CompTIA Network+

¡Supera tus tareas y exámenes ahora con Quizwiz!

OC-1

51.84 Mbps, STS-1 signal method

10 GbE

10 Gigabit Ethernet. A very fast Ethernet designation, with a number of fiber-optic and copper standards.

Scanner

A device that senses alterations of light and dark. It enables the user to import photographs, other physical images, and text into the computer in digital form.

uninterruptible power supply

A device that supplies continuous clean power to a computer system the whole time the computer is on. Protects against power outages and sags. Is often used mistakenly when people mean stand-by power supply or system (SPS).

warm site

A facility with all of the physical resources, computers, and network infrastructure needed to recover from a primary site disaster. This does not have current backup data, and it may take a day or more to recover and install backups before business operations can recommence.

Mean Time Between Failures

A factor typically applied to a hardware component that represents the manufacturer's best guess (based on historical data) regarding how much time will pass between major failures of that component.

external network address

A number added to the MAC address of every computer on an IPX/SPX network that defines every computer on the network; this is often referred to as a network number.

Windows domain

A group of computers controlled by a computer running Windows Server, which is configured as a domain controller.

computer network

A group of computers that are connected together and communicate with one another for a common purpose.

Botnet

A group of computers under the control of one operator, used for malicious purposes.

object

A group of related counters used in Windows logging utilities.

People/organization network

A group of users who share a common purpose for communicating.

layer

A grouping of related tasks involving the transfer of information. Also, a particular level of the OSI seven-layer model, for example, Physical, Data Link, and so forth.

Experimental Bits (Exp)

A relative value used to determine the importance of the labeled packet to be able to prioritize some packets over others

security policy

A set of procedures defining actions employees should perform to protect the network's security.

protocol suite

A set of protocols that are commonly used together and operate at different levels of the OSI seven-layer model.

multicast addresses

A set of reserved addresses designed to go from one system to any system using one of the reserved addresses. Any 224.X.X.X address

License Restriction

A set of rules stating how the licensing of a product must be controlled and handled. This is usually for software.

File Transfer Protocol

A set of rules that allows two computers to talk to one another as a file transfer is carried out. This is the protocol used when you transfer a file from one computer to another across the Internet. FTP is unencrypted by default

Simple Network Management Protocol

A set of standards for communication with network devices (switches, routers, WAPs) connected to a TCP/IP network. Used for network management.

routing loop

A situation where interconnected routers loop traffic, causing the routers to respond slowly or not respond at all.

Bits per second

A measurement of how fast data is moved across a transmission medium. A Gigabit Ethernet connection moves 1,000,000,000 bps

signal strength

A measurement of how well your wireless device is connecting to other devices.

Decibel

A measurement of the quality of a signal.

sequential

A method of storing and retrieving information that requires data to be written and read sequentially. Accessing any portion of the data requires reading all the preceding data.

distributed control system

A small controller added directly to a machine used to distribute the computing load. An extension of ICS

Keylogger

A small hardware device or malware that monitors each keystroke a user types on the computer's keyboard. Used to capture passwords and other private information

PING (Packet Internet Groper)

A small network message sent by a computer to check for the presence and response of another system. Also, a command-line utility to check the up/down status of an IP addressed host. This command uses ICMP packets.

phishing

A social engineering technique where the attackers poses as a trusted source in order to obtain sensitive information. Typically done via email or text message

Open port

A socket that is prepared to respond to any IP packets destined for that socket's port number. Also called a listening port

listening port

A socket that is prepared to respond to any IP packets destined for that socket's port number. Also called an open port

SNMP agent

A software component that enables a device to communicate with, and be contacted by, an SNMP management system. The software redirects the information that the NMS needs to monitor the remote managed devices. A device with this software installed on it is also called a managed device

host-based firewall

A software firewall installed on an individual machine that provides firewall services for just that machine, such as Windows Firewall.

default

A software function or operation that occurs automatically unless the user specifies something else.

name resolution

A method that enables one computer on the network to locate another to establish a session. All network protocols perform name resolution in one of two ways: either via broadcast or by providing some form of name server.

Remote installation services

A tool introduced with Windows 2000 that can be used to initiate either a scripted installation or an installation of an image of an operating system onto a PC.

snapshot

A tool that enables you to save an extra copy of a virtual machine as it is exactly at the moment it is taken.

packet sniffer

A tool that intercepts and logs network packets.

protocol analyzer

A tool that monitors the different protocols running at different layers on the network and that can give Application, Session, Network, and Data Link layer information on every frame going through a network.

Vulnerability Scanner

A tool that scans a network for potential attack vectors.

Wireless survey tool

A tool used to discover wireless networks in an area; it also notes signal interferences.

partially meshed topology

A topology in which not all of the nodes are directly connected

OC-12

622.08 Mbps, STS-12 signal method

8P8C

8 position 8 contact. Four-pair connector used on the end of network cable. Erroneously referred to as an RJ-45 connector.

connectionless

A type of communication characterized by sending packets that are not acknowledged by the destination host. UDP is the quintessential example protocol in the TCP/IP suite.

Armored Virus

A type of computer virus that takes advantage of various mechanisms specifically designed to make tracing, disassembling and reverse engineering its code more difficult.

user

Anyone who uses a computer. You.

resource

Anything that exists on another computer that a person wants to use without going to that computer. Also an online information set or an online interactive option.

API

Application Programming Interface

open source

Applications and operating systems that offer access to their source code; this enables developers to modify applications and operating systems easily to meet their specific needs.

AS

Authentication Server

Something you are

Authentication factor that relies on a physical characteristic (fingerprint, face, eye, palm)

Something you know

Authentication factor that relies on a piece of knowledge (password, PIN).

Something you have

Authentication factor that relies on possession (FOB, Card, Cell Phone, Key)

mounting bracket

Bracket that acts as a holder for a faceplate in cable installations.

BPDU

Bridge Protocol Data Unit

BPDU Guard

Bridge Protocol Data Units Guard

BYOD

Bring Your Own Device

BPL

Broadband over Power Lines

central office

Building that houses local exchanges and a location where individual voice circuits come together.

dynamic ARP inspection

Cisco process that updates a database of trusted systems. This then watches for false or suspicious ARPs and ignores them to prevent ARP cache poisoning and other malevolent efforts.

Access Control Server

Cisco program/process/server that makes the decision to admit or deny a node based on posture assessment. From there, the ACS directs the edge access device to allow a connection or to implement a denial or redirect.

VLAN Trunking Protocol (VTP)

Cisco proprietary protocol to automate the updating of multiple VLAN switches.

Cisco IOS

Cisco's proprietary operating system.

EAP-Flexible Authentication via Secure Tunneling

Cisco's replacement for LEAP. All current operating systems support this

Independent Computing Architecture

Citrix technology that defined communication between client and server in remote terminal programs.

Private IP address ranges

Class A: 10.x.x.x Class B: 172.16.x.x - 172.31.x.x Class C: 192.168.x.x

CoS

Class of Service

CIDR

Classless Inter-Domain Routing

direct current

A type of electric circuit where the flow of electrons is in a complete circle

smurf

A type of hacking attack in which an attacker floods a network with ping packets sent to the broadcast address. The trick that makes this attack special is that the return address of the pings is spoofed to that of the intended victim. When all the computers on the network respond to the initial ping, they send their response to the intended victim.

Polymorphic Malware

A type of malicious software capable of changing its underlying code in order to avoid detection.

Replay Attack

A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network. Stealing a username and hashed password to a bank account and maliciously logging into the server later, for example

Dial-up

A type of network connection in which data is passed through phone lines. This is very slow, requires a modem, and uses the PPP protocol

Elliptic Curve Cryptography

A type of public key cryptography that requires a shorter key length than RSA. This method of public key cryptography is based on the algebraic structure of elliptic curves over finite fields. Typically used on small mobile devices, due to its low power and computing requirements. A form of asymmetric encryption

High-Speed WAN Internet Cards

A type of router expansion card that enables connection to two different ISPs.

Temporal Key Integrity Protocol

A type of wireless encryption used with WPA. An enhanced version of WEP that is part of the 802.11i standard and has an automatic key-update mechanism that makes it much more secure than WEP. This is not as strong as AES in terms of data protection.

unicast address

A unique IP address that is exclusive to a single system.

label

A unique identifier, used by MPLS-capable routers to determine how to move data

Metasploit

A unique tool that enables a penetration tester to use a massive library of attacks as well as tweak those attacks for unique penetrations.

MHz (Megahertz)

A unit of measure that equals a frequency of 1 million cycles per second.

Kilohertz (kHz)

A unit of measure that equals a frequency of 1000 cycles per second.

netstat

A universal command-line utility used to examine the TCP/IP connections open on a given host. Lists all the open ports and connections on a host

power users

A user account that has the capability to do many, but not all, of the basic administrator functions.

malicious user

A user who consciously attempts to access, steal, or damage resources.

Time to live (TTL)

A value that determines the number of hops the label can make it's eliminated

Wold Wide Web

A vast network of servers and clients communicating through the Hypertext Transfer Protocol (HTTP). Commonly accessed using graphical Web-browsing software such as Microsoft Internet Explorer and Google Chrome.

WPA2 - Enterprise

A version of WPA2 that uses a RADIUS server for authentication.

cable certifier

A very powerful cable testing device used by professional installers to test the electrical characteristics of a cable and then generate a certification report, proving that cable runs pass TIA/EIA standards.

Virtual Machine

A virtual computer accessed through a class of programs called hypervisor or virtual machine manager. This runs inside your actual operating system, essentially enabling you to run two or more operating systems at once.

Dynamic Multipoint VPN

A virtual private network solution optimized for connections between multiple locations directly

datagram TLS (DTLS) VPN

A virtual private network solution that optimizes connections for delay-sensitive applications, such as voice and video.

IPsec VPN

A virtual private networking technology that uses IPsec tunneling for security.

Trojan horse

A virus that masquerades as a file with a legitimate purpose, so that a user will run it intentionally. The classic example is a file that runs a game, but also causes some type of damage to the player's sytem.

ground loop

A voltage differential that exists between two different grounding points.

Dynamic Addressing

A way for a computer to receive IP information automatically from a server program.

thick AP

A wireless access point that is completely self-contained with a full set of management programs and administrative access ways. Each of these is individually managed by an administrator who logs into the WAP, configures it, and logs out.

Redundant Array of Independent Disks

A way to create a fault-tolerant storage system. This has six levels

SSID broadcast

A wireless access point feature that announces the WAP's SSID to make it easy for wireless clients to locate and connect to it. By default, most WAPs regularly announce their SSID. For security purposes, some entities propose disabling this broadcast.

Duplexing

Also called disk duplexing or drive duplexing, similar to mirroring in that data is written to and read from two physical drives for fault tolerance. In addition, separate controllers are used for each drive, for both additional fault tolerance and additional speed. Considered RAID level 1. See also Disk Mirroring.

short circuit

Allows electricity to pass between two conductive elements that weren't designed to interact together. Also called a short.

Security Assertions Markup Language

An XML-based standard used to exchange authentication and authorization information between different parties. This provides SSO for web-based applications.

MAC ACL

An access control list focused on MAC addresses that only allows certain devices to join a network.

Untrusted user

An account that has been granted no administrative powers.

trusted user

An account that has been granted specific authority to perform certain or all administrative tasks.

Archive bit

An attribute of a file that shows whether the file has been backed up since the last change. Each time a file is opened, changed, or saved, the archive bit is turned on. Some types of backups turn off the archive bit to indicate that a good backup of the file exists on tape.

Something you do

An authentication factor indicating action, such as gestures on a touch screen.

Somewhere you are

An authentication factor indicating location, often using geolocation technologies.

evil twin

An attack that lures people into logging into a rogue access point that looks similar to a legitimate access point. Done by a bad actor

Ping Flood

An attack that uses the Internet Control Message Protocol (ICMP) to flood a server with packets.

Layer 2 switch

Any device that filters and forwards frames based on the MAC addresses of the sending and receiving machines.

wireless analyzer

Any device that finds and documents all wireless networks in the area. Also known as a Wi-Fi analyzer.

Multifunction network device

Any device that works as multiple layers of the OSI seven-layer model, providing more than a single server.

Symmetric Key Algorithm

Any encryption method that uses the same key for both encryption and decryption.

hybrid toplogy

Any form of networking technology that combines a physical topology with a signaling topology

threat

Any form of potential attack against a network.

cleartext credentials

Any login process conducted over a network where account names, passwords, or other authentication elements are sent from the client or server in an unencrypted fashion.

key exchange

Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.

incident

Any negative situation that takes place within an organization.

Closed network

Any network that strictly controls who and what may connect to it

network threat

Any number of things that share one essential feature: the potential to damage network data, machines, or users.

malware

Any program or code (macro, script, and so on) that's designed to do something on a system or network that you don't want to have happen.

spyware

Any program that sends information about your system or your actions over the Internet. Attempts to hide itself from you/your anti-malware

Remote Shell

Allows you to send single commands to the remote server. Whereas rlogin is designed to be used interactively, this can be easily integrated into a cript

802.11g-ht

Along with the corresponding 802.11a-ht standard, technical terms for mixed mode 802.11a/802.11g operation. In mixed mode, both techologies are simultaneously supported.

802.11a-ht

Along with the corresponding 802.11g-ht standard, technical terms for mixed mode 802.11a/802.11g operation. In mixed-mode, both technologies are simultaneously supported.

daily backup

Also called a daily copy backup, makes a copy of all files that have been changed on that day without changing the archive bits of those files.

Network blocks

Also called blocks, contiguous ranges of IP addresses that are assigned to organizations and end users by IANA.

plaintext

Also called cleartext, unencrypted data in an accessible format that can be read without special utilities.

sniffer

Diagnostic program that can order a NIC to run in promiscuous mode.

DSL

Digital Subscriber Line

DS1

Digital signal 1

DS3

Digital signal level 3

Baseband

Digital signaling that has only one signal (a single signal) on the cable at a time. The signals must be in one of three states: one, zero, or idle.

DSSS

Direct Sequence Spread Spectrum

root directory

Directory that contains all other directories.

DAC

Discretionary Access Control

Netstat -n

Displays addresses and port numbers in numerical form (IP addresses not domain names) for open ports and connections on a host.

Netstat -r

Displays the current known routes in a routing table on a system. Same command as route print but for Linux/MacOS

Netstat -b

Displays the executables involved in creating each connection or listening port on a host.

Netstat -o

Displays the process ID associated with each connection on a host

subnet

Each independent network in a TCP/IP internetwork.

Global System for Mobile

Early cellular telephone networking standard which relied on a type of time-division multiplexing; obsolete

Enhanced Data Rates for GSM Evolution

Early cellular telephone technology that used a SIM card and offered speeds up to 384 Kbps; obsolete

Code Division Multiple Access

Early cellular telephone technology that used spread-spectrum transmission (and no sim cards). Obsolete.

EoP

Ethernet over Power

HDMI Ethernet Channel

Ethernet-enabled HDMI ports that combine video, audio, and data on a single cable

802.3

Ethernet. Name coined by Xerox for the first standard of network cabling and protocols. Ethernet is based on a bus topology. The IEEE 802.3 subcommittee defines the current Ethernet specifications.

Synchronous Digital Hierarchy

European fiber carries standard equivalent to SONET.

Comité Consultatif International Téléphonique et Télégraphique

European standards body that established the V standards for modems.

FCS

Frame Check Sequence

568A color order

Green white, green, orange white, blue, blue white, Orange, Brown white, Brown (positions 1 to 8)

GPO

Group Policy Object

NTFS permissions

Groupings of what Microsoft calls special permissions that have names like Execute, Read, and Write, and that allow or disallow users certain access to files.

private IP addresses

Groups of IP addresses set aside for internal networks; Internet routers block these addresses, such as 10.x.x.x/8, 172.(16-31).x.x/16, and 192.168.(0-255).x/24

Areas

Groups of logically associated OSPF routers designed to maximize routing efficiency while keeping the amount of broadcast traffic well managed. These are assigned a 32-bit value that manifests as an integer between 0 and 4,294,967,295 or can take a form similar to an IP address, for example, "0.0.0.0."

HEC

HDMI Ethernet Channel

HMI

Human Machine Interface

Biometric

Human physical characteristic that can be measured and saved to be compared as authentication in granting the user access to a network or resource. Can include fingerprints, facial scans, retinal scans, voice recognition, and others.

HTML

Hypertext Markup Language

HTTP

Hypertext Transfer Protocol

HTTPS

Hypertext Transfer Protocol over SSL. Also called Hypertext Transfer Protocol Secure

Link Aggregation Control Protocol

IEEE specification of certain features and options to automate the negotiation, management, load balancing, and failure modes of aggregated ports. A Cisco protocol to bind multiple switch ports into a single, load-distributed channel.

IEEE 1394

IEEE standard for FireWire communication.

IEEE 802.3

IEEE subcommittee that defined the standards for CSMA/CD (a.k.a. Ethernet).

IEEE 802.2

IEEE subcommittee that defined the standards for Logical Link Control (LLC).

IEEE 802.14

IEEE subcommittee that defined the standards for cable modems.

IEEE 802.11

IEEE subcommittee that defined the standards for wireless.

IPAM

IP Address Management

MAC reservation

IP address assigned to a specific MAC address in a DHCP server

Classless

IPv4 addressing scheme that does not rely on the original class blocks, such as Class A, Class B, and Class C.

Neighbor Advertisement

IPv6 packet sent in response to a multicast neighbor solicitation packet

Neighbor Solicitation

IPv6 process of finding a MAC address of a local host, given its IPv6 address

Port triggering

Opening an alternative assigned port when the initial port is contacted (for example FTP).

Bluetooth Characteristics

Operates at the 2.4 GHz range, has a distance of 100 meters, and transfer speeds of 3 Mbps

OC

Optical Carrier

OTDR

Optical Time Domain Reflectometer

568B color order

Orange white, orange, green white, blue, blue white, green, brown white, brown

OUI

Organizationally unique identifier

OEM

Original Equipment Manufacturer

OFDM

Orthogonal Frequency Division Multiplexing

Trap

Out-of-tolerance condition in an SNMP managed device. A command for setting SNMP agents to automatically send a notification to an SNMP manager

Device saturation

Overworking WAPs by attaching too many devices to a single SSID

PAP

Password Authentication Protocol

66 block

Patch panel used in telephone networks; displaced by 110 blocks in networking.

PMTU

Path MTU Discovery

PON

Passive optical network

Neighbor Discovery Protocol

IPv6 protocol that enables hosts to configure automatically their own IPv6 addresses and get configuration information like routers and DNS servers

What is the purpose of IPv6 tunneling?

IPv6 tunnels are used to pass IPv6 traffic over IPv4 networks. They accomplish this by encapsulating IPv6 packets within IPv4 packets.

Router Solicitation

In IPv6, a query from a host to find routers and get information to configure itself.

tunnel broker

In IPv6, a service that creates the actual tunnel and (usually) offers a custom-made endpoint client for you to use, although more advanced users can often make a manual connection.

Network layer

Layer 3 of the OSI seven-layer model.

LAN

Local Area Network

LEC

Local Exchange Carrier

integrity

Network process that ensures data sent to a recipient is unchanged when it is received at the destination host.

Next-generation Firewall

Network protection device that functions at multiple layers of the OSI model to tackle traffic no traditional firewall can filter alone.

peripherals

Noncomputer devices on a network, for example, fax machines, printers, or scanners.

OSPF

Open Shortest Path First

OSI

Open Systems Interconnection

Cache-Only DNS Servers (Caching-Only DNS Servers)

DNS servers that do not have any forward lookup zones. They resolve names of systems on the Internet for the network, but are not responsible for telling other DNS servers the names of any clients.

fail open

Defines the condition of doors and locks in the event of an emergency, indicating that the doors should be open and unlocked.

fail close

Defines the condition of doors and locks in the event of an emergency, indicating that the doors should close and lock.

Triggering

Defines what sets off an alert. Exceeding some sort of threshold

D channel

Delta Channel

DMZ

Demilitarized Zone

DWDM

Dense Wavelength Division Multiplexing

SIP Trunking

Connecting PBX systems from multiple locations seamlessly over the Internet via virtual connections

link aggregation

Connecting multiple NICs in tandem to increase bandwidth in smaller increments.

NIC teaming

Connecting multiple NICs in tandem to increase bandwidth in smaller increments. Can also be used to provide high availability (if one NIC fails, the other will take over)

Console port

Connection jack in a switch used exclusively to connect a computer that will manage the switch. This is found on many different types of managed devices.

wireless access point

Connects wireless network nodes to wireless or wired networks. Many of these are combination devices that act as high-speed hubs, switches, bridges, and routers, all rolled into one.

class license

Contiguous chunk of IP addresses passed out by the Internet Assigned Numbers Authority (IANA).

Blocks

Contiguous ranges of IP addresses that are assigned to organizations and end users by IANA. Also called network blocks.

Corporate-owned business only

Deployment model where the corporation owns all the mobile devices issued to employees. Employees have a whitelist of preapproved applications they can install

DHCP lease

Created by the DHCP server to allow a system requesting DHCP IP information to use that information for a certain amount of time.

Multiple SSIDs

Creating multiple SSIDs (a permanent and a guest) as a security measure. This helps protect the permanent network and devices

smart card

Device (such as a credit card) that you insert into your PC or use on a door pad for authentication.

Smart device

Device (such as a credit card, USB key, etc.) that you insert into your PC in lieu of entering a password.

Temperature Monitor

Device for keeping a telecommunications room at an optimal temperature.

demultiplexer

Device that can extract and distribute individual streams of data that have been combined together to travel along a single shared network cable.

butt set

Device that can tap into a 66- or 110-punchdown block to see if a particular line is working. Used by technicians to install and test telephone lines.

power converter

Device that changes AC power to DC power.

Modem (Modulator-Demodulator)

Device that converts a digital bit stream into an analog signal (modulation) and converts incoming analog signals back into digital signals (demodulation). Most commonly used to interconnect telephone lines to computers.

cable stripper

Device that enables the creation of UTP cables.

proxy server

Device that fetches Internet resources for a client without exposing that client directly to the Internet. Usually accepts requests for HTTP, FTP, POP3, and SMTP resources. Often caches, or stores, a copy of the requested resource for later use.

Optical power meter

Device that measures light intensity of light pulses within or at the terminal ends of fiber-optic cables. Also called a light meter

Firewall

Device that restricts traffic between a local network and the Internet.

Environmental monitor

Device used in telecommunications rooms that keeps track of humidity, temperature, and more.

Wireless bridge

Device used to connect two wireless network segments together, or to join wireless and wired networks together in the same way that wired bridge devices do.

DSL filter

Devices that are commonly used to prevent interference from analog devices, such as telephones, that use the same line as DSL devices

Biometric devices

Devices that scan fingerprints, retinas, or even the sound of the user's voice to provide a foolproof replacement for both passwords and smart devices.

key fob

Small device that can be easily carried in a pocket or purse or attached to a key ring. This device is used to identify the person possessing it for the purpose of granting or denying access to resources such as electronic doors

Subscriber Identity Module (SIM) card

Small storage device used in cellular phones to identify the phone, enable access to the cellular network, and store information such as contacts.

snap-ins

Small utilities that can be used with the Microsoft Management Console.

SDN

Software Defined Networking

SNMP manager

Software and station that communicates with SNMP agents (aka managed devices) to monitor and manage management information base (MIB) objects.

SaaS

Software as a Service

Backdoor

Software code that gives access to a program or a service that circumvents normal security protections. A form of malware

emulator

Software or hardware that converts the commands to and from the host machine into an entirely different platform. For example, a program that enables you to run Nintendo games on your PC.

Anti-Malware Program

Software that attempts to block several types of threats to a client including viruses, Trojan horses, worms, and other unapproved software installation and execution.

Antivirus

Software that attempts to prevent viruses from installing or executing on a client. Some antivirus software may also attempt to remove the virus or eradicate the effects of a virus after an infection.

terminal emulation

Software that enables a PC to communicate with another computer or network as if it were a specific type of hardware terminal.

virtual PBX

Software that functionally replaces a physical PBX telephone system.

IP Address Management

Software that includes at a minimum a DHCP server and DNS server that are specially designed to work together to administer IP addresses for a network.

Freeware

Software that is distributed for free, with no license fee.

shareware

Software that is protected by copyright, but the copyright holder allows (encourages!) you to make and distribute copies, under the condition that those who adopt the software after preview pay a fee. Derivative works are not allowed, and you may make an archival copy.

Type 2 hypervisor

Software to manage virtual machines that is installed as an application on top of an operating system.

Lights-out Management

Special "computer within a computer" features built into better servers, designed to give you access to a server even when the server itself is shut off.

Bridge Protocol data Units

Special STP frames that allow switches to communicate with each other to prevent loops form happening

NAT translation table

Special database in a NAT router that stores destination IP addresses and ephemeral source ports from outgoing packets and compares them against returning packets.

mailbox

Special holding area on an e-mail server that separates out e-mail for each user.

Mailboxes

Special separate holding areas for each user's e-mail.

virtual switch

Special software that enables virtual machines (VMs) to communicate with each other without going outside of the host system.

network protocol

Special software that exists in every network-capable operating system that acts to create unique identifiers for each system. It also creates a set of communication rules for issues like how to handle data chopped up into multiple packets and how to deal with routers. TCP/IP is the dominant network protocol today.

SCADA

Supervisory Control and Data Acquisition

CAT 5 UTP

Supports speeds up to 100 Mbps up to 100 meters

CAT 5e UTP

Supports speeds up to 100 Mbps with two pairs and up to 1000 Mbps with four pairs up to 100 meters

CAT 3 UTP

Supports speeds up to 16 megabits per second.

CAT 4 UTP

Supports speeds up to 20 megabits per second.

CAT 2 UTP

Supports speeds up to 4 Mbps

subnetting

Taking a single class of IP addresses and chopping it into multiple smaller groups.

flood guard

Technology in modern switches that can detect and block excessive traffic

in-band management

Technology that enables managed devices such as a switch or router to be managed by any authorized host that is connected to that network.

broadband over power line

Technology that makes possible high-speed Internet access over ordinary residential electrical lines and offers an alternative to DSL or high-speed cable modems.

omnidirectional antenna

Technology that sends wireless signals in all directions equally (sphere).

TIA/EIA

Telecommunications Industry Association/Electronics Industries Association

Permanent Virtual Circuit

Telecommunications companies provide this service to companies requiring a dedicated VPN circuit between two sites that require communications that are always on.

dial-up lines

Telephone lines with telephone numbers; they must dial to make a connection, as opposed to a dedicated line.

TKIP

Temporal Key Integrity Protocol

Amplification

The aspect of a DOS attack that makes a server do a lot of processing and responding.

TCP segment

The connection-oriented payload of an IP packet. This works on the Transport layer (layer 3 of the TCP/IP model).

internal connections

The connections between computers in a network.

International export control

The control of information leaving a country. This can include military info, nuclear info, and license keys.

Archive

The creation and storage of retrievable copies of electronic data for legal and functional purposes.

V.92 standard

The current modem standard, which has a download speed of 57,600 bps and an upload speed of 48 Kbps. These modems have several interesting features, such as Quick Connect and Modem on Hold.

socket pairs/endpoints

The data each computer stores about the connection between two computers' TCP/IP applications

Attenuation

The degradation of signal over distance for a networking cable or radio waves.

LDAPS

The deprecated secure version of LDAP. Made obsolete by LDAP version 2

keypad

The device in which an alphanumeric code or password that is assigned to a specific individual for a particular asset can be entered.

transceiver

The device that transmits and receives signals on a cable.

View

The different displays found in Performance Monitor.

DS0

The digital signal rate created by converting an analog sound into 8-bit chunks 8000 times a second, with a data stream of 64 Kbps. This is the simplest data stream (and the slowest rate) of the digital part of the phone system.

PerfMon

Performance Monitor

PDoS

Permanent Denial of Service

PVC

Permanent Virtual Circuit

Allow

Permission for data or communication to pass through or to access a resource. Specific allowances through a firewall are called exceptions.

share permissions

Permissions that only control the access of other users on the network with whom you share your resource. They have no impact on you (or anyone else) sitting at the computer whose resource is being shared.

security guard

Person responsible for controlling access to physical resources such as buildings, secure rooms, and other physical assets.

PAN

Personal Area Network

change management team

Personnel who collect change requests, evaluate the change, work with decision makers for approval, plan and implement approved changes, and document the changes.

hardware appliance

Physical network device, typically a "box" that implements and runs software or firmware to perform one or a multitude of tasks. Could be a firewall, a switch, a router, a print server, or one of many other devices.

Please Do Not Throw Sausage Pizza Away

Physical, Data Link, Network, Transport, Session, Presentation, Application

PGP

Pretty Good Privacy

port forwarding

Preventing the passage of any IP packets through any ports other than the ones prescribed by the system administrator.

port blocking

Preventing the passage of any TCP segments or UDP datagrams through any ports other than the ones prescribed by the system administrator.

PRI

Primary Rate Interface

External Data Bus

Primary data highway of all computers. Everything in your computer is tied directly or indirectly to this.

PBX

Private Branch Exchange

Network Time Protocol

Protocol that gives the current time

Internet Group Management Protocol

Protocol that routers use to communicate with hosts to determine a "group" membership in order to determine which computers want to receive a multicast. Once a multicast has started, this is responsible for maintaining the multicast as well as terminating at completion. Works at the Internet layer of the TCP/IP model

Hypertext Transfer Protocol Secure

Protocol to transfer hypertext from a Web server to a client in a secure and encrypted fashion. Uses Transport Layer Security (TLS) rather than Secure Sockets Layer (SSL) to establish a secure communication connection between hosts. It then encrypts the hypertext before sending it from the Web server and decrypts it when it enters the client. Uses port 443

Server Message Block

Protocol used by Microsoft clients and servers to share file and print resources.

Lightweight Access Point Protocol

Protocol used in wireless networks that enables interoperability between thin and thick clients and WAPs.

network segmentation

Separating network assets through various means, such as with VLANs or with a DMZ, to protect against access by malicous actors

SMB

Server Message Block

Forward proxy server

Server that acts as middleman between clients and servers, making requests to network servers on behalf of clients. Results are sent to the middleman server, which then passes them to the original client. The network servers are isolated from (don't see) the clients by this.

SLA

Service Level Agreement

SSID

Service Set Identifier

SMTP

Simple Mail Transfer Protocol

SNMP

Simple Network Management Protocol

SNTP

Simple Network Time Protocol

Synchronous Transport Signal

Signal method used by SONET. It consists of the STS payload and the STS overhead. A number is appended to the end of STS to designate signal speed.

SMF

Single Mode Fiber

SFF

Small Form Factor

SFP

Small Form-factor Pluggable. Designed for small form-factor fiber connectors

Mean Time to Recovery

The estimated amount of time it takes to recover from a hardware component failure.

Packet drops

The measurement of the amount of packets that a device can't handle.

FIN

The message used by TCP to close a connection

Top-level domain names

Peak of the hierarchy for naming on the Internet; these include the .com, .org, .net, .edu, .gov, .mil, and .int names, as well as international country codes such as .us, .eu, etc.

first responder

The person or robot whose job is to react to the notification of a possible computer crime by determining the severity of the situation, collecting information, documenting findings and actions, and providing the information to the proper authorities.

Radio Frequency Interference

The phenomenon where a Wi-Fi signal is disrupted by a radio signal from another device.

Wired/Wireless Considerations

The planning of structured cabling, determining any wireless requirements, and planning access to the Internet when building or upgrading networks.

contingency planning

The process of creating documents that set out how to limit damage and recover quickly from an incident

data backup

The process of creating extra copies of data to be used in case the primary data source fails.

geofencing

The process of using a mobile device's built-in GPS capabilities and mobile networking capabilities to set geographical contraints on where the mobile device can be used

Social Engineering

The process of using or manipulating people inside the networking environment to gain access to that network from the outside.

maintenance window

The time it takes to implement and thoroughly test a network change.

crimper

The tool used to secure a crimp (or an RJ-45 connector) onto the end of a cable

Upload

The transfer of information from a user's system to a remote computer system. Opposite of download.

RF emanation

The transmission, intended or unintended, of radio frequencies. These transmissions may come from components that are intended to transmit RF, such as a Wi-Fi network card, or something less expected, such as a motherboard or keyboard. These emanations may be detected and intercepted, posing a potential threat to security.

amplified DOS attack

The type of DSO attack that sends a small amount of traffic to a server, which produces a much larger response from the server that is sent to a spoofed IP address, overwhelming a victim machine.

light leakage

The type of interference caused by bending a piece of fiber-optic cable past its maximum bend radius. Light bleeds through the cladding, causing signal distortion and loss.

802.3z

The umbrella IEEE standard for all versions of Gigabit Ethernet other than 1000BaseT.

Differentiated Services

The underlying architecture that makes quality of service (QoS) work

cleartext

The unencrypted form of data. Also known as plaintext

MAC-48

The unique 48-bit address assigned to a network interface card. This is also known as the MAC address or the EUI-48.

Unit

The unique height measurement used with equipment racks; one equals 1.75 inches

Change request items

There are five items found in a change request: type of change, configuration procedures, rollback procedure, potential impact, and notification.

Collision avoidance

This is the technique used by a network interface to recover from or prevent a collision.

Warchalking

This is the term that describes marking the details of a vulnerable wi-fi network on or near the premises of the network.

sudo ifconfig eth0 up

This is used on MacOS/Linux to renew the system's DHCP information

ipconfig /renew

This is used on Windows operating systems to renew the system's DHCP information

Throughput Tester

This is used to measure the data flow in a network

Change Log

This keeps track of what has been changed or updated over time.

Collision detection

This means that a station sending data can tell when another station transmits at the same time.

Multiple access

This means that when the station transmits, all stations on the segment will hear the transmission.

Wireless reflection

This occurs when radio waves from WAPs bounce off of environmental materials (like metal).

Stateless Autoconfiguration

This provides all the information a host needs to access the Internet from a router using IPv6. Provides an IPv6 address, subnet mask, default gateway, and DNS information.

Extensible Markup Language

This provides the basic format or markup language for everything from RSS feeds to Microsoft Office documents

Ticket-granting service

This reads ticket granting tickets, issues tokens based on timestamps, and the tokens are then used by clients to prove authorization

Logical documentation

This shows the VLANs, domains, as well as port and primary TCP/IP information

EAP-PSK

This uses a pre-shared key that everyone uses to log in. Most popular form of authentication used in wireless networks today.

TCP

Transmission Control Protocol

TCP/IP

Transmission Control Protocol/Internet Protocol

TSP

Tunnel Setup Protocol

TIC

Tunnel information and control

Autonomous System Number

Used by Autonomous System Border Gateway Protocol (the only exterior gateway protocol) routers to communicate with each other. Like big ISPs communicating between each other

domain users and groups

Users and groups that are defined across an entire network domain.

jumbo frames

Usually 9000 bytes long, though technically anything over 1500 bytes qualifies, these frames make large data transfer easier and more efficient than using the standard frame size.

plenum

Usually a space between a building's false ceiling and the floor above it. Most of the wiring for networks is located in this space. This is also a fire rating for network cabling.

Conflicting permissions

When a user does not get access to a needed resource because one of his groups has Deny permission to that resource

Improper access

When a user who shouldn't have access gains access through some means

tailgating

When an unauthorized person attempts to enter through an already opened door.

compatibility issue

When different pieces of hardware or software don't work together correctly.

Ping of Death

When malicious users send malformed ping packets to a destination

Remote access policy

Whatever policy you have in place as to who/when/how users can remotely access the internal network from outside the infrastructure. What type of VPN, how to authenticate, etc.

Banner grabbing

When a malicious user gains access to an open port and uses it to probe a host to gain information and access, as well as learn details about running services.

Cloud bursting

When a private cloud is not powerful enough to meet peak demand and an application grows into a public cloud instead of grinding to a halt

MTU black hole

When a router's firewall features block ICMP requests, making MTU worthless.

Generic Routing Encapsulation

When paired with IPsec this is used to make a point-to-point tunnel connection that carries all sorts of traffic over Layer 3, including multicast and IPv6 traffic

Local backup

When the backup medium is stored close to the computer. Convenient since the backup is nearby but can be destroyed by a local disaster.

file hashing

When the download provider hashes the contents of a file and publishes the resulting message digest

Bandwidth saturation

When the frequency of a band is filled to capacity due to the large number of devices using the same bandwidth.

Switching loop

When you connect multiple switches together in a circuit causing a loop to appear. Better switches use spanning tree protocol (STP) to prevent this.

Zigbee

Wireless home automation control standard. Works at the 2.4GHz range, has distance of 10 meters, and transfer speeds up to 250 Kbps

heat map

a graphical representation of the RF sources on the site (uses different colors to represent intensity of signal)

parabolic antenna

a high- gain reflector antenna (with a dish) used for radio, television, and data communications. A type of directional antenna.

Class of service

a prioritization value used to apply to services, ports, or whatever a quality of service (QoS) device might use.

Advanced Persistent Threat

a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments

Certificate Authority

a trusted third party, such as VeriSign, that validates user identities by means of digital certificates

terminating resistor

an electrical device that absorbs transmitted signals on a cable, preventing the signals from reflecting, deflecting, and distorting

IT

information technology

IFG

interframe gap

classful

obsolete IPv4 addressing scheme that relied on the original class blocks, such as Class A, Class B, and Class C

Server Message Block port

tcp 445

core

the central glass of the fiber-optic cable that carries the light signal

distributed switching

the centralized installation, configuration, and handling of every switch in a virtualized network

cipher lock

A door unlocking system that uses a door handle, a latch, and a sequence of mechanical push buttons.

LC

A duplex type of Small Form Factor (SFF) fiber connector, designed to accept two fiber cables.

Flow

A stream of packets from one specific place to another

Rivest Cipher 4

A streaming symmetric-key algorithm

bastion host

A strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) that can be directly accessed from networks on the other side of the firewall (from the Internet). Any machine directly exposed to the public Internet

Bit Error Rate Test

An end-to-end test that verifies a T-carrier connection

mantrap

An entryway with two successive locked doors and a small space between them providing one-way entry or exit. This is a security measure taken to prevent tailgating.

Network closet

An equipment room that holds servers, switches, routers, and other network gear.

Setup log

An event log that contains a record of installation events, such as installing a role or feature.

BRI

Basic Rate Interface

BSSID

Basic Service Set Identifier

packet

Basic component of communication over a network. Group of bits of fixed maximum size and well-defined format that is switched and transmitted as a single entity through a network. Contains source and destination address, data, and control information.

B channel

Bearer channel

Long Term Evolution

Better known as 4G, a wireless data standard with theoretical download speeds of 300 Mbps and upload speeds of 75 Mbps

Quad small form-factor pluggable

BiDi fiber-optic connector used in 40GBase networks

BERT

Bit Error Rate Test

BOOTP

Bootstrap Protocol

BGP-4

Border Gateway Protocol

horizontal cabling

Cabling that connects the equipment room to the work areas.

CAN

Campus Area Network

real-time video

Communication that offers both audio and video via unicast messages.

unified voice services

Complete, self-contained Internet services that rely on nothing more than software installed on computers and the computers' microphone/speakers to provide voice telecommunication over the Internet. All of the interconnections to the PSTN are handled in the cloud.

NetFlow collector

Component process of NetFlow that captures and saves data from a NetFlow-enabled device's cache for future NetFlow analysis.

file server

Computer designated to store software, courseware, administrative tools, and other data on a LAN or WAN. It "serves" this information to other computers via the network when users enter their personal access codes.

CIA triad

Confidentiality, Integrity, Availability

DAI

Dynamic ARP Inspection

DDNS

Dynamic DNS

DHCP

Dynamic Host Configuration Protocol

DLL

Dynamic Link Library

DMVPN

Dynamic Multipoint Virtual Private Network

DNAT

Dynamic Network Address Translation

Exim

E-mail server for every major platform; fast and efficient

EAP-FAST

EAP-Flexible Authentication via Secure Tunneling

Alerts

For notification is something goes bad

VoIP Gateway

Interface between a traditional switched telephone network and a VoIP provider

Electromagnetic interference

Interference from one device to another, resulting in poor performance in the device's capabilities. This is similar to having static on your TV while running a hair dryer, or placing two monitors too close together and getting a "shaky" screen

Transparent proxy

Intermediary systems that sit between a user and a content provider. When a user makes a request to a web server, this device intercepts the request to perform various actions including caching, redirection and authentication. Must be inline between the clients and Internet and doesn't require client configuration

IDF

Intermediate Distribution Frame

IS-IS

Intermediate System to Intermediate System

IANA

Internet Assigned Numbers Authority

IAS

Internet Authentication Service

ICMP

Internet Control Message Protocol

SNMP agent ports

Listen on UDP 161 and UDP 10161 (when using TLS for encryption)

SNMP manager ports

Listen on UDP 162 and UDP 10162 (when using TLS for encryption)

PoE

Power over Ethernet

RIR

Regional Internet Registry

RJ

Registered Jack

CAT 1 UTP

Regular analog phone lines, not used for data communications

Access port

Regular port in a switch that has been configured as part of a VLAN. Access ports are ports that hosts connect to. They are the opposite of a trunk port, which is only connected to a trunk port on another switch.

Client/server

Relationship in which client software obtains services from a server on behalf of a user.

metric

Relative value that defines the "cost" of using a particular route.

RAS

Remote Access Server

RAT

Remote Access Trojan

RADIUS

Remote Authentication Dial-In User Service

RCP

Remote Copy Protocol

RDP

Remote Desktop Protocol

RSH

Remote Shell

RTU

Remote Terminal Unit

Dedicated connections

Remote connections that are never disconnected

cloud/server-based anti-malware

Remote storage and access of software designed to protect against malicious software where it can be singularly updated.

cloud/server based

Remote storage and access of software, especially anti-malware software, where it can be singularly updated. This central storage allows users to access and run current versions of software easily, with the disadvantage of it not running automatically on the local client. The client must initiate access to and launching of the software.

Mobile Device Management

Remotely controls smart phones and tablets, ensuring data security. Used to control an entire device

Offsite backup

Removing a backup to a remote location. Less convenient as a local backup but less susceptible to local disasters

link segments

Segments that link other segments together, but are unpopulated or have no computers directly attached to them.

proximity reader

Sensor that detects and reads a token that comes within range. The polled information is used to determine the access level of the person carrying the token.

Ticket Granting Ticket

Sent by an Authentication Server in a Kerberos setup if a client's hash matches its own, signaling that the client is authenticated but not yet authorized.

honeynet

The network created by a honeypot in order to lure in hackers.

Usenet

The network of UNIX users, generally perceived as informal and made up of loosely coupled nodes, that exchanges mail and messages. Started by Duke University and UNC-Chapel Hill. An information cooperative linking around 16,000 computer sites and millions of people. Usenet provides a series of "news groups" analogous to online conferences.

Radius client

The network server that receives the connection request from the RADIUS supplicant and communicates with the RADIUS server.

VPN concentrator

The new endpoint of the local LAN in L2TP. Usually a dedicated device that can act as an endpoint for the network

next hop

The next router a packet should go to at any given point.

baud rate

The number of bauds per second, In the early days of telephone data transmission, the baud rate was often analogous to bits per second. Due to advanced modulation of baud cycles as well as data compression, this is no longer true.

Error rate

The number of malformed/broken/fractured packets or frames coming to/from a device.

IP address

The numeric address of a computer connected to a TCP/IP network, such as the Internet. IPv4 addresses are 32 bits long, written as four octets of 8-bit binary. IPv6 addresses are 128 bits long, written as eight sets of four hexadecimal characters. IP addresses must be matched with a valid subnet mask, which identifies the part of the IP address that is the network ID and the part that is the host ID.

Password Authentication Protocol

The oldest and most basic form of authentication and also the least safe because it sends all passwords in cleartext.

trunking

The process of transferring VLAN data between two or more switches.

VLAN

Virtual Local Area Network

VM

Virtual Machine

VMM

Virtual Machine Manager

VNC

Virtual Network Computing

Nonrepudiation

not being able to deny having sent a message

PCV

polyvinyl chloride

U

unit

UART

universal asynchronous receiver transmitter

Subminiature version A connector

A connector commonly used on wireless devices to use different types of antennas.

primary zone

A forward lookup zone that is managed within and by the authoritative DNS server.

Class C Address Range

192.0.0.0 - 223.255.255.255

10GBaseT

A 10 GbE standard designed to run on CAT 6a UTP cabling. Maximum cable length of 100 m. Can use cat6 but will only get up to 55 meters

10GBaseLR/10GBaseLW

A 10 GbE standard using 1310-nm single-mode fiber. Maximum cable length up to 10 km.

10GBaseER/10GBaseEW

A 10 GbE standard using 1550-nm single-mode fiber. Maximum cable length up to 40 km.

10GBaseSR/10GBaseSW

A 10 GbE standard using 850-nm multimode fiber. Maximum cable length up to 300 m.

BNC connector

A connector used for 10Base2 coaxial cable. All BNC connectors have to be locked into place by turning the locking ring 90 degrees.

Wireshark

A popular protocol analyzer integrated with a frame capture tool.

Virtual Trunking Protocol

A proprietary Cisco protocol used to automate the updating of multiple VLAN switches.

Troubleshooting theory steps

(1) Identify the problem, (2) establish a theory of probable cause, (3) test the theory, (4) establish a plan of action, (5) implement and test the solution, (6) verify system functionality, (7) document findings

IPv6 loopback address

0:0:0:0:0:0:0:1, also expressed as ::1

MB (megabyte)

1,048,576 bytes

Class A address range

1.0.0.0 - 126.255.255.255

gigabyte

1024 megabytes

Class B address range

128.0.0.0 - 191.255.255.255

OC-3

155.52 Mbps, STS-3 signal method

APIPA Address range

169.254.x.x

Class D IP address range

224.X.X.X. These are multicast addresses

Media Gateway Control Protocol ports

2427 and 2727 (both TCP and UDP)

PoE standard

802.3af

PoE+ standard

802.3at

CCMP-AES

A 128-bit block cipher used in the IEEE 802.11i standard. Means WPA2 for the exam

DB-25

A 25-pin, D-shaped subminiature connector, typically use in parallel and older serial port connections

Service Set Identifier

A 32-bit identification string, sometimes called a network name, that's inserted into the header of each data packet processed by a wireless access point.

Digital signal level 3

A 44.736-Mbps line from the telco, with 28 DS1 channels plus overhead

preamble

A 7-byte series of alternating ones and zeroes followed by a 1-byte start frame delimiter, always precedes a frame. This gives a receiving NIC time to realize a frame is coming and to know exactly where the frame starts.

DB-9

A 9-pin, D-shaped subminiature connector, often used in serial port connections.

topology change notification

A BPDU that enables switches to rework themselves around a failed interface or device. Helps switch blocked ports into a forwarding state allowing replacement links to come online

Small Form Factor Pluggable

A Cisco module that enables you to add additional features to its routers.

posture assessment

A Cisco process that queries a host to see if it meets certain security criteria before allowing it to connect to the network. The server decides whether to grant a connection, deny a connection, or redirect the connection depending on the security compliance invoked.

Hot Standby Router Protocol

A Cisco proprietary protocol used to take multiple routers and group them together into a single virtual router with a single virtual IP address that clients use as a default gateway. Used to provide high availability for routers.

Bridge Protocol Data Units Guard

A Cisco switch feature that listens for incoming STP BPDU messages, disabling the interface if any are received. The goal is to prevent loops when a switch connects to a port expected to only have a host connected to it.

Port Aggregation Protocol

A Cisco-proprietary protocol that accomplishes port bonding (aka port aggregation).

Security type mismatch

A CompTIA term that means connecting manually to a wireless network with the wrong encryption type or automatically accessing a particular SSID and entering the wrong passphrase

DNS forwarding

A DNS server configuration that sends DNS requests to another DNS server.

Interior DNS

A DNS server that is not registered with the Internet and is used for local domains

reverse lookup zone

A DNS setting that resolves IP addresses to FQDNs. In other words, it does exactly the reverse of what DNS normally accomplishes using forward lookup zones.

Event Viewer

A GUI application that allows users to easily view and sort events recorded in the event log on a computer running a Windows-based operating system.

1000BaseT

A Gigabit Ethernet standard using CAT 5e/6 UTP cabling, with a 100-m maximum cable distance.

1000BaseSX

A Gigabit Ethernet standard using multimode fiber cabling, with a 220- to 500-m maximum cable distance.

1000BaseLX

A Gigabit Ethernet standard using single-mode fiber cabling, with a 5-km maximum cable distance.

1000BaseCX

A Gigabit Ethernet standard using unique copper cabling (twinax), with a 25-m maximum cable distance.

Traceroute

A Linux command-line utility used to follow the path a packet takes between two hosts (through a router).

domain controller

A Microsoft Windows Server system specifically configured to store user and server account information for its domain. Often abbreviated as "DC." These store all account and security information in the Active Directory directory service.

Net share

A Microsoft Windows command that manages shared resources. Can be used to share local resources with other systems

NetBIOS over TCP/IP

A Microsoft-created protocol that enables NetBIOS naming information to be transported over TCP/IP networks. The result is that Microsoft naming services can operate on a TCP/IP network without the need for DNS services.

Remote Desktop Protocol

A Microsoft-created remote terminal protocol

Microsoft Baseline Security Analyzer

A Microsoft-designed tool to test individual Windows-based PCs for vulnerabilities.

Teredo

A NAT-traversal IPv6 tunneling protocol, built into Microsoft Windows.

Secure Sockets Layer

A Protocol developed by Netscape for securely transmitting documents over the Internet. This worked by using a public key to encrypt sensitive data. This encrypted data was sent over this type of connection and then decrypted at the receiving end using a private key. Deprecated in favor of TLS.

American Registry for Internet Numbers

A Regional Internet Registry (RIR) that parcels out IP addresses to large internet service providers (ISPs) and major corporations in North America.

Captive Portal

A Wi-Fi network implementation used in some public facilities that directs attempts to connect to the network to an internal Web page for that facility; generally used to force terms of service on users

Network File System

A TCP/IP file system-sharing protocol that enables systems to treat files on a remote machine as though they were local files. This uses TCP port 2049, but many users choose alternative port numbers. Though still somewhat popular and heavily supported, this has been largely replaced by Samba/CIFS.

Domain Name System

A TCP/IP name resolution system that resolves host names to IP addresses, IP addresses to host names, and other bindings, like DNS servers and mails servers for a domain.

Internet Control Message Protocol

A TCP/IP protocol used to handle many low-level functions such as error reporting. These messages are usually request and response pairs such as echo requests and responses, router solicitations and responses, and traceroute requests and responses. There are also unsolicited "responses" (advertisements) which consist of single packets. These messages are connectionless. Works at the Internet layer (2) of the TCP/IP model and Network layer (3) of the OSI

rootkit

A Trojan horse that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools. Is used to escalate privileges on a host

Static VLAN

A VLAN that is manually configured port by port. This is the method typically used in production networks.

Layer 2 Tunneling Protocol

A VPN protocol developed by Cisco that can be run on almost any connection imaginable. This has no authentication or encryption but uses IPsec for all its security needs.

H.323

A VoIP standard that handles the initiation, setup, and delivery of VoIP sessions.

Thin Client

A WAP that can only be configured by a wireless controller

speed-test site

A Web site used to check an Internet connection's throughput.

WINS Proxy Agent

A Windows Internet Name Service (WINS) relay agent that forwards WINS broadcasts to a WINS server on the other side of a router to keep older systems from broadcasting in place of registering with the server.

NTLDR

A Windows NT/2000/XP/2003 boot file. Launched by the MBR or MFT, this looks at the BOOT.INI configuration file for any installed operating systems.

Net user

A Windows TCP/IP command used to display local user accounts

tracert

A Windows command-line utility used to follow the path a packet takes between two hosts (through a router) as well as how long it takes for each hop.

System Restore

A Windows utility that enables you to return your PC to a recent working configuration when something goes wrong. This returns your computer's system settings to the way they were the last time you remember your system working correctly—all without affecting your personal files or e-mail.

Zenmap

A Windows-based GUI version of nmap.

Secondary Lookup Zone

A backup lookup zone stored on another DNS server.

Independent Basic Service Set

A basic unit of organization in wireless networks formed by two or more wireless nodes communicating in ad hoc mode.

Ns (Nanosecond)

A billionth of a second. Light travels a little over 11 inches in 1 ns.

Advanced Encryption Standard

A block cipher created in the late 1990s that uses a 128-bit block size and a 128-, 192-, or 256-bit key size. Practically uncrackable. A form of symmetric encryption

cable modem

A bridge device that interconnects the cable company's DOCSIS service to the user's Ethernet network. In most locations, the cable modem is the demarc.

T1 crossover

A cable is used to connect two T1 CSU/DSU devices in a back-to-back configuration.

stranded core

A cable that uses a bundle of tiny wire strands to transmit signals. This is not quite as good a conductor as solid core, but it will stand up to substantial handling without breaking.

solid core

A cable that uses a single solid wire to transmit signals.

Shielded Twisted Pair

A cabling for networks composed of pairs of wires twisted around each other at specific intervals. The twists serve to reduce interference (also called crosstalk). The more twists, the less interference. The cable has metallic shielding to protect the wires from external interference.

DNS resolver cache

A cache used by Windows DNS clients to keep track of DNS information.

Badge

A card-shaped device used for authentication; something you have, a possession factor.

telecommunications room

A central location for computer or telephone equipment and, most importantly, centralized cabling. All cables usually run to the telecommunications room from the rest of the installation.

Industrial Control Systems

A centralized controller where the local controllers of a distributed control system (DCS) meet in order for global changes to be made.

Network Operations Center

A centralized location for techs and administrators to manage all aspects of a network

Domain Keys Identified Mail

A certificate used to authenticate anyone attempting to use email as a legitimate user (a specialized txt record in DNS)

Infrastructure change

A change that has impacts of a smaller scale (like changing to a new software, or something that only impacts a single department). This type of change is handled by the change management team.

prompt

A character or message provided by an operating system or program to indicate that it is ready to accept input.

complete algorithm

A cipher and the methods used to implement that cipher.

dedicated circuit

A circuit that runs from a breaker box to specific outlets.

Access control list

A clearly defined list of permissions that specifies what actions an authenticated user may perform on a shared resource. Can also be used on firewalls to determine what's allowed in/out

supplicant

A client computer in a RADIUS network wanting to be authenticated.

documentation

A collection of organized documents or the information recorded in documents. Also, instructional material specifying the inputs, operations, and outputs of a computer program or system.

user profile

A collection of settings that corresponds to a specific user account and may follow the user, regardless of the computer at which he or she logs on. These settings enable the user to have customized environment and security settings.

Password Policy

A collection of settings to control password characteristics such as length, complexity, lockout rules, etc.

high availability

A collection of technologies and procedures that work together to keep an application available at all times. Redundancy and fault tolerance

network

A collection of two or more devices interconnected by telephone lines, coaxial cables, satellite links, radio, and/or some other communication technique.

socket

A combination of a port number and an IP address that uniquely identifies a connection. Also called an endpoint

Network firewall

A combination of hardware and software that filters traffic between private networks or between a private network and a public network, such as the Internet. Typically a dedicated box (sometimes called a hardware firewall)

Net view

A command that displays shared resources and other hosts that are within your workgroup

netstat -s

A command that displays statistics for each protocol that can be used to diagnose problems.

route

A command that enables a user to display and edit the local system's routing table.

ntpdc

A command that puts the NTP server into interactive mode in order to submit queries.

arp -a

A command that shows a systems ARP cache

ip a

A command to show DNS server information in Linux

ipconfig /all

A command to show DNS server information in Windows

Arping

A command used to discover hosts on a network, similar to ping, but that relies on ARP rather than ICMP. This command won't cross any routers, so it will only work within a broadcast domain.

Net use

A command used to map a network share to a drive letter. Can also connect or disconnect a computer from a shared resource or can display information about connections.

nslookup

A command used to see default DNS server information

Net start

A command used to start a network service or list running network services on a system

Net stop

A command used to stop a network service running on a system

Net accounts

A command used to update the user accounts database and modifies password and logon requirements for all accounts

tcpdump

A command-line packet sniffing tool.

ifconfig

A command-line utility for Linux servers and workstations that displays the current TCP/IP configurations of the machine, similar to ipconfig for Windows systems. The newer command-line utility, ip, is replacing ifconfig on most systems.

ipconfig

A command-line utility for Windows that displays the current TCP/IP configuration of the machine; similar to macOS's ifconfig and UNIX/Linux's ip.

tracert -6 (also traceroute6)

A command-line utility that checks a path from the station running the command to a destination host. Adding the -6 switch to the command line specifies that the target host uses an IPv6 address. tracerout6 is a Linux command that performs a traceroute to an IPv6 addressed host.

ping -6

A command-line utility to check the up/down status of an IP addressed host. The "-6" switch included on the command line, using the Windows version of the ping, specifies that the host under test has an IPv6 address.

nbtstat

A command-line utility used to check the current NetBIOS name cache on a particular machine. The utility compares NetBIOS names to their corresponding IP addresses.

Virtual Local Area Network

A common feature among managed switches that enables a single switch to support multiple logical broadcast domains. Managed switches frequently take advantage of this feature.

multilink PPP

A communications protocol that logically joins multiple PPP connections, such as a modem connection, to aggregate the throughput of the links.

Local Exchange Carrier

A company that provides local telephone service to individual customers.

hot site

A complete backup facility to continue business operations. It is considered "hot" because it has all resources in place, including computers, network infrastructure, and current backups, so that operations can commence within hours after occupation. Most expensive backup site

Platform as a Service

A complete deployment and management system that gives programmers all the tools they need to administer and maintain a Web application.

Wireless Local Area Network

A complete wireless network network infrastructure serving a single physical locale under a single administration. No routers, only WAPs

Bootstrap Protocol

A component of TCP/IP that allows computers to discover and receive IP address from a DHCP server prior to booting the OS. Other items that may be discovered during this process are the IP address of the default gateway for the subnet and the IP addresses of any name servers.

buffer

A component of a fiber-optic cable that adds strength to the cable.

Host Bus Adapter

A component that connects a host to other devices in a storage network using fibre channel.

NetBIOS name

A computer name that identifies both the specific machine and the functions that machine performs. A NetBIOS name consists of 16 characters: the first 15 are an alphanumeric name, and the 16th is a special suffix that identifies the role the machine plays.

client

A computer program that uses the services of another computer program; software that extracts information from a server. Your autodial phone is a client, and the phone company is its server. Also, a machine that accesses shared resources on a server.

Programmable Logic Controller

A computer that controls a machine according to a set of ordered steps

server

A computer that shares its resources, such as printers and files, with other computers on the network.

name server

A computer whose job is to know the name of every other computer on the network.

split pair

A condition that occurs when signals on a pair of wires within a UTP cable interfere with the signals on another wire pair within that same cable.

hybrid cloud

A conglomeration of public and private cloud resources, connected to achieve some target result. There is no clear line that defines how much of this cloud infrastructure is private and how much is public.

remote terminal

A connection on a faraway computer that enables you to control that computer as if you were sitting in front of it and logged in. These programs all require a server and a client. The server is the computer to be controlled. The client is the computer from which you do the controlling.

VPN tunnel

A connection over the Internet between a client and a server; this enables the client to access remote resources as if they were local, securely.

persistent connection

A connection to a shared folder or drive that the computer immediately reconnects to at logon.

UDP datagram

A connectionless networking container used in UDP communication.

datagram

A connectionless transfer unit created with User Datagram Protocol designed for quick transfers over a packet-switched network.

reverse proxy server

A connectivity solution that gathers information from its associated servers and shares that information to clients. The clients don't know about the servers behind the scenes. This is the only machine with which they interact. Protects servers from nefarious clients

Zone

A container for a single domain that gets filled with records

user account

A container that identifies a user to the application, operating system, or network, including name, password, user name, groups to which the user belongs, and other information based on the user and the OS or NOS being used. Usually defines the rights and roles a user plays on a system.

Statement of work

A contract that defines the services, products, and time frames for the vendor to achieve.

Workgroup

A convenient method of organizing computers under Network/My Network Places in Windows operating systems.

Web of trust

A decentralized model used for sharing certificates without the need for a centralized CA. Requires a lot of maintenance

Network attached storage

A dedicated file server that has its own file system and typically uses hardware and software designed for serving and storing files. Runs over a standard network and shows up as normal shares on a network.

Local exchange

A defined grouping of individual phone circuits served by a single multiplexer

jitter

A delay in completing a transmission of all the frames in a message; caused by excessive machines on a network.

Small Form Factor

A description of later-generation, fiber-optic connectors designed to be much smaller than the first iterations of connectors.

Network interface

A device by which a system accesses a network. In most cases, this is a NIC or a modem.

cable tray

A device for organizing cable runs in a drop ceiling.

Universal Asynchronous Receiver Transmitter

A device inside a modem that takes the 8-bit-wide digital data and converts it into 1-bit-wide digital data and hands it to the modem for conversion to analog data. The process is reversed for incoming data.

DSL access multiplexer

A device located in a telephone company's central office that connects multiple customers to the Internet.

storage

A device or medium that can retain data for subsequent retrieval.

PoE injector

A device that adds power to an Ethernet cable so the cable can provide power to a device.

wireless range extender

A device that amplifies your wireless signal to get it out to parts of your location that are experiencing poor connectivity.

concentrator

A device that brings together at a common center connections to a particular kind of network (such as Ethernet) and implements that network internally.

Managed Switch

A device that can be assigned their own IP address to enable connection and configuration. VLANs can only be implemented through these devices

Satellite modem

A device that connects a computer to a satellite for purposes of accessing the Internet.

router

A device that connects separate networks and forwards a packet from one network to another based only on the network address for the protocol being used. Operates at Layer 3 (Network) of the OSI seven-layer model.

bridge

A device that connects two networks and passes traffic between them based only on the node address, so that traffic between nodes on one network does not appear on the other network. This device operates at Level 2 (Data Link layer) of the OSI seven-layer model.

DSL modem

A device that enables customers to connect to the Internet using a DSL connection.

Oscilloscope

A device that gives a graphical/visual representation of signal levels over a period of time.

media converter

A device that lets you interconnect different types of Ethernet cable.

demarc

A device that marks the dividing line of responsibility for the functioning of a network between internal users and upstream service providers. Aka demarcation point

multiplexer

A device that merges information from multiple input channels to a single output channel.

repeater

A device that takes all of the frames it receives on one Ethernet segment and re-creates them on another Ethernet segment. This allows for longer cables or more computers on a segment. These operate at Layer 1 (Physical) of the OSI seven-layer model. They do not check the integrity of the Layer 2 (Data Link) frame so they may repeat incorrectly formed frames. They were replaced in the early 1980s by bridges which perform frame integrity checking before repeating a frame.

Certified

A device that tests a cable to ensure that it can handle its rated amount of capacity

Channel service unit/digital service unit

A device that understands the Layer 1 details of serial links installed by a telco and how to use a serial cable to communicate with networking equipment such as routers.

line tester

A device used by technicians to check the integrity of telephone wiring. Can be used on a twisted-pair line to see if it is good, dead, or reverse wires, or if there is AC voltage on the line.

Service Level Agreement

A document between a customer and a service provider that defines the scope, quality, and terms of the service to be provided.

Memorandum of Understanding

A document that defines an agreement between two parties in situation where a legal contract is not appropriate.

Acceptable Use Policy

A document that defines what a person may and may not do on an organization's computers and networks. This defines ownership, web site access, and access times while on company assets

Forensics report

A document that describes the details of gathering, securing, transporting, and investigating evidence.

Multisource Agreement

A document that details the interoperability of network hardware from a variety of manufacturers.

hypertext

A document that has been marked up to enable a user to select words or pictures within the document, click them, and connect to further information. The basis of the World Wide Web.

physical network diagram

A document that shows all of the physical connections on a network. Cabling type, protocol, and speed are also listed for each connection.

logical network diagram

A document that shows the broadcast domains and individual IP addresses for all devices on the network. Only critical switches and routers are shown.

Wiring diagram

A document, also known as a wiring schematic, that usually consists of multiple pages and that shows the following: how the wires in a network connect to switches and other nodes, what types of cables are used, and how patch panels are configured. It usually includes details about each cable run. An example of physical documentation

Multiple In/Multiple Out

A feature of 802.11 WAPs that enables them to make multiple simultaneous connections.

group policy

A feature of Windows Active Directory that allows an administrator to apply policy settings to network users en masse.

tamper detection

A feature of modern server chasses that will log in the motherboard's nonvolatile RAM (NGRAM) if the chassis has been opened. The log will show chassis intrusion with a dat and time. Alternatively, the special stickers or zip ties that break when a device has been opened.

motion detection system

A feature of some video surveillance systems that starts and stops recordings based on actions caught by the camera(s).

InterVLAN Routing

A feature on advanced switches to provide routing between VLANs without using a physical router.

passive optical network

A fiber architecture that uses a single fiber to the neighborhood switch and then individual fiber runs to each final destination.

Capture file

A file in which the collected packets from a packet sniffer program are stored.

Dynamic Link Library

A file of executable functions or data that can be used by a Windows application. Typically provides one or more particular functions, and a program access the functions by creating links to it

NT File System

A file system for hard drives that enables object-level security, long filename support, compression, and encryption. Version 4.0 debuted with Windows NT 4.0. Later Windows versions continue to update this.

Unified Threat Management

A firewall that is also packaged with a collection of other processes and utilities to detect and prevent a wide variety of threats. These protections include intrusion detection systems, intrusion prevention systems, VPN portals, load balancers, and other threat mitigation apparatus.

virtual firewall

A firewall that is implemented in software within a virtual machine in cases where it would be difficult, costly, or impossible to install a traditional physical firewall

stateless firewall

A firewall that manages each incoming/outgoing packet as a stand-alone entity without regard to currently active connections. Uses pattern analysis and heuristics to decide which packets should be blocked

destination port

A fixed, predetermined number that defines the function or session type in a TCP/IP network.

deauthentication attack

A form of DOS attack that targets 802.11 Wi-Fi networks specifically by sending out a frame that kicks a wireless client off its current WAP connection. A rogue WAP nearby presents a stronger signal, which the client will prefer. The rogue WAP connects the client to the Internet and then proceeds to intercept communications to and from that client.

Typosquatting

A form of attack that relies on mistakes, such as typographical errors, made by Internet users when inputting information into a Web browser. Also known as URL hijacking

multifactor authentication

A form of authentication where a user must use two or more factors to prove his or her identity; for example, some sort of physical token that, when inserted, prompts for a password

Protocol Attack

A form of denial of service where a protocol is manipulated in a strange way to prevent a server from serving others.

Volume attack

A form of denial of service where a server is overwhelmed by a shear number of requests.

Application Attacks

A form of denial of service where an application stored on a server is prevented from responding to requests in a timely fashion.

Active Directory

A form of directory service used in networks with Windows servers. Creates an organization of related computers that share one or more Windows domains. Used primarily for local area networks

Change request

A formal or informal document suggesting a modification to some aspect of the network or computing environment.

primary lookup zone

A forward lookup zone stored in a text file.

broadcast

A frame or packet addressed to all machines, almost always limited to a broadcast domain.

normal backup

A full backup of every selected file on a system. This type of backup turns off the archive bit after the backup.

Asymmetric Digital Subscriber Line

A fully digital, dedicated connection to the telephone system that provides download speeds of up to 9 Mbps and upload speeds of up to 1 Mbps.

workstation

A general-purpose computer that is small enough and inexpensive enough to reside at a person's work area for his or her exclusive use.

SRV record

A generic DNS record that supports any type of server

cable tester

A generic name for a device that tests cables. Some common tests are continuity, electrical shorts, crossed wires, or other electrical characteristics.

Wide Area Network

A geographically dispersed network created by linking various computers and LANs over long distances, generally using leased phone lines. Multiple broadcast domains that are interconnected

Category (CAT) Rating

A grade assigned to cable to help network installers get the right cable for the right network technology. CAT ratings are officially rated in megahertz (MHz), indicating the highest-frequency bandwidth the cable can handle.

RG-59

A grade of coaxial cable used for cable television and early cable modem Internet connections. This has a characteristic impedance of 75 ohms.

RG-6

A grade of coaxial cable used for cable television and modern cable modem Internet connections. This has a characteristic impedance of 75 ohms. Thicker than RG-59

RG-58

A grade of small-diameter coaxial cable used in 10Base2 Ethernet networks. This has a characteristic impedance of 50 ohms.

Local Area Network

A group of PCs connected together via cabling, radio, or infrared that use this connectivity to share resources such as printers and mass storage.

man in the middle

A hacking attack where a person inserts him- or herself into a conversation/session between two others, covertly intercepting traffic thought to be only between those other people.

edge device

A hardware device that has been optimized to perform a task in coordination with other edge devices and controllers

DNS tree

A hierarchy of DNS domains and individual computer names organized into a tree-like structure, the top of which is the root.

Digital Subscriber Line

A high-speed Internet connection technology that uses a regular telephone line for connectivity. This comes in several varieties, including asymmetric and symmetric, and many speeds. Typical home-user connections are asymmetric with a download speed up to 9 Mbps and an upload speed of up to 1 Kbps.

fiber-optic cable

A high-speed physical medium for transmitting data that uses light rather than electricity to transmit data and is made of high-purity glass fibers sealed within a flexible opaque tube. Much faster than conventional copper wire.

Network map

A highly detailed illustration of a network, down to the individual computers. A network map will show IP addresses, ports, protocols, and more.

star-bus topology

A hybrid of the star and bus topologies that uses a physical star, where all nodes connect to a single wiring point such as a hub and a logical bus that maintains the Ethernet standards. One benefit of this is fault tolerance.

Structured Query Language

A language created by IBM that relies on simple English statements to perform database queries. This enables databases from different manufacturers to be queried using a standard syntax.

switch

A layer 2 (Data Link) multiport device that filters and forwards frames based on MAC addresses.

T1

A leased-line connection capable of carrying data at 1,54 mbps with 24 channels

T3 line

A leased-line connection capable of carrying data at 44.736 mbps with 672 channels

Modal Distortion

A light distortion problem unique to multimode fiber-optic cable. Does not effect single mode fiber

Collision light

A light on some older NICs that flickers when a network collision is detected.

Demilitarized Zone

A lightly protected or unprotected subnet positioned between an outer firewall and an organization's highly protected internal network. These are used mainly to host public address servers (such as Web servers).

Simple Network Time Protocol

A lightweight version of NTP

Record

A line in the zone data that maps a FQDN to an IP address

list of requirements

A list of all the things you'll need to do to set up your SOHO network, as well as the desired capabilities of the network.

routing table

A list of paths to various networks required by routers. This table can be built either manually or automatically.

cold site

A location that consists of a building, facilities, desks, toilets, parking, and everything that a business needs except computers. Cheapest backup site but takes weeks to bring online

system log

A log file that records issues dealing with the overall system, such as system services, device drivers, or configuration changes. Also called general logs

general logs

A log file that records issues dealing with the overall system, such as system services, device drivers, or configuration changes. Also called system logs

security log

A log that tracks anything that affects security, such as successful and failed logons and logoffs.

Adaptive Network Technology (Plus)

A low-speed, low-power networking technology; used in place of Bluetooth for connecting devices, such as smart phones and exercise machines. Works at the 2.4 GHz range, has a distance of 30 meters, and transfer speed of 20 Kbps.

Near Field Communication

A low-speed, short-range, networking technology designed for (among other things) small-value monetary transactions. Operates at 13.56 MHz, has a 4 cm range, and transfer speeds of 424 Kbps

dedicated server

A machine that does not use any client functions, only server functions.

ARP cache poisoning

A man-in-the-middle attack, where the attacker associates his MAC address with someone else's IP address (almost always the router), so all traffic will be sent to him first. The attacker sends out unsolicited ARPs, which can either be requests or replies.

Rack Diagrams

A map of what is physically installed in a rack.

polyvinyl chloride

A material used for the outside insulation and jacketing of most cables. Also a fire rating for a type of cable that has no significant fire protection.

hash

A mathematical function used in cryptography that is run on a string of binary digits of any length that results in a value of some fixed length. Not used for encryption. Used for data integrity checks

Cyclic Redundancy Check

A mathematical method used to check for errors in long streams of transmitted data with high accuracy.

Network Address Translation

A means of translating a system's IP address into another IP address before sending it out to a larger network. This manifests itself by a program that runs on a system or a router. A network using this provides the systems on the network with private IP addresses. The system running this software has two interfaces: one connected to the network and the other connected to the larger network. This program takes packets from the client systems bound for the larger network and translates their internal private IP addresses to its own public IP address, enabling many systems to share a single IP address.

latency

A measure of a signal's delay. When data stops moving for a moment due to a WAP unable to do the work

packet filtering

A mechanism that blocks any incoming or outgoing packet from a particular IP address or range of IP addresses. Also known as IP filtering. This controls access to IP-addressed devices.

Actuator

A mechanism that puts something into automatic action

document

A medium and the data recorded on it for human use; for example, a report sheet or book. BY extension, any record that has permanence and that can be read by a human or a machine

node

A member of a network or a point where one or more functional units interconnect transmission lines

Fully Meshed Topology

A mesh network where every node is directly connected to every other node.

unicast transmission

A message sent from one computer to a single other computer.

Equipment rack

A metal structure used in equipment rooms to secure network hardware devices and patch panels. Most are 19" wide. Devices designed to fit in these use a height measurement called units, or simply U.

Path MTU discovery

A method for determining the best MTU setting that works by adding a new feature called the "Don't Fragment (DF) flag" to the IP packet

port aggregation

A method for joining two or more switch ports logically to increase bandwidth

Anycast

A method of addressing groups of computers as though they were a single computer. This starts by giving a number of computers (or clusters of computers) the same IP address. Advanced routers then send incoming packets to the closest of the computers.

inheritance

A method of assigning user permissions, in which folder permissions flow downward into subfolders.

IP filtering

A method of blocking packets based on IP addresses.

Point Coordination Function

A method of collision avoidance defined by the 802.11 standard but has yet to be implemented

daisy-chain

A method of connecting together several devices along a bus and managing the signals for each device.

public key cryptography

A method of encryption and decryption that uses two different keys: a public key for encryption and a private key for decryption.

Stateful Filtering/Stateful Inspection

A method of filtering in which all packets are examined as a stream. Stateful devices can do more than allow or block; they can track when a stream is disrupted or packets get corrupted and act accordingly.

Stateless Filtering/Stateless Inspection

A method of filtering where the device that does the filtering looks at each IP packet individually, checking the packet for IP addresses and port numbers and blocking or allowing accordingly.

MAC address filtering

A method of limiting access to a wireless network based on the physical addresses of wireless NICs.

encryption

A method of securing messages by scrambling and encoding each packets as it is sent across an unsecure medium, such as the Internet. Each encryption level provides multiple standards and options.

two-factor authentication

A method of security authentication that requires two separate means of authentication, for example, some sort of physical token that, when inserted, prompts for a password. Also called multifactor authentication.

Metro Ethernet

A metropolitan area network (MAN) based on the Ethernet standard.

promiscuous mode

A mode of operation for a NIC in which the NIC processes all frames that it sees on the cable.

chat

A multiparty, real-time text conversation. The Internet's most popular version is known as Internet Relay Chat (IRC), which many groups use to converse in real time with each other.

Transmit beamforming

A multiple-antenna technology in 802.11n WAPs that helps get rid of dead spots.

Windows Internet Name Service

A name resolution service that resolves NetBIOS names to IP addresses.

flat name space

A naming convention that gives each device only one name that must be unique. NetBIOS uses this. TCP/IP's DNS uses a hierarchical name space.

Hierarchical Name Space

A naming scheme where the full name of each object includes its position within the hierarchy. An example of this is www.totalseminars.com, which includes not only the host name, but also the domain name. DNS uses this scheme for fully qualified domain names (FQDNs).

Pointer Record

A record that points IP addresses to host names

bridge loop

A negative situation in which bridging devices (usually switches) are installed in a loop configuration, causing frames to loop continuously. Switches using Spanning Tree Protocol (STP) prevent these by automatically turning off looping ports.

link status

A network analyzer report on how good the connection is between two systems

Virtual Private Network

A network configuration that enables a remote user to access a private network via the Internet. These employ an encryption methodology called tunneling, which protects the data from interception.

peer-to-peer

A network in which each machine can act as either a client or a server.

Server-based network

A network in which one or more systems function as dedicated file, print, or application servers, but do not function as clients.

Campus Area Network

A network installed in a medium-sized space spanning multiple buildings

broadcast domain

A network of computers that will hear each other's broadcasts. The older term collision domain is the same but rarely used today.

medianet

A network of far-flung routers and servers that provides sufficient bandwidth for video teleconferencing (VTC) via quality of service (QoS) and other tools.

Asynchronous Transfer Mode

A network technology that runs at speeds between 25 and 622 Mbps using fiber-optic cabling or Cat 5 or better UTP. A do it all network technology

guest network

A network that can contain or allow access to any resource that management deems acceptable to be used by insecure hosts that attach to the guest network.

logical topology

A network topology defined by signal paths as opposed to the physical layout of the cables.

Star Topology

A network topology in which all computers in the network connect to a central wiring point.

Ring Topology

A network topology in which all the computers on the network attach to a central ring of cable.

bus topology

A network topology that uses a single bus cable that connects all of the computers in line. These networks must be terminated to prevent signal reflection.

Nmap

A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner.

external connections

A network's connections to the winder Internet. Also a major concern when setting up a SOHO network.

security

A network's resilience against unwanted access or attack.

Java

A network-oriented programming language invented by Sun Microsystems (acquired by Oracle) and specifically designed for writing programs that can be safely downloaded to your computer through the Internet and immediately run without fear of viruses or other harm to our computer or files. Using these small programs (called "Applets"), Web pages can include functions such as animations, calculators, and other fancy tricks.

Automatic Private IP Addressing

A networking feature in operating systems that enables DHCP clients to self-configure an IP address and subnet mask automatically when a DHCP server isn't available.

session

A networking term used to refer to the logical stream of data flowing between two programs and being communicated over a network. Many different sessions may be emanating from any one node on a network.

network ID

A number used in IP networks to identify the network on which a device or machine exists.

patch panel

A panel containing a row of female connectors (ports) that terminate the horizontal cabling in the equipment room. Patch panels facilitate cabling organization and provide protection to horizontal cabling.

Unauthorized access

A person does something beyond his/her authority to do

lock

A physical device that prevents access to essential assets of an organization, such as servers, without a key

bridging loop

A physical wiring of a circuitous path between two or more switches, causing frames to loop continuously. Spanning Tree Protocol (STP) implemented in switches will discover and block looped paths.

Channel Service Unit/Data Service Unit

A piece of equipment that connect a T-carrier leased line from the telephone company to a customer's equipment (such as a router). It performs line encoding and conditioning functions, and it often has a loopback function for testing.

dead spot

A place that should be covered by the network signal but where devices get no signal.

Unshielded Twisted Pair

A popular cabling for telephone and networks composed of pairs of wires twisted around each other at specific intervals. The twists serve to reduce interference (also called crosstalk). The more twists, the less interference. The cable has no metallic shielding to protect the wires from external interference, unlike its cousin, STP. 10BaseT uses this; as do many other networking technologies. This is available in a variety of grades, called categories.

UNIX

A popular computer software operating system used on many Internet host systems.

Secure Hash Algorithm

A popular cryptographic hash

Message Digest algorithm (version 5)

A popular hashing function

Trunk port

A port on a switch configured to carry all VLAN data, regardless of VLAN number, between all switches in a LAN. These ports are used to connect switches to other switches

802.1X

A port-authentication network access control mechanism for networks.

channel

A portion of the wireless spectrum on which a particular wireless network operates. Setting the wireless networks to different channels enables separation of the networks.

vulnerability

A potential weakness in an infrastructure that a threat might exploit.

Counter

A predefined event that is recorded to a log file

Internal network

A private LAN, with a unique network ID, that resides behind a router.

intranet

A private TCP/IP network inside a company or organization.

VoIP PBX

A private branch exchange that uses VoIP instead of the traditional switched telephone circuites.

community cloud

A private cloud paid for and used by multiple similar organizations.

Private Branch Exchange

A private phone system used within an organization.

short message service alert

A proactive message regarding an out-of-tolerance condition of an SNMP managed device sent as an SMS text.

static routing

A process by which routers in an internetwork obtain information about paths to other routers. This information must be supplied manually.

Frequency Division Multiplexing

A process of keeping individual phone calls separate by adding a different frequency multiplier to each phone call, making it possible to separate phone calls by their unique frequency range.

site survey

A process that enables you to determine any obstacles to creating the wireless network you want.

Authentication

A process that proves good data traffic truly came from where it says it originated by verifying the sending and receiving users and computers.

roaming

A process where clients seamlessly change wireless access point (WAP) connections, depending on whichever WAP has the strongest signal covered by the broadcast area.

replication

A process where multiple computers might share complete copies of a database and constantly update each other

single sign-on

A process whereby a client performs a one-time login to a gateway system. That system, in turn, takes care of the client's authentication to any other connected systems for which the client is authorized to access.

virus

A program that can make a copy of itself without your necessarily being aware of it. All viruses carry some payload that may or may not do something malicious.

Telnet

A program that enables users on the Internet to log onto remote systems from their own host systems.

Adware

A program that monitors the types of Web sites you frequent and uses that information to generate targeted advertisements, usually pop-up windows.

port scanner

A program that probes ports on another system, logging the state of the scanned ports.

packet analyzer

A program that reads the capture files from packet sniffers and analyzes them based on monitoring needs.

interface monitor

A program that tracks the bandwidth and utilization of one or more interfaces on one or more devices in order to monitor traffic on a network.

Remote help

A program used to control the desktop of the user you are assisting

logical address

A programmable network address, unlike a physical address that is burned into ROM.

Lightweight Extensible Authentication Protocol

A proprietary EAP authentication used almost exclusively by CISCO wireless products. This is an interesting combination of MS-CHAP authentication between a wireless client and a RADIUS server.

Terminal Access Controller Access Control System Plus

A proprietary protocol developed by Cisco to support Authorization, Authentication, and Accounting (AAA) in a network with many routers and switches. It is similar to RADIUS in function, but uses TCP port 49 by default and separates AAA into different parts.

Address Resolution Protocol

A protocol in the TCP/IP suite used with the command-line utility of the same name to determine the MAC address that corresponds to a particular IP address. Resolves IP addresses to MAC addresses.

Extensible Authentication Protocol-Transport Layer Security

A protocol that defines the use of a RADIUS server as well as mutual authentication, requiring certificates on both the server and every client

Extensible Authentication Protocol-Tunneled Transport Layer Security

A protocol that defines the use of a RADIUS server, requiring only a single server-side certificate.

connectionless communication

A protocol that does not establish and verify a connection between the hosts before sending data; it just sends the data and hopes for the best. This is faster than connection-oriented protocols. UDP is an example of a connectionless protocol.

Dynamic DNS

A protocol that enables DNS servers to get automatic updates of IP addresses of computers in their forward lookup zones, mainly by talking to the local DHCP server.

Dynamic Host Configuration Protocol

A protocol that enables a DHCP server to set TCP/IP settings automatically for a DHCP client.

Point-to-Point Protocol

A protocol that enables a computer to connect to the Internet through a dial-in connection and to enjoy most of the benefits of a direct connection. This is considered to be superior to the Serial Line Internet Protocol (SLIP) because of its error detection and data compression features, which SLIP lacks, and the capability to use dynamic IP addresses.

Spanning Tree Protocol (STP)

A protocol that enables switches to detect and repair bridge loops automatically.

Internet Small Computer System Interface

A protocol that enables the SCSI command set to be transported over a TCP/IP network from a client to an iSCSI-based storage system. This is popular with storage area network (SAN) systems and is cheaper than fibre channel because it uses Ethernet.

Connection-Oriented Communication

A protocol that establishes a connection between two hosts before transmitting data and verifies receipt before closing the connection between the hosts. TCP is an example of a connection-oriented protocol.

Media Gateway Control Protocol

A protocol that is designed to be a complete VoIP or video presentation connection and session controller. This uses TCP ports 2427 and 2727.

Network Basic Input/Output System

A protocol that operates at the Session layer of the OSI seven-layer model. This protocol creates and manages connections based on the names of the computers involved.

Link Local Multicast Name Resolution

A protocol that serves the same function as a DNS server when a DNS server cannot be reached. It resolves names of devices connected collectively on a local network. Replaced NetBIOS depending on the version of Windows in use

Dynamic routing protocol

A protocol that supports the building of automatic routing tables, such as OSPF or RIP.

Trivial File Transfer Protocol

A protocol that transfers files between servers and clients. Unlike FTP, this requires no user login. Devices that need an operating system, but have no local hard disk (for example, diskless workstations and routers), often use this to download their operating systems. Uses UDP

Point-to-Point Tunneling Protocol

A protocol that works with PPP to provide a secure data link between computers using encryption.

User Datagram Protocol

A protocol used by some older applications, most prominently TFTP (Trivial FTP), to transfer files. These datagrams are both simpler and smaller than TCP segments, and they do most of the behind-the-scenes work in a TCP/IP network.

Common Address Redundancy Protocol

A protocol used to allow multiple hosts on the same network to share a set of IP addresses. This provides your network with redundancy.

Lightweight Directory Access Protocol

A protocol used to query and change a database used by the network. Runs on TCP port 389 by default.

Virtual Router Redundancy Protocol

A protocol used to take multiple routers and group them together into a single virtual router with a single virtual IP address that clients use as a default gateway. Used to provide high availability for routers.

Point-to-Point Protocol over Ethernet

A protocols that was originally designed to encapsulate PPP frames into Ethernet frames. Used by DSL providers to force customers to log into their DSL connections instead of simply connecting automatically.

certificate

A public encryption key signed with the digital signature from a trusted third party called a certificate authority (CA). This key serves to validate the identity of its holder when that person or company sends data to other parties.

Get (SNMP)

A query from an SNMP manager sent to the agent of a managed device for the status of a management information base (MIB) object.

monlist

A query that asks the NTP server about the traffic going on between itself and peers.

Frequency band

A range of frequencies that can be segmented into channels

Challenge Handshake Authentication Protocol

A remote access authentication protocol. It has the serving system challenge the remote client, which must provide an encrypted password.

SSH File Transfer Protocol

A replacement for FTP released after many of the inadequacies of SCP (such as the inability to see the files on the other computer) were discovered. A secure version of FTP designed to run over an SSH session.

Command

A request, typed from a terminal or embedded in a file, to perform an operation or to execute a particular program

Transport Layer Security

A robust update to SSL that works with almost any TCP application

Remote management

A router feature that allows configuration from a wireless client. A convenience that can be exploited by bad actors.

Multiprotocol Label Switching

A router feature that labels certain data to use a desired connection. It works with any type of packet switching (even Ethernet) to force certain types of data to use a certain path. Today's most common telephony packet switching technology

Aggregation

A router hierarchy in which every router underneath a higher router always uses a subnet of that router's existing routes.

DHCP relay

A router process that, when enabled, passes DHCP requests and responses across router interfaces. In common terms, DHCP communications can cross from one network to another within a router that has this enabled and configured.

DHCP issue limiting

A router security feature that only allows a certain number of IP addresses to be issued out via DHCP.

Client Isolation

A router security feature that prevents clients on the same SSID from seeing and connecting to each other.

MAC address clone

A router technique that helps cable modems not go down when you switch physical devices

gateway router

A router that acts as a default gateway in a TCP/IP network.

Forwarding Equivalence Class (FEC)

A set of packets that can be sent to the same place, such as a single broadcast domain of computers connected to a router

virtual router

A router that is implemented in software within a virtual machine. The scalability of a virtual machine makes it easy to add capacity to the router when it is needed. These are easily managed and are highly scalable without requiring the purchase of additional network hardware.

Router Advertisement

A router's response to a client's router solicitation, also sent at regular intervals, that gives the client information to configure itself (prefix, prefix length, and more).

F-connector

A screw-on connector used to terminate small-diameter coaxial cable such as RG-6 and RG-59 cables.

global unicast address

A second IPv6 address that every system needs in order to get on the Internet.

Backup Designated Router

A second router set to take over if the designated router fails.

HTTP over SSL

A secure form of HTTP in which hypertext is encrypted by Transport Layer Security (TLS) before being sent onto the network. It is commonly used for Internet business transactions or any time where a secure connection is required. The name reflects the predecessor technology to TLS called Secure Sockets Layer (SSL).

Principle of Least Privilege

A security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job.

Mandatory Access Control

A security model in which every resource is assigned a label that defines its security level. If the user lacks that security level, they do not get access

Authentication, Authorization, and Accounting

A security philosophy wherein a computer trying to connect to a network must first present some form of credential in order to be authenticated and then must have limitable permissions within the network. The authenticating server should also record session information about the client.

share level security

A security system in which each resource has a password assigned to it; access to the resource is based on knowing the password.

user-level security

A security system in which each user has an account, and access to resources is based on user identity.

Data Over Cable Service Interface Specification

A security technology used for filtering packets and maintaining customer privacy on cable Internet services

spoofing

A security threat where an attacker makes some data seem as though it came from somewhere else, such as sending an e-mail with someone else's e-mail address in the sender field. Faking IP or MAC addresses is a classic example

Closed Circuit Television

A self-contained, closed system in which video cameras feed their signal to specific, dedicated monitors and storage devices.

Fibre channel

A self-contained, high-speed storage environment with its own storage arrays, cables, protocols, and switches. This is critical part of storage area networks (SANs).

Frame Check Sequence

A sequence of bits placed in a frame that is used to check the primary data for errors.

Yost cable

A serial cable used to interface with a Cisco device for configuration. Also known as a rollover cable

password

A series of characters that enables a user to gain access to a file, a folder, a PC, or a program.

cipher

A series of complex and hard-to-reverse mathematics run on a string of ones and zeroes in order to make a new set of seemingly meaningless ones and zeroes.

OpenSSH

A series of secure programs developed by the OpenBSD organization to fix SSH's limitation of only being able to handle one session per tunnel.

Caching engine

A server dedicated to storing cache information on your network. These servers can reduce overall network traffic dramatically.

Storage Area Network

A server that can take a pool of hard disks and present them over the network as any number of logical disks. Provides block-level storage, runs on fibre channel,

Web server

A server that enables access to HTML documents by remote users.

Radius Server

A server that offers centralized authentication services to a network's access server, VPN server, or wireless access point via the RADIUS protocol. A AAA (authorization, authentication, and accounting) solution

Fractional T1 access

A service provided by many telephone companies wherein customers can purchase a number of individual channels in a T1 line in order to save money.

Extended Service Set Identifier

A service set identifier applied to an extended service set as a network naming convention. Multiple WAPs configured with a single SSID on the same broadcast domain

top-level domain servers

A set of DNS servers—just below the root servers—that handle the top-level domain names, such as .com, .org, .net, and so on.

program

A set of actions or instructions that a machine is capable of interpreting and executing. Used as a verb, it means to design, write, and test such instructions.

Transmission Control Protocol/Internet Protocol

A set of communication protocols developed by the U.S. Department of Defense that enables dissimilar computers to share information over a network.

change management documentation

A set of documents that defines procedures for changes to the network.

configuration management

A set of documents, policies, and procedures designed to help you maintain and update your network in a logical, orderly fashion.

non-discovery mode

A setting for Bluetooth devices that effectively hides them from other Bluetooth devices.

network share

A shared resource on a network.

Interframe gap

A short, predefined silence originally defined for CSMA/CD; also used in CSMA/CA. Also known as an interframe space (IFS).

bounce

A signal sent by one device taking many different paths to get to the receiving systems.

Session Initiation Protocol

A signaling protocol for controlling voice and video calls over IP. This competes with H.323 for VoIP dominance.

checksum

A simple error-detection method that adds a numerical value to each data packet, based on the number of data bits in the packet. The receiving node applies the same formula to the data and verifies that the numerical value is the same; if not, the data has been corrupted and must be re-sent.

Basic NAT

A simple form of NAT that translates a computer's private or internal IP address to a global IP address on a one-to-one basis.

manual tunnel

A simple point-to-point connection between two IPv6 networks. As a tunnel, it uses IPsec encryption.

UTP coupler

A simple, passive, double-ended connector with female connectors on both ends. These are used to connect two UTP cable segments together to achieve longer length when it is deemed unnecessary or inappropriate to use a single, long cable.

model

A simplified representation of a real object or process. In the case of networking, this represents logical tasks and subtasks that are required to perform network communication.

virtual IP

A single IP address shared by multiple systems. This is commonly the single IP address assigned to a home or organization that uses NAT to have multiple IP stations on the private side of the NAT router.

Zombie

A single computer under the control of an operator that is used in a botnet attack.

host

A single device (usually a computer) on a TCP/IP network that has an IP address; any device that can be the source or destination of a data packet. Also, a computer running multiple virtualized operating systems.

run

A single piece of installed horizontal cabling.

Network-Based Anti-Malware

A single source server that holds current anti-malware software. Multiple systems can access and run the software from that server. The single site makes the software easier to update and administer than anti-malware installed on individual systems.

Extended Service Set

A single wireless access point servicing a given area that has been extended by adding more access points

browser

A software program specifically designed to retrieve, interpret, and display Web pages

route aggregation

A solution used to optimize and decrease the size of a routing tables used by BGP

Syslog

A somewhat standardization of logging that works well with SNMP. Has a scale of 0-7 (extreme to just notification) rating system for events. Typically used in the Unix/Linux and MacOS world

cache

A special area of RAM that stores frequently accessed data. In a network there are a number of applications that take advantage of cache in some way.

worm

A special form of virus. Unlike other viruses, these do not infect other files on the computer. Instead, it replicates by making copies of itself on other systems on a network by taking advantage of security weaknesses in networking protocols.

Routing and Remote Access Service

A special remote access server program, originally only available on Windows Server, on which a PPTP endpoint is placed in Microsoft networks

loopback test

A special test often included in diagnostic software that sends data out of the NIC and checks to see if it comes back.

digital signal processor

A specialized microprocessor-like device that processes digital signals at the expense of other capabilities, much as the floating-point unit (FPU) is optimized for math functions. These are used in such specialized hardware as high-speed modems, multimedia sound cards, MIDI equipment, and real-time video capture and compression.

110-Punchdown Tool

A specialized tool for connecting UTP wires to a 110-block. Also called a 110-punchdown tool

punchdown tool

A specialized tool for connecting UTP wires to a 110-block. Also called a 110-punchdown tool

SPF record

A specialized txt record in DNS used to reduce spam

crossover cable

A specially terminated UTP cable used to interconnect routers or switches, or to connect network cards without a switch. Crossover cables reverse the sending and receiving wire pairs from one end to the other.

macro

A specially written application macro (collection of commands) that performs the same functions as a virus. These macros normally autostart when the application is run and then make copies of themselves, often propagating across networks.

DNS domain

A specific branch of the DNS name space. Top-level DNS domains include .com, .gov, and .edu.

Extension Mechanisms for DNS

A specification that expanded several parameter sizes but maintained backward compatibility with earlier DNS servers

bottleneck

A spot on a network where traffic slows precipitously.

Frequency Hopping Spread Spectrum

A spread-spectrum broadcasting method defined in the 802.11 standard that sends data on one frequency at a time, constantly shifting frequencies.

Direct Sequence Spread Spectrum

A spread-spectrum broadcasting method defined in the 802.11 standard that sends data out on different frequencies at the same time

Orthogonal Frequency Division Multiplexing

A spread-spectrum broadcasting method that combines the multiple frequencies of DSSS with FHSS's hopping capability.

Multipurpose Internet Mail Extensions

A standard for attaching binary files, such as executables and images, to the Internet's text-based mail (24-Kbps packet size).

Power over Ethernet

A standard that enables wireless access points (WAPs) to receive their power from the same Ethernet cables that transfer their data.

H.320

A standard that uses multiple ISDN channels to transport video teleconferencing (VTC) over a network.

LMHOSTS file

A static text file that resides on a computer and is used to resolve NetBIOS names to IP addresses. The LMHOSTS file is checked before the machine sends a name resolution request to a WINS name server. The LMHOSTS file has no extension.

Authorization

A step in the AAA philosophy during which a client's permissions are decided upon.

classless subnet

A subnet that does not fall into the common categories such as Class A, Class B, and Class C.

device driver

A subprogram to control communications between the computer and some peripheral hardware.

Virtual Private Cloud

A subset of a public cloud that has highly restricted, secure access (an Amazon term). Provides security, a legitimate public IP address, and a private network. Flexible, expandable, and can provide many types of services.

Caesar Cipher

A substitution cipher that shifts characters a certain number of positions in the alphabet

PortFast

A switch STP feature in which a port is placed in an STP forwarding state as soon as the interface comes up, bypassing the listening and learning states. This feature is meant for ports connected to end-user devices preventing TCN BPDUs from being sent out every time a PC is powered on and off.

Multilayer Switch

A switch that has functions that operate at multiple layers of the OSI seven-layer model.

Blowfish

A symmetric block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits. Not considered in the competition to be the AES.

Data Encryption Standard

A symmetric-key algorithm developed by the U.S. government in the 1970s and formerly in use in a variety of TCP/IP applications. It used a 64-bit block and a 56-bit key. Over time, the 56-bit key made it susceptible to brute-force attacks.

warm boot

A system restart performed after the system has been powered and operating. This clears and resets the memory, but does not stop and start the hard drive.

RADIUS server

A system that enables remote users to connect to a network service.

Supervisory Control and Data Acquisition

A system that has the basic components of a distributed control system (DCS), yet is designed for large-scale, distributed processes and functions with the idea that remote devices may or may not have ongoing communication with the central control.

Unified communication

A system that rolls many different network services into one. Instant messaging (IM), telephone service, and video conferencing are a few examples.

DNS server

A system that runs a special DNS server program.

Vulnerability Assessment

A systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm. Typically done inhouse using a special type of software and is usually credentialed

Source Address Table

A table stored by a switch, listing the MAC addresses and port of each connected device.

grandfather-father-son

A tape rotation strategy used in data backups

dedicated line

A telephone line that is an always open, or connected, circuit. Dedicated telephone lines usually do not have telephone numbers.

domain

A term used to describe a grouping of users, computers, and/or networks. In Microsoft networking, this is a group of computers and users that shares a common account database and a common security policy. For the Internet, this is a group of computers that shares a common element in their DNS hierarchical name.

connection

A term used to refer to communication between two computers.

Virtual network computing

A terminal emulation program

Secure Shell

A terminal emulation program that looks exactly like Telnet but encrypts the data. Has replaced Telnet on the Internet.

RG-8

A thick, rigid coaxial cable used in a 10Base5 network. Also called thicknet. Characterized by a 50-ohm impedance.

TCP three-way handshake

A three-packet conversation between TCP hosts to establish and start a data transfer session. The conversation begins with a SYN request by the initiator. The target responds with a SYN/ACK to the initiator. The initiator confirms receipt of the SYN/ACK with an ACK. Once this handshake is complete, data transfer can begin. This creates a TCP connection until it is closed using the FIN message or times out.

T connector

A three-sided, tubular connector found in 10Base2 Ethernet networking. The connector is in the shape of a T with the "arms" of the T ending with a female BNC connector and the "leg" having a male BNC connector. This is used to attach a BNC connector on a host between two cable segments.

Challenge-Response Authentication Mechanism-Message Digest 5

A tool for server authentication in SMTP servers.

multimeter

A tool for testing voltage (AC and DC), resistance, and continuity.

NAT64

A transition mechanism that embeds IPv4 packets into IPv6 packets for network traversal

Bring Your Own Device

A trend wherein users bring their own network-enabled devices to the work environment. These mobile devices must be easily and securely integrated and released from corporate network environments using on-boarding and off-boarding technologies. Lowest learning curve with high device/application management

Security Information and Event Management

A two-part process consisting of security event monitoring (SEM), which performs real-time monitoring of security events, and security information management (SIM), where the monitoring log files are reviewed and analyzed by automated and human interpreters. Aggregation and correlation are the two primary components of this

UDP flood

A type of DoS attack in which the attacker attempts to overwhelm the target system with UDP ping requests. Often the source IP address is spoofed, creating a DoS condition for the spoofed IP.

SYN Flood

A type of DoS where an attacker sends a large amount of SYN request packets to a server (while not waiting for a SYN/ACK response) in an attempt to deny service.

Bearer channel

A type of ISDN channel that carries data and voice information using standard DS0 channels at 64 Kbps.

Delta Channel

A type of ISDN line that transfers data at 16 Kbps

Primary Rate Interface

A type of ISDN that is actually just a full T1 line carrying 23 B channels

Static Network Address Translation

A type of Network Address Translation (NAT) that maps a single routable IP address to a single machine, allowing you to access that machine from outside the network. Similar to port forwarding

Remote Access Trojan

A type of Trojan horse that provides a "backdoor" into a computer for remote hackers to transmit files, snoop, run programs, and launch attacks on other computers

site-to-site

A type of VPN connection using two Cisco VPN concentrators to connect two separate LANs permanently. Connects two separate distant networks into one single network

client-to-site

A type of VPN connection where a single computer logs into a remote network and becomes, for all intents and purposes, a member of that network.

SSL VPN

A type of VPN that uses SSL encryption. Clients connect to the VPN server using a standard Web browser, with the traffic secured using SSL. The two most common types of SSL VPNs are SSL portal VPNs and SSL tunnel VPNs.

brute force

A type of attack wherein every permutation of some form of data is tried in an attempt to discover protected information. Most commonly used on password cracking.

Coaxial cable

A type of cable that contains a central conductor wire surrounded by an insulating material, which in turn is surrounded by a braided metal shield. The center wire and the braided metal shield share a common axis or centerline.

hotspot

A wireless access point that is connected to a cellular data network, typically 4G. The device can route Wi-Fi to and from the Internet. These can be permanent installations or portable. Many cellular telephones have the capability to become one of these.

thin AP

A wireless access point with minimal configuration tools installed. Instead, it is managed by a central controller. An administrator can manage a large number of then APs by logging into the central controller and performing management tasks on any thin APs from there.

Peer-to-peer mode

A wireless networking mode where each node is in direct contact with every other node in a decentralized free-for-all. This is similar to the mesh topology. Also called ad hoc mode

Ad hoc mode

A wireless networking mode where each node is in direct contact with every other node in a decentralized free-for-all. This is similar to the mesh topology. Also called peer-to-peer mode

Wi-Fi Protected Access

A wireless security protocol that addresses weaknesses and acts as an upgrade to WEP. This offers security enhancements such as dynamic encryption key generation (keys are issued on a per-user and per-session basis), an encryption key integrity-checking feature, user authentication through the industry-standard Extensible Authentication Protocol (EAP), and other advanced features that WEP lacks. Uses TKIP

Wired Equivalent Privacy

A wireless security protocol that uses a 64-bit encryption algorithm to scramble data packets. Used the RC4 streaming protocol. Weak initialization vectors caused this to be highly hackable.

802.16

A wireless standard (also known as WiMAX) with a range of up to 30 miles.

802.11i

A wireless standard that added security features. Created to mitigate the problems with WEP.

802.11ac

A wireless standard that operates at 5GHz, claims to provide wireless speeds of 1Gbps, uses MU-MIMO.

802.11a

A wireless standard that operates in the frequency range of 5 GHz, offers throughput of up to 54 Mbps, and uses OFDM.

ACL

Access Control List

ACS

Access Control Server

Carrier Sense Multiple Access with Collision Avoidance

Access method used only on wireless networks. Before hosts send out data, they first listen for traffic. If the network is free, they send out a signal that reserves a certain amount of time to make sure the network is free of other signals. If data is detected in the air, the hosts wait a random time period before trying again. If there are no other wireless signals, the data is sent out.

Block

Access that is denied to or from a resource. This may be implemented in a firewall, access control server, or other secure gateway.

FTP ports

Active FTP servers receive commands on TCP 21 and respond with data on TCP 20. TCP 21 only for passive

ANT+

Adaptive Network Technology (Plus)

Start of Authority (SOA) record

DNS record that defines the primary name server in charge of the forward lookup zone

ARP

Address Resolution Protocol

Area ID

Address assigned to routers in an OSPF network to prevent flooding beyond the routers in that particular network.

Mobile Application Management

Administers and delivers applications to corporate and personal smart phones and tablets. Used to control applications on a device

AES

Advanced Encryption Standard

APT

Advanced Persistent Threat

Time Domain Reflectometer

Advanced cable tester that tests the length of cables and their continuity or discontinuity, and identifies the location of any discontinuity due to a bend, break, unwanted crimp, and so on.

Application/context aware

Advanced feature of some stateful firewalls where the content of the data is inspected to ensure it comes from, or is destined for, an appropriate application. These firewalls look both deeply and more broadly to ensure that the data content and other aspects of the packet are appropriate to the data transfer being conducted. Packets that fall outside these criteria are denied by the firewall.

content switch

Advanced networking device that works at least at Layer 7 (Application layer) and hides servers behind a single IP. Called a content filter network appliance on the exam.

heating, ventilation, and air conditioning

All of the equipment involved in heating and cooling the environments within a facility. These items include boilers, furnaces, air conditioners and ducts, plenums, and air passages.

internal threats

All the things that a network's own users do to create problems on the network. Examples include accidental deletion of files, accidental damage to hardware devices or cabling, and abuse of rights and permissions.

Access control

All-encompassing term that defines the degree of permission granted to use a particular resource. That resource may be anything from a switch port to a particular file to a physical door within a building.

mixed mode

Also called high-throughput, or 802.11a-ht/802.11g-ht, one of three modes used with 802.11n wireless networks wherein the wireless access point (WAP) sends special packets that support older standards yet can also improve the speed of those standards via 802.

Internet Connection Sharing

Also known as Internet sharing, the technique of enabling more than one computer to access the Internet simultaneously using a single Internet connection. When you use Internet sharing, you connect an entire LAN to the Internet using a single public IP address.

110 block

Also known as a 110-punchdown block, a connection gridwork used to link UTP and STP cables behind an RJ-45 patch panel.

Type 1 hypervisor

Also known as a bare metal hypervisor it is a software program that acts as an operating system and also provides the ability to perform virtualization of other operating systems using the same computer.

Layer 3 switch

Also known as a router, filters and forwards data packets based on the IP addresses of the sending and receiving machines.

bare metal hypervisor

Also known as a type 1 hypervisor it is a software program that acts as an operating system and also provides the ability to perform virtualization of other operating systems using the same computer.

Unsecure protocol

Also known as an insecure protocol, transfers data between hosts in an unencrypted, clear text format. If the packets are intercepted between the communicating hosts, their data is completely exposed and readable.

Carrier sense

Also known as carrier detect, is the test that a NIC performs before transmitting on a network medium.

e-mail server

Also known as mail server, a server that accepts incoming e-mail, sorts the e-mail for recipients into mailboxes, and sends e-mail to other servers using SMTP.

public switched telephone network

Also known as plain old telephone service (POTS), the most common type of phone connection, which takes your sounds, translated into an analog waveform by the microphone, and transmits them to another phone

ARIN

American Registry for Internet Numbers

FireWire

An IEEE 1394 standard to send wide-band signals over a thin connector system that plugs into TVs, VCRs, TV cameras, PCs, and so forth. This serial bus developed by Apple and Texas Instruments enables connection of 60 devices at speeds ranging from 100 to 800 Mbps.

Remote Authentication Dial-In User Service

An AAA standard created to support ISPs with hundreds if not thousands of modems in hundreds of computers to connect to a single central database. This consists of three devices: the server that has access to a database of user names and passwords, a number of network access servers (NASs) that control the modems, and a group of systems that dial into the network.

Hypertext Markup Language

An ASCII-based script-like language for creating hypertext documents like those on the World Wide Web.

Synchronous Optical Network

An American fiber carrier standard for connecting fiber-optic transmission systems. This was proposed in the mid-1980s and is now an ANSI standard. This defines interface standards at Layer 1 (Physical) of the OSI seven-layer model.

10BaseT

An Ethernet LAN designed to run on UTP cabling. Runs at 10 Mbps and uses baseband signaling. Maximum length for the cabling between the NIC and the hub (or the switch, the repeater, and so forth) is 100 m. No more than 1024 nodes per hub/switch. Ran on cat3 or better

100BaseT4

An Ethernet LAN designed to run on UTP cabling. Runs at 100 Mbps up to 1oo meters and uses four-pair CAT 3 or better cabling. Made obsolete by 100BaseT. 1024 nodes per hub.

100BaseT

An Ethernet LAN designed to run on UTP cabling. Runs at 100 Mbps, uses baseband signaling, and uses two pairs of wires on CAT 5 or better cabling.

100BaseFX

An Ethernet LAN designed to run on fiber-optic cabling. Runs at 100 Mbps and uses baseband signaling. Maximum cable length is 400 m for half-duplex and 2 km for full-duplex. 1024 nodes per hub and multimode

prefix delegation

An IPv6 router configuration that enables it to request an IPv6 address block from an upstream source, then to disseminate it to local clients.

Intra-Site Automatic Tunnel Addressing Protocol

An IPv6 tunneling protocol that adds the IPv4 address to an IPv6 prefix.

6to4

An IPv6 tunneling protocol that doesn't require a tunnel broker. It is generally used to directly connect two routers because it normally requires a public IPv4 address. Deprecated protocol that enabled Ipv6 traffic over the IPv4 Internet

6in4

An IPv6 tunneling standard that can go through IPv4 Network Address Translation (NAT).

link light

An LED on NICs, hubs, and switches that lights up to show good connection between the devices. Called the network connection LED status indicator on the Network+ exam

Activity light

An LED on a NIC, hub, or switch that blinks rapidly to show data transfers over the network.

Label Edge Routers (LERs)

An MPLS router that has the job of adding MPLS labels to incoming packets that do not yet have a label; and stripping labels off outgoing packets

physical address

An address burned into a ROM chip on a NIC. A MAC address is an example of this type of address.

Uniform Resource Locator

An address that defines the type and the location of a resource on the Internet. These are used in almost every TCP/IP application.

content filter

An advanced networking device that implements content filtering, enabling administrators to filter traffic based on specific signatures or keywords (such as profane language).

protocol

An agreement that governs the procedures used to exchange information between cooperating entities; usually includes how much information is to be sent, how often it is sent, how to recover from transmission errors, and who is to receive the information

Internet Message Access Protocol version 4

An alternative to POP3. Currently in its fourth revision, this retrieves e-mail from an e-mail server like POP3, but has a number of features that make it a more popular e-mail too. This supports users creating folders on the e-mail server, for example, and allows multiple clients to access a single mailbox. This uses TCP port 143. Unencrypted

unidirectional antenna

An antenna that focuses all of its transmission energy in a single, relatively narrow direction. Similarly, its design limits its ability to receive signals that are not aligned with the focused direction.

Yagi antenna

An antenna that focuses its signal more towards a specific direction. A type of directional antenna. Also called a beam antenna

Beam antenna

An antenna that focuses its signal more towards a specific direction. A type of directional antenna. Also called a yagi antenna

directional antenna

An antenna that focuses its signal more towards a specific direction; as compared to an omnidirectional antenna that radiates its signal in all directions equally. The equivalent of a yagi antenna.

Intrusion Detection System/intrusion prevention system

An application (often running on a dedicated IDS box) that inspects incoming packets, looking for active intrusions. The difference between an IDS and an IPS is that an IPS can react to stop an attack. An IDS just sends a notification to an administrator that something is happening

Slow Loris Attack

An application attack focused on old versions of Apache. The malicious system starts conversations with the server and then never responds to the server's reply.

Samba

An application that enables UNIX systems to communicate using Server Message Blocks (SMBs). This, in turn, enables them to act as Microsoft clients and servers on the network.

Client/server application

An application that performs some or all of its processing on an application server rather than on the client. The client usually only receives the result of the processing.

cost

An arbitrary metric value assigned to a network route with OSFP-capable routers

Open Systems Interconnection (OSI) seven-layer model

An architecture model based on the OSI protocol suite, which defines and standardizes the flow of data between computers. A prescriptive model

TCP/IP model

An architecture model based on the TCP/IP protocol suite, which defines and standardizes the flow of data between computers. A descriptive model

honeypot

An area of a network that an administrator sets up for the express purpose of attracting a computer hacker. If a hacker takes the bait, the network's important resources are unharmed and network personnel can analyze the attack to predict and protect against future attacks, making the network more secure.

just a bunch of disks

An array of hard drives that are simply connected with no RAID implementations

private key

An asymmetric encryption key that does have to be protected and is used for decrypting.

public key

An asymmetric encryption key that does not have to be protected and is used for encrypting

Downgrade Attack

An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode that an attacker can exploit.

amplification attack

An attack instigated using small, simple requests that trigger very large responses from the target. DNS, NTP, ICMP, and SNMP lend themselves to being used in these kinds of attacks. Smurf attacks are a classic example of this

DNS cache poisoning

An attack that adds or changes information in a DNS server to point host names to incorrect IP addresses, under the attacker's control. When a client requests and IP address from this DNS server for a Web site, the poisoned server hands out an IP address of an attacker, not the legitimate site. When the client subsequently visits the attacker site, malware is installed.

Domain Hijacking

An attack that changes the registration of a domain name without permission from the owner. Usually used to extort the original domain owner by putting offensive things on the website

Permanent Denial of Service

An attack that damages a targeted machine, such as a router or server, and renders that machine inoperable.

denial of service attack

An attack that floods a networked server with so many requests that it becomes overwhelmed and ceases functioning.

Protected Extensible Authentication Protocol

An authentication protocol that uses a username and password function based on MS-CHAPv2 with the addition of an encrypted TLS tunnel similar to EAP-TLS.

Kerberos

An authentication standard designed to allow different operating systems and applications to authenticate each other. Relies heavily on timestamps and is used on wired networks

Domain Name System Security Extensions

An authorization and integrity protocol designed to prevent bad actors from impersonating legitimate DNS servers. Implemented through extension mechanisms for DNS (EDNS)

penetration test

An authorized attempt by either an internal audit team or an external security consulting firm to break into the organization's information system. Typically uncredentialled

penetration testing (pentesting)

An authorized, network hacking process that will identify real-world weaknesses in network security and document the findings.

Pretty Good Privacy

An e-mail security that uses public key encryption, employs a web of trust. A form of asymmetric encryption

bridged connection

An early type of DSL connection that made the DSL line function the same as if you snapped an Ethernet cable into your NIC.

denial of service

An effort to prevent users from gaining normal use of a resource.

hub

An electronic device that sits at the center of a star topology network, providing a common point for the connection of network devices. In a 10BaseT Ethernet network, this contains the electronic equivalent of a properly terminated bus cable. These are rare today and have been replaced by switches. Basically a multiport repeater

digital signature

An encrypted hash of a private encryption key that verifies a sender's identity to those who receive encrypted data or messages.

tunnel

An encrypted link between two programs on two separate computers.

Block ciper

An encryption algorithm in which data is encrypted in "chunks" of a certain length at a time. Popular in wired networks.

Asymmetric-Key Algorithm

An encryption method in which the key used to encrypt a message and the key used to decrypt it are different, or asymmetrical.

stream cipher

An encryption method that encrypts a single bit at a time. Popular when data comes in long streams (such as with older wireless networks or cell phones).

Border Gateway Protocol

An exterior gateway routing protocol that enables groups of routers to share routing information so that efficient, loop-free routes can be established. Is a hybrid in that this protocol has aspects of both distance vector and link state protocols. The primary routing protocol for the Internet

iSCSI target

An external iSCSI storage device that hosts one or more hard disks.

Frame Relay

An extremely efficient data transmission technique used to send digital information such as voice, data, LAN, and WAN traffic quickly and cost-efficiently to many destinations from one port.

network diagram

An illustration that shows devices on a network and how they connect.

RSA (Rivest, Shamir, Adleman)

An improved asymmetric cryptography algorithm that enables secure digital signatures.

Rapid Spanning Tree Protocol

An improvement over STP and is based on the IEEE standard 802.1w. 802.1w has the advantage of faster convergence over the original STP

host ID

An individual computer name in the DNS naming convention

Internet Service Provider

An institution that provides access to the Internet in some form, usually for a fee.

Open Shortest Path First

An interior gateway routing protocol developed for IP networks based on the shortest path first or link state algorithm. Converges very quickly

Open Systems Interconnection

An international standard suite of protocols defined by the International Organization for Standardization (ISO) that implements the OSI seven-layer model for network communications between computers.

hop count

An older metric used by RIP routers. The number of routers that a packet must cross to get from a router to a given network. These were tracked and entered into the routing table within a router so the router could decide which interface was the best one to forward a packet.

Internet Relay Chat

An online group discussion. Also called chat

Backup generator

An onsite generator that provides electricity if the power utility fails.

Apache HTTP Server

An open source HTTP server program that runs on a wide variety of operating systems.

Miredo

An open source implementation of Teredo for Linux and some other UNIX-based systems. It is a NAT-traversal IPv6 tunneling protocol.

Aircrack-ng

An open source tool for penetration testing many aspects of wireless networks.

Dense Wavelength Division Multiplexing

An optical multiplexing technology in which a large number of optical signals of different optical wavelength could be combined to travel over relatively long fiber cables

Coarse Wavelength Division Multiplexing

An optical multiplexing technology in which few signals of different optical wavelength could be combined to travel a fairly short distance.

light meter

An optical power meter used by technicians to measure the amount of light lost through light leakage in a fiber cable.

A records

DNS records that map host names to their IPv4 addresses.

SNMP Community

An organization of SNMP agents/managed devices

10Base5

An outdated Ethernet standard that operates at 10 Mbps, is baseband, uses thick RG-8 coaxial cable up to 500 meters long. Used in a 10Base5 network. Also called thicknet. Characterized by a 50-ohm impedance.

1000BaseX

An umbrella Gigabit Ethernet standard. Also known as 802.3z. Comprises all Gigabit standards with the exception of 1000BaseT, which is under the 802.3ab standard.

rogue DHCP server

An unauthorized DHCP server installed in a computer network

Rogue Access Point

An unauthorized wireless access point (WAP) installed in a computer network. Usually done accidently by a regular user (good actor).

Wi-Fi Protected Access 2

An update to the WPA protocol that used the Advanced Encryption Standard algorithm, making it much harder to crack.

802.11n

An updated 802.11 standard that increases transfer speeds and adds support for multiple in/multiple out (MIMO) by using multiple antennas. This can operate on either the 2.4- or 5-GHz frequency band, has a maximum throughput of 400 Mbps, and uses OFDM. Superseded by 802.11ac

broadband

Analog signaling that sends multiple signals over the cable at the same time. The best example of this is cable television. The zero, one, and idle states exist on multiple channels on the same cable.

APC

Angled Physical Contact

Network interface unit

Another name for a demarc

Authoritative name servers

Another name for authoritative DNS servers.

signaling topology

Another name for logical topology.

network name

Another name for the service set identifier (SSID).

Response

Answer from an agent upon receiving a Get protocol data unit (PDU) from the SNMP manager.

virus shield

Anti-malware program that passively monitors a computer's activity, checking for viruses only when certain events occur, such as a program executing or a file being downloaded.

Host-Based Anti-Malware

Anti-malware software that is installed on individual systems, as opposed to the network at large.

Thick Client

Any WAP that you can access directly and configure singularly via its own interface

demarc extension

Any cabling that runs from the network interface to whatever box is used by the customer as a demarc.

half-duplex

Any device that can only send or receive data at any given moment.

Full Duplex

Any device that can send and receive data simultaneously.

full-duplex

Any device that can send and receive data simultaneously.

AAAA records

DNS records that map host names to their IPv6 addresses.

Web services

Applications and processes that can be accessed over a network, rather than being accessed locally on the client machine. These include things such as Web-based e-mail, network-shareable documents, spreadsheets and databases, and many other types of cloud-based applications.

hardening

Applying security hardware, software, and processes to your network to prevent bad things from happening.

full backup

Archive created where every file selected is backed up, and the archive bit is turned off for every file backed up.

backup

Archive of important data that the disaster recovery team can retrieve in case of some disaster

Cycling

As a new log file/record appears in a file, the oldest record in the file is deleted.

logical addressing

As opposed to physical addressing, the process of assigning organized blocks of logically associated network addresses to create smaller manageable networks called subnets. IP addresses are one example of this.

ADSL

Asymmetric Digital Subscriber Line

ATM

Asynchronous Transfer Mode

Extensible Authentication Protocol

Authentication wrapper that compliant applications can used to accept one of many types of authentication. While this is a general-purpose authentication wrapper, its only substantial use is in wireless networks.

AAA

Authentication, Authorization, and Accounting

secondary (slave) DNS server

Authoritative DNS server for a domain. Unlike a primary (master) DNS server, no additions, deletions, or modifications can be made to the zones on this type of DNS server, which always gets all information from the primary DNS server in a process known as a zone transfer

Discretionary Access Control

Authorization method based on the idea that there is an owner of resource who may at his or her discretion assign access to that resource. This is considered much more flexible than mandatory access control (MAC).

Wi-Fi Protected Setup

Automated and semi-automated process to connect a wireless device to a WAP. The process can be as simple as pressing a button on the device or pressing the button and then entering a PIN code. Very easy to hack

APIPA

Automatic Private Internet Protocol Addressing

Zero configuration networking (Zeroconf)

Automatically generated IP addresses when a DHCP server is unreachable.

ASN

Autonomous System Number

services

Background programs in an operating system that do the behind-the-scenes grunt work that users don't need to interact with on a regular basis.

incremental backup

Backs up all files that have their archive bits turned on, meaning they have been changed since the last backup of any type. This type of backup turns the archive bits off after the files have been backed up.

BDR

Backup Designated Router

Cloud backup

Backup method in which files are backed up to the cloud as they change. Takes a long time to get the first/initial backup completed but is very convenient and highly protected from disasters

BCP

Business Continuity Plan

CYOD

Choose Your Own Device

raceway

Cable organizing device that adheres to walls, making for a much simpler, though less neat, installation than running cables in the walls.

802.11 jammer

Can be used to conduct denial of service attacks of single channels to entire frequency bands. Federally illegal devices

CNAME

Canonical Name

CSMA/CA

Carrier Sense Multiple Access with Collision Avoidance

CSMA/CD

Carrier Sense Multiple Access with Collision Detection

STS payload

Carries Data in Synchronous Transport Signal (STS).

STS overhead

Carries the signaling and protocol information in Synchronous Transport Signal (STS).

cat 3

Category 3 wire, a TIA/EIA standard for UTP wiring that can operate at up to 16 Mbps.

cat 5

Category 5 wire, a TIA/EIA standard for UTP wiring that can operate at up to 100 Mbps at 100 meters.

cat 5e

Category 5e wire; TIA/EIA standard for UTP wiring with improved support for 100 Mbps using two pairs and support for 1000 Mbps using four pairs up to 100 meters.

cat 6

Category 6 wire, a TIA/EIA standard for UTP wiring with improved support for 1Gbps up to 100 meters; supports 10 Gbps up to 55 meters

cat 6a

Category 6a wire. A TIA/EIA standard for UTP wiring with support for 10-Gbps speeds up to 100 meters.

cat 7

Category 7 wire, a standard (unrecognized by TIA) for UTP wiring with support for 10+ Gbps at 600 MHz max frequency (up to 100 meters, shielded)

Enhanced Interior Gateway Routing Protocol

Cicso's proprietary hybrid protocol that has elements of both distance vector and link state routing.

wireless controller

Central controlling device for thin client WAPs. Typically used in enterprise environments.

Software as a Service

Centralized applications that are accessed over a network. This does away with optical media. Office 365, Google Docs, and Dropbox are good examples of this

CHAP

Challenge Handshake Authentication Protocol

CRAM-MD5

Challenge-Response Authentication Mechanism-Message Digest 5

Strategic Change

Change of a larger scale, such as organizational restructuring. Typically handled by corporate not the change management team

CSU/DSU

Channel service unit/digital service unit

File Integrity Monitoring

Checking for changes in all sorts of aspects of files such as attributes/size, content, credentials, hash values, privileges/security settings, and configuration values. Performed by SIEM

CCTV

Closed Circuit Television

CWDM

Coarse Wavelength Division Multiplexing

CDMA

Code Division Multiple Access

logic bomb

Code written to execute when certain conditions are met, usually with malicious intent

CCITT

Comité Consultatif International Téléphonique et Télégraphique

IP helper

Command used in Cisco switches and routers to enable, disable, and manage internetwork forwarding of certain protocols such as DHCP, TFTP, Time Service, TACACS, DNS, NetBIOS, and others. The command is technically ip helper-address

domain information groper

Command-line tool in non-Windows systems used to diagnose DNS problems.

pathping

Command-line tool that combines the features of the ping command and the tracert/traceroute commands. Used when routers prevent tracert/traceroute from functioning

hostname

Command-line tool that returns the host name of the computer it is run on.

CARP

Common Address Redundancy Protocol

CIFS

Common Internet File System

frequently asked questions

Common abbreviation coined by BBS users and spread to Usenet and the Internet. This is a list of questions and answers that pertains to a particular topic, maintained so that users new to the group don't all bombard the group with similar questions.

original equipment manufacturer

Contrary to the name, does not create original hardware, but rather purchases components from manufacturers and puts them together in systems under its own brand name. Also known as value-added resellers (VARs)

SOHO Network Access Control

Control over information, people, access, machines, and everything in between. Used highly for BYOD management with MAC filtering, whitelisting, and blacklisting

Enterprise Network Access Control

Control over information, people, access, machines, and everything in between. Used highly for BYOD management with onboarding/offboarding, force antimalware, and geofencing in an enterprise environment

traffic shaping

Controlling the flow of packets into or out of the network according to the type of packet or other rules. Also called bandwidth shaping

COPE

Corporate Owned, Personally Enabled

COBO

Corporate-owned business only

endpoints

Correct term to use when discussing the data each computer stores about the connection between two computers' TCP/IP applications.

CCMP

Counter Mode Cipher Block Chaining Message Authentication Code Protocol

Near-End Crosstalk

Crosstalk at the same end of a cable from which the signal is being generated.

far end crosstalk

Crosstalk on the opposite end of a cable from the signal's source.

ransomware

Crypto-malware that uses some form of encryption to lock a user out of a system. Once the crypto-malware encrypts the computer, usually encrypting the boot drive, in most cases the malware then forces the user to pay money to get the system decrypted.

CPE

Customer Premises Equipment

CRC

Cyclic Redundancy Check

DORA

DHCP four-way handshake

DHCP four-way handshake

DHCP process in which a client gets a lease for an IPv4 address - Discover, Offer, Request, and Ack.

DSLAM

DSL Access Multiplexer

DES

Data Encryption Standard

DOCSIS

Data-Over-Cable Service Interface Specification

stateless DHCP

Describes a DHCPv6 server that only passes out information like DNS servers' IP addresses, but doesn't give clients IPv6 addresses.

synchronous

Describes a connection between two electronic devices where neither must acknowledge (ACK) when receiving data.

Stateful DHCPv6

Describes a server that works very similarly to an IPv4 DHCP server, passing out IPv6 addresses, subnet masks, and default gateways as well as optional items like DNS server addresses. Typically used to favor a local DNS server rather than the ISP's DNS server

Universal Naming Convention

Describes any shared resource in a network using the convention \\<server name>\<name of shared resource>.

system life cycle

Description of typical beginning and end of computing components. Handling such devices at the end includes system life cycle policies and asset disposal.

DR

Designated Router

Single Mode Fiber

Designed to carry signal long distance using lasers. Almost always yellow cabling

DCS

Distributed Control System

DCF

Distributed Coordination Function

DDOS

Distributed Denial of Service

Material Safety Data Sheet

Document that describes the safe handling procedures for any potentially hazardous, toxic, or unsafe material.

exit plan

Documents and diagrams that identify the best way out of a building in the event of an emergency. It may also define other procedures to follow.

configuration management documentation

Documents that define the configuration of a network. These would include wiring diagrams, network diagrams, baselines, and policy/procedure/configuration documentation.

contingency plan

Documents that set out how to limit damage and recover quickly from an incident

DKIM

Domain Keys Identified Mail

DNS

Domain Name System

DNSSEC

Domain Name System (DNS) Security Extensions

channel overlap

Drawback of 2.4-GHz wireless networks where channels shared some bandwidth with our channels. This is why only three 2.4-GHz channels can be used in the United States (1, 6, and 11).

Flat-surface Connector

Early fiber-optic connector that resulted in a small gap between fiber-optic junctions due to the flat grind faces of the fibers. It was replaced by Angled Physical Contact (APC) connectors.

end-to-end principle

Early network concept that originally meant that applications and work should happen only at the endpoints in a network, such as in a single client and a single server.

byte

Eight contiguous bits, the fundamental data unit or personal computers. Soring the equivalent of one character, this is also the basic unit of measurement for computer storage. These are counted in powers of two.

home page

Either the Web page that your browser is set to use when it starts up or the main Web page for a business, organization, or person. Also, the main page in any collection of Web pages

crosstalk

Electrical signal interference between two cables that are in close proximity to each other.

EMI

Electromagnetic Interference

Ohm rating

Electronic measurement of a cable's or an electronic component's resistance.

ESD

Electrostatic Discharge

ECC

Elliptic Curve Cryptography

round-robin DNS

Enables load balancing between servers and increases fault tolerance. A method of increasing name resolution availability by pointing a host name to a list of multiple IP addresses in a DNS forward lookup zone. After pointing a client to one IP address in the list, DNS will point the next client that requests resolution for the same domain name to the next IP address in the list, and so on.

Group Policy Object

Enables network administrators to define multiple rights and permissions to entire sets of users all at one time

virus definition or data files

Enables the virus protection software to recognize the viruses on your system and clean them. These files should be updated often. Also called signature files, depending on the virus protection software in use.

overlay tunnel

Enables two IPv6 networks to connect over an IPv4 network by encapsulating the IPv6 packets within IPv4 headers, transporting them across the IPv4 network, then de-encapsulating the IPv6 data.

EDGE

Enhanced Data rates for GSM Evolution

EIGRP

Enhanced Interior Gateway Routing Protocol

SFP+

Enhanced small form-factor pluggable

Regional Internet Registries

Entities under the oversight of the Internet Assigned Numbers Authority (IANA), which parcels out IP addresses.

Internet Corporation for Assigned Names and Numbers

Entity that sits at the very top of the Internet hierarchy, with the authority to create new top-level domains (TLDs) for use on the Internet.

static routes

Entries in a router's routing table that are not updated by any automatic route discovery protocols. These must be added, deleted, or changed by a router administrator. These are the opposite of dynamic routes.

HSPA+

Evolved High Speed Packet Access

ESS

Extended Service Set

ESSID

Extended Service Set Identifier

EUI-48

Extended Unique Identifier, 48-bit

EUI-64

Extended Unique Identifier, 64-bit. Uses a hosts MAC address to generate a unique 64-bit ID to automatically configure a host address when using IPv6

CAT 6a UTP

Extends the length of 10-Gbps communication to the full 100 meters commonly associated with UTP cabling.

EAP

Extensible Authentication Protocol

EAP-TLS

Extensible Authentication Protocol-Transport Layer Security

EAP-TTLS

Extensible Authentication Protocol-Tunneled Transport Layer Security

XML

Extensible Markup Language

EDNS

Extension Mechanisms for DNS

wiremap

Extensive network testing using a better cable tester. Confirms that all the wires are in the appropriate slots of the crimp

EDB

External Data Bus

pad

Extra data added to an Ethernet frame to bring the data up to the minimum required size of 64 bytes.

Hypertext Transfer Protocol

Extremely fast protocol used for network file transfers on the World Wide Web.

Physical contact (PC) connector

Family of fiber-optic connectors that enforces direct physical contact between two optical fibers being connected.

FEXT

Far End Crosstalk

Multiuser MIMO

Feature of 802.11ac networking that enables a WAP to broadcast to multiple users simultaneously.

Network appliance

Feature-packed network box that incorporates numerous processes such as routing, network address translation (NAT), switching, intrusion detection systems, firewall, and more.

FCC

Federal Communications Commission

FDDI

Fiber Distributed Data Interface

Ultra Physical Contact (UPC) Connector

Fiber-optic connector that makes physical contact between to two fiber-optic cables. The fibers within a UPC are polished extensively for a superior finish and better junction integrity.

FUBAR

Fouled Up Beyond All Recognition.

Angled Physical Contact

Fiber-optic connector that makes physical contact between two fiber-optic cables. It specifies an 8-degree angle to the curved end, lowering signal loss. These connectors have less connection degradation from multiple insertions compared to other connectors.

ST connector

Fiber-optic connector used primarily with 2.5-mm, single-mode fiber. It uses a push on, then twist-to-lock mechanical connection commonly called stick-and-twist although ST actually stands for Straight Tip.

SC connector

Fiber-optic connector used to terminate single-mode and multi-mode fiber. It is characterized by its push-pull, snap mechanical coupling, known as "stick and click." Commonly referred to as Subscriber Connector, Standard Connector, and, sometimes, square connector.

10BaseFL

Fiber-optic implementation of Ethernet that runs at 10 Mbps using baseband signaling. Maximum segment length is 2 km.

FC

Fibre Channel

FIM

File Integrity Monitoring

FTP

File Transfer Protocol

riser

Fire rating that designates the proper cabling to use for vertical runs between floors of a building.

Firesheep

Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks

network-based firewall

Firewall, perhaps implemented in a gateway router or as a proxy server, through which all network traffic must pass inspection to be allowed or blocked.

SOHO firewall

Firewall, typically simple, that is built into the firmware of a SOHO router.

patch antenna

Flat, plate-shaped antenna that generates a half-sphere beam; used for broadcasting to a select area

FreeRADIUS

Free RADIUS server software for UNIX/Linux systems.

TXT record

Freeform type of DNS record that can be used for anything.

FDM

Frequency Division Multiplexing

FHSS

Frequency Hopping Spread Spectrum

FAQ

Frequently Asked Questions

Bidirectional (bidi) transceiver

Full-duplex fiber-optic connector that relies on wave division multiplexing (WDM) to differentiate wave signals on a single fiber, creating single-strand fiber transmission.

FQDN

Fully Qualified Domain Name

port authentication

Function of many advanced networking devices that authenticates a connecting device at the point of connection.

shoulder surfing

Gaining compromising information, passwords, and pin codes through observation (as in looking over someone's shoulder). Walking up to an unattended computer is also considered this

shell

Generally refers to the user interface of an operating system. A shell is the command processer that is the actual interface between the kernel and the user.

GRE

Generic Routing Encapsulation

card

Generic term for anything that you can snap into an expansion slot.

toners

Generic term for two devices used together—a tone generator and a tone locator (probe)—to trace cables by sending an electrical signal along a wire at a particular frequency. The tone locator then emits a sound when it distinguishes that frequency. Also referred to as Fox and Hound.

GBIC

Gigabit Interface Converter. Designed for ST and SC fiber connectors

GSM

Global System for Mobile

GFS

Grandfather-Father-Son

Session software

Handles the process of differentiating among various types of connections on a PC.

platform

Hardware environment that supports the running of a computer system.

HVAC

Heating, Ventilation and Air Conditioning

Hex (Hexadecimal)

Hex symbols based on a numbering system of 16 (computer shorthand for binary numbers), using 10 digits and 6 letters to condense 0s and 1s to binary numbers. Hex is represented by digits 0 through 9 and alpha A through F, so that 09h has a value of 9, and 0Ah has a value of 10.

HA

High Availability

Patch panels and punch down tools are used on which kind of network cables?

Horizontal runs are punched down to the back of a patch panel on one end and the back of the wall jack of a work area at the other end.

HBA

Host Bus Adapter

top listener

Host that receives the most data on a network.

top talker

Host that sends the most data on a network.

HSRP

Hot Standby Router Protocol

dBi

Identifies the gain of an antenna and is commonly used with omnidirectional antennas. Higher numbers indicate the antenna can transmit and receive over greater distances. The unit of measurement for decibels

Transitive trust

If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C.

CAT 6 UTP

Improved support for speeds up to 1Gbps at 100 meters or 10 Gbps at 55 meters

Authentication Server

In Kerberos, a system that hands out Ticket-Granting Tickets to clients after comparing the client hash to its own.

ephemeral port

In TCP/IP communication, an arbitrary number generated by a sending computer that the receiving computer uses as a destination address when sending a return packet. Typically between 49152-65535

Port (Logical Connection)

In TCP/IP, 16-bit numbers between 0 and 65535 assigned to a particular TCP/IP process or application. For example, Web servers use port 80 (HTTP) to transfer Web pages to clients. The first 1024 ports are called well-known ports. They have been pre-assigned and generally refer to TCP/IP processes and applications that have been around for a long time.

Remote Terminal Unit

In a SCADA environment, has the same functions as a controller plus additional autonomy to deal with the connection loss. It is also designed to take advantage of some form of long-distance communication.

default gateway

In a TCP/IP network, the IP address of the router that interconnects the LAN to a wider network, usually the Internet. This router's IP address is part of the necessary TCP/IP configuration for communicating with multiple networks using IP.

segmentation

In a TCP/IP network, the process of chopping requested data into chunks that will fit into a packet (and eventually into the NIC's frame), organizing the packets for the benefit of the receiving system, and handing them to the NIC for sending.

HOSTS file location

In a Windows-based computer, the HOSTS file is found in the C:\Windows\System32\Drivers\etc folder

work area

In a basic structured cabling network, often simply an office or cubicle that potentially contains a PC attached to the network

Human Machine Interface

In a distributed control system (DCS), a computer or set of controls that exists between a controller and a human operator. The human operates this computer, which in turn interacts with the controller.

operator

In a distributed control system, the operator is a human who runs the computer-controlled resources through a human machine interface.

Data normalization

In a relational database, it is the process of organizing data to minimize redundancy. The process of decomposing relations with anomalies to produce smaller, well-structured relations. Makes data more efficient

Bottom of label stack (S)

In certain situations, a single packet may have multiple MPLS labels. This single bit value is set to 1 for the initial label.

port (physical connector)

In general, the portion of a computer through which a peripheral device may communicate, such as video, USB, serial, and network ports. In the context of networking, the jacks found in computers, switches, routers, and network-enabled peripherals into which network cables are plugged.

persistent agent

In network access control systems, a small scanning program that, once installed on the computer, stays installed and runs every time the computer boots up. Composed of modules that perform a thorough inventory of each security-oriented element in the computer.

Security Considerations

In network design and construction, planning how to keep data protected from unapproved access. Security of physical computers and network resources is also considered.

Agent-less

In terms of posture assessment, refers to a client that has its posture checked and presented by non-permanent software, such as a Web app program, that executes as part of the connection process. Agent-less software does not run directly within the client but is run on behalf of the client.

Agent

In terms of posture assessment, refers to software that runs within a client and reports the client's security characteristics to an access control server to be approved or denied entry to a system.

guest

In terms of virtualization, an operating system running as a virtual machine inside a hypervisor.

Link layer

In the TCP/IP model, any part of the network that deals with complete frames.

Internet layer

In the TCP/IP model, the layer that deals with the Internet Protocol, including IP addressing and routers.

endpoint

In the TCP/IP world, the session information stored in RAM. The combination of the IP address and port number. Also called a socket

Federal Communications Commission

In the United States, regulates public airwaves and rates PCs and other equipment according to the amount of radiation emitted.

Wavelength

In the context of laser pules, the distance the signal has to travel before it completes its cyclical oscillation and starts to repeat. Measured in nanometers, wavelength can be loosely associated with colors.

Virtual Machine Manager

In virtualization, a layer of programming that creates, supports, and manages virtual machine. Also known as a hypervisor.

hypervisor

In virtualization, a layer of programming that creates, supports, and manages virtual machine. Also known as a virtual machine manager (VMM).

Basic Service Set

In wireless networking, a single access point servicing a given area.

IBSS

Independent Basic Service Set

ICA

Independent Computing Architecture

ICS

Industrial Control Systems

continuity tester

Inexpensive network tester that can only test for continuity on a line.

log

Information about the performance of some particular aspect of a system that is stored for future reference. These are also called counters in Performance Monitor or facilities in syslog.

Router prefix

Information sent from the ISP to the gateway router allowing the gateway router to determine the network ID of the LAN.

IR

Infrared

IaaS

Infrastructure as a Service

IV

Initialization Vector

stateful firewall

Inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, this firewall permits that traffic. Uses state tables to keep track of sessions

IEEE

Institute of Electrical and Electronics Engineers

ISDN

Integrated Services Digital Network

ICANN

Internet Corporation for Assigned Names and Numbers

IETF

Internet Engineering Task Force

IGMP

Internet Group Management Protocol

IIS

Internet Information Services

IMAP4

Internet Message Access Protocol v4

IP

Internet Protocol

IPsec

Internet Protocol Security

IPv4

Internet Protocol version 4

IPv6

Internet Protocol version 6

IRC

Internet Relay Chat

ISP

Internet Service Provider

iSCSI

Internet Small Computer System Interface

4to6

Internet connectivity technology that encapsulates IPv4 traffic into an IPv6 tunnel to get to an IPv6-capable router.

IoT

Internet of Things

ISATAP

Intra-Site Automatic Tunnel Addressing Protocol

IDS

Intrusion Detection System

IPS

Intrusion Prevention System

KDC

Key Distribution Center

kbps

Kilobits per second. A data transfer rate

Label Distribution Protocol (LDP)

LSRs and LERs use this to communicate dynamic information about their state

PostScript

Language defined by Adobe Systems, Inc., for describing how to create an image on a page. The description is independent of the resolution of the device that will actually create the image. It includes a technology for defining the shape of a font and creating a raster image at many different resolutions and sizes.

Satellite latency

Latency caused due to the extreme distance between the ground antenna and space satellite.

L2TP

Layer 2 Tunneling Protocol

Canonical Name

Less common type of DNS record that acts as a computer's alias.

LED

Light Emitting Diode. Solid-state device that vibrates at luminous frequencies when current is applied.

LWAPP

Lightweight Access Point Protocol

LDAP

Lightweight Directory Access Protocol

LEAP

Lightweight Extensible Authentication Protocol

Infrared

Line-of-sight networking technology that uses light pulses on the non-visible (to humans) spectrum. Has a range of 1 meter or farther (line of sight) and has a transfer speed of 1 Gbps

LACP

Link Aggregation Control Protocol

LLMNR

Link Local Multicast Name Resolution

ping6

Linux command-line utility specifically designed to ping hosts with an IPv6 address.

ip

Linux terminal command that displays the current TCP/IP configuration of the machine; similar to Windows' ipconfig and macOS's ifconfig

Building entrance

Location where all the cables from the outside world (telephone lines, cables from other buildings, and so on) come into a building.

cable drop

Location where the cable comes out of the wall at the workstation location.

LLC

Logical Link Control

history logs

Logs that track the history of how a user or users access network resources, or how network resources are accessed throughout the network.

LTE

Long Term Evolution

Label switching router (LSR)

Looks for and forwards packets based on their MPLS label (aka MPLS routers)

MDF

Main Distribution Frame

vertical cross connect

Main patch panel in a telecommunications room.

crypto-malware

Malicious software that uses some form of encryption to lock a user out of a system, often with a demand for payment—ransomware—to unlock the system.

MIB

Management Information Base

Asset management

Managing each aspect of a network, from documentation to performance to hardware. The documentation we use to keep track of all the network equipment and assets.

MAC

Mandatory Access Control

MSDS

Material Safety Data Sheet

MTU

Maximum Transmission Unit

MTBF

Mean Time Between Failures

MTTF

Mean Time to Failure

MTTR

Mean Time to Recovery

MT-RJ Connector

Mechanical Transfer-Registered Jack. A high density fiber cable connector

MAC

Media Access Control

MGCP

Media Gateway Control Protocol

MOU

Memorandum of Understanding

MD5

Message Digest algorithm (version 5)

e-mail

Messages, usually text, sent from one person to another via computer. E-mail can also be sent automatically to a large number of addresses, known as a mailing list.

multicast

Method of sending a packet in which the sending computer sends it to a group of interested computers.

out-of-band management

Method to connect to and administer a managed device such as a switch or router that does not use a standard network-connected host as the administrative console. A computer connected to the console port of a switch is an example of out-of-band management.

door access controls

Methodology to grant permission or to deny passage through a doorway. The method may be computer-controlled, human-controlled, token-oriented, or many other means.

MAN

Metropolitan Area Network

MBSA

Microsoft Baseline Security Analyzer

Internet Information Services

Microsoft's Web server program for managing Web servers.

MS-CHAP

Microsoft's dominant variation of the CHAP protocol, uses a slightly more advanced encryption protocol. Offers the most security for the exam compared to PAP and CHAP

NetBIOS Extended User Interface

Microsoft's first networking protocol, designed to work with NetBIOS. This is long obsolesced by TCP/IP. This did not support routing.

Network Policy Server

Microsoft's implementation of a RADIUS server.

MAM

Mobile Application Management

MDM

Mobile Device Management

Choose Your Own Device

Mobile deployment model where corporate employees select among a catalog of approved mobile devices. Less learning curve

Corporate Owned, Personally Enabled

Mobile device deployment strategy where everyone has the same device, there's high control, little privacy for users, and a high learning curve.

Infrastructure mode

Mode in which wireless networks use one or more wireless access points to connect the wireless network nodes centrally. This configuration is similar to the star topology of a wired network.

Gigabit Interface Converter

Modular port that supports a standardized, wide variety of gigabit interface modules

4G

Most popularly implemented as Long Term Evolution (LTE), a wireless data standard with theoretical download speeds of 300 Mbps and upload speeds of 75 Mbps.

Internet Protocol Security

Network layer encryption protocol.

Electrostatic Discharge

Movement of electrons from one body to another. A real menace to PC's, as it can cause permanent damage to the semiconductors.

Distributed Denial of Service

Multicomputer assault on a network resource that attempts, with sheer overwhelming quantity of requests, to prevent regular users from receiving services from the resource. Can also be used to crash systems.

MMF

Multimode Fiber

Metropolitan Area Network

Multiple computers connected via cabling, radio, leased phone lines, or infrared that are within the same city. A perfect example of one of these is Chattanooga's gigabit network available to all city citizens.

MIMO

Multiple in/multiple out

Clustering

Multiple pieces of equipment, such as servers, connected, which appear to the user and the network as one logical device, providing data and services to the organization for both redundancy and fault tolerance.

MPLS

Multiprotocol Label Switching

MSA

Multisource agreement

MU-MIMO

Multiuser MIMO

mtr

My TraceRoute

NTFS

NT File System

Ethernet

Name coined by Xerox for the first standard of network cabling and protocols. Based on a bus topology. The IEEE 802.3 subcommittee defines the current specifications

key pair

Name for the two keys generated in asymmetric-key algorithm systems.

Basic Service Set Identifier

Naming scheme in wireless networks. A single WAP with a single SSID

NEXT

Near End Crosstalk

NFC

Near Field Communication

NDP

Neighbor Discovery Protocol

NetBEUI

NetBIOS Extended User Interface

NetBT

NetBIOS over TCP/IP

NAC

Network Access Control

NAS

Network Access Server

NAT

Network Address Translation

NetBIOS

Network Basic Input/Output System

NFS

Network File System

NIC

Network Interface Card

NIU

Network Interface Unit

NMS

Network Management System

NNTP

Network News Transfer Protocol

NOC

Network Operations Center

NPS

Network Policy Server

NTP

Network Time Protocol

NaaS

Network as a Service

NAS

Network attached storage

plenum-rated cable

Network cable type that resists burning and does not give off excessive smoke or noxious fumes when burned.

connection-oriented

Network communication between two hosts that includes negotiation between the hosts to establish a communication session. Data segments are then transferred between hosts, with each segment being acknowledged before a subsequent segment can be sent. Orderly closure of the communication is conducted at the end of the data transfer or in the event of a communication failure. TCP is the only example protocol in the TCP/IP suite.

loopback plug

Network connector that connects back into itself, used to connect loopback tests. Same as loopback adapter.

NDA

Non-Disclosure Agreement

client/server network

Network that has dedicated server machines and client machines.

managed network

Network that is monitored by the SNMP protocol consisting of SNMP managed devices, management information base (MIB) items, and SNMP manager(s).

Point-to-Point Topology

Network topology in which two computers are directly connected to each other without any other intervening connection components such as hubs or switches.

Shortest path first

Networking algorithm for directing router traffic.

Dual stack

Networking device, such as a router or PC, that runs both IPv4 and IPv6.

managed device

Networking devices, such as routers and advanced switches, that must be configured to use.

Zero-day attack

New attack that exploits a vulnerability that has yet to be identified.

NGFW

Next Generation Firewall

Fast Ethernet

Nickname for the 100-Mbps Ethernet standards. Originally applied to 100BaseT.

Are subnet masks sent out of a host?

No! Subnet masks are never sent out of the host and are not part of the IP packet

Is cost of implementation found in a change request?

No! The cost is not included in a change request. Cost is evaluated by the change-management team and approved or denied by management.

e-mail alert

Notification sent by e-mail as a result of an event. A typical use is a notification sent from an SNMP manager as a result of an out of tolerance condition in an SNMP managed device.

port number

Number used to identify the requested service (such as SMTP or FTP) when connecting to a TCP/IP host. Some example port numbers include 80 (HTTP), 20 (FTP), 69 (TFTP), 25 (SMTP), and 110 (POP3).

Carrier Sense Multiple Access with Collision Detection

Obsolete access method that older Ethernet systems used in wired LAN technologies, enabling frames of data to flow through the network and ultimately reach address locations. Hosts on these networks first listened to hear if there is any data on the wire. If there was none, they sent out data. If a collision occurred, then both hosts waited a random time period before retransmitting the data. Full-duplex Ethernet completely eliminated this access method.

route redistribution

Occurs in a multiprotocol router. A multiprotocol router learns route information using one routing protocol and disseminates that information using another routing protocol.

TIA/EIA 606

Official methodology for labeling patch panels.

VLAN hopping

Older technique to hack a switch to change a normal switch port from an access port to a trunk port. This allows the station attached to the newly created trunk port to access different VLANs. Modern switches have preventative measures to stop this type of abuse.

Fiber Distributed Data Interface

Older technology fiber-optic network used in campus-sized installations. It transfers data at 100 Mbps and uses a token bus network protocol over a ring topology

802.11g

Older wireless standard that operates on the 2.4-GHz band, has a maximum throughput of 54 Mbps, and used OFDM. Backwards compatible with 802.11bm was superseded by 802.11n

Baud

One analog cycle on a telephone line.

single point of failure

One component or system that, if it fails, will bring down an entire process, workflow, or organization.

Secure Copy Protocol

One of the first SSH-enabled programs to appear after the introduction of SSH. This was one of the first protocols used to transfer data securely between two hosts and thus might have replaced FTP. Works well but lacks features such as a directory listing.

Tunnel Information and Control Protocol

One of the protocols that sets up IPv6 tunnels and handles configuration as well as login.

Tunnel Setup Protocol

One of the protocols that sets up IPv6 tunnels and handles configuration as well as login.

Post Office Protocol version 3

One of the two protocols that receive e-mail from SMTP servers. Uses TCP port 110. Old and obsolete, this protocol was replaced by IMAP. Unencrypted

UC gateway

One of three components of a UC network, it is an edge device used to add extra services to an edge router. Connects geographically distanced unified communication systems

UC server

One of three components of a UC network, it is typically a dedicated box that supports any UC-provided service. The cornerstone of any local unified communication

UC device

One of three components of a UC network, it is used to handle voice, video, and more. A VoIP phone with camera and large display (for VTC) built in

legacy mode

One of three modes used with 802.11n wireless networks where the wireless access point (WAP) sends out separate packets just for legacy devices.

greenfield mode

One of three modes used with 802.11n wireless networks wherein everything is running at a higher speed.

TIA/EIA 568A

One of two four-pair UTP crimping standards for 10/100/1000BaseT networks. Often shortened to T568A. The other standard is TIA/EIA 568B.

TIA/EIA 568B

One of two four-pair UTP crimping standards for 10/100/1000BaseT networks. Often shortened to T568B. The other standard is TIA/EIA 568A.

Distributed Coordination Function

One of two methods of collision accordance defined by the 802.11 standard and the only one currently implemented. It Specifies strict rules for sending data onto the network media

Approval process

One or more decision makers consider a proposed change and the impact of the change, including funding. If the change, the impact, and the funding are acceptable, the change is permitted.

Autonomous System

One or more networks that are governed by a single protocol, which provides routing for the internet backbone.

Local Connector (LC)

One popular type of Small Form Factor (SFF) connector, considered by many to be the predominant fiber connector.

Start Frame Delimiter

One-byte section of an Ethernet packet that follows the preamble and precedes the Ethernet frame.

vulnerability management

Ongoing process of identifying vulnerabilities and dealing with them.

BNC coupler

Passive connector used to join two segments of coaxial cables that are terminated with BNC connectors.

inbound traffic

Packets coming in from outside the network.

outbound traffic

Packets leaving the network from within it.

type

Part of an Ethernet frame that describes/labels the frame contents.

Transmission Control Protocol

Part of the TCP/IP protocol suite, operates at layer 4 (Transport) of the OSI seven-layer model. TCP is a connection-oriented protocol.

Bandwidth

Piece of the spectrum occupied by some form of signal, such as television, voice, or fax data. Signals require a certain size and location of bandwidth to be transmitted. The higher the bandwidth, the faster the signal transmission, allowing for a more complex signal such as audio or video. Because bandwidth is a limited space, when one user is occupying it, others must wait their turn. Bandwidth is also the capacity of a network to transmit a given amount of data during a given period.

POTS

Plain Old Telephone Service

PaaS

Platform as a Service

PCF

Point Coordination Function

convergence

Point at which the routing tables for all routers in a network are updated. When all router tables reflect all routes (also called steady state)

PPP

Point-to-Point Protocol

PPPoE

Point-to-Point Protocol over Ethernet

PPTP

Point-to-Point Tunneling Protocol

PTR

Pointer Record

Quality of Service

Policies that control how much bandwidth a protocol, PC, user, VLAN, or IP address may use. A mechanism for performing traffic shaping. Enables the prioritization of different traffic types with bandwidth approaches a connection's maximum capacity.

Internet Authentication Service

Popular RADIUS server for Microsoft environments.

Splunk, ELK, ArcSight

Popular SIEM options

Nessus

Popular and extremely comprehensive vulnerability testing tool.

Cacti

Popular network graphing program. An open-source NMS for graphing SNMP data

PAT

Port Address Translation

PAgP

Port Aggregation Protocol

Private port numbers

Port numbers 49152-65535, recommended by the IANA to be used as ephemeral port numbers. Also called dynamic port numbers

Dynamic port numbers

Port numbers 49152-65535, recommended by the IANA to be used as ephemeral port numbers. Also called private port numbers

Well-known port numbers

Port numbers from 0 to 1204 that are used primarily by client applications to talk to server applications in TCP/IP networks.

registered ports

Port numbers from 1024 to 49151. The IANA assigns these ports for anyone to use for their applications.

What is the role of port numbers in IP headers?

Port numbers identify sending and receiving processes in a sender and receiver.

Uplink port

Port on a switch that enables you to connect two switches together using a straight-through cable.

subnet ID

Portion of an IP address that identifies bits shared by all hosts on that network.

POP3

Post Office Protocol version 3

insider threats

Potential for attacks on a system by people who work in the organization.

Alert

Proactive message sent from an SNMP manager as a result of a trap issued by an agent. Alerts may be sent as e-mail, SMS message, voicemail, or other avenue.

Frequency mismatch

Problem in older wireless networks with manual settings where the WAP transmitted on one channel and a wireless client was set to access on a different channel

disk striping with parity

Process by which data is spread among multiple (at least three) drives, with parity information as well to provide fault tolerance. The most commonly implemented type is RAID 5, where the data and parity information is spread across three or more drives.

disk striping

Process by which data is spread among multiple (at least two) drives. Increases speed for both reads and writes of data, but provides no fault tolerance.. Also known as RAID level 0

disk mirroring

Process by which data is written simultaneously to two or more disk drives. Read and write speed is decreased but redundancy in case of catastrophe is increased. Also known as RAID level 1

dynamic routing

Process by which routers in an internetwork automatically exchange information with other routers. Requires a dynamic routing protocol, such as OSPF or RIP.

Remote Login (rlogin)

Program in UNIX that enables you to log into a server remotely. Unlike Telnet, this can be configured to log in automatically.

e-mail client

Program that runs on a computer and enables you to send, receive, and organize e-mail.

regedit.exe

Program used to edit the Windows Registry.

PLC

Programmable Logic Controller

software

Programming instructions or data stored on some type of binary storage device

software defined networking

Programming that allows a master controller to determine how network components will move traffic through the network. Used in virtualization.

PEAP

Protected Extensible Authentication Protocol

PDU

Protocol Data Unit

Internet Protocol version 6

Protocol in which addresses consist of eight sets of four hexadecimal numbers, each number being a value between 0000 and ffff, using a colon to separate the numbers. No Address may be all 0s or all ffffs.

Internet Protocol version 4

Protocol in which addresses consist of four sets of numbers, each number being a value between 0 an d 255, using a period to separate the numbers (often called dotted decimal format). None of these addresses may be all 0s or all 255s. Examples include 192.168.0.1 and 64.176.19.164

Intermediate System to Intermediate System

Protocol similar to, but not as popular as, OSPF, but with support for IPv6 since inception.

Real-time Transport Protocol

Protocol that defines the type of packets used on the Internet to move voice or data from a server to clients. The vast majority of VoIP solutions available today use this.

Compensating Controls

Provides alternative fixes to any of the other security control functions (deterrent, preventative, detective, and corrective). Assists and mitigates the risk an existing control is unable to mitigate.

Remote Copy Protocol

Provides the capability to copy files to and from the remote server without the need to resort to FTP or Network Files System (NFS, a UNIX form of folder sharing). This can also be used in scripts and shares TCP port 514 with RSH.

Infrastructure as a Service

Providing servers, switches, and routers to customers for a set rate. This is commonly done by large-scale, global providers that use virtualization to minimize idle hardware, protect against data loss and downtime, and respond to spikes in demand. AWS and Microsoft Azure are examples of this.

PKI

Public Key Infrastructure

PSTN

Public Switched Telephone Network

QSFP

Quad Small Form-Factor Pluggable. Designed for 40 Gbps ethernet

QoS

Quality of Service

Absorption

Quality of some building materials (such as brick, sheetrock, and wood) to reduce or eliminate a Wi-Fi signal.

RFID

Radio Frequency Identification

RFI

Radio Frequency Interference

Initialization Vector

Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated

RSTP

Rapid Spanning Tree Protocol

Fire ratings

Ratings developed by Underwriters Laboratories (UL) and the National Electrical Code (NEC) to define the risk of network cables burning and creating noxious fumes and smoke.

Radio Grade (GR) ratings

Ratings developed by the U.S. military to provide a quick reference for the different types of coaxial cables.

incident response

Reaction to any negative situations that take place within an organization that can be stopped, contained, and remediated without outside resources.

ROM

Read Only Memory

mirroring

Reading and writing data at the same time to two drives for fault-tolerance purposes. Considered RAID level 1.

RTP

Real-time Transport Protocol

NS records

Records that list the authoritative DNS servers for a domain.

MX records

Records within DNS servers that are used by SMTP servers to determine where to send mail.

RPO

Recovery Point Objective

RTO

Recovery Time Objective

RAID

Redundant Array of Independent Disks

small office/home office

Refers to a classification of networking equipment, usually marketed to consumers or small businesses, which focuses on low price and ease of configuration. These networks differ from enterprise networks, which focus on flexibility and maximum performance.

Remote Access Server

Refers to both the hardware component (servers built to handle the unique stresses of a large number of clients calling in) and the software component (programs that work with the operating system to allow remote access to the network) of a remote access solution.

local

Refers to the computer(s), server(s), and/or LAN that a user is physically using or that is in the same room or building.

remote

Refers to the computer(s), server(s), and/or LAN that cannot be physically used due to its distance from the user.

network topology

Refers to the way that cables and other pieces of hardware connect to one another.

RC4

Rivest Cipher version 4

SNMP version 3

Robust SNMP version with TLS encryption. Today's version

Rogue AP

Rogue Access Point

RBAC

Role Based Access Control

edge router

Router that connects one automated system (AS) to another.

RIP

Routing Information Protocol

RRAS

Routing and Remote Access Service

path vector

Routing protocol in which routers maintain path information. This information gets updated dynamically.

regulations

Rules of law or policy that govern behavior in the workplace, such as what to do when a particular event occurs.

network access policy

Rules that define who can access the network, how it can be accessed, and what resources of the network can be used.

Virtualization

Running multiple systems simultaneously on one physical computer. Uses a host's actual hardware when creating the other systems. Saves power, consolidates hardware, makes system recovery easy, and is nice for IT research

Network management station

SNMP console computer that runs the SNMP manager software

snmpwalk

SNMP manager PDU that collects management information base (MIB) information in a tree-oriented hierarchy of a MIB object and any of its subordinate objects. This command queries the object and then automatically queries all of the objects that are subordinated to the root object being queried.

SNMP version 1

SNMP version that has a limited command set and does not support encryption

SNMP version 2

SNMP version with expanded command set and basic encryption

Management Information Base

SNMP's version of a server. A database that is queried to be able to talk to SNMP agents.

SFTP

SSH File Transfer Protocol

quarantine network

Safe network to which stations are directed that either do not require or should not have access to protected resources.

sneakernet

Saving a file on a portable medium and walking it over to another computer.

War driving

Searching for wireless signals from an automobile or on foot using a portable computing device.

power redundancy

Secondary source of power in the event that primary power fails. The most common redundant power source is an uninterruptible power supply (UPS).

SCP

Secure Copy Protocol

SHA

Secure Hash Algorithm

SSH

Secure Shell

SSL

Secure Sockets Layer

SAML

Security Assertions Markup Language

SEM

Security Event Management

SIM

Security Information Management

SIEM

Security Information and Event Management. Aggregation and correlation are the two primary components of this

Deterrent Controls

Security controls that attempt to discourage individuals from causing a security incident. The malicious actors need to know the controls exist. Lighting, signage, and security guards are an example of this

Detective Controls

Security controls that attempt to discover that a security incident occurred. Alarms, cameras, motion detectors, infrared detectors, log files, are all examples of this.

Preventative Controls

Security controls that attempt to stop a security incident from happening. The malicious actors do not need to know the controls exist. Fences/gates, barricades, mantraps, air gaps, safes, protected distribution systems, faraday cages, locks, are all examples of this.

video surveillance

Security measures that use remotely monitored visual systems that include IP cameras and closed-circuit televisions (CCTVs).

SIP

Session Initiation Protocol

distance vector

Set of routing protocols that calculates the total cost to get to a particular network ID and compares that cost to the total cost of all the other routes to get to that same network ID.

Algorithm

Set of rules for solving a problem in a given number of steps. These use keys to encrypt cleartext into ciphertext

rack monitoring system

Set of sensors in an equipment closet or rack-mounted gear that can monitor and alert when an out-of-tolerance condition occurs in power, temperature, and/or other environmental aspects.

permissions

Sets of attributes that network administrators assign to users and groups that define what they can do to resources.

Protocols

Sets of clearly defined rules, regulations, standards, and procedures that enable hardware and software developers to make devices and applications that function properly at a particular layer.

Application Programming Interface

Shared functions, subroutines, and libraries that allow programs on a machine to communicate with the OS and other programs.

STP

Shielded Twisted Pair

patch cables

Short (2 to 5 foot) UTP cables that connect patch panels to switches.

SMS

Short Message Service

CAB files

Short for cabinet files. These files are compressed and most commonly used during Microsoft OS installation to store many smaller files, such as device drivers.

1000BaseTX

Short-lived gigabit-over-UTP standard from TIA/EIA. Considered a competitor to 1000BaseT, it was simpler to implement but required the use of CAT 6 cable.

dotted decimal notation

Shorthand method for discussing and configuring binary IP addresses. 192.168.0.1 for example

Netstat -a

Shows all active ports on a host (even ones without current connections)

non-persistent agent

Software used in posture assessment that does not stay resident in client station memory. It is executed prior to login and may stay resident during the login session but is removed from client RAM when the login or session is complete. The agent presents the security characteristics to the access control server, which then decides to allow, deny, or redirect the connection.

Public cloud

Software, platforms, and infrastructure delivered through networks that the general public can use.

private cloud

Software, platforms, and infrastructure, delivered via the Internet or an internal corporate intranet, which are solely for the use of one organization.

Rogue anti-malware program

Some free anti-malware applications that are actually malware

loopback address

Sometimes called the localhost, a reserved IP address used for internal testing: 127.0.0.1.

SAT

Source Address Table

Protocol data unit

Specialized type of command and control packet found in SNMP management systems (and others)

Administrative accounts

Specialized user accounts that have been granted sufficient access rights and authority to manage specified tasks. Some exist as a default on the system and have all authority throughout the system. Others must be explicitly assigned the necessary powers to administer given resources.

signature

Specific pattern of bits or bytes that is unique to a particular virus. Virus scanning software maintains a library of signatures and compares the contents of scanned files against this library to detect infected files.

Optical Carrier

Specification used to denote the optical data carrying capacity (in Mbps) of fiber-optic cables in networks conforming o the SONET standard. This standard is an escalating series of speeds, designed to meet the needs of medium-to-large corporations. SONET establishes OCs from 51.8 Mbps (OC-1) to 39.8 Gbps (OC-768).

Maximum Transmission Unit

Specifies the largest size of a data unit in a communications protocol, such as Ethernet

IEEE 1905.1

Standard that integrates Ethernet, Wi-Fi, Ethernet over power lines, and Multimedia over Coax (MoCA).

cross-platform support

Standards created to enable terminals (and now operating systems) from different companies to interact with one another.

structured cabling

Standards defined by the Telecommunications Industry Association/Electronic Industries Alliance (TIA/EIA) that define methods of organizing the cables in a network for ease of repair and replacement.

V standards

Standards established by CCITT for modem manufacturers to follow (voluntarily) to ensure compatible speeds, compression, and error correction.

SFD

Start Frame Delimiter

SOA

Start of Authority

SOW

Statement of Work

SNAT

Static Network Address Translation

Baseline

Static image of a system's (or network's) performance when all elements are known to be working properly. Can be used to identify irregular activity that needs to be investigated.

Security procedures

Step by step how-to document that describes the exact actions necessary to implement a specific security control. Usually these are system and software specific. purpose is to ensure the integrity of business processes.

IP camera

Still-frame or video camera with a network interface and TCP/IP transport protocols to send output to a network resource or destination.

SAN

Storage Area Network

flow cache

Stores sets of flows for interpretation and analysis.

SQL

Structured Query Language

SMA connector

Subminiature version A connector

DHCP snooping

Switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources. Typically used to block attacks that use a rogue DHCP server.

SDSL

Symmetric DSL

SDH

Synchronous Digital Hierarchy

SONET

Synchronous Optical Network

STS

Synchronous transport signal

Key Distribution Center

System for granting authentication in Kerberos. A Windows server that has been set up to be a domain controller

Radio Frequency Identification

System of tags which contain data that can be read from a distance using radio waves. Can operate anywhere from 20 KHz to 10 GHz and has a range of 10 cm to 100 meters. Often used for package, luggage, and equipment tracking.

Network Access Server

System that controls the modems in a RADIUS network.

POP3 port

TCP 110

Network News Transfer Protocol port

TCP 119

IMAPv4 port

TCP 143

H.323 port

TCP 1720

SSH port

TCP 22

SFTP port

TCP 23

Telnet port

TCP 23

SMTP port

TCP 25

HTTPS port

TCP 443

Traditional TLS (encrypted) SMTP port

TCP 465

TACACS+ port

TCP 49

Session Initiation Protocol ports

TCP 5060 and 5061

rlogin port

TCP 513

STARTTLS (IMAP, POP3, SMTP) port

TCP 587

TightVNC port

TCP 5900

LDAPS port

TCP 636

HTTP port

TCP 80

Traditional TLS (encrypted) IMAP port

TCP 993

Traditional TLS (encrypted) POP3 port

TCP 995

Remote Desktop Protocol port

TCP/UDP 3389

LDAP port

TCP/UDP 389

proprietary

Term used to describe technology that is unique to, and owned by, a particular vendor

TACACS+

Terminal Access Controller Access Control System Plus

TA

Terminal Adaptor

My Traceroute

Terminal command in Linux that dynamically displays the route a packet is taking. Similar to traceroute

optical time domain reflectometer

Tester for fiber-optic cable that determines continuity and reports the location of cable breaks.

TCP/IP Layer 4

The Application layer combines the features of the top three layers of the OSI model. It consists of the processes that applications use to initiate, control, and disconnect from a remote system.

OSI layer 7

The Application layer provides tools for programs to use to access the network (and the lower layers). HTTP, SSL/TLS, FTP, SMTP, DNS, DHCP, and IMAP are all examples of protocols that operate at the Application layer.

Integrated Services Digital Network

The CCITT standard that defines a digital method for telephone communications. Originally designed to replace the current analog telephone systems. These lines have telephone numbers and support up to 128-Kbps transfer rates. This also allows data and voice to share a common phone line. Never very popular, this is now relegated to specialized niches.

OSI layer 2

The Data Link layer identifies devices on the Physical layer. MAC addresses are part of the Data Link layer. Bridges and switches operate at the Data Link layer.

E1

The European counterpart of a T1 connection that carries 32 channels at 64 Kbps for a total of 2.048 Mbps—making it slightly faster than a T1.

E3

The European counterpart of a T3 line that carries 16 E1 lines (512 channels), for a total bandwidth of 34.368 Mbps—making it a little bit slower than an American T3.

localhost

The HOSTS file alias for the loopback address of 127.0.0.1, referring to the current machine.

Ethernet over Power

The IEEE 1901 standard, also known as HomePlug HD-PLC, provides high-speed home networking through the building's existing power infrastructure.

802 committee

The IEEE committee responsible for all Ethernet standards.

802.3ab

The IEEE standard for 1000BaseT.

IEEE 1284

The IEEE standard for the now obsolete parallel communication.

802.3at

The IEEE standard that improves upon the older 802.3af by supplying more power over Ethernet connections. PoE+ provides about 30 watts.

OSI layer 6

The Presentation layer, which can also manage data encryption, hides the differences among various types of computer systems.

802.3af

The IEEE standard that specifies a way of supplying electrical Power over Ethernet (PoE). Has a maximum wattage of 15.4 watts

802.11

The IEEE subcommittee that defined the standards for wireless.

Extended Unique Identifier, 48-bit

The IEEE term for the 48-bit MAC address assigned to a network interface. The first 24 bits of this are assigned by the IEEE as the organizationally unique identifier (OUI)

Internet address

The IPv6 address that is given to a system (at least in part) by the gateway router.

prefix length

The IPv6 term for subnet mask. In most cases it's /64

TCP/IP Layer 2

The Internet layer is the same as OSI's Network layer. Any part of the network that deals with pure IP packets—getting a packet to its destination—is on the Internet layer.

Internet Protocol

The Internet standard protocol that handles the logical naming for the TCP/IP protocol using IP addresses.

TCP/IP Layer 1

The Link layer (Network Interface layer) is similar to OSI's Data Link and Physical layers. The Link layer consists of any part of the network that deals with frames.

TEMPEST

The NSA's security standard that is used to combat radio frequency (RF) emanation by using enclosures, shielding, and even paint.

OSI layer 3

The Network layer moves packets between computers on different networks. Routers operate at the Network layer. IP and IPX operate at the Network layer.

Set

The PDU with which a network management station commands an agent to make a change to a management information base (MIB) object.

OSI layer 1

The Physical layer defines hardware connections and turns binary into physical pulses (electrical or light). Repeaters and hubs operate at the Physical layer.

OSI layer 5

The Session layer manages connections between machines. Sockets operate at the Session layer.

OSI layer 4

The Transport layer breaks data down into manageable chunks with TCP; at this layer. UDP also operates at the Transport layer.

TCP/IP Layer 3

The Transport layer combines the features of OSI's Transport and Session layers. It is concerned with the assembly and disassembly of data, as well as connection-oriented and connectionless communication.

Performance Monitor

The Windows logging utility.

Types of Windows logs

The application logs, security logs, setup logs, system logs, and forwarded events logs. Windows does NOT log network events.

Local user accounts

The accounts unique to a single Windows system. Stored in the local system's registry.

dumpster diving

The act of digging through trash and recycling receptacles to find information that can be useful in an attack. A form of social engineering

Air gap

The act of physically separating a network from every other network.

Network as a Service

The act of renting virtual server space over the Internet.

Tethering

The act of using a cellular-network-connected mobile device as a mobile hotspot. Can be done using a cable or wirelessly.

protocol stack

The actual software that implements the protocol suite on a particular operating system.

broadcast address

The address a NIC attaches to a frame when it wants every other NIC on the network to read it. In TCP/IP, this address is 255.255.255.255. In Ethernet, this address is FF-FF-FF-FF-FF-FF. Is found in the first field (destination) of the frame.

link-local address

The address that a computer running IPv6 gives itself after first booting. The first 64 bits of a link-local address are always FE80::/64.

wattage (watts or W)

The amount of amps and volts needed by a particular device to function.

impedance

The amount of resistance to an electrical signal on a wire. It is used as a relative measure of the amount of data a cable can handle.

Recovery time objective

The amount of time needed to restore full functionality from when the organization ceases to function.

Data correlation

The analysis and reporting of data in a way that humans can understand. Used for alerts and triggering

Logical Link Control

The aspect of the NIC that talks to the operating system, places outbound data coming "down" from the upper layers of software into frames, and creates the FCS on each frame. This also deals with incoming frames by processing those addressed to the NIC and erasing ones addressed to other machines on the network.

Mean time to failure

The average number of hours that a system can run without failing.

Basic Rate Interface

The basic ISDN configuration, which consists of two B channels (which can carry voice or data at a rate of 64 Kbps) and one D channel (which carries setup and configuration information, as well as data, at 16 Kbps).

Classless Inter-Domain Routing

The basis of allocating and routing classless addresses, not restricting subnet masks to /8, /16,or /24, which classful addressing did.

Internet of Things

The billions of everyday objects that can communicate with each other, specifically over the Internet. These include smart home appliances, automobiles, video surveillance systems, and more.

implicit deny

The blocking of access to any entity that has not been specifically granted access. May also be known as implicit deny any. An example might be a whitelist ACL. Any station that is not in the whitelist is implicitly denied access.

segment

The bus cable to which the computers on an Ethernet network connect.

information technology

The business of computers, electronic communications, and electronic commerce.

fault tolerance

The capability of any system to continue functioning after some part of the system has failed. RAID is an example of a hardware device that provides fault tolerance for hard drives.

port mirroring

The capability of many advanced switches to mirror data from any or all physical ports on a switch to a single physical port. Useful for any type of situation where an administrator needs to inspect packets coming to or from certain computers.

remote access

The capability to access a computer from outside a building in which it is housed. Remote access requires communications hardware, software, and actual physical links.

scalability

The capability to support network growth.

Root Bridge

The center of the STP universe that is used as a reference point for all other switches to maintain a loop-free topology

Video Teleconferencing

The classic, multicast-based presentation where one presenter pushes out a stream of video to any number of properly configured and properly authorized multicast clients.

Data aggregation

The collection and storing of data from various sources for the purpose of data processing

TCP/IP suite

The collection of all the protocols and processes that make TCP over IP communication over a network possible.

ipconfig /registerdns

The command used to force a DNS server to update its records

Fully Qualified Domain Name

The complete DNS name of system, from its host name to the top-level domain name. Textual nomenclature to a domain-organized resource. It is written left to right, with the host name on the left, followed by any hierarchical subdomains within the top-level domain on the right. Each level is separated from any preceding or following layer by a dot (.).

last mile

The connection between a central office and individual users in a telephone system.

insulating jacket

The external plastic covering of a fiber-optic cable.

TKIP-RC4

The extra layer of security that Wi-Fi Protected Access (WPA) adds on top of Wired Equivalent Privacy (WEP); uses RC4 for cipher initialization.

Fiber distribution panel

The fiber equivalent of a 110 punchdown block. Used as an intermediary between fiber horizontal runs and a fiber switch. Typically found in an MDF or IDF

Evolved High-Speed Packet Access

The final wireless 3G data standard, transferring theoretical maximum speeds up to 168 Mbps, although real-world implementations rarely passed 10 Mbps.

Windows Firewall/Windows Defender Firewall

The firewall that has been included in Windows operating systems since Windows XP; originally named Internet Connection Firewall (ICF) but renamed in XP Service Pack 2.

external firewall

The firewall that sits between the perimeter network and the Internet and is responsible for bearing the brunt of the attacks from the Internet.

internal firewall

The firewall that sits between the perimeter network and the trusted network that houses all the organization's private servers and workstations.

Organizationally Unique Identifier

The first 24 bits of a MAC address, assigned to the NIC manufacturer by the IEEE.

global routing prefix

The first 48 bits of an IPv6 unicast address, used to get a packet to its destination

network prefix

The first 64 bits of an IPv6 address that identifies the network

T-carrier

The first digital trunk carriers used by the telephone industry

X.25

The first generation of packet-switching technology, enables remote devices to communicate with each other across high-speed digital links without the expense of individual leased lines.

802.11b

The first popular wireless standard, operates in the frequency range of 2.4GHz, offers throughput of up to 11 Mbps and uses DSSS.

Mechanical Transfer Registered Jack

The first type of small form factor (SFF) fiber connector, still in common use.

Routing Information Protocol

The first version had several shortcomings, such as a maximum hop count of 15 and a routing table update interval of 30 seconds, which was a problem because every router on a network would send out its table at the same time

SHA-1

The first version of Secure Hash Algorithm.

read-only memory

The generic term for nonvolatile memory that can be read from but not written to. This means that code and data stored here cannot be corrupted by accidental erasure. Additionally, this retains its data when power is removed, which makes it the perfect medium for storing BIOS data or information such as scientific constants.

DNS root servers

The highest in the hierarchy of DNS servers running the Internet.

Session Hijacking

The interception of a valid computer session to get authentication information.

Extended Unique Identifier, 64-bit

The last 64 bits of the IPv6 address, which are determined based on a calculation based on a device's 48-bit MAC address

device ID

The last six digits of a MAC address, identifying the manufacturer's unique serial number for that NIC.

10Base2

The last true bus-standard network where nodes connected to a common, shared length of coaxial cable. 10 Mbps, baseband, with up to 200 meter segments. Can handle up to 30 devices per segment. Always used T connectors.

Very High Bit-Rate Digital Subscriber Line

The latest form of DSL with download and upload speeds of up to 100 Mbps. This was designed to run on copper phone lines, but many suppliers use fiber-optic cabling to increase effective distances.

Institute of Electrical and Electronics Engineers

The leading standards-setting group in the United States.

Personal area network

The network created among Bluetooth devices such as smartphones, tablets, printers, keyboards, mice, etc.

When a NIC has auto-sensing capabilities, what does that mean?

The link duplex and the link speed will be determined once you connect a cable to your auto-sensing NIC.

cached lookup

The list kept by a DNS server of IP addresses it has already resolved, so it won't have to re-resolve an FQDN it has already checked.

port bonding

The logical joining of multiple redundant ports and links between two network devices such as a switch and storage array usually to increase bandwidth. This is also known as port aggregation

Simple Mail Transfer Protocol

The main protocol used to send electronic mail on the Internet. Unencrypted

Designated Router

The main router in an OSPF network that relays information to all other routers in the area.

Security controls

The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Generated from security policies

physical topology

The manner in which the physical components of a network are arranged.

Reddit hug of death

The massive influx of traffic on a small or lesser-known Web site when it is suddenly made popular by a reference from the media.

Slashdotting

The massive influx of traffic on a small or lesser-known Web site when it is suddenly made popular by a reference from the media.

bandwidth

The maximum amount of data that can pass from one point to another in a unit of time (through a cable, via radio wave, etc.)

disaster recovery

The means and methods to recover primary infrastructure from a disaster. Disaster recovery starts with a plan and includes data backups.

110-Punchdown Block

The most common connection used on the back of an RJ-45 jack and patch panels.

terminal adapter

The most common interface used to connect a computer to an ISDN line.

Port Address Translation

The most commonly used form of Network Address Translation, where the router uses the outgoing IP addresses and port numbers (collectively known as a socket) to map traffic back to specific machines in the network.

twisted pair

The most overwhelmingly common type of cabling used in networks. The two types of this are UTP and STP. The twists serve to reduce interference, called crosstalk; the more twists, the less crosstalk.

role-based access control

The most popular authentication model used in file sharing, defines a user's access to a resource based on the roles the user plays in the network environment. This leads to the idea of creating groups. A group in most networks is nothing more than a name that has clearly defined accesses to different resources. User accounts are placed into various groups.

Wi-Fi

The most widely adopted wireless networking type in use today. Technically, only wireless devices that conform to the extended versions of of the 802.11 standard - 802.11a, b, g, n, and ac - are certified as this type of network.

newgroup

The name for a discussion group on Usenet

primary (master) DNS server

The name server where records are added, deleted, and modified. The primary DNS server sends copies of this zone file to secondary (slave) DNS servers in a process known as a zone transfer.

Internet Assigned Numbers Authority

The organization originally responsible for assigning public IP addresses. This no longer directly assigns IP addresses, having delegated this to the five Regional Internet Registries.

ciphertext

The output when cleartext is run through a cipher algorithm using a key.

Media Access Control

The part of a NIC that remembers the NIC's own MAC address and attaches that address to outgoing frames

Cladding

The part of a fiber-optic cable that makes the light reflect down the fiber.

hop

The passage of a packet through a router.

topology

The pattern of interconnections in a communications system among devices, nodes, and associated input and output stations. Also describes how computers connect to each other without regard to how they actually communicate.

effective permissions

The permissions of all groups combined in any network operating system.

DHCP scope

The pool of IP addresses that a DHCP server may allocate to clients requesting IP addresses or other IP information like DNS server addresses.

Linux

The popular open source operating system, derived from UNIX

switch port

The port on a switch. This can best be described as a collision domain

trailer

The portion of an Ethernet frame that is the frame check sequence (FCS).

hosts file

The predecessor to DNS, a static text file that resides on a computer and is used to resolve DNS host names to IP addresses. Automatically mapped to a host's DNS resolver cache in modern systems. This has no extension.

giga

The prefix that generally refers to the quantity 1,073,741,824. One gigabyte is 1,073,741,824 bytes. With frequencies, in contrast, this often refers to one billion. One gigahertz is 1,000,000,000 hertz

voltage

The pressure of the electrons passing through a wire.

payload

The primary data that is sent from a source network device to a destination network device.

customer premises equipment

The primary distribution box and customer-owned/managed equipment that exists on the customer side of the demarc.

Internet Engineering Task Force

The primary standards organization for the Internet.

NetFlow

The primary tool used to monitor packet flow on a network.

circuit switching

The process for connecting two phones together on one circuit.

legal hold

The process of an organization preserving and organizing data in anticipation of or in reaction to a pending legal issue.

off-boarding

The process of confirming that mobile devices leaving the control of the organization do not store any proprietary applications or data.

Business Continuity Plan

The process of defining the steps to be taken in the event of a physical corporate crisis to continue operations. Includes the creation of documents to specify facilities, equipment, resources, personnel, and their roles.

rollback

The process of downgrading - undoing - a recently applied patch or update.

network design

The process of gathering together and planning the layout for the equipment needed to create a network.

Time Division Multiplexing

The process of having frames that carry a bit of every channel in every frame sent at a regular interval in a T1 connection.

risk management

The process of how organizations evaluate, protect against, and recover from threats and attacks that take place on their networks.

succession planning

The process of identifying people who can take over certain positions (usually on a temporary basis) in case the people holding those critical positions are incapacitated or lost in an incident.

Change Management

The process of initiating, approving, funding, implementing, and documenting significant changes to the network.

proxy ARP

The process of making remotely connected computers act as though they are on the same LAN as local computers.

Encapsulation

The process of preparing data to go onto a network.

log management

The process of providing proper security and maintenance for log files to ensure the files are organized and safe. Storage for legal conformance, managing size, and controlling access to appropriate users

ecapsulation

The process of putting the packets from one protocol inside the packets of another protocol, An example of this is TCP/IP in Ethernet, which places TCP/IP packets inside Ethernet frames.

port scanning

The process of querying individual nodes, looking for open or vulnerable ports and creating a report

patch management

The process of regularly updating operating systems and applications to avoid security threats.

home automation

The process of remotely controlling household devices, such as lights, thermostats, cameras, and washers and dryers.

electronic discovery

The process of requesting and providing electronic and stored data and evidence in a legal way.

de-encapsulation

The process of stripping all the extra header information from a packet as the data moves up a protocol stack.

load balancing

The process of taking several servers and making them look like a single server, spreading processing and supporting bandwidth needs.

on-boarding

The process of verifying that new mobile devices appearing in the organization's infrastructure are secure and safe to use within the organization.

drive mirroring

The process of writing identical data to two hard drives on the same controller at the same time to provide data redundancy.

IP addressing

The processes of assigning IP addresses to networks and hosts.

real-time processing

The processing of transactions as they occur, rather than batching them. Pertaining to an application, processing in which response to input is fast enough to affect subsequent inputs and guide the process, and in which records are updated immediately. The lag from input time to output time must be sufficiently small for acceptable timeliness. Timeliness is a function of the total system: missile guidance requires output within a few milliseconds of input, whereas scheduling of steamships requires a response time in days. Real-time systems are those with a response time of milliseconds; interactive systems respond in seconds; and batch systems may respond in hours or days.

Common Internet File System

The protocol that NetBIOS used to share folders and printers. Still very common, even on UNIX/Linux systems.

Backoff

The random amount of time a node in a CSMA/CD network waits after a collision has occurred; this is typically a period of a few milliseconds long.

RS-232

The recommended standard (RS) upon which all serial communication takes place on a PC.

Signal-to-noise ratio (SNR)

The relative gauge of signal strength for a radio/WIFI receiver. The stronger the signal the more negative it registers

request timed out

The response generated when no echo reply comes back before the default time when using ping. This can be caused by a slow network, excess traffic, a downed router, etc.

Destination Host Unreachable

The response generated when the local system has no route to the address listed using ping, May also come from a router upstream if that router can't go forward

unreachable default gateway

The response generated when you ping the default gateway and get a destination host unreadable response. A CompTIA term for an ICMP-related issue

Broadcast storm

The result of one or more devices sending a nonstop flurry of broadcast frames on the network.

collision

The result of two nodes transmitting at the same time on a multiple access network such as Ethernet. Both frames may be lost or partial frames may result.

Main Distribution Frame

The room in a building that stores the demarc, telephone cross-connects, and LAN cross-connects

Intermediate distribution frame

The room where all the horizontal runs from all the work areas on a given floor in a building come together.

telephony

The science of converting sound into electrical signals, moving those signals from one location to another, and then converting those signals back into sounds. This includes modems, telephone lines, the telephone system, and any products used to create a remote access link between a remote access client and server.

computer forensics

The science of gathering, preserving, and presenting evidence stored on a computer or any form of digital media that is presentable in a court of law.

interface identifier (interface ID)

The second half (64 bits) of an IPv6 address, unique to a host.

RIPv2

The second version of this protocol. It fixed many problems of the original version, but the maximum hop count of 15 still applies.

Order of Restoration

The sequence in which different systems are brought back online after a disaster.

Operating system

The set of programming that enables a program to interact with the computer and provides an interface between the PC and the user.

configurations

The settings stored in devices that define how they are to operate.

Application Layer

The seventh layer of the OSI model.

Digital Signal 1

The signaling method used by T1 lines, which uses a relatively simple frame consisting of 25 pieces: a framing bit and 24 channels. Each DS1 channel holds a single 8-bit DS0 data sample. The framing bit and data channels combine to make 193 bits per DS1 frame. These frames are transmitted 8000 times/sec, making a total throughput of 1.544 Mbps

Digital signal 1

The signaling method used by T1 lines, which uses a relatively simple frame consisting of 25 pieces: a framing bit and 24 channels. Each of these holds a single 8-bit DS0 data sample. The framing bit and data channels combine to make 193 bits per frame. These frames are transmitted 8000 times/sec, making a total throughput of 1.544 Mbps.

MTU mismatch

The situation when your network's packets are so large that they must be fragmented to fit into your ISP's packets.

iSCSI Initiator

The software and hardware components that can be used to transfer files to and from an iSCSI target.

Network Management System

The software installed on an SNMP manager workstation that allows for communication to SNMP agents.

T1 line

The specific, shielded, two-pair cabling that connects the two ends of a T1 connection.

native VLAN

The specified VLAN designation that will be assigned to all untagged frames entering a trunk port in a switch.

Dipole Antenna

The standard straight-wire antenna that provides signal out in a torus (the shape of a bagel).

Telecommunications Industry Association/Electronics Industries Association

The standards body that defines most of the standards for computer network cabling. Many of these standards are defined under the TIA/EIA 568 standard.

Recovery point objective

The state of the backup when the data is recovered. It is an evaluation of how much data s lost from the time of the last backup to the point that a recovery was required.

Forward lookup zone

The storage area in a DNS server to store the IP addresses and names of systems for a particular domain or domains.

Public Key Infrastructure

The system for creating and distributing digital certificates using sites like Comodo, Symantec, or GoDaddy

100BaseTX

The technically accurate but little-used name for 100BaseT. 100 Mbps up to 100 meters, 1024 nodes per hub, cat 5e cable only using two pairs of wires, full duplex

network technology

The techniques, components, and practices involved in creating and operating computer-to-computer links. A practical application of a topology and other critical technologies that provides a method to get data from one computer to another on a network.

resistance

The tendency for a physical medium to impede electron flow. It is classically measured in a unit called ohms.

offsite

The term for a virtual computer accessed and stored remotely.

onsite

The term for a virtual computer stored at your location.

subnet mask

The value used in TCP/IP settings to divide the IP address of a host into its component parts: network ID and host ID. One of the main purposes of this is to determine if the recipient address in a packet is local or remote. Once determined, the host can then decide if the packet should remain local, or should be forwarded to a remote network.

Modulation Techniques

The various multiplexing and demultiplexing technologies and protocols, both analog and digital.

DHCPv6

The version of DHCP used with IPv6.

ICMPv6

The version of ICMP used with IPv6 networks. This performs the functions that ICMP, IGMP, and ARP perform in IPv4. It detects and reports data transmission errors, discovers other nodes on a network, and manages multicasting.

Authoritative DNS Servers

These hold the IP addresses and names of systems for a particular domain or domains in special storage areas called forward lookup zones. They also have reverse lookup zones.

3G

Third generation wireless data standard for cell phones and other mobile devices. 3G matured over time until Evolved High-Speed Packet Access (HSPA+) became the final wireless 3G data standard. It transferred at theoretical maximum speeds up to 168 Mbps although real-world implementations rarely passed 10 Mbps.

Bandwidth-Efficient Encoding Schemes

This allows more bits to be squeezed into the same signal as long as a cable can handle it.

differential backup

This backs up the files that have been changed since the last full backup. This type of backup does not change the state of the archive bit.

show ip route

This command can be used on a Cisco router to view the routing table

nbtstat -R

This command clears the NetBIOS name cache table

nbtstat -n

This command displays NetBIOS names that have been registered as belonging to the local system.

ipconfig /displaydns

This command displays all cached DNS entries in a windows system

nbtstat -r

This command displays names resolved by broadcast and via WINS.

nbtstat -c

This command displays the NetBIOS name cache of the local computer

nbtstat -a

This command lists the remote machine's registered name table

Nbstat

This command provides information about the NetBIOS naming service that runs in some Windows-based computers.

sudo ifconfig eth0 down

This command releases any IP configurations received from DHCP server in MacOS/Linux

ipconfig /release

This command releases any IP configurations received from DHCP server in Windows

nbtstat -RR

This command takes all registered information and rebroadcasts it

ipconfig /flushdns

This command will clear your DNS resolver cache.

Corrective Controls

This control is used to correct a condition when there is either no control at all, or the existing control is ineffective. Normally, this control is temporary until a more permanent solution is put into place.

Port filtering

This enables an administrator to allow only certain ports to be used, and block all other ports.

Physical documentation

This includes a wiring diagram of the network, drop locations, and enumeration of equipment.

Non-Disclosure Agreement

This is a contract between an employer and an employee that states that the employee will not reveal the employer's trade secrets to future employers.

Critical node

This is a specific type of critical asset that is unique to the IT environment. Examples include components such as servers, routers, mission-critical workstations, printers, etc.

Server-side load balancing

This uses a sophisticated hardware device that is located with your servers to provide load balancing. This load balancer can query servers to determine usage, reroute traffic if a server goes down, and even act as a reverse proxy server.

external threats

Threats to your network through external means; examples include virus attacks and the exploitation of users, security holes in the OS, or the network hardware itself.

TGT

Ticket Granting Ticket

no-default routers

Tier 1 routers that connect to the other Tier 1 routers and can't have any default route

TDMA

Time Division Multiple Access

TDM

Time Division Multiplexing

TDR

Time Domain Reflectometer

Back up

To save important data in a secondary location as a safety precaution against the loss of the primary data.

traffic analysis

Tools that chart a network's traffic usage.

Network management software

Tools that enable you to describe, visualize, and configure an entire network

TCN

Topology Change Notification

Mesh Topology

Topology in which each computer has a direct or indirect connection to every other computer in a network. Any node on the network can forward traffic to other nodes. Popular in cellular and many wireless networks.

Point-to-Multipoint Topology

Topology in which one device communicates with more than one other device on a network.

Application log

Tracks application events, such as when an application opens or closes. Different types of application logs record different events.

voltage quality recorder

Tracks voltage over time by plugging into a power outlet.

Thinnet

Trade name for 10Base2 Ethernet technology. This is characterized by the use of RG-58 coaxial cable segments and BNC T connectors to attach stations to the segments.

Network Interface Card

Traditionally, an expansion card that enables a PC to link physically to a network. Modern computers now use built-in versions, no longer requiring physical cards, but the term is still very common

TLS

Transport Layer Security

TFTP

Trivial File Transfer Protocol

bonding

Two or more NICs in a system working together to act as a single NIC to increase performance.

stripe set

Two or more drives in a group that are used for a striped volume.

duplex fiber-optic cabling

Two-pair cabling which connects two fibers together to provide for sending and receiving

Symmetric DSL

Type of DSL connection that provides equal upload and download speed and, in theory, provides speeds up to 15 Mbps , although the vast majority of ISPs provide packages ranging from 192 Kbps to 9 Mbps.

dynamic NAT

Type of NAT in which many computers can share a pool of routable IP addresses that number fewer than the computers.

host-to-host

Type of VPN connection in which a single host establishes a link with a remote, single host.

host-to-site

Type of VPN connection where a host logs into a remote network as if it were any other local resource of that network.

copy backup

Type of backup similar to Normal or Full, in that all selected files on a system are backed up. This type of backup does not change the archive bit of the files being backed up.

Change request steps

Type of change, configuration procedures, rollback process, potential impact, notification, perform the change, documentation

Registered Jack

Type of connector used on the end of telephone and networking cables

RJ-45

Type of connector with eight-wire UTP connections; usually found in network connections and used for 10/100/1000BaseT networking.

RJ-11

Type of connector with four-wire UTP connections; usually found in telephone connections.

link state

Type of dynamic routing protocol that announces only changes to routing tables, as opposed to entire routing tables.

Multimode Fiber

Type of fiber-optic cable that uses LEDs. Almost always orange.

multimode

Type of fiber-optic cable with a large-diameter core that supports multiple modes of propagation. The large diameter simplifies connections, but has drawbacks related to distance.

PVC-rated cable

Type of network cable that offers no special fire protection; burning produces excessive smoke and noxious fumes. Also known as non-plenum rated

smart jack

Type of network interface unit (NIU) that enables ISPs or telephone companies to test for faults in a network, such as disconnections and loopbacks.

graphing

Type of software that creates visual representations and graphs of data collected by SNMP managers.

NTP port

UDP 123

SNTP port

UDP 123

NetBIOS ports

UDP 137/138 and TCP 137/139

Radius ports

UDP 1812-1813 or UDP 1645-1646

Real-time transport protocol ports

UDP 5004 and 5005

LLMNR port

UDP 53 and 55

DHCP ports

UDP 67 (for servers) and UDP 68 (for clients)

TFTP port

UDP 69

DNS port

UDP/TCP 53 (for servers)

straight-through cable

UTP or STP cable segment that has the wire and pin assignments at one end of the cable match the wire and same pin assignments at the other end. These are used to connect hosts to switches and are the connective opposite of crossover cables.

UPC

Ultra Physical Contact

noise

Undesirable signals bearing no desired information and frequently capable of introducing errors into the communication process

UTM

Unified Threat Management

URL

Uniform Resource Locator

UPS

Uninterruptible Power Supply

MAC (media access control) address

Unique 48-bit address assigned to each network card. IEEE assigns blocks of possible addresses to various NIC manufacturers to help ensure that the address is always unique. The Data Link layer of the OSI model uses this address to locate machines.

ICS server

Unit in a distributed control system (DCS) that can be used to manage global changes to the controllers.

Volt

Unit of measure for voltage

UNC

Universal Naming Convention

unencrypted channel

Unsecure communication between tow hosts that pass data using cleartext. For example, a Telnet connection.

UTP

Unshielded Twisted Pair

traffic spike

Unusual and usually dramatic increase in the amount of network traffic. Traffic spikes may be the result of normal operations within the organization or may be an indication of something more sinister.

reflection

Used in DDoS attacks, requests are sent to normal servers as if they had come from the target server. The response from the normal servers are reflected to the target server, overwhelming it without identifying the true initiator

VLAN pooling

Used in wireless networking, a setup where multiple VLANs share a common domain. The multiple VLANs are used to keep broadcast traffic to manageable levels. Wireless clients are randomly assigned to different VLANs. Their common domain enables them all to be centrally managed.

UDP

User Datagram Protocol

Root guard

Uses STP to decide which switch is the root bridge (aka root switch). This then protects against a rogue switch being installed and taking over the root switch role.

RAID 2

Uses bit-level striping

RAID 5

Uses block-level and parity data striping.

RAID 0

Uses byte-level striping and provides no fault tolerance.

RAID 4

Uses error-correcting information (such as parity) on a separate disk and block-level striping on the remaining drives

RAID 3

Uses error-correcting information (such as parity) on a separate disk and data striping on the remaining drives

RAID 1

Uses mirroring or duplexing for increased data redundancy.

Voice over IP

Using an IP network to conduct voice calls.

leeching

Using another person's wireless connection to the Internet without that person's permission.

War chalking

Using symbols to mark off a sidewalk or wall to indicate that there is an open wireless network which may be offering Internet access.

Cloud computing

Using the Internet to store files and run applications. For example, Google Docs is a cloud computing application that enables you to run productivity applications over the Internet from your Web browser.

Dynamic VLAN

VLANs assigned based on MAC addresses. Never used today

variable

Value of an SNMP management information base (MIB) object. That value can be read with a Get PDU or changed with a Set PDU.

VLSM

Variable Length Subnet Mask

Switch port protection

Various methods to help modern switches deal with malicious software and other threats. Includes technologies such as flood guards.

VDSL

Very High Bit Rate Digital Subscriber Line

EAP-MD5

Very simple version of EAP which uses only hashes for transfer and authentication credentials.

VTC

Video Teleconferencing

VPC

Virtual Private Cloud

VPN

Virtual Private Network

VRRP

Virtual Router Redundancy Protocol

SIP trunks

Virtual connections that connect PBX systems from multiple locations over the Internet

executable viruses

Viruses that are literally extensions of executables and that are unable to exist by themselves. Once an infected executable file is run, the virus loads into memory, adding copies of itself to other EXEs that are subsequently run.

WDM

Wave Division Multiplexing

looking glass site

Web site that enables a technician to run various diagnostic tools from outside their network.

Bandwidth speed tester

Web sites for measuring an Internet connection throughput, both download and upload speeds.

High device density environments

Wi-FI networks with lots of clients

WPA

Wi-Fi Protected Access

WPA2

Wi-Fi Protected Access 2

WPS

Wi-Fi Protected Setup

WAN

Wide Area Network

route print

Windows command to view current known routes in a system's routing table. Same command as Netstat -r

Exception

Windows terminology for something a firewall allows in an ACL

WEP

Wired Equivalent Privacy

WAP

Wireless Access Point

WLAN

Wireless Local Area Network

Z-wave

Wireless home automation control standard. Works at 900 MHz, has a 30 meter range, and transfer speeds of 9600 bps

Channel bonding

Wireless technology that enables wireless access points (WAPs) to use two channels for transmission.

Environment limitations

With respect to building and upgrading networks, refers to the degree of access to facilities and physical access to physical infrastructure. The type of building or buildings must be considered. Access to the walls and ceilings will factor in the construction of the network.

equipment limitations

With respect to installing and upgrading networks, the degree of usage of any existing equipment, applications, or cabling.

Device Types/Requirements

With respect to installing and upgrading networks, these determine what equipment is needed to build the network and how the network should be organized.

compatibility requirements

With respect to network installations and upgrades, requirements that deal with how well the new technology integrates with older or existing technologies.

www

World Wide Web

WORM

Write Once Read Many. Take care of your logs with optical media or hard drives

safety policy

Written policy that is designed to promote safety to IT members. What protective equipment to wear, ESD rules, lifting rules, how to handle spills, etc.

zeroconf

Zero-Configuration networking

Digital certificate

a data file that contains a public key, personal digital signature, and the digital signature of a third party guaranteeing the integrity of the personal digital signature

frame

a defined series of binary data that is the basic container for a discrete amount of data moving across a network. These are created at Layer 2 of the OSI model. Ethernet versions of these have a maximum size of 1500 bytes

chain of custody

a document used to track the collection, handling, and transfer of evidence

FC Connector

a fiber-optic connector that is threaded to ensure a tight connection

registered jack

connectors used for UTP cable on both telephone and network connections

VLAN assignment

assigning ports to VLANS

BSS

basic service set

refraction

bending of radio waves when transmitted through glass

BPS

bits per second

groups

collections of network users who share similar tasks and need similar permissions; defined to make administration tasks easier

dB

decibel

DOS

denial of service

DiffServ

differentiated services

Dispersion

diffusion over distance of light propagating down fiber cable.

DSP

digital signal processor

DC

direct current

dig

domain information groper

termination

endpoint in a network segment

Enhanced small form-factor pluggable

fiber-optic connector used in 10 GbE networks

header

first section of a frame, packet, segment, or datagram

JBOD

just a bunch of disks

LOM

lights-out management

MIME

multipurpose internet mail extensions

MSAU

multistation access unit

OS

operating system

P2P

peer-to-peer

Hackers

people who break into computer systems. Those with malicious intent are sometimes considered black hat hackers and those who do so with a positive intent (such as vulnerability testing) are regularly referred to as white hackers. Of course, there are middle-ground hackers: gray hat hackers.

RIS

remote installation services

Asset disposal

reusing, repurposing, or recycling computing devices that follows system life cycle policies in many organizaions.

SOHO

small office/home office

Bluesnarfing

use of weaknesses in the Bluetooth standard to steal information from other Bluetooth devices

continuity

the physical connection of wires in a network

Bluejacking

the process of sending unsolicited messages to another Bluetooth device

reassembly

the process where a receiving system verifies and puts together packets into coherent data

Gain

the strengthening and focusing of radio frequency output from a wireless access point (WAP).

download

the transfer of information from a remote computer system to the user's system. Opposite of upload

TLD

top-level domain

UC

unified communication

VTP

virtual trunking protocol

VoIP

voice over IP

V

volt

WINS

windows internet name service


Conjuntos de estudio relacionados

Wordly Wise 3000: Book 7, Lesson 7

View Set

(PrepU) Chapter 19: Assessing Thorax and Lungs

View Set

PrQ23: Practice Quiz - Ch. 23: Unemployment and Inflation

View Set

Summarizing Literature: Mastery Test

View Set

Ch. 5 analyzing the marking enviorment

View Set

Microeconomics Chapter 1: Limits, Alternatives, and Choices

View Set

MH personality and mood practice ch 18

View Set