cable tester can test the conductors in an Ethernet cable. It containstwo parts. By connecting these parts of the cable tester to each end of a cableunder test, you can check the wires in the cable for continuity (that is, check to makesure that there are no opens, or breaks, in a conductor). In addition, you can verifyan RJ-45 connector’s pinouts (which are wires connected to the appropriate pins onan RJ-45 connector).
|
|
|
campus-area network (CAN)
|
An interconnection of networks located in nearbybuildings (for example, buildings on a college campus).
|
|
|
carrier sense multiple access collision avoidance (CSMA/CA)
|
Just as CSMA/CD is needed for half-duplex Ethernet connections, CSMA/CA is needed for WLANconnections because of their half-duplex operation. Similar to how an Ethernet devicelistens to an Ethernet segment to determine whether a frame exists on the segment, aWLAN device listens for a transmission on a wireless channel to determine whether itis safe to transmit. In addition, the collision-avoidance part of the CSMA/CA algorithmcauses wireless devices to wait for a random backoff time before transmitting.
|
|
|
carrier sense multiple access collision detect (CSMA/CD)
|
Used on an Ethernetnetwork to help prevent a collision from occurring and to recover if a collisiondoes occur. CSMA/CD is only needed on half-duplex connections.
|
|
|
central office (CO)
|
A building containing a telephone company’s telephoneswitchingequipment. COs are categorized into five hierarchical classes. A Class 1CO is a long-distance office serving a regional area. A Class 2 CO is a second-levellong-distance office; that is, it is subordinate to a Class 1 office. A Class 3 CO is athird-level long-distance office. A Class 4 CO is a fourth-level long-distance office,which provides telephone subscribers access to a live operator. A Class 5 CO is atthe bottom of the five-layer hierarchy and physically connects to customer devicesin a local area.
|
|
|
Challenge Handshake Authentication Protocol (CHAP)
|
Like PAP, CHAPperforms one-way authentication. However, authentication is performed througha three-way handshake (challenge, response, and acceptance messages) between aserver and a client. The three-way handshake allows a client to be authenticatedwithout sending credential information across a network.
|
|
|
Challenge-Response Authentication Mechanism Message Digest 5(CRAM-MD5)
|
A common variant of HMAC frequently used in e-mail systems.Like CHAP, CRAM-MD5 only performs one-way authentication (the server authenticatesthe client).
|
|
|
channel bonding
|
With channel bonding, two wireless bands can be logicallybonded together, forming a band with twice the bandwidth of an individual band.Some literature refers to channel bonding as 40-MHz mode, which refers to thebonding of two adjacent 20-MHz bands into a 40-MHz band.
|
|
|
channel service unit/data service unit (CSU/DSU)
|
Acts as a digital modem thatterminates a digital circuit (for example, a T1 or an E1 circuit).
|
|
|
circuit-switched connection
|
A connection that is brought up on an as-neededbasis. A circuit-switched connection is analogous to a phone call, where you pick upa phone, dial a number, and a connection is established based on the number youdial.
|
|
|
classful mask
|
A classful mask is the default subnet mask applied to Class A, B, andC IPv4 networks. Specifically, Class A networks have a classful mask of 255.0.0.0.Class B networks have a classful mask of 255.255.0.0, and Class C networks have aclassful mask of 255.255.255.0.
|
|
|
classification
|
Classification is the process of placing traffic into different categories.
|
|
|
classless interdomain routing (CIDR)
|
Shortens a classful subnet mask by removingright-justified 1s from a classful mask. As a result, CIDR allows contiguous classful networksto be aggregated. This process is sometimes called route aggregation.
|
|
|
client
|
Defines the device an end user uses to access a network. This device mightbe a workstation, laptop, smartphone with wireless capabilities, tablet, or variety ofother end-user terminal devices.
|
|
|
client/server network
|
In a client/server network, a dedicated server (for example,a file server or a print server) provides shared access to a resource (for example, filesor a printer). Clients (for example, PCs) on the network with appropriate privilegelevels can gain access to those shared resources.
|
|
|
client-to-site VPN
|
Also known as a remote-access VPN, a client-to-site VPNinterconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity,at a reduced cost.
|
|
|
coaxial cable
|
Also known as coax, a coaxial cable is composed of two conductors.One of the conductors is an inner insulated conductor. This inner conductor is surroundedby another conductor. This second conductor is sometimes made of a metallicfoil or woven wire.
|
|
|
collision
|
A collision occurs when two devices on an Ethernet network simultaneouslytransmit a frame. Because an Ethernet segment cannot handle more than oneframe at a time, both frames become corrupted.
|
|
|
committed information rate (CIR)
|
The CIR of an interface is the average trafficrate over the period of a second.
|
|
|
Common Address Redundancy Protocol (CARP)
|
An open standard variant ofHSRP, which provides first-hop router redundancy.
|
|
|
congestion avoidance
|
If an interface’s output queue fills to capacity, newly arrivingpackets are discarded (or tail dropped). Congestion avoidance can prevent thisbehavior. RED is an example of a congestion-avoidance mechanism.
|
|
|
congestion management
|
When a device, such as a switch or a router, receivestraffic faster than it can be transmitted, the device attempts to buffer (or store) theextra traffic until bandwidth becomes available. This buffering process is calledqueuing or congestion management.
|
|
|
content engine
|
A dedicated appliance whose role is to locally cache contentreceived from a remote network (for example, a destination on the Internet). Subsequentrequests for that content can be serviced locally, from the content engine,thus reducing bandwidth demand on a WAN.
|
|
|
content switch
|
Can be used to load balance requests for content across a groupof servers containing that content. If one of the servers in the group needed to havemaintenance performed, that server could be administratively removed from thegroup, as defined on the content switch. As a result, the content switch can helpmaximize uptime when performing server maintenance. It minimizes the load onindividual servers by distributing its load across multiple identical servers. A contentswitch also allows a network to scale because one or more additional servers couldbe added to the server group defined on the content switch if the load on existingservers increases.From
|
|
|
crimper
|
Used to attach a connector (for example, an RJ-45 connector) to the endof an unshielded twisted-pair (UTP) cable.
|
|
|
current state modulation
|
One way to electrically or optically represent a binary1 or 0 is to use current state modulation, which represents a binary 1 with the presenceof voltage (on a copper cable) or the presence of light (on a fiber-optic cable).Similarly, the absence of light or voltage represents a binary 0.
|
|
|
customer premise equipment (CPE)
|
This device resides at a customer site. Arouter, as an example, can be a CPE that connects a customer with an MPLS serviceprovider.
|
|
|
cyclic redundancy check (CRC)
|
A mathematical algorithm that is executed ona data string by both the sender and the receiver of the data string. If the calculatedCRC values match, the receiver can conclude that the data string was not corruptedduring transmission.
|
|
|
data link layer
|
As Layer 2 of the OSI model, this layer is concerned with thepackaging of data into frames and transmitting those frames on a network, performingerror detection/correction, uniquely identifying network devices with an address,and handling flow control.
|
|
|
decibel (dB)
|
A ratio of radiated power to a reference value. In the case of dBi, thereference value is the signal strength (that is, the power) radiated from an isotropicantenna, which represents a theoretical antenna that radiates an equal amount ofpower in all directions (in a spherical pattern). An isotropic antenna is considered tohave gain of 0 dBi.
|
|
|
decibel (dB) loss
|
A loss of signal power. If a transmission’s dB loss is too great,the transmission cannot be properly interpreted by the intended recipient.
|
|
|
dedicated leased line
|
A logical connection interconnecting two sites. This logicalconnection might physically connect through a service provider’s facility or atelephone company’s central office. The expense of a dedicated leased line is typicallyhigher than other WAN technologies offering similar data rates, because witha dedicated leased line, a customer does not have to share bandwidth with othercustomers.
|
|
|
default gateway
|
The IP address of a router (or multilayer switch) to which anetworked device sends traffic destined for a subnet other than the device’s localsubnet.
|
|
|
default static route
|
A default static route is an administratively configured entryin a router’s routing table that specifies where traffic for all unknown networksshould be sent.
|
|
|
demarc
|
Also known as a demarcation point or a demarc extension, this is the point ina telephone network where the maintenance responsibility passes from a telephonecompany to a subscriber (unless the subscriber purchased an inside wiring plan).This demarc is typically a box mounted to the outside of a customer’s building (forexample, a residence).
|
|
|
demilitarized zone (DMZ)
|
Often contains servers that should be accessible fromthe Internet. This approach would, for example, allow users on the Internet to initiatean e-mail or a web session coming into an organization’s e-mail or web server.However, other protocols would be blocked.
|
|
|
denial of service (DoS)
|
A DoS attack floods a system with an excessive amount oftraffic or requests, which consumes the system’s processing resources and preventsthe system from responding to many legitimate requests.
|
|
|
designated port
|
In a STP topology, every network segment has a single designatedport, which is the port on that segment that is closest to the root bridge, interms of cost. Therefore, all ports on a root bridge are designated ports.
|
|
|
differentiated services (DiffServ)
|
As its name suggests, DiffServ differentiatesbetween multiple traffic flows. Specifically, packets are marked, and routers andswitches can then make decisions (for example, dropping or forwarding decisions)
|
|
|
dig command
|
Can resolve a FQDN to an IP address on UNIX hosts.
|
|
|
digital subscriber line (DSL)
|
A group of technologies that provide high-speeddata transmission over existing telephone wiring. DSL has several variants, whichvary in data rates and distance limitations. Three of the more popular DSL variantsinclude asymmetric DSL (ADSL), symmetric DSL (DSL), and very high bit-rateDSL (VDSL).
|
|
|
Direct-sequence spread spectrum (DSSS)
|
Modulates data over an entire rangeof frequencies using a series of symbols called chips. A chip is shorter in durationthan a bit, meaning that chips are transmitted at a higher rate than the actual data.These chips not only represent encoded data to be transmitted, but also what appearsto be random data. Because both parties involved in a DSSS communicationknow which chips represent actual data and which chips do not, if a third-party intercepteda DSSS transmission, it would be difficult for that party to eavesdrop onthe data because he would not easily know which chips represented valid bits. DSSSis more subject to environmental factors, as opposed to FHSS and OFDN, becauseit uses an entire frequency spectrum.
|
|
|
distance vector
|
A category of routing protocol that sends a full copy of its routingtable to its directly attached neighbors.
|
|
|
distributed denial of service (DDoS)
|
These attacks can increase the amount oftraffic flooded to a target system. Specifically, an attacker compromises multiplesystems, and those compromised systems, called zombies, can be instructed by theattacker to simultaneously launch a DDoS attack against a target system.
|
|
|
Domain Name System (DNS) server
|
Performs the task of taking a domainname (for example, www.ciscopress.com) and resolving that name into a correspondingIP address (for example, 10.1.2.3).
|
|
|
dotted-decimal notation
|
A method of writing an IPv4 address or subnet mask,where groups of 8 bits (called octets) are separated by periods.
|
|
|
Dynamic Host Configuration Protocol (DHCP)
|
Dynamically assigns IP addressinformation (for example, IP address, subnet mask, DNS server’s IP address,and default gateway’s IP address) to network devices.
|
|
|
Dynamic NAT (DNAT)
|
A variant of NAT in which inside local addresses areautomatically assigned an inside global address from a pool of available addresses.
|
|
|
E1
|
An E1 circuit contains 32 channels, in contrast to the 24 channels on a T1 circuit.Only 30 of those 32 channels, however, can transmit data (or voice or video).Specifically, the first of those 32 channels is reserved for framing and synchronization,and the 17th channel is reserved for signaling (that is, to set up, maintain, andtear down a session).
|
|
|
E3
|
A digital circuit in the same E-carrier family of standards as an E1. An E3 circuit’savailable bandwidth is 34.4 Mbps.
|
|
|
edge label switch router (ELSR)
|
Resides at the edge of an MPLS service provider’scloud and interconnects a service provider to one or more customers.
|
|
|
electromagnetic interference (EMI)
|
An electromagnetic waveform that can bereceived by network cable (possibly corrupting data traveling on the cable) or radiatedfrom a network cable (possibly interfering with data traveling on another cable).
|
|
|
electrostatic discharge (ESD) wrist strap
|
To prevent static electricity in yourbody from damaging electrical components on a circuit board, you can wear an ESDwrist strap. The strap is equipped with a clip that you can attach to something with aground potential (for example, a large metal desk). While wearing the wrist strap, ifyou have any static buildup in your body, the static flows to the object with a groundpotential to which your strap is clipped, thus avoiding damage to any electrical componentsthat you might touch.
|
|
|
Encapsulating Security Payload (ESP)
|
An IPsec protocol that provides authentication,integrity, and encryption services.From
|
|
|
Enhanced Interior Gateway Routing Protocol (EIGRP)
|
A Cisco proprietaryprotocol. So, although EIGRP is popular in Cisco-only networks, it is less popularin mixed-vendor networks. Like OSPF, EIGRP is an IGP with very fast convergenceand high scalability. EIGRP is considered to be an advanced distance vectoror a hybrid routing protocol.
|
|
|
Enterprise mode
|
In the context of wireless networking, this refers to using acentralized authentication server such as RADIUS for authentication, instead of apre-shared key (PSK).
|
|
|
Ethernet
|
Ethernet is a Layer 1 technology developed by Xerox and encompassesa variety of standards, which specify various media types, speeds, and distance limitations.
|
|
|
extended service set (ESS)
|
WLANs containing more than one AP are calledESS WLANs. Like BSS WLANs, ESS WLANs operate in infrastructure mode.When you have more than one AP, take care to prevent one AP from interferingwith another. Specifically, nonoverlapping channels (that is, channels 1, 6, and 11for the 2.4-GHz band) should be selected for adjacent wireless coverage areas.
|
|
|
Exterior Gateway Protocol (EGP)
|
A routing protocol that operates betweenautonomous systems, which are networks under different administrative control.Border Gateway Protocol (BGP) is the only EGP in widespread use today.
|
|
|
firewall
|
Primarily a network security appliance, a firewall can protect a trustednetwork (for example, a corporate LAN) from an untrusted network (for example,the Internet) by allowing the trusted network to send traffic into the untrusted networkand receive the return traffic from the untrusted network, while blocking trafficfor sessions that were initiated on the untrusted network.
|
|
|
fox and hound
|
Sometimes called a fox and hound, a toner probe allows you to place atone generator at one end of the connection (for example, in someone’s office) anduse a probe on the punch-down block to audibly detect to which pair of wires thetone generator is connected.
|
|
|
Frame Relay
|
A Layer 2 WAN technology that interconnects sites using virtualcircuits. These virtual circuits are identified by locally significant data-link connectionidentifiers (DLCI).
|
|
|
frequency-hopping spread spectrum (FHSS)
|
Allows the participants in acommunication to hop between predetermined frequencies. Security is enhancedbecause the participants can predict the next frequency to be used but a third partycannot easily predict the next frequency. FHSS can also provision extra bandwidthby simultaneously using more than one frequency.
|
|
|
FTP bounce
|
An FTP bounce attack uses the FTP PORT command to covertlyopen a connection with a remote system. Specifically, an attacker connects to anFTP server and uses the PORT command to cause the FTP server to open a communicationschannel with the intended victim, which might allow a connection fromthe FTP server, while a connection directly from the attacker might be denied.
|
|
|
full duplex
|
This connection allows a device to simultaneously transmit and receivedata.
|
|
|
full-mesh topology
|
Directly connects every site to every other site.
|
|
|
GNU privacy guard (GPC)
|
A free variant of pretty good privacy (PGP), which isan asymmetric encryption algorithm.
|
|
|
half duplex
|
A half-duplex connection allows a device to either receive or transmitdata at any one time. However, a half-duplex device cannot simultaneously transmitand receive.
|
|
|
hardware firewall
|
A network appliance dedicated to the purpose of acting as afirewall. This appliance can have multiple interfaces for connecting to areas of a networkrequiring varying levels of security.
|
|
|
hold-down timers
|
Can speed the convergence process of a routing protocol.After a router makes a change to a route entry, the hold-down timer prevents subsequentupdates for a specified period of time. This approach can help stop flappingroutes (which are routes that oscillate between being available and unavailable) frompreventing convergence.
|
|
|
honey net
|
A network containing more than one honey pot.
|
|
|
honey pot
|
Acts as a distracter. Specifically, a system designated as a honey pot appearsto be an attractive attack target. One school of thought on the use of a honeypot is to place one or more honey-pot systems in a network to entice attackers intothinking the system is real. The attackers then use their resources attacking thehoney pot, resulting in their leaving the real servers alone.
|
|
|
host-based IPS (HIPS)
|
A HIPS system is a computer running intrusion preventionsoftware for the purpose of protecting the computer from attacks.
|
|
|
host command
|
Can resolve a FQDN to an IP address on hosts.
|
|
|
hub
|
An Ethernet hub is an older technology used to interconnect network components,such as clients and servers. Hubs vary in their number of available ports.A hub does not perform an inspection of the traffic it passes. Rather, a hub simplyreceives traffic in a port and repeats that traffic out all of its other ports.
|
|
|
hub-and-spoke topology
|
When interconnecting multiple sites (for example,multiple corporate locations) via WAN links, a hub-and-spoke topology has a WANlink from each remote site (a spoke site) to the main site (the hub site).
|
|
|
independent basic service set (IBSS)
|
A WLAN can be created without the useof an AP. Such a configuration, called an IBSS, is said to work in an ad-hoc fashion.An ad hoc WLAN is useful for temporary connections between wireless devices. Forexample, you might temporarily interconnect two laptop computers to transfer a fewfiles.
|
|
|
integrated services (IntServ)
|
Often referred to as hard QoS because IntServ canmake strict bandwidth reservations. IntServ uses signaling among network devices toprovide bandwidth reservations. Resource Reservation Protocol (RSVP) is an exampleof an IntServ approach to QoS. Because IntServ must be configured on every routeralong a packet’s path, a primary drawback of IntServ is its lack of scalability.
|
|
|
Integrated Services Digital Network (ISDN)
|
A digital telephony technologythat supports multiple 64-kbps channels (known as bearer channels or B channels) on asingle connection. ISDN was popular back in the 1980s for connecting PBXs, whichare telephone switches owned and operated by a company, to a telephone company’scentral office. ISDN has the ability to carry voice, video, or data over its B channels.ISDN also offers a robust set of signaling protocols: Q.921 for Layer 2 signaling andQ.931 for Layer 3 signaling. These signaling protocols run on a separate channel inan ISDN circuit (known as the delta channel, data channel, or D channel).
|
|
|
Interior Gateway Protocol (IGP)
|
A routing protocol that operates within anautonomous system, which is a network under a single administrative control. OSPFand EIGRP are popular examples of IGPs.
|
|
|
Intermediate System-to-Intermediate System (IS-IS)
|
A link-state routing protocolsimilar in its operation to OSPF. IS-IS uses a configurable, yet dimensionless,metric associated with an interface and runs Dijkstra’s shortest path first algorithm.Although using IS-IS as an IGP offers the scalability, fast convergence, and vendorinteroperabilitybenefits of OSPF, it has not been deployed as widely as OSPF.
|
|
|
Internet Group Management Protocol (IGMP)
|
A multicast protocol usedbetween clients and routers to let routers know which of their interfaces has a multicastreceiver attached.
|
|
|
Internet Key Exchange (IKE)
|
A protocol used to set up an IPsec session.
|
|
|
Internet layer
|
This layer of the TCP/IP stack maps to Layer 3 (network layer) ofthe OSI model. Although multiple routed protocols (for example, IPv4 and IPv6)may reside at the OSI model’s network layer, the Internet layer of the TCP/IP stackfocuses on IP as the protocol to be routed through a network.
|
|
|
Internet Security Association and Key Management Protocol (ISAKMP)
|
Negotiates parameters for an IPsec session.
|
|
|
intrusion detection system (IDS)
|
IDS devices can recognize the signature of awell-known attack and respond to stop the attack. However, an IDS sensor does notreside in-line with the traffic flow. Therefore, one or more malicious packets mightreach an intended victim before the traffic flow is stopped by an IDS sensor.
|
|
|
intrusion prevention system (IPS)
|
IPS devices can recognize the signature of awell-known attack and respond to stop the attack. An IPS device resides in-line withthe traffic flow, unlike an IDS sensor.
|
|
|
IP Security (IPsec)
|
A type of VPN that provides confidentiality, integrity, andauthentication.
|
|
|
ipconfig command
|
A Microsoft Windows command that can be used to displayIP address configuration parameters on a PC. In addition, if DHCP is used by thePC, the ipconfig command can be used to release and renew a DHCP lease, whichis often useful during troubleshooting.
|
|
|
jitter
|
The uneven arrival of packets.
|
|
|
Kerberos
|
A client-server authentication protocol that supports mutual authenticationbetween a client and a server. Kerberos uses the concept of a trusted third party(a key distribution center) that hands out tickets to be used instead of a username andpassword combination.
|
|
|
label switch router (LSR)
|
Resides inside a service provider’s MPLS cloud andmakes frame forwarding decisions based on labels applied to frames.
|
|
|
latency
|
The measure of delay in a network.
|
|
|
Layer 2 Forwarding (L2F)
|
A VPN protocol designed (by Cisco Systems) withthe intent of providing a tunneling protocol for PPP. Like L2TP, L2F lacks nativesecurity features.
|
|
|
Layer 2 Tunneling Protocol (L2TP)
|
A VPN protocol that lacks security features,such as encryption. However, L2TP can still be used for a secure VPN connectionif it is combined with another protocol that provides encryption.
|
|
|
link aggregation
|
As defined by the IEEE 802.3ad standard, link aggregation allowsmultiple physical connections to be logically bundled into a single logical connection.
|
|
|
link efficiency
|
To make the most of the limited bandwidth available on slowerspeed links, you might choose to implement compression or link fragmentation and interleaving(LFI). These QoS mechanisms are examples of link efficiency mechanisms.
|
|
|
link-local IP address
|
A link-local IP address is a nonroutable IP address usableonly on a local subnet.
|
|
|
link state
|
A category of routing protocol that maintains a topology of a networkand uses an algorithm to determine the shortest path to a destination network.
|
|
|
link-state advertisement (LSA)
|
Sent by routers in a network to advertise thenetworks the routers know how to reach. Routers use those LSAs to construct atopological map of a network. The algorithm run against this topological map is Dijkstra’sshortest path first algorithm.
|
|
|
local-area network (LAN)
|
Interconnects network components within a local region(for example, within a building).
|
|
|
local loop
|
A connection between a customer premise and a local telephone company’scentral office.
|
|
|
logical topology
|
The actual traffic flow of a network determines the network’slogical topology.
|
|
|
marking
|
Alters bits within a frame, cell, or packet to indicate how a networkshould treat that traffic. Marking alone does not change how a network treats apacket. Other tools (such as queuing tools) can, however, reference markings andmake decisions (for example, forwarding decisions or dropping decisions) based onthose markings.
|
|
|
maximum transmission unit (MTU)
|
The largest packet size supported on aninterface.
|
|
|
media
|
Devices need to be interconnected via some sort of media. This mediacould be copper cabling. Alternatively, it could be a fiber-optic cable. Media mightnot even be a cable, as is the case with wireless networks, where radio waves travelthrough the media of air.
|
|
|
metric
|
A value assigned to a route. Lower metrics are preferred over higher metrics.
|
|
|
metropolitan-area network (MAN)
|
Interconnects locations scattered throughouta metropolitan area.
|
|
|
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
|
Microsoft-enhanced version of CHAP, offering a collection of additional featuresnot present with PAP or CHAP, including two-way authentication.
|
|
|
Microsoft Routing and Remote Access Server (RRAS)
|
A Microsoft Windowsserver feature that allows Microsoft Windows clients to remotely access a MicrosoftWindows network.
|
|
|
multicast
|
A multicast communication flow is a one-to-many flow.
|
|
|
multifactor authentication
|
Similar to two-factor authentication, multifactor authenticationrequires two or more types of successful authentication before grantingaccess to a network.
|
|
|
multilayer switch
|
Like a router, a multilayer switch can make traffic forwardingdecisions based on Layer 3 information. Although multilayer switches more closelyapproach wire-speed throughput than most routers, routers tend to have a greaterfeature set and are capable of supporting more interface types than a multilayerswitch.
|
|
|
multimode fiber (MMF)
|
Multimode fiber-optic cabling has a core with a diameterlarge enough to permit the injection of light into the core at multiple angles. The different paths (that is, modes) that light travels can lead to multimode delaydistortion, which causes bits to be received out of order because the pulses of lightrepresenting the bits traveled different paths (and therefore, different distances).
|
|
|
multiple input multiple output (MIMO)
|
MIMO uses multiple antennas fortransmission and reception. These antennas do not interfere with one another,thanks to MIMO’s use of spatial multiplexing, which encodes data based on the antennafrom which the data will be transmitted. Both reliability and throughput canbe increased with MIMO’s simultaneous use of multiple antennas.
|
|
|
Multiprotocol Label Switching (MPLS)
|
A WAN technology popular amongservice providers. MPLS performs labels switching to forward traffic within anMPLS cloud by inserting a 32-bit header (which contains a 20-bit label) between aframe’s Layer 2 and Layer 3 headers and making forwarding decisions based on thelabel within an MPLS header.
|
|
|
nbtstat command
|
Displays NetBIOS information for IP-based networks. Thenbt prefix of the nbtstat command refers to NetBIOS over TCP/IP, which is calledNBT (or NetBT). This command can, for example, display a listing of NetBIOS devicenames learned by a Microsoft Windows-based PC.
|
|
|
Nessus
|
A network-vulnerability scanner available from Tenable Network Security.
|
|
|
netstat command
|
Can display a variety of information about IP-based connectionson a Windows or UNIX host.
|
|
|
Network Address Translation (NAT)
|
Allows private IP addresses (as definedin RFC 1918) to be translated into Internet-routable IP addresses (public IP addresses).
|
|
|
network as a service (NaaS)
|
A service provider offering where clients can purchasedata services (for example, e-mail, LDAP, and DNS services) traditionallyhosted in a corporate data center.
|
|
|
network interface layer
|
The network interface layer of the TCP/IP stack (alsoknown as the network access layer) encompasses the technologies addressed by Layers1 and 2 (that is, the physical and data link layers) of the OSI model.
|
|
|
network layer
|
Layer 3 of the OSI model, it is primarily concerned with forwardingdata based on logical addresses.
|
|
|
network-based IDS (NIDS)
|
A NIDS device is a network appliance dedicated tothe purpose of acting as an IDS sensor.
|
|
|
network-based IPS (NIPS)
|
A NIPS device is a network appliance dedicated tothe purpose of acting as an IPS sensor.
|
|
|
next hop
|
An IP address on the next router to which traffic should be forwarded.
|
|
|
Nmap
|
A network-vulnerability scanner.
|
|
|
nondesignated port
|
In STP terms, nondesignated ports block traffic to create aloop-free topology.
|
|
|
nslookup command
|
Can resolve a FQDN to an IP address on Microsoft Windowsand UNIX hosts.
|
|
|
octet
|
A grouping of 8 bits. An IPv4 address consists of four octets (that is, a totalof 32 bits).
|
|
|
offsite
|
The term offsite in the context of virtualization technologies refers to hostingvirtual devices on hardware physically located in a service provider’s data center.
|
|
|
omnidirectional antenna
|
Radiates power at relatively equal power levels in alldirections (somewhat similar to the theoretical isotropic antenna). Omnidirectionalantennas are popular in residential WLANs and SOHO locations.
|
|
|
onsite
|
The term onsite in the context of virtualization technologies refers to hostingvirtual devices on hardware physically located in a corporate data center.
|
|
|
open
|
A broken strand of copper that prevents current from flowing through a circuit.
|
|
|
Open Shortest Path First (OSPF)
|
A link-state routing protocol that uses a metricof cost, which is based on the link speed between two routers. OSPF is a popularIGP because of its scalability, fast convergence, and vendor interoperability.
|
|
|
Open Systems Interconnection (OSI) reference model
|
Commonly referred toas the OSI model or the OSI stack. This seven-layer model categorizes various networktechnologies.
|
|
|
optical carrier (OC)
|
Optical networks often use OC levels to indicate bandwidth.As a base reference point, the speed of an OC-1 link is 51.84 Mbps. Other OC levelsare multiples of an OC-1. For example, an OC-3 link has three times the bandwidthof an OC-1 link (that is, 3 * 51.84 Mbps = 155.52 Mbps).
|
|
|
optical time domain reflectometer (OTDR)
|
Detects the location of a fault ina fiber cable by sending light down the fiber-optic cable and measuring the timerequired for the light to bounce back from the cable fault. The OTDM can thenmathematically calculate the location of the fault.
|
|
|
orthogonal frequency-division multiplexing (OFDM)
|
Whereas DSSS uses ahigh modulation rate for the symbols it sends, OFDM uses a relatively slow modulationrate for symbols. This slower modulation rate, combined with the simultaneoustransmission of data over 52 data streams, helps OFDM support high data rateswhile resisting crosstalk between the various data streams.
|
|
|
packet-switched connection
|
Similar to a dedicated leased line, because mostpacket-switched networks are always on. However, unlike a dedicated leasedline, packet-switched connections allow multiple customers to share a service provider’sbandwidth.
|
|
|
partial-mesh topology
|
A hybrid of a hub-and-spoke topology and a full-meshtopology. A partial-mesh topology can be designed to provide an optimal routebetween selected sites, while avoiding the expense of interconnecting every site toevery other site.
|
|
|
Password Authentication Protocol (PAP)
|
Performs one-way authentication(that is, a client authenticates with a server). However, a significant drawback toPPP, other than its unidirectional authentication, is its clear-text transmission ofcredentials, which could permit an eavesdropper to learn authentication credentials.
|
|
|
peer-to-peer network
|
Allows interconnected devices (for example, PCs) to sharetheir resources with one another. These resources could be, for example, files orprinters.
|
|
|
personal-area network (PAN)
|
A network whose scale is smaller than a LAN. Asan example, a connection between a PC and a digital camera via a USB cable is consideredto be a PAN.
|
|
|
Personal mode
|
In the context of wireless networking, this refers to using a presharedkey (PSK) instead of a centralized server, such as RADIUS, for authentication.
|
|
|
physical layer
|
Layer 1 of the OSI model, it is concerned with the transmission ofbits on a network.
|
|
|
physical topology
|
The way a network’s components are physically interconnecteddetermines the network’s physical topology.
|
|
|
ping command
|
One of the most commonly used command-line commands. Itcan check IP connectivity between two network devices. Multiple platforms (for example,routers, switches, and hosts) support the ping command.
|
|
|
plain old telephone service (POTS)
|
A POTS connection connects a customerdevice (such as a telephone) to the public switched telephone network (PSTN).
|
|
|
plenum
|
Plenum cabling is fire retardant and minimizes toxic fumes released bynetwork cabling if that cable were to catch on fire. As a result, plenum cabling is oftena requirement of local fire codes for cable in raised flooring or in other open-airreturn ducts.
|
|
|
Point-to-Point Protocol (PPP)
|
A common Layer 2 protocol offering features suchas multilink interface, looped link detection, error detection, and authentication.
|
|
|
Point-to-Point Protocol over Ethernet (PPPoE)
|
Commonly used between aDSL modem in a home (or business) and a service provider. Specifically, PPPoE encapsulatesPPP frames within Ethernet frames. PPP is used to leverage its features,such as authentication.
|
|
|
Point-to-Point Tunneling Protocol (PPTP)
|
An older VPN protocol (that supportedthe dial-up networking feature in older versions of Microsoft Windows). LikeL2TP and L2F, PPTP lacks native security features. However, Microsoft’s versionsof PPTP bundled with various versions of Microsoft Windows were enhanced tooffer security features.
|
|
|
poison reverse
|
This feature of a distance-vector routing protocol causes a routereceived on one interface to be advertised back out of that same interface with ametric considered to be infinite.
|
|
|
policing
|
Instead of making a minimum amount of bandwidth available for specifictraffic types, you might want to limit available bandwidth. Both policing and trafficshapingtools can accomplish this objective. Collectively, these tools are called trafficconditioners. Policing can drop exceeding traffic, as opposed to buffering it.
|
|
|
Port Address Translation (PAT)
|
A variant of NAT in which multiple inside localIP addresses share a single inside global IP address. PAT can distinguish betweendifferent flows based on port numbers.
|
|
|
Power over Ethernet (PoE)
|
Defined by the IEEE 802.3af and 802.3at standards,PoE allows an Ethernet switch to provide power to an attached device (for example,a wireless access point, security camera, or IP phone) by applying power to the samewires in a UTP cable that are used to transmit and receive data.
|
|
|
prefix notation
|
A method of indicating how many bits are in a subnet mask.For example, /24 is prefix notation for a 24-bit subnet mask. Prefix notation is alsoknown as slash notation.
|
|
|
presentation layer
|
Layer 6 of the OSI model, it is responsible for the formattingof data being exchanged and securing the data with encryption.
|
|
|
pretty good privacy (PGP)
|
PGP is a widely deployed asymmetric encryption algorithmand is often used to encrypt e-mail traffic.
|
|
|
primary rate interface (PRI)
|
A PRI circuit is an ISDN circuit built on a T1 or E1circuit. Recall that a T1 circuit has 24 channels. Therefore, if a PRI circuit is built ona T1 circuit, the ISDN circuit has 23 B channels and 1 64-Kbps D channel. The 24thchannel in the T1 circuit serves as the ISDN D channel (that is, the channel usedto carry the Q.921 and Q.931 signaling protocols, which set up, maintain, and teardown connections).
|
|
|
private IP addresses
|
Specific Class A, B, and C networks have been designedfor private use. Although these networks are routable (with the exception of the169.254.0.0–169.254.255.255 address range), within the organization, service providersdo not route these private networks over the public Internet.
|
|
|
protocol data unit (PDU)
|
The name given to data at different layers of the OSImodel. Specifically, the PDU for Layer 4 is segment. The Layer 3 PDU is packet, theLayer 2 PDU is frame, and the Layer 1 PDU is bit.
|
|
|
Protocol Independent Multicast (PIM)
|
A multicast protocol used betweenmulticast-enabled routers to construct a multicast distribution tree.
|
|
|
proxy server
|
Intercepts requests being sent from a client and forwards those requestson to their intended destination. The proxy server then sends any return trafficto the client that initiated the session. This provides address hiding for the client.Also, some proxy servers conserve WAN bandwidth by offering a content cachingfunction. In addition, some proxy servers offer URL filtering to, for example, blockusers from accessing social networking sites during working hours.
|
|
|
public key infrastructure (PKI)
|
A PKI system uses digital certificates and a certificateauthority to allow secure communication across a public network.
|
|
|
public switched telephone network (PSTN)
|
The worldwide telephony networkconsisting of multiple telephone carriers.
|
|
|
punch-down tool
|
When terminating wires on a punch-down block (for example,a 110 block), you should use a punch-down tool, which is designed to properly insertan insulated wire between two contact blades in a punch-down block, withoutdamaging the blades.
|
|
|
Real-time Transport Protocol (RTP)
|
A Layer 4 protocol that carries voice (andinteractive video).
|
|
|
reliability
|
The measure of how error-free a network transmits packets.
|
|
|
remote-access VPN
|
Also known as a remote-access VPN, a client-to-site VPNinterconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity,at a reduced cost.
|
|
|
Remote Authentication Dial-In User Service (RADIUS)
|
A UDP-based protocolused to communicate with a AAA server. Unlike TACACS+, RADIUS does notencrypt an entire authentication packet, but only the password. However, RADIUSoffers more robust accounting features than TACACS+. Also, RADIUS is astandards-based protocol, whereas TACACS+ is a Cisco proprietary protocol.
|
|
|
ring topology
|
In a ring topology, traffic flows in a circular fashion around a closednetwork loop (that is, a ring). Typically, a ring topology sends data, in a single direction,to each connected device in turn, until the intended destination receives the data.
|
|
|
root port
|
In a STP topology, every nonroot bridge has a single root port, which isthe port on that switch that is closest to the root bridge, in terms of cost.
|
|
|
route command
|
Can add, modify, or delete routes in the IP routing table ofMicrosoft Windows and UNIX hosts. In addition, the route command can be usedto view the IP routing table of Microsoft Windows hosts.
|
|
|
route redistribution
|
Allows routes learned by one routing protocol to be injectedinto the routing process of another routing protocol.
|
|
|
routed protocol
|
A protocol with an addressing scheme (for example, IP) that definesdifferent network addresses.
|
|
|
router
|
A router is considered a Layer 3 device, meaning that it makes its forwardingdecisions based on logical network addresses. Most modern networks use IP addressing.
|
|
|
Routing Information Protocol (RIP)
|
A distance-vector routing protocol thatuses a metric of hop count. The maximum number of hops between two routers in anRIP-based network is 15. Therefore, a hop count of 16 is considered to be infinite.RIP is considered to be an IGP.
|
|
|
routing protocol
|
A routing protocol (for example, RIP, OSPF, or EIGRP) thatadvertises route information between routers, which describes how to reach specifieddestination networks.
|
|
|
RSA
|
A popular and widely deployed asymmetric encryption algorithm.
|
|
|
satellite (WAN technology)
|
Provides WAN access to sites where terrestrialWAN solutions are unavailable. Satellite WAN connections can suffer from longround-trip delay (which can be unacceptable for latency-sensitive applications) andare susceptible to poor weather conditions.
|
|
|
Secure Sockets Layer (SSL)
|
Provides cryptography and reliability for upper layers(Layers 5–7) of the OSI model. SSL, which was introduced in 1995, has largelybeen replaced by Transport Layer Security (TLS). However, recent versions of SSL(for example, SSL 3.3) have been enhanced to be more comparable with TLS. BothSSL and TLS are able to provide secure web browsing via HTTPS.
|
|
|
security association (SA)
|
An agreement between the two IPsec peers about thecryptographic parameters to be used in an ISAKMP session.
|
|
|
security policy
|
A continually changing document that dictates a set of guidelinesfor network use. These guidelines complement organizational objectives by specifyingrules for how a network is used.
|
|
|
server
|
As its name suggests, a server serves up resources to a network. These resourcesmight include e-mail access as provided by an e-mail server, web pages asprovided by a web server, or files available on a file server.
|
|
|
service set identifier (SSID)
|
A string of characters that identifies a WLAN. APsparticipating in the same WLAN can be configured with identical SSIDs. An SSIDshared among multiple APs is called an extended service set identifier (ESSID).
|
|
|
Session Initiation Protocol (SIP)
|
A VoIP signaling protocol used to set up,maintain, and tear down VoIP phone calls.
|
|
|
session layer
|
As Layer 5 of the OSI model, it’s responsible for setting up, maintaining,and tearing down sessions.
|
|
|
shielded twisted-pair (STP) cable
|
STP cabling prevents wires in a cable fromacting as an antenna, which might receive or transmit EMI. STP cable might havea metallic shielding, similar to the braided wire that acts as an outer conductor in acoaxial cable.
|
|
|
short
|
A short occurs when two copper connectors touch each other, resulting incurrent flowing through that short rather than the attached electrical circuit, becausethe short has lower resistance.
|
|
|
Simple Network Management Protocol (SNMP)
|
A protocol used to monitorand manage network devices, such as routers, switches, and servers.
|
|
|
single-mode fiber (SMF)
|
SMF cabling has a core with a diameter large enoughto permit only a single path for light pulses (that is, only one mode of propagation).By having a single path for light to travel, SMF eliminates the concern of multimodedelay distortion.
|
|
|
single sign-on (SSO)
|
Allows a user to authenticate once to gain access to multiplesystems, without requiring the user to independently authenticate with each system.
|
|
|
site-to-site VPN
|
Interconnects two sites, as an alternative to a leased line, at areduced cost.
|
|
|
slash notation
|
A method of indicating how many bits are in a subnet mask.For example, /24 is prefix notation for a 24-bit subnet mask. Prefix notation is alsoknown as slash notation.
|
|
|
social engineering
|
Attackers sometimes use social techniques (which often leveragepeople’s desire to be helpful) to obtain confidential information. For example,an attacker might pose as a member of an IT department and ask a company employfor her login credentials in order for the “IT staff to test the connection.” This typeof attack is called social engineering.
|
|
|
software firewall
|
A computer running firewall software. For example, the softwarefirewall could protect the computer itself (for example, preventing incomingconnections to the computer). Alternatively, a software firewall could be a computerwith more than one network interface card that runs firewall software to filter trafficflowing through the computer.
|
|
|
Spanning Tree Protocol (STP)
|
Defined by the IEEE 802.1D standard, it allowsa network to have redundant Layer 2 connections, while logical preventing a loop,which could lead to symptoms such as broadcast storms and MAC address table corruption.
|
|
|
split horizon
|
This feature of a distance-vector routing protocol prevents a routelearned on one interface from being advertised back out of that same interface.
|
|
|
star topology
|
In a star topology, a network has a central point (for example, aswitch) from which all attached devices radiate.
|
|
|
state transition modulation
|
One way to electrically or optically represent a binary1 or 0 is to use the transition between a voltage level (for example, going froma state of no voltage to a state of voltage, or vice versa, on a copper cable) or thetransition of having light or no light on a fiber optic cable to represent a binary 1.Similarly, a binary 0 is represented by having no transition in a voltage level or lightlevel from one time period to the next. This approach of representing binary digitsis called state transition modulation.
|
|
|
stateful firewall
|
Inspects traffic leaving the inside network as it goes out to theInternet. Then, when returning traffic from the same session (as identified by sourceand destination IP addresses and port numbers) attempts to enter the inside network,the stateful firewall permits that traffic. The process of inspecting traffic toidentify unique sessions is called stateful inspection.
|
|
|
Static NAT (SNAT)
|
A variant of NAT in which an inside local IP address isstatically mapped to an inside global IP address. SNAT is useful for servers inside anetwork that need to be accessible from an outside network.
|
|
|
Supervisory Control and Data Acquisition (SCADA) network
|
Specialized networkthat provides control of remote equipment for monitoring and control of thatequipment. A power plant or gas refinery would have a SCADA network.
|
|
|
supplicant
|
In a network using 802.1X user authentication, a supplicant is the devicethat wants to gain access to a network.
|
|
|
switch
|
Like an Ethernet hub, an Ethernet switch interconnects network components.Like a hub, switches are available with a variety of port densities. However,unlike a hub, a switch doesn’t simply take traffic in on one port and forward copiesof that traffic out all other ports. Rather, a switch learns which devices reside off ofwhich ports. As a result, when traffic comes in a switch port, the switch interrogatesthe traffic to see where it’s destined. Then, based on what the switch has learned,the switch forwards the traffic out of the appropriate port and not out all of theother ports.
|
|
|
symmetric encryption
|
With symmetric encryption, both the sender and thereceiver of a packet use the same key (a shared key) for encryption and decryption.
|
|
|
Synchronous Optical Network (SONET)
|
Layer 1 technology that usesfiber-optic cabling as its media. Because SONET is a Layer 1 technology, it can beused to transport various Layer 2 encapsulation types, such as ATM. Also, becauseSONET uses fiber-optic cabling, it offers high data rates, typically in the 155-Mbps to 10-Gbps range, and long-distance limitations, typically in the 20-km to 250-kmrange.
|
|
|
syslog
|
A syslog-logging solution consists of two primary components: syslog servers,which receive and store log messages sent from syslog clients; and syslog clients,which can be a variety of network devices that send logging information to a syslogserver.
|
|
|
T1
|
T1 circuits were originally used in telephony networks, with the intent of onevoice conversation being carried in a single channel (that is, a single DS0). A T1 circuitconsists of 24 DS0s, and the bandwidth of a T1 circuit is 1.544 Mbps.
|
|
|
T3
|
In the same T-carrier family of standards as a T1, a T3 circuit offers an increasedbandwidth capacity. Although a T1 circuit combines 24 DS0s into a singlephysical connection to offer 1.544 Mbps of bandwidth, a T3 circuit combines 672DS0s into a single physical connection, with a resulting bandwidth capacity of 44.7Mbps.
|
|
|
TCP/IP stack
|
Also known as the DoD model, this four-layer model (as opposed tothe seven-layer OSI model) targets the suite of TCP/IP protocols.
|
|
|
telco
|
telephone company. Some countries have government-maintained telcos,and other countries have multiple telcos that compete with one another.
|
|
|
Terminal Access Controller Access-Control System Plus (TACACS+)
|
ATCP-based protocol used to communicate with a AAA server. Unlike RADIUS,TACACS+ encrypts an entire authentication packet rather than just the password.TACACS+ offers authentication features, but they are not as robust as the accountingfeatures found in RADIUS. Also, unlike RADIUS, TACACS+ is a Cisco-proprietaryprotocol.
|
|
|
time-division multiplexing (TDM)
|
Supports different communication sessions(for example, different telephone conversations in a telephony network) on thesame physical medium by allowing sessions to take turns. For a brief period of time,defined as a time slot, data from the first session is sent, followed by data from thesecond sessions. This continues until all sessions have had a turn, and the processrepeats itself.
|
|
|
time domain reflectometer (TDR)
|
Detects the location of a fault in a coppercable by sending an electric signal down the copper cable and measuring the timerequired for the signal to bounce back from the cable fault. A TDM can then mathematicallycalculate the location of the fault.
|
|
|
Time To Live (TTL)
|
The TTL field in an IP header is decremented once foreach router hop. Therefore, if the value in a TTL field is reduced to 0, a router discardsthe frame and sends a time exceeded ICMP message back to the source.
|
|
|
tip and ring
|
The red and green wires found in an RJ-11 wall jacks, which carryvoice, ringing voltage, and signaling information between an analog device (for example,a phone or a modem) and an RJ-11 wall jack.
|
|
|
toner probe
|
Sometimes called a fox and hound, a toner probe allows you to place atone generator at one end of the connection (for example, in someone’s office) anduse a probe on the punch-down block to audibly detect to which pair of wires thetone generator is connected.
|
|
|
traceroute command
|
A UNIX command that displays every router hop along thepath from a source host to a destination host on an IP network. Information aboutthe router hop can include the IP address of the router hop and the round-trip delayof that router hop.
|
|
|
tracert command
|
A Microsoft Windows-based command that displays everyrouter hop along the path from a source host to a destination host on an IP network.Information about a router hop can include such information as the IP address ofthe router hop and the round-trip delay of that router hop.
|
|
|
traffic shaping
|
Instead of making a minimum amount of bandwidth available forspecific traffic types, you might want to limit available bandwidth. Both policing andshaping tools can accomplish this objective. Collectively, these tools are called trafficconditioners. Traffic shaping delays excess traffic by buffering it as opposed to droppingthe excess traffic.
|
|
|
Transmission Control Protocol (TCP)
|
A connection-oriented transport protocol.Connection-oriented transport protocols provide reliable transport, in that ifa segment is dropped, the sender can detect that drop and retransmit that droppedsegment. Specifically, a receiver acknowledges segments that it receives. Based onthose acknowledgments, a sender can determine which segments were successfullyreceived
|
|
|
transport layer (OSI model)
|
As Layer 4 of the OSI model, it acts as a dividingline between the upper layers and the lower layers. Specifically, messages are takenfrom the upper layers (Layers 5–7) and encapsulated into segments for transmissionto the lower layers (Layers 1–3). Similarly, data streams coming from lower layersare decapsulated and sent to Layer 5 (the session layer) or some other upper layer,depending on the protocol.
|
|
|
transport layer (TCP/IP stack)
|
The transport layer of the TCP/IP stack mapsto Layer 4 (transport layer) of the OSI model. The two primary protocols found atthe TCP/IP stack’s transport layer are TCP and UDP.
|
|
|
trouble ticket
|
A problem report explaining the details of an issue being experiencedin a network.
|
|
|
trunk
|
In the context of an Ethernet network, this is a single physical or logicalconnection that simultaneously carries traffic for multiple VLANs. However, atrunk also refers to an interconnection between telephone switches, in the context oftelephony.
|
|
|
twisted-pair cable
|
Today’s most popular media type is twisted-pair cable, whereindividually insulated copper strands are intertwined into a twisted-pair cable. Twocategories of twisted-pair cable include shielded twisted pair (STP) and unshieldedtwisted pair (UTP).
|
|
|
two-factor authentication (TFA)
|
Requires two types of authentication from auser seeking admission to a network. For example, a user might need to know something(for example, a password) and have something (for example, a specific fingerprintthat can be checked with a biometric authentication device).
|
|
|
unicast
|
A unicast communication flow is a one-to-one flow.
|
|
|
unidirectional antenna
|
Unidirectional antennas can focus their power in a specificdirection, thus avoiding potential interference with other wireless devices and perhapsreaching greater distances than those possible with omnidirectional antennas. One applicationfor unidirectional antennas is interconnecting two nearby buildings.
|
|
|
unified threat management (UTM)
|
A firewall or gateway that attempts to bundlemultiple security functions into a single physical or logical device.
|
|
|
uninterruptible power supply (UPS)
|
An appliance that provides power to networkingequipment in the event of a power outage.
|
|
|
unshielded twisted-pair (UTP) cable
|
Blocks EMI from the copper strands makingup a twisted-pair cable by twisting the strands more tightly (that is, more twistsper centimeter [cm]). By wrapping these strands around each other, the wires insulateeach other from EMI.
|
|
|
User Datagram Protocol (UDP)
|
A connectionless transport protocol. Connectionlesstransport protocols provide unreliable transport, in that if a segment isdropped, the sender is unaware of the drop, and no retransmission occurs.
|
|
|
virtual desktop
|
A virtual desktop solution allows a user to store data in a centralizeddata center, as opposed to the hard drive of his local computer. Then, withappropriate authentication credentials, that user can access his data from variousremote devices (for example, his smartphone or another computer).
|
|
|
virtual LAN (VLAN)
|
A single broadcast domain, representing a single subnet.Typically, a group of ports on a switch is assigned to a single VLAN. For traffic totravel between two VLANs, that traffic needs to be routed.
|
|
|
virtual PBX
|
Usually a VoIP telephony solution hosted by a service provider,which interconnects with a company’s existing telephone system.
|
|
|
virtual private network (VPN)
|
Some VPNs can support secure communicationbetween two sites over an untrusted network (for example, the Internet).
|
|
|
virtual server
|
Allows a single physical server to host multiple virtual instances ofvarious operating systems. This allows, for example, a single physical server to simultaneouslyhost multiple Microsoft Windows servers and multiple Linux servers.
|
|
|
virtual switch
|
Performs Layer 2 functions (for example, VLAN separation andfiltering) between various server instances running on a single physical server.
|
|
|
warchalking
|
If an open WLAN (or a WLAN whose SSID and authenticationcredentials are known) is found in a public place, a user might write a symbol on awall (or some other nearby structure) to let others know the characteristics of thediscovered network. This practice, which is a variant of the decades-old practice ofhobos leaving symbols as messages to fellow hobos, is called warchalking.
|
|
|
wide-area network (WAN)
|
Interconnects network components that are geographicallyseparated.
|
|
|
wide-area network (WAN) link
|
n interconnection between two devices ina WAN.
|
|
|
Wi-Fi Protected Access (WPA)
|
The Wi-Fi Alliance (a nonprofit organizationformed to certify interoperability of wireless devices) developed its own securitystandard to address the weaknesses of Wired Equivalent Privacy (WEP). This newsecurity standard was called Wi-Fi Protected Access (WPA) Version 1.
|
|
|
Wi-Fi Protected Access Version 2 (WPA2)
|
Uses Counter Mode with CipherBlock Chaining Message Authentication Code Protocol (CCMP) for integritychecking and Advanced Encryption Standard (AES) for encryption. These algorithmsenhance the security offered by WPA.
|
|
|
Wired Equivalent Privacy (WEP)
|
A security standard for WLANs. With WEP,an AP is configured with a static WEP key. Wireless clients needing to associatewith an AP are configured with an identical key (making this a preshared key [PSK]approach to security). The IEEE 802.11 standard specifies a 40-bit WEP key, whichis considered to be a relatively weak security measure.
|
|
|
wireless access point (AP)
|
A device that connects to a wired network and providesaccess to that wired network for clients that wirelessly attach to the AP.
|
|
|
wireless router
|
Attaches to a wired network and provides access to that wirednetwork for wirelessly attached clients, like a wireless AP. However, a wirelessrouter is configured such that the wired interface that connects to the rest of thenetwork (or to the Internet) is on a different IP network than the wireless clients.Typically, a wireless router performs NATing between these two IP address spaces.
|
|
|
Zeroconf
|
A technology that performs three basic functions: assigning link-local IP addresses,resolving computer names to IP addresses, and locating network services.
|
