Comptia Network+ and Security+

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Port Forwarding

- Settings of the router which designates ports to be open for specific services, which then sends it on the the destination. - It allows remote computer to connect to a private computer.

SSID

- Specified name of a wireless access point. - Required to connect to a wireless network.

Router Channels

- Specifies portion of wireless frequencies used for a specific router in order to avoid overlapping and causing connectivity issues, especially when dealing with multiple access points.

NAS

- Storage device shared over a LAN in order to provide a central location of data.

DMZ

- Subnetwork used to separate a private sector of a network from the public portion allotted to give access to its services to an untrusted network.

POP3

- TCP Port 110 - Protocol used to retrieve emails from a mail server. - This protocol typically downloads the email and removes it from the server. It is not preferred if you plan to access the email from multiple devices.

FTP

- TCP Port 21 (data port 20) - Uses TCP to connect one host directly to another in order to transfer files. - Typical usage is to upload files to a web server. - It uses a separate port for data and communications.

SMTP

- TCP Port 25 - Protocol used to transfer mail between network destinations.

CIFS

- TCP Port 445, UDP Port 137, 138, 139 - Dialect of Server Message Block (SMB) protocol. - Enables the sharing of folders/files, printers and ports over a network.

L2F

(Layer 2 Forwarding) A VPN protocol designed (by Cisco Systems ® ) with the intent of providing a tunneling protocol for PPP. Like L2TP, L2F lacks native security features.

L2TP

(Layer 2 Tunneling Protocol) A VPN protocol that lacks security features, such as encryption. However, it can still be used for a secure VPN connection if it is combined with another protocol that provides encryption.

MS-CHAP

(Microsoft Challenge-Handshake Authentication Protocol) A Microsoft-enhanced version of CHAP, offering a collection of additional features not present with PAP or CHAP, including two-way authentication.

RRAS

(Microsoft Routing and Remote Access Server) A Microsoft Windows Server ® feature that allows Microsoft Windows ® clients to remotely access a Microsoft Windows network.

MIMO

(Multiple Input Multiple Output) uses multiple antennas for transmission and reception. These antennas do not interfere with one another, thanks to MIMO's use of spatial multiplexing, which encodes data based on the antenna from which the data will be transmitted. Both reliability and throughput can be increased with MIMO's simultaneous use of multiple antennas.

MPLS

(Multiprotocol Label Switching) A WAN technology popular among service providers. MPLS performs labels switching to forward traffic within an MPLS cloud by inserting a 32-bit header (which contains a 20-bit label) between a frame's Layer 2 and Layer 3 headers and making forwarding decisions based on the label within an MPLS header.

NIDS

(Network-Based IDS) a network appliance dedicated to the purpose of acting as an IDS sensor.

NIPS

(Network-Based IPS) a network appliance dedicated to the purpose of acting as an IPS sensor.

OFDM

(Orthogonal Frequency Division Multiplexing) While DSSS used a high modulation rate for the symbols it sends, OFDM uses a relatively slow modulation rate for symbols. This slower modulation rate, combined with the simultaneous transmission of data over 52 data streams, helps OFDM support high data rates while resisting crosstalk between the various data streams.

PAP

(Password Authentication Protocol) Performs one-way authentication (that is, a client authenticates with a server). However, a significant drawback to PPP, other than its unidirectional authentication, is its clear-text transmission of credentials, which could permit an eavesdropper to learn authentication credentials.

PPPoE

(Point-to-Point Protocol over Ethernet) Commonly used between a DSL modem in a home (or business) and a service provider. Specifically, PPPoE encapsulates PPP frames within Ethernet frames. PPP is used to leverage its features, such as authentication.

PPP

(Point-to-Point Protocol) ) A common Layer 2 protocol offering features such as multilink interface, looped link detection, error detection, and authentication.

PPTP

(Point-to-Point Tunneling Protocol) An older VPN protocol (that supported the dial-up networking feature in older versions of Microsoft Windows ® ). Like L2TP and L2F, PPTP lacks native security features. However, Microsoft's versions of PPTP bundled with various versions of Microsoft Windows ® were enhanced to offer security features.

RADIUS

(Remote Authentication Dial-In User Service) A UDP-based protocol used to communicate with a AAA server. does not encrypt an entire authentication packet, but only the password. However, offers more robust accounting features than TACACS+. This is a standards-based protocol, while TACACS+ is a Cisco-proprietary protocol.

SSL

(Secure Sockets Layer) Provides cryptography and reliability for upper layers (Layers 5-7) of the OSI model. introduced in 1995, it has largely been replaced by Transport Layer Security (TLS). However, recent versions of SSL (for example, SSL 3.3) have been enhanced to be more comparable with TLS. Both SSL and TLS are able to provide secure web browsing via HTTPS.

SA

(Security Association) An agreement between the two IPsec peers about the cryptographic parameters to be used in an ISAKMP session.

Firewall

- Security in a router which blocks unwanted and unrequested traffic from passing into the local network.

connectionless

A type of Transport layer protocol that services a request without requiring a verified session and without guaranteeing delivery of data.

block cipher

A type of algorithm that encrypts a number of bits as individual units known as blocks.

stream cipher

A type of algorithm that encrypts each byte in a message on at a time.

STP (shielded twisted pair)

A type of cable containing twisted-wire pairs that are not only individually insulated, but also surrounded by a shielding made of a metallic substance such as foil.

rollover cable

A type of cable in which the terminations on one end are exactly the reverse of the terminations on the other end. It is used for serial connections between routers and consoles or other interfaces.

EMI (electromagnetic interference)

A type of interference that may be caused by motors, power lines, televisions, copiers, fluorescent lights, or other sources of electrical activity.

private key

A type of key that is known only to a specific user or users who keep the key a secret.

public key

A type of key that is known to all parties involved in encrypted transactions within a given group.

Spyware

A type of malicious software either downloaded unwittingly from a website or installed along with some other third-party software.

FDM (frequency division multiplexing)

A type of multiplexing that assigns a unique frequency band to each communications subchannel. Signals are modulated with different carrier frequencies, then multiplexed to simultaneously travel over a single channel.

CRC (cyclic redundancy check)

An algorithm (or mathematical routine) used to verify the accuracy of data contained in a data frame.

Cipher

An algorithm that can perform encryption or decryption.

Temporal Key Integrity Protocol (TKIP)

An algorithm used to secure wireless computer networks; meant as a replacement for WEP.

pop-up blocker

An application or add-on to a web browser that blocks pop-up windows that usually contain advertisements.

Mantrap

An area between two doorways, meant to hold people until they are identified and authenticated.

qualitative risk assessment

An assessment that assigns numeric values to the probability of a risk and the impact it can have on the system or network.

quantitative risk assessment

An assessment that measures risk by using exact monetary values.

Pretty Good Privacy (PGP)

An encryption program used primarily for signing, encrypting, and decrypting e-mails in an attempt to increase the security of e-mail communications.

Advanced Encryption Standard (AES)

An encryption standard used with WPA and WPA2. The successor to DES/3DES and is another symmetric key encryption standard composed of three different block ciphers: AES-128, AES-192, and AES-256.

Public Key Infrastructure

An entire system of hardware and software, policies and procedures, and people, used to create, distribute, manage, store, and revoke digital certificates.

Coaxial Connectors

BNC F-Connector

vulnerability assessment

Baselining of the network to assess the current security state of computers, servers, network devices, and the entire network in general.

BNC connector

Bayonet style coaxial cabling connector generally made of nickel plated brass

SMB

- TCP Port 445, UDP Port 137, 138, 139 - Protocol implemented in Microsoft Windows. - This system allows users to share resources across the network remotely. (ie. shared folders/files, printers)

promiscuous mode

In a network adapter, this passes all traffic to the CPU, not just the frames addressed to it. When the network adapter captures all packets that it has access to regardless of the destination for those packets.

recovery time objectives (RTO)

In business impact analysis, the acceptable amount of time to restore a function.

recovery point objectives (RPO)

In business impact analysis, the acceptable latency of data.

first responders

People who perform preliminary analysis of the incident data and determine whether the incident is an incident or just an event, and the criticality of the incident.

PAN

Personal-area network - a network whose scale is smaller than a LAN. (ie: a connection between a PC and a digital camera via a USB cable.

IP address (Internet Protocol address)

The Network layer address assigned to nodes to uniquely identify them on a TCP/IP network. IP addresses consist of 32 bits divided into four octets, or bytes.

Transport layer

The fourth layer of the OSI model. In this layer protocols ensure that data are transferred from point A to point B reliably and without errors. this layer services include flow control, acknowledgment, error correction, segmentation, reassembly, and sequencing.

Wardriving

The act of searching for wireless networks by a person in a vehicle through the use of a device with a wireless antenna, often a particularly strong antenna.

Logical Topology

The actual traffic flow of a network determines the network's Logical topology.

Defense in depth

The building up and layering of security measures that protect data from inception, on through storage and network transfer, and lastly to final disposal.

core

The central component of a cable designed to carry a signal.

unified communications

The centralized management of multiple types of network-based communications, such as voice, video, fax, and messaging services.

block ID

The first set of six characters that make up the MAC address and that are unique to a particular manufacturer.

certificate authority

The entity (usually a server) that issues digital certificates to users.

Key

The essential piece of information that determines the output of a cipher.

business impact analysis

The examination of critical versus noncritical functions, it is part of a business continuity plan (BCP).

attenuation

The extent to which a signal has weakened after traveling a given distance.

FCS (frame check sequence)

The field in a frame responsible for ensuring that data carried by the frame arrives intact. It uses an algorithm, such as CRC, to accomplish this verification.

Session layer

The fifth layer in the OSI model. This layer establishes and maintains communication between two nodes on the network. It can be considered the "traffic cop" for network communications.

domain name kiting

The process of deleting a domain name during the five-day grace period (known as the add grace period or AGP) and immediately reregistering it for another five-day period to keep a domain name indefinitely and for free.

license tracking

The process of determining the number of copies of a single application that are currently in use on the network and whether the number in use exceeds the authorized number of licenses

load balancing

The process of distributing data transfer activity evenly across a network so that no single device is overwhelmed.

Baselining

The process of measuring changes in networking, hardware, software, and so on.

reassembly

The process of reconstructing data units that have been segmented.

regeneration

The process of retransmitting a digital signal.

encapsulate

The process of wrapping one layer's PDU with protocol information so that it can be interpreted by a lower layer.

bend radius

The radius of the maximum arc into which you can loop a cable before you will cause data transmission errors.

Salting

The randomization of the hashing process to defend against cryptanalysis password attacks and Rainbow Tables.

tip and ring

The red and green wires found in an RJ-11 wall jacks, which carry voice, ringing voltage, and signaling information between an analog device (for example, a phone or a modem) and an RJ-11 wall jack.

chromatic dispersion

The refraction of light as in a rainbow. If light is refracted in such a manner on fiber optic cables, the signal cannot be read by the receiver.

impedance

The resistance that contributes to controlling an electrical signal. It is measured in ohms.

convergence

The use of data networks to carry voice (or telephone), video, and other communications services in addition to data.

Physical Topology

The way a network's components are physically interconnected determines the network's physical topology.

group policy

Used in Microsoft environments to govern user and computer accounts through a set of rules.

Backdoors

Used in computer programs to bypass normal authentication and other security mechanisms in place.

Remote Authentication Dial-In User Service (RADIUS)

Used to provide centralized administration of dial-up, VPN, and wireless authentication.

Hub-and-Spoke Topology

Used when interconnecting multiple sites (ie: multiple corporate locations) via WAN links, a hub-and-spoke topology has a WAN link from each remote site (a spoke site) to the main site (the hub site).

public key cryptography

Uses asymmetric keys alone or in addition to symmetric keys. The asymmetric key algorithm creates a secret private key and a published public key.

Router

a Layer 3 device, it makes forwarding decisions based on logical network addresses. Most modern networks use an IP address for routing.

WriteStackFrameName

similar to WriteStackFrame procedure, except includes additional parameter that holds the name of the procedure owning the stack frame

RJ-45

- Twisted pair connector used for network cabling. - Uses either T568A or T568B wiring configurations.

SC Connector

- Type of connector used in fiber optic cabling. - Snap-in with 2.5 mm ferrule.

LC Connector

- Type of connector used in fiber optic cabling. - Uses a connector likened to RJ-45. It has a smaller form factor and uses 1.25 mm ferrule. - Preferred for single mode.

ST Connector

- Type of connector used in fiber optic cabling. - Uses bayonet connector with 2.5 mm ceramic or polymer ferrule.

Cable Internet

- Type of internet service that runs over a cable TV network. - The accepted standard for most internet connections today, as it is reliable and fast.

IMAP

-TCP Port 143 - Protocol used to retrieve emails from a mail server. - This protocol allows you to synchronize with the mail server and have updated access from multiple devices.

Simple Network Management Protocol (SNMP)

A TCP/IP protocol that monitors network-attached devices and computers. It's usually incorporated as part of a network management system.

Infrastructure as a Service (IaaS)

A cloud computing service that offers computer networking, storage, load balancing, routing, and VM hosting.

node

A computer or other device connected to a network, which has a unique address and is capable of sending or receiving data

F-type connector

A connector used to terminate coaxial cable used for transmitting television and broadband cable signals.

MT-RJ (mechanical transfer-registered jack)

A connector used with single-mode or multimode fiber-optic cable.

SC (subscriber connector or standard connector)

A connector used with single-mode or multimode fiber-optic cable.

LC (local connector)

A connector used with single-mode or multimode fiber-optic cable.

ST (straight tip)

A connector used with single-mode or multimode fiber-optic cable.

security policy

A continually changing document that dictates a set of guidelines for network use. These guidelines complement organizational objectives by specifying rules for how a network is used

modem

A device that modulates analog signals into digital signals at the transmitting end for transmission over telephone lines, and demodulates digital signals into analog signals at the receiving end.

Grayware

A general term used to describe applications that are behaving improperly but without serious consequences; often describes types of spyware.

Botnet

A group of compromised computers used to distribute malware across the Internet; the members are usually zombies.

Secure Hash Algorithm (SHA)

A group of hash functions designed by the NSA and published by the NIST, widely used in government. The most common currently is SHA-1.

service pack (SP)

A group of updates, bug fixes, updated drivers, and security fixes that are installed from one downloadable package or from one disc.

VPN concentrator

A hardware appliance that allows hundreds of users to connect to the network from remote locations via a VPN.

Cat 5e (Enhanced Category 5)

A higher-grade version of wiring that contains highquality copper, offers a high twist ratio, and uses advanced methods for reducing cross talk. It can support a signaling rate of up to 350 MHz

MAC filtering

A method used to filter out which computers can access the wireless network; the WAP does this by consulting a list of MAC addresses that have been previously entered.

hardware firewall

A network appliance dedicated to the purpose of acting as a firewall. This appliance can have multiple interfaces for connecting to areas of a network requiring varying levels of security.

twisted pair

A type of cable similar to telephone wiring that consists of color-coded pairs of insulated copper wires, each with a diameter of 0.4 to 0.8 mm, twisted around each other and encased in plastic coating.

teardrop attack

A type of DoS that sends mangled IP fragments with overlapping and oversized payloads to the target machine.

SYN flood

A type of DoS where an attacker sends a large amount of SYN request packets to a server in an attempt to deny service.

network intrusion detection system (NIDS)

A type of IDS that attempts to detect malicious network activities—for example, port scans and DoS attacks—by constantly monitoring network traffic.

connection oriented

A type of Transport layer protocol that requires the establishment of a connection between communicating nodes before it will transmit data.

channel

A distinct communication path between two or more nodes, much like a lane is a distinct transportation path on a freeway. may be separated either logically (as in multiplexing) or physically (as when they are carried by separate wires).

RSA

A popular and widely deployed asymmetric encryption algorithm.

trouble ticket

A problem report explaining the details of an issue being experienced in a network.

ISOC (Internet Society)

A professional organization with members from 90 chapters around the world that helps to establish technical standards for the Internet.

Secure Shell (SSH)

A protocol that can create a secure channel between two computers or network devices.

RSA

A public key cryptography algorithm created by Rivest, Shamir, Adleman. It is commonly used in e-commerce.

Nonce

A random number issued by an authentication protocol that can only be used once.

patch cable

A relatively short section (usually between 3 and 25 feet) of cabling with connectors on both ends.

Terminal Access Controller Access-Control System (TACACS)

A remote authentication protocol similar to RADIUS used more often in UNIX networks.

ACK (acknowledgment)

A response generated at the Transport layer of the OSI model that confirms to a sender that its frame was received. The ACK packet is the third of three in the three-step process of establishing a connection.

black-hole router

A router that drops packets that cannot be fragmented and are exceeding the MTU size of an interface without notifying the sender.

Blackout

When a total loss of power for a prolonged period occurs.

single sign-on (SSO)

When a user can log in once but gain access to multiple systems without being asked to log in again.

least privilege

When a user is given only the amount of privileges needed to do his job.

Authorization

When a user is granted access to specific resources when authentication is complete.

time of day restriction

When a user's logon hours are configured to restrict access to the network during certain times of the day and week.

Sandbox

When a web script runs in its own environment for the express purpose of not interfering with other processes, possibly for testing.

explicit allow

When an administrator sets a rule that allows a specific type of traffic through a firewall, often within an ACL.

explicit deny

When an administrator sets a rule that denies a specific type of traffic access through a firewall, often within an ACL.

Spoofing

When an attacker masquerades as another person by falsifying information.

Pharming

When an attacker redirects one website's traffic to another bogus and possibly malicious website by modifying a DNS server or hosts file.

one-to-one mapping

When an individual certificate is mapped to a single recipient.

risk avoidance

When an organization avoids risk because the risk factor is too great.

risk reduction

When an organization mitigates risk to an acceptable level.

mandatory vacations

When an organization requires that an employee take a certain amount of days of vacation consecutively.

Piggybacking

When an unauthorized person tags along with an authorized person to gain entry to a restricted area.

key escrow

When certificate keys are held in case third parties, such as government or other organizations, need access to encrypted communications.

disk duplexing

When each disk is connected to a separate controller.

many-to-one mapping

When multiple certificates are mapped to a single recipient.

load-balancing clusters

When multiple computers are connected in an attempt to share resources such as CPU, RAM, and hard disks.

fuzz testing (fuzzing)

When random data is inputted into a computer program in an attempt to find vulnerabilities

punch-down tool

When terminating wires on a punch-down block (for example, a 110 block), you should use a punch-down tool, which is designed to properly insert an insulated wire between two contact blades in a punch down block, without damaging the blades.

Brownout

When the voltage drops to such an extent that it typically causes the lights to dim and causes computers to shut off.

broadcast storm

When there is an accumulation of broadcast and multicast packet traffic on the LAN coming from one or more network interfaces.

mutual authentication

When two computers, for example a client and a server, both verify each other's identity.

multifactor authentication

When two or more types of authentication are used when dealing with user access control.

null session

When used by an attacker, a malicious connection to the Windows interprocess communications share (IPC$).

job rotation

When users are cycled through various assignments.

classification

is the process of placing traffic into different categories.

PROC syntax

label PROC [attributes] [USES reglist], parameter_list

varlist form

label: type (used with the LOCAL directive)

WriteStackFrame

link library procedure that displays the contents of the current procedure's stack frame. It shows the procedure's stack parameters, return address, local variables, and saved registers.

MTU

maximum transmission unit - The largest data unit a network (for example, Ethernet or token ring) will accept for transmission.

NOS

network operating system

short

occurs when two copper connectors touch each other, resulting in current flowing through that short rather than the attached electrical circuit, because the short has lower resistance.

ADDR

operator that can be used to pass a pointer argument when calling a procedure using INVOKE * must be assembly time constant * call only be used in conjunction with INVOKE

argumentList

optional comma-deliminated list of arguments passed to a procedure

parameterList syntax

paramName:type (used with the PROC directive)

by reference

passing an argument that consists of the address (OFFSET) of an object.

by value

passing an argument using a copy of the value pushed on the stack.

DiffServ

(Differentiated Services) As its name suggests, DiffServ differentiates between multiple traffic flows. Specifically, packets are marked, and routers and switches can then make decisions (for example, dropping or forwarding decisions) based on those markings.

AES

(Advanced Encryption Standard) Released in 2001, this typically considered the preferred symmetric encryption algorithm. It is available in 128-bit key, 192-bit key, and 256-bit key versions.

ATM

(Asynchronous Transfer Mode) A Layer 2 WAN technology that interconnects sites using virtual circuits. These virtual circuits are identified by a pair of numbers, called the VPI/VCI pair. A virtual path identifier (VPI) identifies a logical path, which can contain multiple virtual circuits. A virtual circuit identifier (VCI) identifies the unique logical circuit within a virtual path.

AH

(Authentication Header) An IPsec protocol that provides authentication and integrity services. However, it does not provide encryption services.

BRI

(Basic Rate Interface) A BRI circuit contains two 64-kbps B channels and one 16-kbps D channel. Although such a circuit can carry two simultaneous voice conversations, the two B channels can be logically bonded together into a single virtual circuit (by using PPP's multilink interface feature) to offer a 128-kbps data path.

BSS

(Basic Service Set) WLANs that have just one AP are called BSS WLANs. BSS WLANs are said to run in infrastructure mode, because wireless clients connect to an AP, which is typically connected to a wired network infrastructure. A BSS network is often used in residential and SOHO locations, where the signal strength provided by a single AP is sufficient to service all of the WLAN's wireless clients.

CSMA/CA

(Carrier Sense Multiple Access Collision Avoidance) is needed for WLAN connections, because of their half-duplex operation. A WLAN device listens for a transmission on a wireless channel to determine if it is safe to transmit. Additionally, the collision-avoidance part of the CSMA/CA algorithm causes wireless devices to wait for a random back-off time before transmitting.

CHAP

(Challenge-Handshake Authentication Protocol) Like PAP, CHAP performs one-way authentication. However, authentication is performed through a three-way handshake (challenge, response, and acceptance messages) between a server and a client. The three-way handshake allows a client to be authenticated without sending credential information across a network.

CRAM-MD5

(Challenge-Response Authentication Mechanism Message Digest 5) A common variant of HMAC frequently used in e-mail systems. Like CHAP, this only performs one-way authentication (the server authenticates the client).

CARP

(Common Address Redundancy Protocol) An open-standard variant of HSRP, which provides first-hop router redundancy.

DSSS

(Direct Sequence Spread Spectrum) Modulates data over an entire range of frequencies using a series symbols called chips . A chip is shorter in duration than a bit, meaning that chips are transmitted at a higher rate than the actual data. These chips not only represent encoded data to be transmitted, but also what appears to be random data. Because both parties involved in a DSSS communication know which chips represent actual data and which chips do not, if a third-party intercepted a DSSS transmission, it would be difficult for that party to eavesdrop on the data, because he would not easily know which chips represented valid bits. DSSS is more subject to environmental factors, as opposed to FHSS and OFDN, because it uses of an entire frequency spectrum.

ESP

(Encapsulating Security Payload) An IPsec protocol that provides authentication, integrity, and encryption services.

ESS

(Extended Service Set) WLANs containing more than one AP are called ESS WLANs. Like BSS WLANs, ESS WLANs operate in infrastructure mode. When you have more than one AP, take care to prevent one AP from interfering with another. Specifically, nonoverlapping channels (that is, channels 1, 6, and 11 for the 2.4-GHz band) should be selected for adjacent wireless coverage areas.

FHSS

(Frequency-Hopping Spread Spectrum) Allows the participants in a communication to hop between predetermined frequencies. Security is enhanced, because the participants can predict the next frequency to be used while a third party cannot easily predict the next frequency. FHSS can also provision extra bandwidth by simultaneously using more than one frequency.

GPC

(GNU privacy guard) A free variant of pretty good privacy (PGP), which is an asymmetric encryption algorithm.

HIPS

(Host-Based IPS) - a computer running intrusion prevention software for the purpose of protecting the computer from attacks.

IPsec

(IP security (IPsec) A type of VPN that provides confidentiality, integrity, and authentication.

IBSS

(Independent Basic Service Set) A WLAN can be created without the use of an AP. Such a configuration, called an IBSS, is said to work in an ad-hoc fashion. An ad-hoc WLAN is useful for temporary connections between wireless devices. For example, you might temporarily interconnect two laptop computers to transfer a few files.

ISDN

(Integrated Services Digital Network) A digital telephony technology that supports multiple 64-kbps channels (known as bearer channels or B channels ) on a single connection. ISDN was popular back in the 1980s for connecting PBXs, which are telephone switches owned and operated by a company, to a telephone company's central office. ISDN has the ability to carry voice, video, or data over its B channels. ISDN also offers a robust set of signaling protocols: Q.921 for Layer 2 signaling and Q.931 for Layer 3 signaling. These signaling protocols run on a separate channel in an ISDN circuit (known as the delta channel , data channel , or D channel ).

IntServ

(Integrated Services) Often referred to as hard QoS, because IntServ can make strict bandwidth reservations. IntServ uses signaling among network devices to provide bandwidth reservations. Resource Reservation Protocol (RSVP) is an example of an IntServ approach to QoS. Because IntServ must be configured on every router along a packet's path, a primary drawback of IntServ is its lack of scalability.

IKE

(Internet Key Exchange) A protocol used to set up an IPsec session.

ISAKMP

(Internet Security Association and Key Management Protocol) Negotiates parameters for an IPsec session.

IDS

(Intrusion Detection System) can recognize the signature of a well-known attack and respond to stop the attack. However, this sensor does not reside in-line with the traffic flow. Therefore, one or more malicious packets might reach an intended victim before the traffic flow is stopped by this sensor.

IPS

(Intrusion Prevention System) can recognize the signature of a well-known attack and respond to stop the attack. This device resides in-line with the traffic flow, unlike an IDS sensor.

SSID

(Service Set Identifier) A string of characters that identify a WLAN. APs participating in the same WLAN can be configured with identical SSIDs. An SSID shared among multiple APs is called an extended service set identifier (ESSID).

SNMP

(Simple Network Management Protocol) A protocol used to monitor and manage network devices, such as routers, switches, and servers.

SONET

(Synchronous Optical Network) A Layer 1 technology that uses fiber-optic cabling as its media. Because SONET is a Layer 1 technology, it an be used to transport various Layer 2 encapsulation types, such as TM. Also, because SONET uses fiber-optic cabling, it offers high data rates, typically in the 155 Mbps-10 Gbps range, and long-distance limitations, typically in the 20 km-250 km range.

TACACS+

(Terminal Access Controller Access-Control System Plus) A TCP-based protocol used to communicate with a AAA server. encrypts an entire authentication packet rather than just the password. offers authentication features, but they are not as robust as the accounting features found in RADIUS. is a Cisco-proprietary protocol.

UPS

(Uninterruptable Power Supply) An appliance that provides power to networking equipment in the event of a power outage.

WPA2

(Wi-Fi Protected Access version 2) Uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for integrity checking and Advanced Encryption Standard (AES) for encryption. These algorithms enhance the security offered by WPA.

WPA

(Wi-Fi Protected Access) developed its own security standard to address the weaknesses of Wired Equivalent Privacy (WEP). This new security standard was called Wi-Fi Protected Access (WPA) version 1.

WEP

(Wired Equivalent Privacy) A security standard for WLANs. With WEP, an AP is configured with a static WEP key. Wireless clients needing to associate with an AP are configured with an identical key (making this a preshared key [PSK] approach to security). The IEEE 802.11 standard specifies a 40-bit WEP key, which is considered to be a relatively weak security measure.

AP

(Wireless Access Point) A device that connects to a wired network and provides access to that wired network for clients that wirelessly attach to the (AP) access point.

AUP

(acceptable use policy) Identifies what users of a network are and are not allowed to do on that network. For example, retrieving sports scores during working hours via an organization's Internet connection might be deemed inappropriate by an AUP.

ACL

(access control list) Rules typically applied to router interfaces, which specify permitted and denied traffic.

BERT

(bit-error rate tester) When troubleshooting a link where you suspect a high bit-error rate (BER), you can use a piece of test equipment called a bit-error rate tester (BERT), which contains both a pattern generator (which can generate a variety of bit patterns) and an error detector (which is synchronized with the pattern generator and can determine the number of bit errors) and can calculate a BER for the tested transmission link.

CO

(central office) A building containing a telephone company's telephone switching equipment is referred to as a central office (CO). COs are categorized into five hierarchical classes. A Class 1 CO is a long-distance office serving a regional area. A Class 2 CO is a second-level long-distance office (that is, it is subordinate to a Class 1 office). A Class 3 CO is a third-level long-distance office. A Class 4 CO is a fourth-level long-distance office, which provides telephone subscribers access to a live operator. A Class 5 CO is at the bottom of the five-layer hierarchy and physically connects to customer devices in a local area.

CSU/DSU

(channel service unit/data service unit) Acts as a digital modem, which terminates a digital circuit (for example, a T1 or an E1 circuit).

CIR

(committed information rate) The CIR of an interface is the average traffic rate over the period of a second.

CPE

(customer premise equipment) This device resides at a customer site. A router, as an example, can be a CPE that connects a customer with an MPLS service provider.

dB

(decibel (dB)) A ratio of radiated power to a reference value. In the case of dBi, the reference value is the signal strength (that is, the power) radiated from an isotropic antenna, which represents a theoretical antenna that radiates an equal amount of power in all directions (in a spherical pattern). An isotropic antenna is considered to have gain of 0 dBi.

DMZ

(demilitarized zone) Often contains servers that should be accessible from the Internet. This approach would, for example, allow users on the Internet to initiate an e-mail or a web session coming into an organization's e-mail or web server. However, other protocols would be blocked.

DoS

(denial of service) this attack floods a system with an excessive amount of traffic or requests, which consumes the system's processing resources and prevents the system from responding to many legitimate requests.

DSL

(digital subscriber line) A group of technologies that provide high-speed data transmission over existing telephone wiring. DSL has several variants, which vary in data rates and distance limitations. Three of the more popular DSL variants include asymmetric DSL (ADSL), symmetric DSL (DSL), and very high bit-rate DSL (VDSL).

DDoS

(distributed denial of service) These attacks can increase the amount of traffic flooded to a target system. Specifically, an attacker compromises multiple systems, and those compromised systems, called zombies , can be instructed by the attacker to simultaneously launch a DDoS attack against a target system.

ELSR

(edge label switch router) Resides at the edge of an MPLS service provider's cloud and interconnects a service provider to one or more customers.

ESD

(electrostatic discharge (ESD) wrist strap) To prevent static electricity in your body from damaging electrical components on a circuit board, you can wear an ESD wrist strap. The strap is equipped with a clip that you can attach to something with a ground potential (for example, a large metal desk). While wearing the wrist strap, if you have any static buildup in your body, the static flows to the object with a ground potential to which your strap is clipped, thus avoiding damage to any electrical components that you might touch.

LSR

(label switch router) Resides inside a service provider's MPLS cloud and makes frame forwarding decisions based on labels applied to frames.

LAN

(local area network) A network of computers and other devices that is confined to a relatively small space, such as one building or even one office.

MTU

(maximum transmission unit) The largest packet size supported on an interface through the media of air .

OC

(optical carrier) Optical networks often use OC levels to indicate bandwidth. As a base reference point, the speed of an OC-1 link is 51.84 Mbps. Other OC levels are multiples of an OC-1. For example, an OC-3 link has three times the bandwidth of an OC-1 link (that is, 3 * 51.84 Mbps = 155.52 Mbps).

OTDR

(optical time domain reflectometer) Detects the location of a fault in a fiber cable by sending light down the fiber-optic cable and measuring the time required for the light to bounce back from the cable fault. The OTDM can then mathematically calculate the location of the fault.

POTS

(plain old telephone service) A POTS connection connects a customer device (such as a telephone) to the public switched telephone network (PSTN).

PGP

(pretty good privacy) is a widely deployed asymmetric encryption algorithm and is often used to encrypt e-mail traffic.

PRI

(primary rate interface) A PRI circuit is an ISDN circuit built on a T1 or E1 circuit. Recall that a T1 circuit has 24 channels. Therefore, if a PRI circuit is built on aT1 circuit, the ISDN circuit has 23 B channels and a one 64 kbps D channel. The24th channel in the T1 circuit is used as the ISDN D channel (that is, the channel used to carry the Q.921 and Q.931 signaling protocols, which are used to set up, maintain, and tear down connections).

PKI

(public key infrastructure) uses digital certificates and a certificate authority to allow secure communication across a public network.

PSTN

(public switched telephone network) The worldwide telephony network comprised of multiple telephone carriers.

SSO

(single sign-on) Allows a user to authenticate once to gain access to multiple systems, without requiring the user to independently authenticate with each system.

TDR

(time domain reflectometer) Detects the location of a fault in a copper cable by sending an electric signal down the copper cable and measuring the time required for the signal to bounce back from the cable fault. A TDM can then mathematically calculate the location of the fault.

TFA

(two-factor authentication) Requires two types of authentication from a user seeking admission to a network. For example, a user might need to know something (for example, a password) and have something (for example, a specific fingerprint that can be checked with a biometric authentication device).

VPN

(virtual private network) Some VPNs can support secure communication between two sites over an untrusted network (for example, the Internet).

MAC Filtering

- Feature of a wireless router which permits access based upon hardware address provided. - Can be set to allow/block specified systems.

stack frame use

* passed arguments, if any, are pushed on the stack. * the subroutine is called, causing the subroutine return address to be pushed on the stack. * as the subroutine begins to execute, EBP is pushed on the stack * EBP is set equal to ESP. From this point on, EBP acts as a base reference for all of the subroutine parameters * If there are local variables, ESP is decremented to reserve space for the variables on the stack * If any registers need to be saved, they are pushed on the stack (this method is used frequently with API)

IPv6

- 128-bit hexidecimal network addressing standard - Designed as a backup system when we've run out of traditional IP addresses.

IPv4

- 32-bit decimal network addressing standard - Separated by decimal into 4 octets (8-bits). - OSI Layer 3 address

Switch

- A central network device to connect devices on the same subnet. - Due to a system of logging MAC addresses for devices along the network, information sent from one port will only be forwarded to the receiving port. - Operates in full duplex mode since it has separate channels for sending and receiving.

Hub

- A central network device to connect devices on the same subnet. - Information sent from one port will be sent out to every other port. - Operates strictly in half-duplex mode due to the limitation of only one send request permitted at a time.

Access Point

- A device on a network which creates a position to provide access to incoming connections.

Modem

- A device that acts to convert digital information to analog to send information over telephone lines. - On the receiving end it converts the analog data back into digital.

Bridge

- A device to connect two network segments with the same subnet. - Compiles a list of devices by MAC address in order to know where to forward requests.

Internet appliance

- A device with an alternate primary purpose yet has the ability to use internet services. - This could be a smart TV, PDA, camera, etc.

WPS

- A method of connecting to a wireless network devised to make it easier to those with less knowledge of network security. - It involves pressing of a button on the router in relation to the computer or other compatible network device, and they will securely connect the computer to the wireless network without the need of a passcode or pre-shared key.

Fiber Optic Internet

- A modern internet delivery variation from cable companies upgrading their networks with the use of high speed fiber optic cabling. - Since the data is literally delivered on beams of light it is able to travel extremely fast and far distances.

WAN

- A network that consists of multiple LANs and covers a larger geographic area such as a town, city or county.

Power over Ethernet

- A option in some devices to provide power to a device through the twisted pair CAT5 connection or higher. - Generally found on a switch based on hardware specifications.

Port Triggering

- A setting of a router which would open a specific port only on request from a local host, to which that host is the designated recipient of communication through that port. - Ports remain closed when there is no activity.

Loopback plug

- A simple plug use to test the outgoing and incoming communication on a port. - It routes the transmit portto the receive porton the same device.

LAN

- A small network that connects local machines to be in communication or share resources. - Generally a home or office network.

Cable tester

- A tool that validates the usability of a network cable. -It is connected to the network cable at both ends of a cable and will verify that the signals are being sent successfully and that the wiring in the connectors are in thecorrect position.

Public IP

- An IP address issued by a network provider used to communication with hosts across the world wide web. - This is the IP address used for remote users to access a private network.

Private IP

- An internal IP address assigned to each device on a network for communication between one another. - This IP address must be within a specified group of available addresses in order to operate.

NAT

- An internet standard which connects the internet to a private network while maintaining privacy. - This is used to translate one IP addressing system with another that is not necessarily compatible.

Client-side DNS

- Compiles a list of frequently used domain name and IP destinations to quickly pull up a destination upon request.

Dial-up

- Connects a phone line to a modem to provide a rather slow internet connection. - Data transfer rates can be 28.8, 33.3, 56 Kbps based on compression rates. - Compression standards: V.24, V.32bis, V.34, V.42, V.44, V.90, and V.92. - Can be used over any telephone line, but not simultaneous to phone usage.

TKIP

- Encryption method utilized in WPA

AES

- Encryption method utilized in WPA2 - Requires compatible hardware to encrypt

WiMAx

- High speed internet access provided through wireless signals to a larger area of subscribers. - Would require a device or antennae which would receive the signal. - Could potentially eliminate the use of cable internet due to simpler setup.

Dynamic IP

- IP address assigned by DHCP server. - This method insures there are no overlapping IP addresses within a network.

APIPA

- If enabled, this feature will assign a default IP address when the DHCP server is not responding. - The IP address will be assigned between 169.254.0.0 to 169.254.255.255

Cellular/Mobile Hotspot

- Internet connection shared from a device receiving a connection from mobile network towers. - This device can be used as an access point to allow those nearby with internet access. - Mobile phone tethering is also a way to share your phone connection as an access point. - Depending on the level of service this can prove to be a very fast internet connection: EDGE (400-1000 kbps), 3G (2 Mbps+), 4G (3-100+ Mbps), etc.

DSL

- Internet service which transmits broadband digital data along a telephone line. - A breakthrough from dial-up connection because it allows use of the telephone and internet simultaneously depending on your implementation. - Splits the phone line into multiple channels for transmission, allotting one for the telephone. - A filter is placed to separate the analog voice from the digital data. - Not as fast as cable internet can be due to its strict limitation to transmit through phone lines.

Static IP

- Manually assigned IP address

Plenum

- Material used to surround twisted pair cabling, especially when wiring above ceiling tiles.

UTP

- Most commonly used networking cable. - Lower cost since it doesn't have the extra protection layer of copper grounding material.

RJ-11

- Most commonly used twisted pair connector for telephone lines and modems.

MAN

- Much like a WAN, this is a network that covers a geographic area such as a city. - It interconnects multiple LANs for the purpose of shared network throughout the region.

Router

- Network device used to connect two network that have different subnets. - Destination addresses are compiled by IP so it keeps track of where to forward requests.

Hybrid Topology

- Network topology which combines the use of multiple topology methods.

Mesh Topology

- Network topology which connects each device with one another. - This type has fault tolerance because if a path is down it can reroute through many others.

Ring Topology

- Network topology which connects one computer to another in a continuous loop. - The signal travels in one direction as each device repeats the signal until it reaches the intended destination. - If there is a missing connection in a loop the network connection is down from that point in the setup.

Star Topology

- Network topology which requires each computer to connect to a central point such as a hub or switch. - The typical setup for LANs due to the ease of adding and removing connections.

Bus Topology

- Network topology with a trunk cable that runs the full length with a terminator at both ends to prevent repeated signals. The devices are connected with a drop cable along the trunk cable. - Broken cables prevent communication with any device on the network.

Crossover Cable

- Networking cable which is configured to use the T568A standard at one end and T568B at the other.

STP

- Networking cable with extra protection against EMI. - Copper used as grounding material around the internal wires.

CAT3

- Networking twisted pair cabling standard to support 10 Mbps Ethernet connection speeds.

CAT6

- Networking twisted pair cabling standard used to support 10 Gbps connection speeds.

CAT5

- Networking twisted pair cabling standard used to support 100 Mbps and 2 Gbps Ethernet connection speeds.

CAT5e

- Networking twisted pair cabling standard used to support 100 Mbps and 2 Gbps Ethernet connection speeds. - Provides additional protection from EMI.

PCV

- Normal material used to surround twisted pair cabling. - Can be toxic when burned, therefore is not permitted for use when wiring above ceiling tiles.

Satellite Internet

- Not known as the fastest, yet reliability from anywhere in the world and not limited by wiring. - This sends and receives radio signal from satellite it is susceptible to interference from weather conditions. - Requires satellite dish setup, to send and receive signals, with a clear line of sight setup. - Can be used as a portable option and available in remote regions. - Expect latency due to distance of travel.

WEP

- Original wireless network encrypted security associated with 802.11 in 1997. - It is designed to emulate the same security as a wired network infrastructure. - Uses the same pre-shared key on the network and connecting devices as its form of securing a connection. - The pre-shared key is also used for encryption. - Not the most secure or recommended method.

HTTPS

- Port 443 - Protocol used to access websites on the world wide web with added SSL protection. - Any website cannot be automatically accesses with this protocol, it is authorized by certificate.

TCP

- Protocol for data transmission which requires a return receipt on every delivery to ensure the information reached the intended destination. - Packets that are lost or dropped are re-sent. - This system ensures a reliable transfer. - Connection-oriented protocol.

UDP

- Protocol for quicker transmission of data since there is no requirement of receipt. - Dropped or lost packets are not re-transmitted. - More reliable method to deliver audio or video due to the increased rate of transmission. - Connectionless protocol.

DNS

- TCP Port 53 - Translates real name network commands to associated IP destinations.

HTTP

- TCP Port 80 - Protocol used to access websites on the world wide web.

SSH

- TCP/UDP Port 22 - A secured protocol used to access and control remote systems. - Generally used in terminal mode.

SFTP

- TCP/UDP Port 22 - Used to access and transfer server files from a host system with a secure shell protocol.

TELNET

- TCP/UDP Port 23 - Network protocol to connect to a server and operate it as a native user in terminal mode. - This method of server control, though it has username and password as security, is unencrypted and not the most secure method.

RDP

- TCP/UDP Port 3389 - Used to access, view and control one computer from another while connecting through a network and/or internet connection.

LDAP

- TCP/UDP port 389 (secure port 636) - Protocol used to build and share information within a network. - Generally used as a directory of contacts.

VoIP Phones

- Telephone service that operates over an internet connection rather than through an analog signal.

Gateway

- The point on a network that connects all of the devices together at a central point. - This address is required for a private network to access a public network. - Typically the first or last IP address assigned within an available range.

Punchdown tool

- The required tool used to attach network wiring to a punchdown block.

ISDN

- This internet connection provides digital service over a switched network. - The BRI variation splits the telephone line into 3 channels: 2 64 Kbps B (bearer) channels, 1 16 Kbps D (delta) channel. - B channels are used for data simultaneous transmission, except in the case of a phone call, in which case it utilizes only one channel. - D channel is used to control the connection. - The PRI variation provides for faster service and require upgraded wiring. The cable is divided into 23 B channels and 1 D channel at 64 Kbps each.

PAN

- This is a small network setup that is generally between two devices. - Typically by Bluetooth or infrared.

Basic QoS

- This is simply the measured quality of an internet connection.

Subnet Mask

- This network setting dictates which portion of the IP address is available within a network addressing schematic.

Toner probe

- This tools is used to send an analog audio signal through a cable. After generating the tone you would use a listening device which can follow the sound to find where that cable is going.

Crimper

- Tool used to attach RJ-45 or RJ-11 connections to ethernet cabling by use of closing force.

Multimeter

- Tool used to measure the electric currents of various components of a computer. - Can be used to measure voltage (AC and DC), current (amps), resistance (ohms), capacitance and frequency.

Line of sight wireless internet service

- Type of internet service that would require a device to point directly to an internet providers tower without anything blocking its path. - Could be susceptible to interference due to disturbance of path by weather conditions.

SNMP

- UDP 161, 162 - Part of the TCP/IP suite, this protocol shares information devices on a network for management purposes.

WPA

- Wireless network security that replaced WEP. - Provides encryption via TKIP. - Can use both pre-shared key or 802.1x for authenticating connection.

WPA2

- Wireless network security which is the current highest standard used in most setups. - Provides encryption similar to TKIP while proving more secure via AES. - Requires compatible hardware to implement.

802.11 g

- Wireless networking standard which operates at 2.4 Ghz - 54 Mbps - 300 ft maximum range - 11 total operating channels, 3 non-overlapped - Compatible with other wireless networking standard which also operates at the same frequency.

802.11 n

- Wireless networking standard which operates at 2.4 Ghz and/or 5.75 Ghz - 150, 300 or 600 Mbps depending on network configuration - 1200 ft maximum range - Compatible with other wireless networking standards operating at 2.4 Ghz and 5.75 Ghz depending on specifications of the hardware

802.11 a

- Wireless networking standard which operates at 5.75 Ghz - 54 Mbps - 150 ft maximum range - 23 total operating channels, 12 non overlapped

802.11 b

- Wireless networking standing which operates at 2.4 Ghz - 11 Mbps - 300 ft maximum range - 11 total operating channels, 3 non-overlapped

T568A

- Wiring standards used for configuring twisted pair networking cable with RJ-45 connections based on a specified color order of the individual wires. - The color order for this standard is as follows: green-white, green, orange-white, blue, blue-white, orange, brown-white, brown

T568B

- Wiring standards used for configuring twisted pair networking cable with RJ-45 connections based on a specified color order of the individual wires. - The color order for this standard is as follows: orange-white, orange, green-white, blue, blue-white, green, brown-white, brown - This particular scheme is the accepted standard.

DHCP

- a server dedicated to assigning network settings to devices upon request. - The assigned settings are provided within specified parameters

1 gigabit per second (Gbps)

1,000,000,000 bits per second.

Internet Protocol Security (IPsec)

A TCP/IP protocol that authenticates and encrypts IP packets, effectively securing communications between computers and devices using the protocol.

MAC address

A 12-character string that uniquely identifies a network node. The manufacturer hard codes the MAC address into the NIC. This address is composed of the block ID and device ID.

Message-Digest Algorithm 5 (MD5)

A 128-bit key hash used to provide integrity of files and messages.

Trusted Computer System Evaluation Criteria (TCSEC)

A DoD standard that sets basic requirements for assessing the effectiveness of computer security access policies. Also known as The Orange Book.

Frame Relay

A Layer 2 WAN technology that interconnects sites using virtual circuits. These virtual circuits are identified by locally significant data-link connection identifiers (DLCI).

tracert command

A Microsoft Windows ® -based command that displays every router hop along the path from a source host to a destination host on an IP network. Information about a router hop can include such information as the IP address of the router hop and the round-trip delay of that router hop.

ipconfig command

A Microsoft Windows ® command that can be used to display IP address configuration parameters on a PC. Additionally, if DHCP is used by the PC, the ipconfig command can be used to release and renew a DHCP lease, which is often useful during troubleshooting.

fragmentation

A Network layer service that subdivides segments it receives from the Transport layer into smaller packets.

Star Topology

A Network that has a central point (Switch) from which all attached devices radiate.

RS-232 (Recommended Standard 232)

A Physical layer standard for serial communications, as defined by EIA/TIA.

traceroute command

A UNIX command that display every router hop along the path from a source host to a destination host on an IP network. Information about the router hop can include the IP address of the router hop and the round-trip delay of that router hop.

Towers of Hanoi

A backup rotation scheme based on the mathematics of the Towers of Hanoi puzzle. Uses three backup sets. For example, the first tape is used every second day, the second tape is used every fourth day, and the third tape is used every eighth day.

10 tape rotation

A backup rotation scheme in which ten backup tapes are used over the course of two weeks.

grandfather-father-son

A backup rotation scheme in which three sets of backup tapes must be defined—usually they are daily, weekly, and monthly, which correspond to son, father, and grandfather.

braiding

A braided metal shielding used to insulate some types of coaxial cable.

Denial of Service (DoS)

A broad term given to many different types of network attacks that attempt to make computer resources unavailable.

open

A broken strand of copper that prevents current from flowing through a circuit.

cable tester

A cable tester can test the conductors in an Ethernet cable. It contains two parts. By connecting these parts of the cable tester to each end of a cable under test, you can check the wires in the cable for continuity (that is, check to make sure there are no opens, or breaks, in a conductor). Additionally, you can verify an RJ-45 connector's pinouts (which are wires connected to the appropriate pins on an RJ-45 connector).

one-time pad

A cipher that encrypts plaintext with a secret random key that is the same length as the plaintext.

symmetric key algorithm

A class of cipher that uses identical or closely related keys for encryption and decryption.

special hazard protection system

A clean agent sprinkler system such as FM-200 used in server rooms.

Kerberos

A client-server authentication protocol that supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party (a key distribution center ) that hands out tickets to be used instead of a username and password combination.

Platform as a Service (PaaS)

A cloud computing service that provides various software solutions to organizations especially the ability to develop applications without the cost or administration of a physical platform.

Software as a Service (SaaS)

A cloud computing service where users access applications over the Internet that are provided by a third party.

BNC connector

A coaxial cable connector type that uses a twist-and-lock (or bayonet) style of coupling.

baseline

A collection of data portraying the characteristics of a network under normal operating conditions. Data collected while troubleshooting can then be contrasted against baseline data.

ISO (International Organization for Standardization)

A collection of standards organizations representing 157 countries with headquarters located in Geneva, Switzerland.

data packet

A discrete unit of information sent from one node on a network to another.

X.509

A common PKI standard developed by the ITU-T that incorporates the single sign-on authentication method.

nonbroadcast point-to-multipoint transmission

A communications arrangement in which a single transmitter issues signals to multiple, defined recipients.

point-to-multipoint

A communications arrangement in which one transmitter issues signals to multiple receivers. The receivers may be undefined, as in a broadcast transmission, or defined, as in a nonbroadcast transmission.

Internet

A complex WAN that connects LANs and clients around the globe

software firewall

A computer running firewall software. For example, the software firewall could protect the computer itself (for example, preventing incoming connections to the computer). Alternately, a software firewall could be a computer with more than one network interface card that runs firewall software to filter traffic flowing through the computer.

host

A computer that enables resource sharing by other computers on the same network

Web server

A computer that manages Web site services, such as supplying a Web page to multiple users on demand.

workstation

A computer that runs a desktop operating system and connects to a network.

stand-alone computer

A computer that uses applications and data only from its local disks and that is not connected to a network.

local loop

A connection between a customer premise and a local telephone company's central office.

virtual private network (VPN)

A connection between two or more computers or devices that are not on the same private network.

session

A connection for data exchange between two parties. The term session may be used in the context of Web, remote access, or terminal and mainframe communications, for example.

circuit-switched connection

A connection that is brought up on an as-needed basis. This connection is analogous to phone call, where you pick up a phone, dial a number, and a connection is established based on the number you dial.

Secure Sockets Layer (SSL)

A cryptographic protocol that provides secure Internet communications such as web browsing, instant messaging, e-mail, and VoIP.

point-to-point

A data transmission that involves one transmitter and one receiver.

web of trust

A decentralized model used for sharing certificates without the need for a centralized CA.

Wired Equivalent Privacy (WEP)

A deprecated wireless network security standard, less secure than WPA.

router

A device that connects network segments and directs data based on information contained in the data packet.

media converter

A device that enables networks or segments using different media to interconnect and exchange signals.

butt set (or lineman's handset)

A device that looks similar to a phone but has alligator clips that can connect to the various terminals used by phone equipment, enabling a person to listen in to a conversation.

multiplexer (mux)

A device that separates a medium into multiple channels and issues signals to each of those subchannels.

demultiplexer (demux)

A device that separates multiplexed signals once they are received and regenerates them in their original form.

transceiver

A device that transmits and receives signals.

vampire tap

A device used to add computers to a 10BASE5 network. It pierces the copper conductor of a coaxial cable and can also be used for malicious purposes.

terminal

A device with little (if any) of its own processing or disk capacity that depends on a host to supply it with applications and data-processing services.

DCE (data circuit-terminating equipment)

A device, such as a multiplexer or modem, that processes signals. It supplies a clock signal to synchronize transmission between DTE and DCE.

E3

A digital circuit in the same E-carrier family of standards as an E1. An E3 circuit's available bandwidth is 34.4 Mbps.

electromagnetic interference (EMI)

A disturbance that can affect electrical circuits,devices, and cables due to electromagnetic conduction or radiation.

application firewall

A firewall that can control the traffic associated with specific applications. Works all the way up to the Application Layer of the OSI model.

Cat 3 (Category 3)

A form of UTP that contains four wire pairs and can carry up to 10 Mbps, with a possible bandwidth of 16 MHz.

Cat 4 (Category 4)

A form of UTP that contains four wire pairs and can support up to 16- Mbps throughput. It may be used for 16-Mbps token ring or 10-Mbps Ethernet networks.

Cat 5 (Category 5)

A form of UTP that contains four wire pairs and supports up to 100- Mbps throughput and a 100-MHz signal rate.

fiber-optic cable

A form of cable that contains one or several glass or plastic fibers in its core. Data is transmitted via pulsing light sent from a laser or light-emitting diode (LED) through the central fiber (or fibers).

man-in-the-middle (MITM) attack

A form of eavesdropping that intercepts all data between a client and a server, relaying that information back and forth.

baseband

A form of transmission in which digital signals are sent through direct current pulses applied to a wire. This direct current requires exclusive use of the wire's capacity, so this systems can transmit only one signal, or one channel, at a time.

broadband

A form of transmission in which signals are modulated as radiofrequency analog pulses with different frequency ranges.

multiplexing

A form of transmission that allows multiple signals to travel simultaneously over one medium.

Parttial-mesh Topology

A hybrid of a hub-and-spoke topology and a full-mesh topology. A partial-mesh can be designed to provide an optimal route between selected sites, while avoiding the expense of interconnecting every site to every other site.

IDF (intermediate distribution frame)

A junction point between the MDF and concentrations of fewer connections—for example, those that terminate in a telecommunications closet.

RFI (radiofrequency interference)

A kind of interference that may be generated by broadcast signals from radio or TV towers.

certificate revocation list (CRL)

A list of certificates no longer valid or that have been revoked by the issuer.

access control list (ACL)

A list of permissions attached to an object. They specify what level of access a user, users, or groups have to an object. When dealing with firewalls, an ACL is a set of rules that apply to a list of network names, IP addresses. and port numbers.

decibel (dB) loss

A loss of signal power. If a transmission's dB loss is too great, the transmission cannot be properly interpreted by the intended recipient.

hash function

A mathematical procedure that converts a variable-sized amount of data into a smaller block of data.

amplitude

A measure of a signal's strength.

hertz (Hz)

A measure of frequency equivalent to the number of amplitude cycles per second.

bandwidth

A measure of the difference between the highest and lowest frequencies that a medium can transmit.

FM (frequency modulation)

A method of data modulation in which the frequency of the carrier signal is modified by the application of the data signal.

checksum

A method of error checking that determines if the contents of an arriving data unit match the contents of the data unit sent by the source.

penetration testing

A method of evaluating the security of a system by simulating one or more attacks on that system.

flow control

A method of gauging the appropriate rate of data transmission based on how fast the recipient can accept data.

statistical multiplexing

A method of multiplexing in which each node on a network is assigned a separate time slot for transmission, based on the node's priority and need.

TDM (time division multiplexing)

A method of multiplexing that assigns a time slot in the flow of communications to every node on the network and, in that time slot, carries data from that node.

OSI (Open Systems Interconnection) model

A model for understanding and developing computer-to-computer communication developed in the 1980s by ISO. It divides networking functions among seven layers: Physical, Data Link, Network, Transport, Session,Presentation, and Application.

AM (amplitude modulation)

A modulation technique in which the amplitude of the carrier signal is modified by the application of a data signal.

behavior-based monitoring

A monitoring system that looks at the previous behavior of applications, executables, and/or the operating system and compares that to current activity on the system.

WDM (wavelength division multiplexing)

A multiplexing technique in which each signal on a fiber-optic cable is assigned a different wavelength, which equates to its own subchannel. Each wavelength is modulated with a data signal. In this manner, multiple signals can be simultaneously transmitted in the same direction over a length of fiber.

DWDM (dense wavelength division multiplexing)

A multiplexing technique used over single-mode or multimode fiber-optic cable in which each signal is assigned a different wavelength for its carrier wave.

hot site

A near duplicate of the original site of the organization, complete with phones, computers, networking devices, and full backups.

honey net

A network containing more than one honey pot.

peer-to-peer network

A network in which every computer can communicate directly with every other computer.

populated segment

A network segment that contains end nodes, such as workstations. punch-down block A panel of data receptors into which twisted pair wire is inserted, or punched down, to complete a circuit.

unpopulated segment

A network segment that does not contain end nodes, such as workstations. Also called link segments.

MAN (metropolitan area network)

A network that is larger than a LAN, typically connecting clients and servers from multiple buildings, but within a limited geographic area

WAN (wide area network)

A network that spans a long distance and connects two or more LANs.

Nmap

A network-vulnerability scanner.

Remote Access Service (RAS)

A networking service that allows incoming connections from remote dial-in clients. It is also used with VPNs.

token ring

A networking technology developed by IBM in the 1980s. It relies upon direct links between nodes and a ring topology, using tokens to allow nodes to transmit data.

RIR (Regional Internet Registry)

A not-for-profit agency that manages the distribution of IP addresses to private and public entities.

frame

A package for data that includes not only the raw data, or "payload," but also the sender's and recipient's addressing and control information. Frames are generated at the Data Link layer of the OSI model and are issued to the network at the Physical layer.

Firewall

A part of a computer system or network designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit or deny computer applications based on a set of rules and other criteria.

cryptanalysis attack

A password attack uses a considerable set of precalculated encrypted passwords located in a lookup table.

brute force attack

A password attack where every possible password is attempted.

remote user

A person working on a computer on a different network or in a different geographical location from the LAN's server.

whaling

A phishing attack that targets senior executives.

hardware security module (HSM)

A physical device that deals with the encryption of authentication processes, digital signings, and payment processes.

butt set

A piece of test equipment typically used by telephone technicians. The clips on a butt set can connect to the tip and ring wires on a punch-down block (for example, a 66 block or a 110 block) connecting to a telephone. This allows the technician to check the line (for example, to determine if dial tone is present on the line and determine if a call can be placed from the line).

ping flood

A ping flood, also known as an ICMP flood attack, is when an attacker attempts to send many ICMP echo request packets (pings) to a host in an attempt to use up all available bandwidth.

disaster recovery plan

A plan that details the policies and procedures concerning the recovery and/or continuation of an organization's technology infrastructure.

Easter egg

A platonic extra added to an OS or application as a sort of joke; the harmless cousin of the logic bomb.

phase

A point or stage in a wave's progress over time.

User Account Control (UAC)

A security component of Windows Vista that keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights—even if they are a member of the administrators group.

Wi-Fi Protected Access (WPA)

A security protocol created by the Wi-Fi Alliance to secure wireless computer networks, more secure than WEP.

remote access server

A server that runs communications services that enable remote users to log on to a network. Also known as an access server.

incident response

A set of procedures that an investigator goes by when examining a computer security incident.

Spike

A short transient in voltage that can be due to a short circuit, tripped circuit breaker, power outage, or lightning strike.

ferrule

A short tube within a fiber-optic cable connector that encircles the fiber strand and keeps it properly aligned.

analog

A signal that uses variable voltage to create continuous waves, resulting in an inexact transmission.

digital signature

A signature that authenticates a document through math, letting the recipient know that the document was created and sent by the actual sender and not someone else.

UDP flood attack

A similar attack to the Fraggle. It uses the connectionless User Datagram Protocol. It is enticing to attackers because it does not require a synchronization process.

demilitarized zone (DMZ)

A special area of the network (sometimes referred to as a subnetwork) that houses servers that host information accessed by clients or other networks on the Internet.

token

A special control frame that indicates to the rest of the network that a particular node has the right to transmit data.

file server

A specialized server that enables clients to share applications and data across the network.

Open Vulnerability and Assessment Language (OVAL)

A standard and a programming language designed to standardize the transfer of secure public information across networks and the Internet utilizing any security tools and services available.

BNC (Bayonet Neill-Concelman, or British Naval Connector)

A standard for coaxial cable connectors named after its coupling method and its inventors.

protocol

A standard method or format for communication between network devices. Protocols ensure that data are transferred whole, in sequence, and without error from one node on the network to another.

AWG (American Wire Gauge)

A standard rating that indicates the diameter of a wire, such as the conducting core of a coaxial cable.

Cat

Abbreviation for the word category when describing a type of twisted pair cable.

change management

A structured way of changing the state of a computer system, network, or IT procedure.

serial

A style of data transmission in which the pulses that represent bits follow one another along a single transmission line. In other words, they are issued sequentially, not simultaneously.

TIA (Telecommunications Industry Association)

A subgroup of the EIA that focuses on standards for information technology, wireless, satellite, fiber optics, and telephone equipment.

Hash

A summary of a file or message. It is generated to verify the integrity of the file or message.

syslog

A syslog-logging solution consists of two primary components: syslog servers, which receive and store log messages sent from syslog clients, and syslog clients, which can be a variety of network devices that send logging information to a syslog server.

binary

A system founded on using 1s and 0s to encode information.

modulation

A technique for formatting signals in which one property of a simple carrier wave is modified by the addition of a data signal during transmission.

telco

A telephone company. Some countries have government-maintained telcos, while other countries have multiple telcos that compete with one another.

Layer 2 Tunneling Protocol (L2TP)

A tunneling protocol used to connect virtual private networks. It does not include confidentiality or encryption on its own. It uses port 1701 and can be more secure than PPTP if used in conjunction with IPsec.

Point-to-Point Tunneling Protocol (PPTP)

A tunneling protocol used to support VPNs. Generally includes security mechanisms, and no additional software or protocols need to be loaded. A VPN device or server must have inbound port 1723 open to enable incoming PPTP connections.

Cat 6 (Category 6)

A twisted pair cable that contains four wire pairs, each wrapped in foil insulation. Additional foil insulation covers the bundle of wire pairs, and a fire-resistant plastic sheath covers the second foil layer. The foil insulation provides excellent resistance to cross talk and enables it to support a signaling rate of 250 MHz.

Cat 7 (Category 7)

A twisted pair cable that contains multiple wire pairs, each separately shielded then surrounded by another layer of shielding within the jacket. It can support up to a 1-GHz signal rate. But because of its extra layers, it is less flexible than other forms of twisted pair wiring.

crossover cable

A twisted pair patch cable in which the termination locations of the transmit and receive wires on one end of the cable are reversed.

straight-through cable

A twisted pair patch cable in which the wire terminations in both connectors follow the same scheme.

3-leg perimeter

A type of DMZ where a firewall has three legs that connect to the LAN, Internet, and the DMZ.

back-to-back perimeter

A type of DMZ where the DMZ is located between the LAN and the Internet.

Fraggle

A type of DoS similar to the Smurf attack, but the traffic sent is UDP echo traffic as opposed to ICMP echo traffic.

Ping of Death (POD)

A type of DoS that sends an oversized and/or malformed packet to another computer.

Smurf attack

A type of DoS that sends large amounts of ICMP echoes, broadcasting the ICMP echo requests to every computer on its network or subnetwork. The header of the ICMP echo requests will have a spoofed IP address. That IP address is the target of the Smurf attack. Every computer that replies to the ICMP echo requests will do so to the spoofed IP.

coaxial cable

A type of cable that consists of a central metal conducting core, which might be solid or stranded and is often made of copper, surrounded by an insulator, a braided metal shielding, called braiding, and an outer cover, called the sheath or jacket.

UTP (unshielded twisted pair)

A type of cabling that consists of one or more insulated wire pairs encased in a plastic sheath. It does not contain additional shielding for the twisted pairs.

RG-8

A type of coaxial cable characterized by a 50-ohm impedance and a 10 AWG core.

RG-58

A type of coaxial cable characterized by a 50-ohm impedance and a 24 AWG core.

RG-59

A type of coaxial cable characterized by a 75-ohm impedance and a 20 or 22 AWG core, usually made of braided copper. Less expensive but suffering greater attenuation than the more common RG-6 coax, it is used for relatively short connections.

RG-6

A type of coaxial cable with an impedance of 75 ohms and that contains an 18 AWG core conductor. It is used for television, satellite, and broadband cable connections.

DB-9 connector

A type of connector with nine pins that's commonly used in serial communication that conforms to the RS-232 standard.

MMF (multimode fiber)

A type of fiber-optic cable that contains a core with a diameter between 50 and 100 microns, through which many pulses of light generated by a lightemitting diode (LED) travel at different angles.

SMF (single-mode fiber)

A type of fiber-optic cable with a narrow core that carries light pulses along a single path data from one end of the cable to the other end. Data can be transmitted faster and for longer distances. However, it is expensive.

cross talk

A type of interference caused by signals traveling on nearby wire pairs infringing on another pair's signal.

Vishing

A type of phishing attack that makes use of telephones and VoIP.

spear phishing

A type of phishing attack that targets particular individuals.

Tailgating

A type of piggybacking where an unauthorized person follows an authorized person into a secure area, without the authorized person's consent.

elliptic curve cryptography (ECC)

A type of public key cryptography based on thestructure of an elliptic curve.

IV attack

A type of related-key attack, which is when an attacker observes the operation of a cipher using several different keys, and finding a mathematical relationship between them, allowing the attacker to ultimately decipher data.

Rootkit

A type of software designed to gain administrator-level control over a computer system without being detected.

host-based intrusion detection system (HIDS)

A type of system loaded on an individual computer; it analyzes and monitors what happens inside that computer, for example, if any changes have been made to file integrity.

full-duplex

A type of transmission in which signals may travel in both directions over a medium simultaneously.

half-duplex

A type of transmission in which signals may travel in both directions over a medium, but in only one direction at a time.

simplex

A type of transmission in which signals may travel in only one direction over a medium.

cross-site scripting (XSS)

A type of vulnerability found in web applications used with session hijacking.

acceptable use

Acceptable usage policies define the rules that restrict how a computer, network, or other system may be used.

network address

A unique identifying number for a network node that follows a hierarchical addressing scheme and can be assigned through operating system software.

PDU (protocol data unit)

A unit of data at any layer of the OSI model.

patch panel

A wall-mounted panel of data receptors into which cross-connect patch cables from the punch-down block are inserted.

Cloud computing

A way of offering on-demand services that extend the capabilities of a person's computer or an organization's network.

honey pot

Acts as a distracter. Specifically, a system designated as a honey pot appears to be an attractive attack target. One school of thought on the use of a honey pot is to place one or more honey-pot systems in a network to entice attackers into thinking the system is real. The attackers then use their resources attacking the honey pot, resulting in their leaving the real servers alone.

proxy server

Acts as an intermediary for clients usually located on a LAN and the servers that they want to access that are usually located on the Internet.

client-to-site VPN

Also known as a remote access VPN, a client-to-site VPN interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost.

active interception

Also known as active inception in the CompTIA 2008 Security+ objectives; normally includes a computer placed between the sender and the receiver in an effort to capture and possibly modify information.

open mail relay

Also known as an SMTP open relay; it enables anyone on the Internet to send e-mail through an SMTP server.

demarc

Also known as demarcation point or a demarc extension , this is the point in a telephone network where the maintenance responsibility passes from a telephone company to a subscriber (unless the subscriber purchased an inside wiring plan). This demarc is typically a box mounted to the outside of a customer's building (for example, a residence).

failover clusters

Also known as high-availability clusters, these are designed so that a secondary server can take over in the case that the primary one fails, with limited or no downtime.

anomaly based monitoring

Also known as statistical anomaly based; establishes a performance baseline based on a set of normal network traffic evaluations.

directory traversal

Also known as the ../ (dot dot slash) attack is a method of accessing unauthorized parent directories.

MDF (main distribution frame)

Also known as the main cross-connect, the first point of interconnection between an organization's LAN or WAN and a service provider's facility.

marking

Alters bits within a frame, cell, or packet to indicate how a network should treat that traffic. Marking alone does not change how a network treats a packet. Other tools (such as queuing tools) can, however, reference markings and make decisions (for example, forwarding decisions or dropping decisions) based on those markings.

ANSI

American National Standards Institute

Lightweight Directory Access Protocol (LDAP)

An Application Layer protocol used for accessing and modifying directory services data.

HTTP (Hypertext Transfer Protocol)

An Application layer protocol that formulates and interprets requests between Web clients and servers.

Thinnet

An IEEE Physical layer standard for achieving 10-Mbps throughput over coaxial copper cable. It is also known as 10Base-2. Its maximum segment length is 185 meters, and it relies on a bus topology.

Thicknet

An IEEE Physical layer standard for achieving a maximum of 10-Mbps throughput over coaxial copper cable. It is also known as 10Base-5. Its maximum segment length is 500 meters, and it relies on a bus topology.

S/MIME

An IETF standard that provides cryptographic security for electronic messaging such as e-mail.

Internet content filter

An Internet content filter, or simply a content filter, is usually applied as software at the Application Layer and can filter out various types of Internet activities such as websites accessed, e-mail, instant messaging, and more. It is used most often to disallow access to inappropriate web material.

mandatory access control (MAC)

An access control policy determined by a computer system, not by a user or owner, as it is in DAC.

discretionary access control (DAC)

An access control policy generally determined by the owner.

role-based access control (RBAC)

An access model that works with sets of permissions, instead of individual permissions that are label-based. So roles are created for various job functions in an organization.

default account

An account installed by default on a device or within an operating system with a default set of user credentials that are usually insecure.

Distributed Denial of Service (DDoS)

An attack in which a group of compromised systems attack a single target, causing a DoS to occur at that host, usually using a botnet.

replay attack

An attack in which valid data transmission is maliciously or fraudulently repeated or delayed.

birthday attack

An attack on a hashing system that attempts to send two different messages with the same hash function, causing a collision.

cross-site request forgery (XSRF)

An attack that exploits the trust a website has in a user's browser in an attempt to transmit unauthorized commands to the website.

zero day attack

An attack that is executed on a vulnerability in software before that vulnerability is known to the creator of the software.

MAC flooding

An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch. If this is successful, the switch will change state to failopen mode.

fork bomb

An attack that works by creating a large number of processes quickly to saturate the available processing space in the computer's operating system. It is a type of wabbit.

Kerberos

An authentication protocol that enables computers to prove their identity to each other in a secure manner.

Challenge-Handshake Authentication Protocol (CHAP)

An authentication scheme used by the Point-to-Point Protocol (PPP) that is the standard for dial-up connections.

802.1X

An authentication technology used to connect devices to a LAN or WLAN. It is an example of port-based NAC.

single point of failure

An element, object, or part of a system that, if it fails, will cause the whole system to fail.

Faraday cage

An enclosure formed by conducting material or by a mesh of such material; it blocks out external static electric fields and can stop emanations from cell phones and other devices within the cage from leaking out.

redundant power supply

An enclosure that contains two complete power supplies, the second of which turns on when the first fails.

secure code review

An in-depth code inspection procedure.

identity proofing

An initial validation of an identity.

WAN Link

An interconnection between two devices in a WAN.

Data Encryption Standard (DES)

An older type of block cipher selected by the United States federal government back in the 1970s as its encryption standard; due to its weak key, it is now considered deprecated.

Sag

An unexpected decrease in the amount of voltage provided.

Patch

An update to a system. Patches generally carry the connotation of a small fix in the mind of the user or system administrator, so larger patches often are referred to as software updates, service packs. or something similar.

prologue

Attribute that specifies arguments affecting generation of prologue and epilogue code. (used with the PROC directive)

langType

Attribute that specifies the calling convention (parameter passing convention) such as C, PASCAL, or STDCALL. Overrides the language specified in the .MODEL directive. (used with the PROC directive)

Trojan horse

Applications that appear to perform desired functions but are actually performing malicious functions behind the scenes.

personal firewall

Applications that protect an individual computer from unwanted Internet traffic; they do so by way of a set of rules and policies.

application-level gateway (ALG)

Applies security mechanisms to specific applications, such as FTP and/or BitTorrent. It supports address and port translation and checks whether the type of application traffic is allowed.

asset management

As related to networks, this is a formalized system of tracking network components and managing the lifecycle of those components.

Worm

Code that runs on a computer without the user's knowledge; they self-replicate, whereas a virus does not.

visibility

Attribute that indicates the procedure's visibility to other modules. Choices are PRIVATE, PUBLIC (default), and EXPORT. If the visibility is EXPORT, the linker places the procedure's name in the export table for segmented executables. EXPORT also enables PUBLIC visibility. (used with the PROC directive)

DTE (data terminal equipment)

Any end-user device, such as a workstation, terminal (essentially a monitor with little or no independent data-processing capability), or a console (for example, the user interface for a router).

Security Posture Assessments (SPA)

Assessments that use baseline reporting and other analyses to discover vulnerabilities and weaknesses in systems and networks.

Wireless router

Attaches to a wired network and provides access to that wired network for wirelessly attached clients, like a wireless AP(access point). However, a wireless router is configured such that the wired interface that connects to the rest of the network (or to the Internet) is on a different IP network than the wireless clients. Typically, a wireless router performs NATing (network address translation) between these two IP address spaces.

cable modem

Attaches to the same coaxial cable (typically in a residence) that provides television programming. A cable modem can use predetermined frequency ranges to transmit and receive data over that coaxial cable.

social engineering

Attackers sometimes use social techniques (which often leverage people's desire to be helpful) to obtain confidential information. For example, an attacker might pose as a member of an IT department and ask a company employ for their login credentials in order for the "IT staff to test the connection." This type of attack is called social engineering.

port scanner

Software used to decipher which ports are open on a host.

logic bomb

Code that has, in some way, been inserted into software; it is meant to initiate some type of malicious function when specific criteria are met.

Virus

Code that runs on a computer without the user's knowledge; it infects the computer when the code is accessed and executed.

CAN

Campus -area network - an interconnection of networks located in nearby buildings. (ie: buildings on a college campus)

route command

Can add, modify, or delete routes in the IP routing table of Microsoft Windows ® and UNIX hosts. Additionally, the route command can be used to view the IP routing table of Microsoft Windows ® hosts.

ARP command

Can be used in either the Microsoft Windows ® or UNIX environment to see what a Layer 2 MAC address corresponds to a Layer 3 IP address.

netstat command

Can display a variety of information about IP-based connections on a Windows or UNIX host.

nslookup command

Can resolve a FQDN to an IP address on Microsoft Windows ® and UNIX hosts.

dig command

Can resolve a FQDN to an IP address on UNIX hosts.

host command

Can resolve a FQDN to an IP address on hosts.

NEXT (near end cross talk)

Cross talk, or the impingement of the signal carried by one wire onto a nearby wire, that occurs between wire pairs near the source of a signal.

wet pipe sprinkler system

Consists of a pressurized water supply system that can deliver a high quantity of water to an entire building via a piping distribution system.

virtual machine (VM)

Created by virtual software; they are images of operating systems or individual applications.

Availability

Data is obtainable regardless of how information is stored, accessed, or protected.

implicit deny

Denies all traffic to a resource unless the users generating that traffic are specifically granted access to the resource. For example, when a device denies all traffic unless a rule is made to open the port associated with the type of traffic desired to be let through.

network intrusion prevention system (NIPS)

Designed to inspect traffic, and based on its configuration or security policy, the system can remove, detain, or redirect malicious traffic.

Certificates

Digitally signed electronic documents that bind a public key with a user identity.

nbtstat command

Displays NetBIOS information for IP-based networks. The nbt prefix of the nbtstat command refers to NetBIOS over TCP/IP, which is called NBT (or NetBT ). This command can, for example, display a listing of NetBIOS device names learned by a Microsoft Windows ® -based PC. Nessus ® A network-vulnerability scanner available from Tenable Network Security. ®

chain of custody

Documents who had custody of evidence all the way up to litigation or a court trial (if necessary) and verifies that the evidence has not been modified.

alien cross talk

EMI interference induced on one cable by signals traveling over a nearby cable.

ENTER syntax

ENTER numbytes, nestinglevel

AP isolation

Each client connected to the AP will not be able to communicate with each other, but they can each still access the Internet.

EIA

Electronic Industries Alliance

due diligence

Ensuring that IT infrastructure risks are known and managed.

Permissions

File system permissions control what resources a person can access on the network.

security log files

Files that log activity of users. They show who did what and when, plus whether they succeeded or failed in their attempt.

signature-based monitoring

Frames and packets of network traffic are analyzed for predetermined attack patterns. These attack patterns are known as signatures.

permanent DoS (PDoS) attack

Generally consists of an attacker exploiting security flaws in routers and other networking hardware by flashing the firmware of the device and replacing it with a modified image.

Honeypot

Generally is a single computer but could also be a file, group of files, or an area of unused IP address space used to attract and trap potential attackers to counteract any attempts at unauthorized access of the network.

security template

Groups of policies that can be loaded in one procedure.

Hardening

Hardening of the operating system is the act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services.

cryptographic hash functions

Hash functions based on block ciphers.

INVOKE syntax

INVOKE procedureName [, argumentList]

baseline reporting

Identification of the security posture of an application, system, or network.

congestion avoidance

If an interface's output queue fills to capacity, newly arriving packet are discarded (or tail dropped ). Congestion avoidance can prevent this behavior. RED is an example of a congestion-avoidance mechanism.

warchalking

If an open WLAN (or a WLAN whose SSID and authentication credentials are known) is found in a public place, a user might write a symbol on a wall (or some other nearby structure) to let others know the characteristics of the discovered network. This practice, which is a variant of the decades-old practice of hobos leaving symbols as messages to fellow hobos, is called warchalking.

cable certifier

If you are working with existing cable and want to determine its category, or if you simply want to test the supported frequency range (and therefore data throughput) of the cable, you can use a cable certifier.

transmission

In networking, the application of data signals to a medium or the progress of data signals over a medium from one point to another.

Rainbow Tables

In password cracking, a set of precalculated encrypted passwords located in a lookup table.

T3

In the same T-carrier family of standards as a T1, a T3 circuit offers an increased bandwidth capacity. Although a T1 circuit combines 24 DS0s into a single physical connection to offer 1.544 Mbps of bandwidth, a T3 circuit combines 672 DS0s into a single physical connection, with a resulting bandwidth capacity of 44.7 Mbps.

client-server network

In this type of network a dedicated server (ie: file server or a print server) provides shared access to a resources (ie: files or a printer). Clients (ie: a PCs) on the network with appropriate privilege levels can gain access to those shared resources.

content filters

Individual computer programs that block external files that use JavaScript or images from loading into the browser.

personally identifiable information (PII)

Information used to uniquely identify, contact, or locate a person.

input validation

Input validation or data validation is a process that ensures the correct usage of data.

stateful firewall

Inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, the stateful firewall permits that traffic. The process of inspecting traffic to identify unique sessions is called stateful inspection .

traffic shaping

Instead of making a minimum amount of bandwidth available for specific traffic types, you might want to limit available bandwidth. Both policing and shaping tools can accomplish this objective. Collectively, these tools are called traffic conditioners . Traffic shaping delays excess traffic by buffering it as opposed to dropping the excess traffic.

policing

Instead of making a minimum amount of bandwidth available for specific traffic types, you might want to limit available bandwidth. Both policing and trafficshaping tools can accomplish this objective. Collectively, these tools are called traffic conditioners . Policing can drop exceeding traffic, as opposed to buffering it.

site-to-site VPN

Interconnects two sites, as an alternative to a leased line, at a reduced cost.

radio frequency interference (RFI)

Interference that can come from AM/FM transmissions and cell towers.

ITU

International Telecommunication Union - A United Nations agency that regulates international telecommunications and provides developing countries with technical expertise and equipment to advance their technological bases.

IAB

Internet Architecture Board

IANA

Internet Assigned Numbers Authority

ICANN

Internet Corporation for Assigned Names and Numbers

IETF

Internet Engineering Task Force.

IP

Internet Protocol A core protocol in the TCP/IP suite that operates in the Network layer of the OSI model and provides information about how and where data should be delivered. IP is the subprotocol that enables TCP/IP to internetwork.

ISP

Internet service provider A business that provides organizations and individuals with Internet access and often, other services, such as e-mail and Web hosting.

Diffie-Hellman key exchange

Invented in the 1970s, it was the first practical method for establishing a shared secret key over an unprotected communications channel.

Hub

Known as an Ethernet hub, it is an older technology used to interconnect network components, such as clients and servers. The available ports on a hub vary, It DOES NOT perform any inspection of the traffic it passes, instead it just receives traffic in a port and repeats that same traffic out all of its other ports.

LOCAL syntax

LOCAL varlist

port address translation (PAT)

Like NAT, but it translates both IP addresses and port numbers.

LAN

Local-area network - interconnects network components within a local region. (ie: within a building.)

LLC

Logical Link Control Sublayer - The upper sublayer in the Data Link layer. The LLC provides a common interface and supplies reliability and flow control services.

Surge

Means that there is an unexpected increase in the amount of voltage provided.

access control model

Methodologies in which admission to physical areas, and more important computer systems, is managed and organized.

MAN

Metropolitan-area network - Interconnects locations scattered throughout a metropolitan area. (ie: Chicago Public Schools)

RAID 1

Mirroring. Data is copied to two identical disks. If one disk fails, the other continues to operate.

F-type connector

Most common coaxial cable connector which features a screw on attaching mechanism.

local variable use (C calling convention)

MySub PROC push ebp mov ebp, esp sub esp, 8 ; create locals mov DWORD PTR [ebp - 4], 10 ; x mov DWORD PTR [ebp - 8], 20; y mov esp, ebp ; remove locals from stack pop ebp ret MySub ENDP

distance

NEAR or FAR. Attribute that indicates the type of RET instruction (RET or RETF) generated by the assembler. (used with the PROC directive)

Extensible Authentication Protocol (EAP)

Not an authentication mechanism in itself but instead defines message formats. 802.1X would be the authentication mechanism and defines how EAP is encapsulated within messages.

ping command

One of the most commonly used command-line commands. It can check IP connectivity between two network devices. Multiple platforms (for example, routers, switches, and hosts) support the ping command.

Honeynet

One or more computers, servers, or an area of a network, used to attract and trap potential attackers to counteract any attempts at unauthorized access of the network.

Hotfix

Originally, a hotfix was defined as a single problem fixing patch to an individual OS or application that was installed live while the system was up and running, and without a reboot necessary. However, this term has changed over time and varies from vendor to vendor.

packet filtering

Packet filtering as it applies to firewalls inspects each packet passing through the firewall and accepts or rejects it based on rules. Two types of packet filtering include stateless packet filters and stateful packet inspection (SPI).

service level agreement (SLA)

Part of a service contract where the level of service is formally defined.

backup generator

Part of an emergency power system used when there is an outage of regular electric grid power.

66 block

Part of an organization's cross-connect facilities, a type of punch-down block used for many years to terminate telephone circuits. It does not meet Cat 5 or better standards, and so it is infrequently used on data networks.

100 block

Part of an organization's cross-connect facilities, a type of punch-down block designed to terminate Cat 5 or better twisted pair wires.

Tickets

Part of the authentication process used by Kerberos.

Transport Layer Security (TLS)

The successor to SSL. Provides secure Internet communications. This is shown in a browser as HTTPS.

security tokens

Physical devices given to authorized users to help with authentication. These devices might be attached to a keychain or are part of a card system.

Confidentiality

Preventing the disclosure of information to unauthorized persons.

satellite (WAN technology)

Provides WAN access to sites where terrestrial WAN solutions are unavailable. Satellite WAN connections can suffer from long round-trip delay (which can be unacceptable for latency-sensitive applications) and are susceptible to poor weather conditions.

802.11b

Ratified in 1999, this standard supports speeds as high as 11 Mbps. However, 5.5 Mbps is another supported data rate. The 802.11b standard uses the 2.4-GHz band and the DSSS transmission method.

802.11a

Ratified in 1999, this standard supports speeds as high as 54 Mbps. Other supported data rates (which can be used if conditions are not suitable for the 54 Mbps rate) include 6, 9, 12, 18, 24, 36, and 48 Mbps. The 802.11a standard uses the 5-GHz band and the OFDM transmission method.

802.11g

Ratified in 2003, this standard supports speeds as high as 54 Mbps. Like 802.11a, other supported data rates include 6, 9, 12, 18, 24, 36, and 48Mbps. However, like 802.11b, 802.11g operates in the 2.4-GHz band, which allows it to offer backwards compatibility to 802.11b devices. 802.11g can use either the OFDM or DSSS transmission method.

802.11n

Ratified in 2009, this standard supports a variety of speeds, depending on its implementation. Although the speed of an 802.11n network could approach 300 Mbps (through the use of channel bonding), many 802.11n devices on the market have speed ratings in the 130-150 Mbps range. Interestingly, an 802.11n WLAN can operate in the 2.4-GHz band, the 5-GHz band, or both simultaneously. 802.11n uses the OFDM transmission method.

audit trails

Records or logs that show the tracked actions of users, whether the user was successful in the attempt.

TEMPEST

Refers to the investigations of conducted emissions from electrical and mechanical devices, which could be compromising to an organization.

Policy

Rules or guidelines used to guide decisions and achieve outcomes. They can be written or configured on a computer.

redundant ISP

Secondary connections to another ISP; for example, a backup T-1 line.

IP proxy

Secures a network by keeping machines behind it anonymous; it does this through the use of NAT.

remote access VPN

See client-to-site VPN . Also known as a remote access VPN, a client-to-site VPN interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost.

fox and hound

See toner probe. a toner probe allows you to place a tone generator at one end of the connection (for example, in someone's office), and use a probe on the punch-down block to audibly detect to which pair of wires the tone generator is connected.

TCP reset attack

Sets the reset flag in a TCP header to 1, telling the respective computer to kill the TCP session immediately.

Network Access Control (NAC)

Sets the rules by which connections to a network are governed.

protocol analyzer

Software tool used to capture and analyze packets.

password cracker

Software tool used to recover passwords from hosts or to discover weak passwords.

Triple DES (3DES)

Similar to DES but applies the cipher algorithm three times to each cipher block.

packet-switched connection

Similar to a dedicated leased line, because this is an always on network. However, unlike a dedicated leased line, this connection allows multiple customers to share a service provider's bandwidth.

pre-action sprinkler system

Similar to a dry pipe system, but there are requirements for it to be set off such as heat or smoke.

multifactor authentication

Similar to two-factor authentication, it requires two or more types of successful authentication before granting access to a network.

SNMP agent

Software deployed by the network management system that is loaded on managed devices. The software redirects the information that the NMS needs to monitor the remote managed devices.

Malware

Software designed to infiltrate a computer system and possibly damage it without the user's knowledge or consent.

toner probe

Sometimes called a fox and hound , a toner probe allows you to place a tone generator at one end of the connection (for example, in someone's office), and use a probe on the punch-down block to audibly detect to which pair of wires the tone generator is connected.

IP Class A

Specified IP classing standard within the range of 1.0.0.0 to 126.255.255.255 with the subnet mask of 255.0.0.0

IP Class B

Specified IP classing standard within the range of 128.0.0.0 to 191.255.255.255 subnet mask of 255.255.0.0

IP Class C

Specified IP classing standard within the range of 192.0.0.0 to 223.255.255.255 subnet mask of 255.255.255.0

RAID 5

Striping with Parity. Data is striped across multiple disks; fault tolerant parity data is also written to each disk.

NTLM hash

Successor to the LM hash. A more advanced hash used to store Windows passwords, based off the RC4 algorithm.

NTLM2 hash

Successor to the NTLM hash. Based off the MD5 hashing algorithm.

data loss prevention (DLP)

Systems that are designed to protect data by way of content inspection. They are meant to stop the leakage of confidential data, often concentrating on communications.

standby generator

Systems that turn on automatically within seconds of a power outage.

uninterruptible power supply (UPS)

Takes the functionality of a surge suppressor and combines that with a battery backup, protecting computers not only from surges and spikes, but also from sags, brownouts, and blackouts.

Wiretapping

Tapping into a network cable in an attempt to eavesdrop on a conversation or steal data.

computer security audits

Technical assessments made of applications, systems, or networks.

Cookies

Text files placed on the client computer that store information about it, which could include your computer's browsing habits and credentials. Tracking cookies are used by spyware to collect information about a web user's activities. Session cookies are used by attackers in an attempt to hijack a session.

CAM table

The Content Addressable Memory table, a table that is in a switch's memory that contains ports and their corresponding MAC addresses.

HTTP proxy (web proxy)

The HTTP proxy, also known as a web proxy, which caches web pages from servers on the Internet for a set amount of time.

802.16

The IEEE standard for broadband wireless metropolitan area networking (also known as WiMAX).

802.5

The IEEE standard for token ring

802.11

The IEEE standard for wireless networking.

Spam

The abuse of electronic messaging systems such as e-mail, broadcast media, and instant messaging.

Spim

The abuse of instant messaging systems, a derivative of spam.

privilege escalation

The act of exploiting a bug or design flaw in a software or firmware application to gain access to resources that normally would've been protected from an application or user.

VLAN hopping

The act of gaining access to traffic on other VLANs that would not normally be accessible by jumping from one VLAN to another.

information security

The act of protecting information from unauthorized access. It usually includes an in-depth plan on how to secure data, computers, and networks.

vulnerability scanning

The act of scanning for weaknesses and susceptibilities in the network and on individual systems.

Wardialing

The act of scanning telephone numbers by dialing them one at a time and adding them to a list, in an attempt to gain access to computer networks.

hot and cold aisles

The aisles in a server room or data center that circulate cold air into the systems and hot air out of them. Usually, the systems and cabinets are supported by a raised floor.

throughput

The amount of data that a medium can transmit during a given period of time.

risk acceptance

The amount of risk an organization is willing to accept. Also known as risk retention.

plenum

The area above the ceiling tile or below the subfloor in a building.

Hoax

The attempt at deceiving people into believing something that is false.

risk assessment

The attempt to determine the amount of threats or hazards that could possibly occur in a given amount of time to your computers and networks.

secure coding concepts

The best practices used during the life cycle of software development.

network perimeter

The border of a computer network, commonly secured by devices such as firewalls and NIDS/NIPS solutions.

Virtualization

The creation of a virtual entity, as opposed to a true or actual entity.

traffic

The data transmission and processing activity taking place on a computer network at any given time.

account expiration

The date when users' accounts they use to log on to the network expires.

optical loss

The degradation of a light signal on a fiber-optic network.

latency

The delay between the transmission of a signal and its receipt.

resources

The devices, data, and data storage space provided by a computer, whether stand-alone or shared.

wavelength

The distance between corresponding points on a wave's cycle. It is inversely proportional to frequency.

data emanation (or signal emanation)

The electromagnetic field generated by a network cable or network device, which can be manipulated to eavesdrop on conversations or to steal data.

cladding

The glass or plastic shield around the core of a fiber-optic cable. It reflects light back to the core in patterns that vary depending on the transmission mode. This reflection allows fiber to bend around corners without impairing the light-based signal.

Nonrepudiation

The idea of ensuring that a person or group cannot refute the validity of your proof against them.

risk management

The identification, assessment, and prioritization of risks, and the mitigating and monitoring of those risks.

Zombie

The individual compromised computers in a botnet.

RTT (round trip time)

The length of time it takes for a packet to go from sender to receiver, then back from receiver to sender. It is usually measured in milliseconds.

MAC (Media Access Control) sublayer

The lower sublayer of the Data Link layer. The MAC appends the physical address of the destination computer onto the frame.

incident management

The monitoring and detection of security events on a computer network and the execution of proper responses to those security events.

Physical layer

The lowest, or first, layer of the OSI model. Protocols in this layer generate and detect signals so as to transmit and receive data over a network medium. These protocols also set the data transmission rate and monitor data error rates, but do not provide error correction.

transmission media

The means through which data are transmitted and received.

availability

The measure of a network's uptime.

latency

The measure of delay in a network.

reliability

The measure of how error-free a network transmits packets.

volt

The measurement used to describe the degree of pressure an electrical current exerts on a conductor.

due care

The mitigation action that an organization takes to defend against the risks that have been uncovered during due diligence.

DNS poisoning

The modification of name resolution information that should be in a DNS server's cache.

service set identifier (SSID)

The name of a wireless access point (or network) to which network clients will connect; it is broadcast through the air.

overhead

The nondata information that must accompany data in order for a signal to be properly routed and interpreted by the network.

frequency

The number of times that a signal's amplitude changes over a fixed period of time, expressed in cycles per second, or hertz (Hz).

twist ratio

The number of twists per meter or foot in a twisted pair cable.

demarcation point (demarc)

The point of division between a telecommunications service carrier's network and a building's internal network.

LANMAN hash

The original hash used to store Windows passwords, known as LM hash, based off the DES algorithm.

sheath

The outer cover, or jacket, of a cable.

SYN-ACK (synchronization-acknowledgment)

The packet a node sends to acknowledge to another node that it has received a SYN request for connection. This packet is the second of three in the three-step process of establishing a connection.

SYN (synchronization)

The packet one node sends to request a connection with another node on the network. This packet is the first of three in the three-step process of establishing a connection.

backbone

The part of a network to which segments and significant shared devices (such as routers, switches, and servers) connect.

topology

The physical layout of computers on a network.

connectors

The pieces of hardware that connect the wire to the network device, be it a file server, workstation, switch, or printer.

conduit

The pipeline used to contain and protect cabling. It is usually made from metal.

patch management

The planning, testing, implementing, and auditing of patches.

Hypervisor

The portion of virtual machine software that allows multiple virtual operating systems (guests) to run at the same time on a single computer.

Risk

The possibility of a malicious attack or other threat causing damage or downtime to a computer system.

Cryptography

The practice and study of hiding information.

vulnerability management

The practice of finding and mitigating software vulnerabilities in computers and networks.

information assurance

The practice of managing risks that are related to computer hardware and software systems.

due process

The principle that an organization must respect and safeguard personnel's rights.

sequencing

The process of assigning a placeholder to each piece of a data block to allow the receiving node's Transport layer to reassemble the data in the correct order.

network address translation (NAT)

The process of changing an IP address while it is in transit across a router. This is usually so one larger address space (private) can be remapped to another address space, or single IP address (public).

Encryption

The process of changing information using an algorithm (or cipher) into another form that is unreadable by others—unless they possess the key to that data.

fire suppression

The process of controlling and/or extinguishing fires to protect people and an organization's data and equipment.

Systems Development Life Cycle (SDLC)

The process of creating systems and applications, and the methodologies used to do so.

segmentation

The process of decreasing the size of data units when moving data from a network that can handle larger data units to a network that can handle only smaller data units.

security posture

The risk level to which a system, or other technology element, is exposed.

residual risk

The risk that is left over after a security and disaster recovery plan have been implemented.

Steganography

The science (and art) of writing hidden messages; it is a form of security through obscurity.

Biometrics

The science of recognizing humans based on one or more physical characteristics.

Data Link layer

The second layer in the OSI model. This layer bridges the networking media with the Network layer. Its primary function is to divide the data it receives from the Network layer into frames that can then be transmitted by the Physical layer.

device ID

The second set of six characters that make up a network device's MAC address - contains the device's model and manufacture date.

Bluejacking

The sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and PDAs.

Application layer

The seventh layer of the OSI model. This layer's protocols enable software programs to negotiate formatting, procedural, security, synchronization, and other requirements with the network.

noise

The unwanted signals, or interference, from sources near network cabling, such as electrical motors, power lines, and radar.

Presentation layer

The sixth layer of the OSI model. Protocols in this layer translate between the application and the network. Here, data are formatted in a schema that the network can understand, with the format varying according to the type of network used. This layer also manages data encryption and decryption.

soft skills

The skills such as customer relations, leadership ability, and dependability

Network Management System (NMS)

The software run on one or more servers that controls the monitoring of network attached devices and computers.

RJ-45 (registered jack 45)

The standard connector used with shielded twisted pair and unshielded twisted pair cabling.

RJ-11 (registered jack 11)

The standard connector used with unshielded twisted pair cabling (usually Cat 3 or Level 1) to connect analog telephones.

network mapping

The study of physical and logical connectivity of networks.

Network layer

The third layer in the OSI model. Protocols in this layer translate network addresses into their physical counterparts and decide how to route data from the sender to the receiver.

Accounting

The tracking of data, computer usage, and network resources. Often it means logging, auditing, and monitoring of the data and resources.

risk transference

The transfer or outsourcing of risk to a third party. Also known as risk sharing.

Bluesnarfing

The unauthorized access of information from a wireless device through a Bluetooth connection.

jitter

The uneven arrival of packets.

buffer overflow

This attack occurs when an attacker leverages a vulnerability in an application, causing data to be written to a memory area (that is, a buffer) that's being used by a different application.

FTP bounce

This bounce attack uses the FTP

E1

This circuit contains 32 channels, in contrast to the 24 channels on a T1 circuit. Only 30 of those 32 channels, however, can transmit data (or voice or video).Specifically, the first of those 32 channels is reserved for framing and synchronization, and the 17th channel is reserved for signaling (that is, to set up, maintain, and tear down a session).

T1

This circuit were originally used in telephony networks, with the intent of one voice conversation being carried in a single channel (that is, a single DS0). This circuit is comprised of 24 DS0s, and the bandwidth of this circuit type is 1.544 Mbps.

Adware

Type of spyware that pops up advertisements based on what it has learned about the user.

cold site

This has tables, chairs, bathrooms, and possibly some technical setup, for example, basic phone, data, and electric lines, but will require days if not weeks to set up properly.

Separation of Duties (SoD)

This is when more than one person is required to complete a particular task or operation.

Integrity

This means that authorization is necessary before data can be modified.

asymmetric key algorithm

This type of cipher uses a pair of different keys to encrypt and decrypt data.

warm site

This will have computers, phones, and servers, but they might require some configuration before users can start working on them.

link efficiency

To make the most of the limited bandwidth available on slower speed links, you might choose to implement compression or link fragmentation and interleaving (LFI). These QoS mechanisms are examples of link efficiency mechanisms.

Ring Topology

Traffic flows in a circular fashion around a closed network loop (ring). This topology sends data in a single direction to each connected device in the ring, until the intended destination receives the data.

time bomb

Trojans set off on a certain date.

Cluster

Two or more servers that work with each other.

incremental backup

Type of backup that backs up only the contents of a folder that have changed since the last full backup or the last incremental backup.

differential backup

Type of backup that backs up only the contents of a folder that have changed since the last full backup.

full backup

Type of backup where all the contents of a folder are backed up.

stateful packet inspection

Type of packet inspection that keeps track of network connections by examining the header in each packet, also known as SPI.

Bus Topology

Typically a main cable runs through the area, all devices requiring connectivity tap into or are connected to this main cable.

false positive

When a system authenticates a user who should not be allowed access to the system. For example, when an IDS/IPS blocks legitimate traffic from passing on to the network.

ad filtering

Ways of blocking and filtering out unwanted advertisement; popup blockers and content filters are considered to be ad filtering methods.

Vulnerability

Weaknesses in your computer network design and individual host configuration.

false negative

When a system denies a user who actually should be allowed access to the system. For example, when an IDS/IPS fails to block an attack, thinking it is legitimate traffic.

Algorithms

Well-defined instructions that describe computations from their initial state to their final state.

diversion theft

When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.

false rejection

When a biometric system fails to recognize an authorized person and doesn't allow that person access.

congestion management

When a device, such as a switch or router, receives traffic faster than it can be transmitted, the device attempts to buffer (or store) the extra traffic until bandwidth becomes available. This buffering process is called queuing or congestion management.

TCP/IP hijacking

When a hacker takes over a TCP session between two computers without the need of a cookie or any other type of host access.

Baiting

When a malicious individual leaves malware-infected removable media, such as a USB drive or optical disc, lying around in plain view.

nonpromiscuous mode

When a network adapter captures only the packets that are addressed to it.

Pretexting

When a person invents a scenario, or pretext, in the hope of persuading a victim to divulge information.

Identification

When a person is in a state of being identified. It can also be described as something that identifies a person such as an ID card.

dumpster diving

When a person literally scavenges for private information in garbage and recycling containers.

Eavesdropping

When a person uses direct observation to "listen" in to a conversation.

shoulder surfing

When a person uses direct observation to find out a target's password, PIN, or other such authentication information.

Authentication

When a person's identity is confirmed. Authentication is the verification of a person's identity.

buffer overflow

When a process stores data outside the memory that the developer intended. This could cause erratic behavior in the application, especially if the memory already had other data in it.

risk mitigation

When a risk is reduced or eliminated altogether.

Crosstalk

When a signal transmitted on one copper wire creates an undesired effect on another wire; the signal "bleeds" over, so to speak.

static NAT

When a single private IP address translates to a single public IP address. This is also called one-to-one mapping.

failopen mode

When a switch broadcasts data on all ports the way a hub does.

WAN

Wide-area network - interconnects network components that are geographically separated.

circuit-level gateway

Works at the Session Layer of the OSI model and applies security mechanisms when a TCP or UDP connection is established; they act as a go-between for the Transport and Application Layers in TCP/IP.

symbol variables

X_local EQU DWORD PTR [ebp - 4] Y_local EQU DWORD PTR [ebp - 8] mySub PROC push ebp mov ebp, esp sub esp, 8 ; reserve space for locals mov X_local, 10 ; x mov Y_local, 20 ; y mov esp, ebp ; remove locals from stack pop ebp ret mySub ENDP

constant OFFSETS

[ebp + 8] or [ebp + 12] NOTE: do not use with the PROC USES operator

varlist

a list of variable definitions, separated by commas, optionally spanning multiple lines

bit (binary digit)

a single pulse in the digital encoding system. It may have only one of two values: 0 or 1.

recursive subroutine

a subroutine that calls itself, either directly or indirectly

Media

a way to interconnect devices on a network. For example, copper cabling, fiber-optic cable or wireless connections.

C calling convention

add a value to ESP equal to the combined sizes of the parameters. Then, ESP will point to the stack location that contains the subroutine's return address. Example1 PROC push 6 push 5 call AddTwo add esp, 8 ;remove arguments from the stack ret Example1 ENDP

reference arguments

addresses of variables

peer-to-peer network

allows interconnected devices (ie: PCs) to share their resources with one another. These resources could be for example, files or printers.

Switch

an Ethernet switch interconnects network components.It is available with a variety of port densities. A switch learns which devices reside off of which ports. As a result, the switch learns where the traffic is destined and forwards the traffic out only the appropriate port, not out all of the other ports.

ethical hacker

an expert at breaking into systems and can attack systems on behalf of the system's owner and with the owner's consent.

label

any valid identifier (used with the LOCAL directive)

API

application program interface - A set of routines

paramName

arbitrary name you assign to the parameter . It's scope is current and local. (used with the PROC directive, parameterList)

modules

assembled units of divided up programming. Each is assembled independently, so a change to one's source code only requires reassembly the single file.

symmetric encryption

both the sender and receiver of a packet use the same key (a shared key ) for encryption and decryption.

Server

serves up resources to a network. For example, E-mail access provided by an E-mail server, web pages provided by a web server, or data files available on a file server.

unidirectional antenna

can focus their power in a specific direction, thus avoiding potential interference with other wireless devices and perhaps reaching greater distances than those possible with omnidirectional antennas. One application for unidirectional antennas is interconnecting two nearby buildings.

Cat 6e (Enhanced Category 6)

capable of a 550-MHz signaling rate and can reliably transmit data at multi-gigabit per second rates.

terminating condition

condition that terminates a recursive routine when it becomes true

DB-25

connector A type of connector with 25 pins that's commonly used in serial communication that conforms to the RS-232 standard.

output parameter

created when a calling program passes the address of a variable to a procedure. The procedure uses the address to locate and assign data to the variable.

merge PROC LOCAL pArray: PTR WORD

declare a procedure named merge that contains a local variable, pArray, of type PTR WORD using the LOCAL directive

merge PROC LOCAL tempArray[10]: DWORD

declare a procedure named merge that contains a local variable, tempArray, of type DWORD using the LOCAL directive

mySub PROC LOCAL var1: BYTE

declare a procedure named mySUb that contains a local variable named var1 of type BYTE using the LOCAL directive

mySub PROC enter 8, 0 leave ret mySub ENDP

declare a procedure that reserves 8 bytes of stack space for local variables using the ENTER instruction and returns to the caller similar to: mySub PROC push ebp mov ebp, esp sub esp, 8 mov esp, ebp pop ebp ret mySub ENDP

mySub PROC enter 8, 0

declare a procedure that reserves 8 bytes of stack space for local variables using the ENTER instruction similar to: mySub PROC push ebp mov ebp, esp sub esp, 8

read_File PROC USES eax ebx, pBuffer:PTR BYTE LOCAL fileHandle:DWORD mov esi, pBuffer mov fileHandle, eax ret read_File ENDP

declare a procedure the simplifies the following code (there may be more than one way to perform this task, only one can be exampled here): read_File PROC push ebp mov ebp, esp add esp, 0FFFFFFCh ; create fileHandle push eax ; save EAX push ebx ; save EBX mov esi, dword ptr [ebp+8] ; pBuffer mov dword ptr [ebp-4], eax ; fileHandle pop ebx pop eax leave ret 4 read_File ENDP

input parameter

data passed by a calling program to a procedure. The called procedure is not expected to modify the corresponding parameter variable, and even if it does, the modification is confined to the procedure itself.

bubbleSort PROC LOCAL temp: DWORD, swapFlag: BYTE

declare a procedure named bubbleSort that contains two local variables, temp and swapFlag, of types, DWORD and BYTE, using the LOCAL directive

Example3 PROC LOCAL temp:DWORD mov eax, temp ret Example3 ENDP

declare a procedure named example3 using the LOCAL directive and dword variable named temp similar to: Example3 PROC push ebp mov ebp, esp add esp, OFFFFFFFCh ; add -4 to ESP mov eax, [ebp - 5] leave ret Example3 ENDP

mySub PROC enter 0, 0

declare a procedure with no local variables using the ENTER instruction similar to: mySub PROC push ebp mov ebp, esp

ArraySum PROTO, ptrArray:PTR DWORD, szArray:DWORD

declare the PROTO statement for the following PROC statement: ArraySum PROC USES esi ecx, ptrArray: PTR DWORD, szArray: DWORD

dedicated leased line

dedicated leased line A logical connection interconnecting two sites. This logical connection might physically connect through a service provider's facility or a telephone company's central office. The expense of this line is typically higher than other WAN technologies offering similar data rates, because with this line, a customer does not have to share bandwidth with other customers.

INVOKE swap, ADDR array, ADDR [array + 4]

define an INVOKE instruction to replace the following lines of code: push OFFSET array+4 push OFFSET array call swap

INVOKE DumpArray, OFFSET array, LENGTHOF array, TYPE array

define an INVOKE instruction to replace the following lines of code: push TYPE array push LENGTHOF array push OFFSET array call DumpArray

Client

defines the device an end-user uses to access a network. (ie: a workstation, laptop, smartphone, with wireless capabilities, a tablet, or a variety of other end-user terminal devices.)

STACK

directive used to reserve space for the runtime stack (Irvine32.inc library file)

Full-mesh Topology

directly connects every site to every other site in the network.

nestinglevel

determines the number of stack fram pointers copied into the current stack frame from the stack frame of the calling procedure.

PROTO

directive that creates a prototype for an existing procedure. Declares a procedure's name and parameter list. It allows you to call a procedure before defining it and to verify that the number and types of arguments match the procedure definition. Must be used to utilize the INVOKE directive. * use the PROC statement to create * Change the word PROC * Remove the USES operator if any, along with its register list.

INVOKE

directive that pushes arguments on the stack (in the order specified by the MODEL directive's language specifier) and calls a procedure. Replaces the call instructions and allows you to pass multiple arguments using a single line of code. * passing arguments smaller than 32 bits to frequently causes the assembler to overwrite EAX and EDX when it widens the arguments before pushing them on the stack. * avoid proceeding behavior by saving and restoring EAX and EDX before and after the procedure call.

LOCAL

directive to substitute for the ENTER instruction. Declares one or more local variables by name, assigning them size attributes. If used, must appear on the line immediately following the PROC directive.

type

either a standard type or a user-defined type (used with the LOCAL directive) *standard types are WORD, DWORD..... *user-defined types are Structures .....

input-output parameter

identical to an output parameter, with one exception: The called procedure expects the variable referenced by the parameter to contain some data. The procedure is also expected to modify the variable via the pointer.

numbytes

immediate value, always rounded up to a multiple of 4 to keep EXP on a doubleword boundary

argument types used with INVOKE

immediate value, integer expression, variable, address expression, register, ADDR name, OFFSET name

ENTER

instruction that automatically creates a stack frame for a called procedure. It reserves stack space for local variables and saves EBP on the stack. Specifically, it performs three actions: * Pushes EBP on the stack (puch ebp) * Sets EBP to the base of the stack frame (mov ebp, esp) * Reserves space for local variables (sub esp, numbytes)

LEA

instruction that returns the effective address of an indirect operand.

LEAVE

instruction that terminates the stack frame for a procedure. It reverses the action of a previous ENTER instruction by restoring ESP and EBP to the values they were assigned when the procedure was called

label

is a user-defined label following the rules for identifiers (used with the PROC directive)

NIC.

network interface card

omnidirectional antenna

radiates power at relatively equal power levels in all directions (somewhat similar to the theoretical isotropic antenna). Omnidirectional antennas are popular in residential WLANs and SOHO (small office/home office) locations.

attributes

refers to distance, langType, visibility, prologue (used with the PROC directive)

STDCALL calling convention

supply an integer parameter to the RET instruction, which in turn adds to EBP after returning to the calling procedure. Integer must equal the number of bytes of stack space consumed by the subroutine parameters. Example2 PROC push ebp mov ebp, esp ; base of stack frame mov eax, [ebp + 12] ; second parameter add eax, [ebp + 8] ; first parameter pop ebp ret 8 ; clean up the stack Example2 ENDP NOTE: requires 32-bit operands, smaller operands must be pushed with zero extend

stack frame

the area of the stack set aside for passed arguments, subroutine return address, local variables, and saved registers. (aka activation record)

prologue

the beginning of a function consisting of statements that save the EBP register and point EBP to the top of the stack, OR push certain registers on the stack whose values will be restored when the function returns.

epilogue

the ending of a function consisting of restoring the EBP register and returning to the caller

recursion

the practice of calling recursive subroutines. * linked lists * connected graphs * careful not to create endless loop

asymmetric encryption

the sender and receiver of a packet use different keys.

telecommunications closet Also known as a "telco room,"

the space that contains connectivity for groups of workstations in a defined area, plus cross-connections to IDFs or, in smaller organizations, an MDF. Large organizations may have several of it per floor, but the TIA/EIA standard specifies at least one per floor.

channel bonding

two wireless bands can be logically bonded together, forming a band with twice the bandwidth of an individual band. Some literature refers to channel bonding as 40 MHz mode , which refers to the bonding of two adjacent 20-MHz bands into a 40-MHz band.

value arguments

values of variables and constants

local variables

variables created, used, and destroyed within a single subroutine * only statements within a local variable's enclosing subroutine can view or modify the variable, preventing program bugs caused by modifying variables * storage space used by local variables is released when the subroutine ends * local variables from different subroutines can have the same name without a name clash * essential when writing recursive subroutines, as well as subroutines executed by multiple execution threads.


Kaugnay na mga set ng pag-aaral

Math II - Finding Outcomes Quiz 100% CORRECT

View Set

ACCY 304 CH. 14 ADAPTIVE PRACTICE

View Set

Chapter 3: Sensation and Perception - Psychology: An Exploration Practice Quiz Questions

View Set

cellular respiration, photosynthesis, enzyme lab quiz

View Set

Accounting Chapter 4 Individual Review

View Set

Chapter 27: Safety, security, and emergency preparedness

View Set