Network +/N10-007
BLE (Bluetooth Low Energy)
A form of Bluetooth networking technology that uses very little energy
NIC (Network Interface Card)
Data Link Layer
Physical Address
Data Link Layer
Switching
Data Link Layer
SaaS (Software as a Service)
A cloud computing service model in which a user runs everything supplied by the provider.
static IP address
An IP address manually assigned to a network device, as opposed to dynamically via DHCP.
switch
A Layer 2 networking device that forwards frames based on destination addresses.
LC (local connector)
A media connector used with fiber-optic cabling.
HA (high availability)
A system goal/attribute aimed at ensuring operational uptime higher than normal.
server-based application
An application run from a network share rather than from a copy installed on a local computer.
media tester
Defines a range of software or hardware tools designed to test a particular media type.
BNC
Common connector used to terminate coaxial connectors. British Naval Connector / Bayonet Niell-Concelman
PPP
Data Link Layer
PDU (protocol data unit)
Data that contains control information, such as address information and user information.
B (bearer) channel
In ISDN, a 64 Kbps channel that carries data. See also D (delta) channel.
Physical
Name Of Layer 1
access control list (ACL)
Rules typically applied to router interfaces, which specify permitted and denied traffic.
PaaS (Platform as a Service)
A cloud computing service model in which the provider supplies the operating system and the user is responsible for the stack above it
CPU (central processing unit)
The main processor in a computing device.
ACK
The acknowledgment message sent between two hosts during a TCP session
route
The entire path between two nodes on a network.
binding
The process of associating a protocol with a NIC.
full duplex
This connection allows a device to simultaneously transmit and receive data.
LAN (local-area network)
A group of connected computers located in a single geographic area—usually a building or office—that shares data and services.
UPC
Ultra Physical Contact. Used in systems that require less precision sensitive systems. Color coded blue.
wiring schematics
Network documentation designed to show the physical wiring of a network. The wiring schematic can often be used in the troubleshooting process.
ARP
Network Layer
ICMP
Network Layer
IP Addressing
Network Layer
IP Fitering
Network Layer
IPsec
Network Layer
Logical Address
Network Layer
Packet Filtering
Network Layer
Packets
Network Layer
RIP
Network Layer
Routing
Network Layer
Stateless Inspection
Network Layer
VLAN
Network Layer
FCS (frame check sequence)
A method of error detection added to a frame in a communications protocol.
Gb (gigabit)
1 billion bits, or 1000 Mb.
RJ - 11 4P4C
4 Pins 4 Connectors
IT (information technology)
A fascinating field of study and career choice.
CoS (class of service)
A parameter used in data and voice to differentiate the types of payloads being transmitted.
CaaS (Communication as a Service)
A cloud computing model for providing ubiquitous access to shared pools of configurable resources
1000BaseSX
A fiber optic Gigabit Ethernet standard for operation over multimode fiber.
application log
A log file on a Windows system that provides information on events that occur within an application.
TCP/IP socket
A socket, or connection to an endpoint, used in TCP/IP communication transmissions.
Unicast
A unicast communication flow is a one-to-one flow.
SHA (Secure Hash Algorithm)
A cryptographic hash algorithm used in security and defined by the United States National Security Agency.
borrowed bits
Bits added to a classful subnet mask.
WPA (Wi-Fi Protected Access)
A data encryption method used on 802.11 wireless LANs. WPA is an industry-supported standard designed to addr
nslookup command
Can resolve a FQDN to an IP address on Microsoft Windows
MAC, LLC
Data LInk Layer
KVM (keyboard video mouse)
A device that allows one keyboard, one mouse, and one monitor to be used with multiple devices.
physical network diagram
A diagram that displays the physical layout of a network, including placement of systems and all network cabling.
synchronous transmission
A digital signal transmission method that uses a precise clocking method and a predefined numbe
RFP (request for proposal)
A document that solicits proposals, often through a bidding process.
DSU (data service unit)
A network communications device that formats and controls data for transmission over digital lines. A DSU is used with a CSU.
IETF (Internet Engineering Task Force)
A group of research volunteers responsible for specifying the protocols used on the Internet and the architecture of the Internet.
WAF (web application firewall)
A firewall that filters, monitors, and blocks HTTP traffic to and from a web application; this differs from a regular firewall in that the WAF is able to filter the content of specific web applications.
SOW (statement of work)
A formal document that defines work activities to be performed for a client.
network card
A hardware component that serves as the interface, or connecting component, between a network and the node. It has a transceiver, a MAC address, and a physical
FDDI (Fiber Distributed Data Interface)
A high-speed data transfer technology designed to extend the capabilities of existing LANs by using a dual-ring topology and a token-passing access method.
WLAN (wireless LAN)
A localarea network created using wireless transmission methods, such as radio or infrared, rather than traditional wired solutions.
NTP (Network Time Protocol)
A protocol used to communicate time synchronization information between devices on the network. NTP is part of the TCP/IP suite. NTP uses port 123.
IP (Internet Protocol)
A network layer protocol, documented in RFC 791, that offers a connectionless internetwork service. IP provides features for addressing, packet fragmentation and reassembly, type-ofservice specification, and security
NCP (Network Control Protocol)
A protocol used to define control between network protocols or layers.
IoT (Internet of Things)
A network of physical devices embedded with software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data
hardware firewall
A network appliance dedicated to the purpose of acting as a firewall. This appliance can have multiple interfaces for connecting to areas of a network requiring varying levels of security.
star topology
In a star topology, a network has a central point (for example, a switch) from which all attached devices radiate.
Simple Network Management Protocol (SNMP)
A protocol used to monitor and manage network devices, such as routers, switches, and servers.
Internet Key Exchange (IKE)
A protocol used to set up an IPsec session.
routed protocol
A protocol with an addressing scheme (for example, IP) that defines different network addresses.
RSH (Remote Shell)
A protocol, and corresponding application, used to remotely run a shell across an IP-based network.
star
A type of physical network design in which all nodes connect to a centralized device—in most cases a network switch.
network operating system
An operating system that runs on the servers on a network. Network operating systems include Windows Server, UNIX, and Linux.
Decryption, Decompression
Presentation Layer
Kerberos
A network authentication protocol designed to ensure that the data sent across networks is encrypted and safe from attack. Its primary purpose is to provide authentication for client/server applications.
honey net
A network containing more than one honey pot.
IPS (intrusion prevention system)
A network device that continually scans the network, looking for inappropriate activity.
security association (SA)
An agreement between the two IPsec peers about the cryptographic parameters to be used in an ISAKMP session.
ST connector
ST refers to a type of fiber connector.
CAT5
Data-grade cable that typically was used with Fast Ethernet operating at 100 Mbps with a transmission range of 100 meters.
CAT3
Data-grade cable that can transmit data up to 10 Mbps with a possible bandwidth of 16 MHz.
RARP (Reverse Address Resolution Protocol)
A protocol, part of the TCP/IP suite, that resolves MAC addresses to IP addresses. Its relative ARP resolves IP addresses to MAC addresses. RARP resides on the network layer of the OSI model.
Communication
Session Layer
DSCP (differentiated services code point)
An architecture that specifies a simple and coarsegrained mechanism for classifying and managing network traffic and providing QoS on modern networks.
virtual LAN (VLAN)
A single broadcast domain, representing a single subnet. Typically, a group of ports on a switch are assigned to a single VLAN. For traffic to travel between two VLANs, that traffic needs to be routed.
MTTR (mean time to recovery)
The average time that a device will take to recover from a failure.
Telco
A telephone company. Some countries have government-maintained telcos, and other countries have multiple telcos that compete with one another.
HSPA (High-Speed Packet Access)
A telephony protocol designed to increase speeds over previous protocols by combining features from others.
LED (light-emitting diode)
A type of semiconductor that emits light and is commonly used in displays.
secondary name server
A type of DNS server that gets its zone data from another DNS name server that has authority in that zone.
SC (Standard Connector)
A type of connector used with fiber cabling.
SMF (single-mode fiber)
A type of fiber that uses a single direct beam of light, thus allowing for greater distances and increased transfer speeds. See also MMF.
circuit-level firewall
A type of network security system whereby network traffic is filtered based on specified session rules and may be restricted to recognized computers only.
caching-only server
A type of DNS server that operates the same way as secondary servers except that a zone transfer does not take place when the caching-only server is started.
IP Security (IPsec)
A type of VPN that provides confidentiality, integrity, and authentication.
twisted pair
A type of cable that uses multiple twisted pairs of copper wire.
restore
To transfer data from backup media to a server. The opposite of backup.
Firewall
Transport Layer
DMZ (demilitarized zone)
An area for placing web and other servers that serve the general public outside the firewall, thereby isolating them from internal network access.
NIC (network interface card)
A hardware component that serves as the interface, or connecting component, between a network and the node. It has a transceiver, a MAC address, and a physical connector for the network cable. Also called a network adapter or network card.
NDR (non-delivery receipt)
A message informing the sender that a previous message has not been delivered because a delivery problem occurred.
100BaseT
- 100 Mb/s Ethernet over twisted pair. - Max length 100 Meters - CAT 5 and up
1000BaseT
- 1000 Mb/s Ethernet over twisted pair. - Max length 100 Meters - CAT 5e and up
1000BaseSX (Short)
- A Gigabit Ethernet standard using multi-mode fiber cabling for short distance.
PVC
- A type of jacket. Not allowed in plenum spaces or through fire breaks. - Emits a toxic gas when burnt. - Jacket is not tightly wrapped around internal conductors.
CAT 6a
- Augmented. Supports 10-Gbps networks at 100-meter segments - 10GBASE - T - 100 meters
DB-9
- D-subminiture - Box Shaped connector. 9 Pin serial connector. Commonly used for computers and servers
CAT 3
- Ethernet Standard. 10mb/s transfer speed. - 10BaseT. - 100 meters
UPC/APC Basics
- Every time a fiber optic cable has a connector attached to it, a portion of the light is lost. - Light loss is due to the reflection that occurs when the connector is applied causing a disrupted or damaged light signal. Due to connector, not cable itself. - The higher the return loss, the better the preformance
CAT 5e
- Fast Ethernet (Gigabit Ethernet) 350mb/s - 1GB/s - 100Base-TX / 1000BASE-T - 100 meters
CAT 5
- Fast Ethernet. TIA/EIA standard for UTP wiring that can operate up to 100 megabits per second. - 100BaseTX/1000Base-t - 100 meters
CAT 6
- Gigabit Ethernet 1 GB - 10 GB ( 10 GB up to 55 m) - 10GBASE-T - 37 to 55 meters
RG - 6
- Heavy gauge conductor. - Better signal strength. - Thicker insulation. - Better shielding. - Best used for CATV, broadband internet, Satellite. -High-speed
MT-RJ
- Mechanical Transfer Register Jack. - A fiber optic cable connector that is very popular for small form factor devices due to its small size. - Smallest connector
Single mode fiber
- One source of light. - Ultra concentrated with a precise core. - Outer Diameter of 125 microns - Core diameter of 9 microns - Travel up to 40 kilometers
Coaxial : Copper
- Plastic Jacket - Metallic shield - di-electric insulator - Center Core. - Used for audio, video, CCTV, cable modems, and satellite.
Plenum
- Refers to the jacket and the space above the ceiling for air circulation. - HVAC. - Spaces with high oxygen content. - Covered in flame retardant material. - Jacket is tightly fitted to the central conductors. - Non toxic when burnt
CAT 7
- S-FTP Cable. Unofficial standard. Backwards compatible with CAT 5e and 6. Even higher bandwidth (Shielded) - 10GBASE-T - 100 meters
Fiber connection Type SC
- Standard connector / Subscriber connector. -Single fiber strand but only half duplex. - Square connectot
RG - 59
- Thinner Gauge conductor. - Thinner insulation - less shielding - Can still be used in CCTV -Short distance good patch cables
Multi-mode Fiber
- Up to 500 m for 10 Gbps. - Outer Diameter - 125 microns. - Core Diameter 50 microns or 62.5 microns.
PKI (public key infrastructure)
A collection of software, standards, and policies combined to enable users from the Internet or other unsecured public networks to securely exchange data. PKI uses a public and private cryptographic key pair obtained and shared through a trusted authority.
UC (unified communications)
A combination of real-time (instant messaging, VoIP, and so on) with non-real-time (email, SMS, and so on) communications on the same platform.
NAC (Network Access Control)
A computer networking security solution that uses a set of network protocols with the goal to unify endpoint security solutions such as antivirus, vulnerability assessment, and authentication.
Number of Twisted Pairs
8 Coper cables, 4 twisted pairs
RJ - 45 8P8C
8 Pins 8 connectors.
SSL (Secure Sockets Layer)
A method of securely transmitting information to and receiving information from a remote website. SSL is implemented through HTTPS. SSL operates at the presentation layer of the OSI model and uses TCP/IP port 443.
URL (uniform resource locator)
A name used to identify a website and subsequently a page on the Internet. An example of a URL is www.quepublishing.com/products.
Mb (megabit)
1 million bits. Used to rate transmission transfer speeds
MB (megabyte)
1 million bytes. Usually refers to file size.
PAN (personal-area network)
A network layout whereby devices work together in close proximity to share information and services, commonly using technologies such as Bluetooth or infrared.
WWN (World Wide Name)
A unique identifier assigned to a manufacturer by the Institute of Electrical and Electronic Engineers (IEEE). It is hard-coded into a Fibre Channel (FC) device.
PAT (Port Address Translation)
A variation on NAT (Network Address Translation). With PAT, all systems on the LAN are translated into the same IP address, but with a different port number assignment. See also NAT
10G BaseT
10 GB base-band speed over Twisted Pair
10GBASE-T, category 6A Distance
100 meters 6
10GBASE-T category 7 distance
100 meters 7
Kb (kilobit)
1000 bits
KB (kilobyte)
1000 bytes.
Ethernet Deployment Standards
100BaseT, 1000BaseT, and 1G BasedT
10GBASE-T
2006 standard for cat 6, 6a, and 7
1000BaseSX Distance for a 65.2 micron diameter
220 meter and 275 meter
DB-25
25-pin electrical connector for serial and parallel computer ports. It is arranged in rows of two with one 13-pin row above another 12-pin row. - commonly used for RS-232 connections -modem, printers, mice
1000BaseLX single mode distance
5 kilometers
66 block
50 rows, 4 columns. 25 pair. Cross-connected work areas and patch panels with low bandwidth. Older. Mounted Vertically.
1000BaseSX Distance for a 50 micron diameter
500 meters and 550 meters
10GBASE-T Cat6 Distance
55 meter
1000BaseLX multi mode distance
550 meters
CAN (campus-area network)
A wide-area network (WAN) created to service a campus area.
ESD (electrostatic discharge)
A condition created when two objects of dissimilar electrical charge come into contact with each other. The result is that a charge from the object with the higher electrical charge discharges itself into the object with the lower-level charge. This discharge can be harmful to computer components and circuit boards.
LTE (Long-Term Evolution)
A wireless communication standard more commonly referred to as 4G LTE.
APC (angle polished connector)
A connector commonly used with fiber cables—usually single mode—to keep the signal from bouncing back down the line.
RAS (Remote Access Service)
A Windows service that enables access to the network through remote connections.
SCP (Secure Copy Protocol)
A basic file-copying protocol that uses Secure Shell (SSH) technology to provide security to the transfer.
VPN (virtual private network)
A network that uses a public network such as the Internet as a backbone to connect two or more private networks. A VPN provides users with the equivalent of a private network in terms of security. VPNs can also be used as a means of establishing secure remote connectivity between a remote system and another network.
client/server networking
A networking architecture in which front-end, or client, nodes request and process data stored by the backend, or server, node.
AUP (acceptable use policy)
A policy created by an organization defining what is acceptable on their resources (network, computers, and so on).
IEEE (Institute of Electrical and Electronics Engineers)
A professional organization that, among other things, develops standards for networking and communications.
STP (Spanning Tree Protocol)
A protocol developed to eliminate the loops caused by the multiple paths in an internetwork. STP is defined in IEEE 802.1.
CHAP (Challenge Handshake Authentication Protocol)
A protocol that challenges a system to verify identity. CHAP is an improvement over Password Authentication Protocol (PAP) in which one-way hashing is incorporated into a three-way handshake. RFC 1334 applies to both PAP and CHAP.
FTP (File Transfer Protocol)
A protocol that provides for the transfer of files between two systems. FTP users authenticate using clear-text sign-in procedures, making FTP an unsecure protocol. FTP is part of the TCP/IP suite and operates at Layer 7 of the OSI model.
DSL (digital subscriber line)
A public network technology that delivers high bandwidth over conventional copper wiring over limited distances.
LEC (local exchange carrier)
A regulatory term used in telephony to represent the local telephone provider.
TPM (trusted platform module)
A secure cryptoprocessor standard that employs a dedicated microcontroller to secure hardware by integrating cryptographic keys into the device.
TLS (Transport Layer Security)
A security protocol designed to ensure privacy between communicating client/server applications. When a server and client communicate, TLS ensures that no one can eavesdrop and intercept or otherwise tamper with the data message. TLS is the successor to SSL.
WPS (Wi-Fi Protected Setup)
A security standard created by the Wi-Fi Alliance to increase security features of networks. The most visible manifestation of this is the button on some home routers that must be pressed to allow a new device to connect to the network within a short time period. Currently, WPS is not considered secure because flaws in the WPS PIN feature have been identified.
DNS (Domain Name Service)
A service/system/server used to translate domain names, such as www.quepublishing.com, into IP addresses, such as 165.193.123.44. DNS uses a hierarchical namespace that enables the database of hostname-to-IP address mappings to be distributed across multiple servers.
Zeroconf (zero configuration)
A set of tools and tricks/techniques that exist within TCP/IP with the goal of allowing devices to connect and configure without an administrator needing to manually configure anything.
SOHO (small office/home office)
A small network typically serving 1 to 10 users.
RJ (Registered Jack)
A specification for a family of cable connectors.
STA (Spanning Tree Algorithm)
A standard defined by IEEE 802.1 as part of STP to eliminate loops in an internetwork with multiple paths.
LLC (logical link control) layer
A sublayer of the data link layer of the OSI model. The LLC layer provides an interface for network layer protocols and the MAC sublayer.
storage-area network (SAN)
A subnetwork of storage devices, usually found on high-speed networks and shared by all servers on a network.
cut-through packet switching
A switching method that does not copy the entire packet into the switch buffers. Instead, the destination address is captured into the switch, the route to the destination node is determined, and the packet is quickly sent out the corresponding port. Cut-through packet switching maintains a low latency.
fragment-free switching
A switching method that uses the first 64 bytes of a frame to determine whether the frame is corrupted. If this first part is intact, the frame is forwarded.
DOCSIS (Data-Over-Cable Service Interface Specification)
A telecommunications standard for transmitting high-speed data over existing cable TV systems
SMS (Short Message Service)
A text-based communication service for phones, web, and other devices.
ST (Straight Tip or Snap Twist)
A type of connector used with cabling.
UPC (Ultra Polished Connector)
A type of connector used with fiber networks.
SPI (stateful packet inspection)
A type of firewall that works at the network layer and keeps track of the state of active connections.
DoS (denial of service) attack
A type of hacking attack in which the target system is overwhelmed with requests for service, which keeps it from servicing any requests— legitimate or otherwise.
PCM (phase change memory)
A type of nonvolatile random-access memory (RAM).
SPS (standby power supply)
A type of power supply in which the SPS monitors the power line and switches to battery power as soon as it detects a problem. During the time it takes to switch to battery power, the computer does not receive any power and may power down. This is in contrast to an online UPS, which constantly provides battery power.
SSID (service set identifier)
A unique client identifier sent over the WLAN that acts as a simple password used for authentication between a wireless client and an access point. The SSID is used to differentiate between networks. Therefore, the client system and the AP must use the same SSID.
10GBaseT
A 2006 standard to provide 10 Gbps connections over unshielded or shielded twisted pair cables, over distances up to 100 meters using category 6a (category 6 can reach 55 meters).
OUI (Organizationally Unique Identifier)
A 24-bit number that uniquely identifies a vendor, a manufacturer, or other organization globally or worldwide.
DB-25
A 25-pin connector used for serial port or parallel port connection between PCs and peripheral devices.
subnet mask
A 32-bit address used to mask, or screen, a portion of an IP address to differentiate the part of the address that designates the network and the part that designates the host
Basic Rate Interface (BRI)
A BRI circuit contains two 64-kbps B channels and one 16-Kbps D channel. although such a circuit can carry two simultaneous voice conversations, the two B channels can be logically bonded together into a single virtual circuit (by using PPP's multilink interface feature) to offer a 128-kbps data path.
HSRP (Hot Standby Router Protocol)
A Cisco proprietary protocol used for establishing redundant gateways.
VTP (VLAN Trunking Protocol)
A Cisco proprietary protocol that manages the addition, deletion, and renaming of VLANs for the entire network. Information about changes to a VLAN or the addition of a new VLAN to a network is distributed to all switches on the network simultaneously and does not need to be done one at a time.
Enhanced Interior Gateway Routing Protocol (EIGRP)
A Cisco proprietary protocol. So although EIGRP is popular in Cisco-only networks, it is less popular in mixed-vendor networks. Like OSPF, EIGRP is an IGP with very fast convergence and is very scalable. EIGRP is considered to be an advanced distance vector or a hybrid routing protocol.
MX (Mail Exchanger)
A DNS record entry used to identify the mail server.
PTR (pointer)
A DNS record used to map an IP address to a hostname.
SDSL (symmetrical digital subscriber line)
A DSL implementation that offers the same speeds for uploads and downloads. It is not widely implemented in the home/small business environment and cannot share a phone line.
PDoS (permanent denial of service)
A Denial of Service type attack that damages a system so badly that it requires replacement or reinstallation of hardware.
denial of service (DoS)
A DoS attack floods a system with an excessive amount of traffic or requests, which consumes the system's processing resources and prevents the system from responding to many legitimate requests.
DDoS (distributed denial of service) attack
A DoS attack that utilizes more than one computer in the attack. See DoS (denial of service) attack.
1000BaseLX (Long)
A Fiber Ethernet Base Standards - A Gigabit Ethernet standard. - Long-wave laser
GBIC (gigabit interface converter)
A Gigabit Ethernet and Fibre Channel transceiver standard
host-based IPS (HIPS)
A HIPS system is a computer running intrusion prevention software for the purpose of protecting the computer from attacks.
Synchronous Optical Network (SONET)
A Layer 1 technology that uses fiber-optic cabling as its media. Because SONET is a Layer 1 technology, it can be used to transport various Layer 2 encapsulation types, such as ATM. Also, because SONET uses fiber-optic cabling, it offers high data rates, typically in the 155-Mbps to 10-Gbps range, and long-distance limitations, typically in the 20-km to 250-km range.
Frame Relay
A Layer 2 WAN technology that interconnects sites using virtual circuits. These virtual circuits are identified by locally significant data-link connection identifiers (DLCI).
Real-time Transport Protocol (RTP)
A Layer 4 protocol that carries voice (and interactive video).
ipconfig command
A Microsoft Windows command that can be used to display IP address configuration parameters on a PC. In addition, if DHCP is used by the PC, the ipconfig command can be used to release and renew a DHCP lease, which is often useful during troubleshooting.
Microsoft Routing and Remote Access Server (RRAS)
A Microsoft Windows server feature that allows Microsoft Windows clients to remotely access a Microsoft Windows network.
Tracert command
A Microsoft Windows-based command that displays every router hop along the path from a source host to a destination host on an IP network. Information about a router hop can include such information as the IP address of the router hop and the round-trip delay of that router hop.
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
A Microsoft-enhanced version of CHAP, offering a collection of additional features not present with PAP or CHAP, including two-way authentication.
network-based IDS (NIDS)
A NIDS device is a network appliance dedicated to the purpose of acting as an IDS sensor.
network-based IPS (NIPS)
A NIPS device is a network appliance dedicated to the purpose of acting as an IPS sensor.
WINS (Windows Internet Name Service)
A NetBIOS name-to-IP address resolution service that runs on Windows Server platforms.
public key infrastructure (PKI)
A PKI system uses digital certificates and a certificate authority to allow secure communication across a public network.
Terminal Access Controller Access-Control System Plus (TACACS+)
A TCP-based protocol used to communicate with a AAA server. Unlike RADIUS, TACACS+ encrypts an entire authentication packet rather than just the password. TACACS+ offers authentication features, but they are not as robust as the accounting features found in RADIUS. Also, unlike RADIUS, TACACS+ is a Cisco-proprietary protocol.
Class A network
A TCP/IP network that uses addresses from 1 to 126 and supports up to 126 subnets with 16,777,214 unique hosts each.
Class B network
A TCP/IP network that uses addresses from 128 to 191 and supports up to 16,384 subnets with 65,534 unique hosts each.
Class C network
A TCP/IP network that uses addresses from 192 to 223 and supports up to 2,097,152 subnets with 254 unique hosts each.
SONET (Synchronous Optical Network)
A U.S. standard for data transmission that operates at speeds up to 2.4 Gbps over optical networks referred to as OC-x, where x is the level. The international equivalent of SONET is Synchronous Digital Hierarchy (SDH).
Remote Authentication Dial-In User Service (RADIUS)
A UDP-based protocol used to communicate with a AAA server. Unlike TACACS+, RADIUS does not encrypt an entire authentication packet, but only the password. However, RADIUS offers more robust accounting features than TACACS+. Also, RADIUS is a standards-based protocol, whereas TACACS+ is a Cisco proprietary protocol.
Linux
A UNIX-like operating system kernel created by Linus Torvalds. Linux is distributed under an open-source license agreement, as are many of the applications and services that run on it.
intelligent UPS
A UPS that has associated software for monitoring and managing the power provided to the system. For information to be passed between the UPS and the system, the UPS and system must be connected, which normally is achieved through a serial or USB connection.
Layer 2 Forwarding (L2F)
A VPN protocol designed (by Cisco Systems) with the intent of providing a tunneling protocol for PPP. Like L2TP, L2F lacks native security features.
L2TP (Layer 2 Tunneling Protocol)
A VPN protocol that defines its own tunneling protocol and works with the advanced security methods of IPsec. L2TP enables PPP sessions to be tunneled across an arbitrary medium to a home gateway at an ISP or corporation.
Layer 2 Tunneling Protocol (L2TP)
A VPN protocol that lacks security features, such as encryption. However, L2TP can still be used for a secure VPN connection if it is combined with another protocol that provides encryption.
Session Initiation Protocol (SIP)
A VoIP signaling protocol used to set up, maintain, and tear down VoIP phone calls.
Multiprotocol Label Switching (MPLS)
A WAN technology popular among service providers. MPLS performs labels switching to forward traffic within an MPLS cloud by inserting a 32-bit header (which contains a 20-bit label) between a frame's Layer 2 and Layer 3 headers and making forwarding decisions based on the label within an MPLS header.
independent basic service set (IBSS)
A WLAN can be created without the use of an AP. Such a configuration, called an IBSS, is said to work in an ad-hoc fashion. An ad hoc WLAN is useful for temporary connections between wireless devices. For example, you might temporarily interconnect two laptop computers to transfer a few files.
ipconfig
A Windows command that provides information about the configuration of the TCP/IP parameters, including the IP address.
tracert
A Windows command-line utility used to track the route a data packet takes to get to its destination.
netstat
A Windows operating system command-line utility that displays protocol statistics and current TCP/IP network connections.
T1 crossover
A cable that can be used to directly connect two devices—such as two computer systems—or as a means to expand networks that use devices such as hubs or switches. A traditional crossover cable is a UTP cable in which the wires are crossed for the purposes of placing the transmit line of one device on the receive line of the other. A T1 crossover is used to connect two T1 CSU/ DSU devices in a back-to-back configuration.
patch cable
A cable, normally twisted pair, used to connect two devices. Strictly speaking, a patch cable is the cable that connects a port on a hub or switch to the patch panel, but today people commonly use the term to refer to any cable connection.
full backup
A backup in which files, regardless of whether they have been changed, are copied to the backup medium. In a full backup, the files' archive bits are reset.
incremental backup
A backup of only files that have been created or changed since the last backup. In an incremental backup, the archive bit is cleared to indicate that a file has been backed up.
differential backup
A backup of only the data that has been created or changed since the previous full backup. In a differential backup, the state of the archive bits is not altered.
binary
A base 2 numbering system used in digital signaling. It uses only the numbers 1 and 0.
checksum
A basic method of error checking that involves calculating the sum of bytes in a section of data and then embedding the result in the packet. When the packet reaches the destination, the calculation is performed again to make sure that the value is still the same.
BIOS (Basic Input/Output System)
A basic set of instructions that a device needs to operate.
Kerberos
A client-server authentication protocol that supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party (a key distribution center) that hands out tickets to be used instead of a username and password combination.
digital subscriber line (DSL)
A group of technologies that provide high-speed data transmission over existing telephone wiring. DSL has several variants, which vary in data rates and distance limitations. Three of the more popular DSL variants include asymmetric DSL (ADSL), symmetric DSL (DSL), and very high bit-rate DSL (VDSL).
Octet
A grouping of 8 bits. An IPv4 address consists of four octets (that is, a total of 32 bits).
learning bridge
A bridge that builds its own bridging address table instead of requiring someone to manually enter information. Most modern bridges are learning bridges. Also called a smart bridge.
source-route bridge
A bridge used in source-route bridging to send a packet to the destination node through the route specified by the sending node.
Open
A broken strand of copper that prevents current from flowing through a circuit.
central office (CO)
A building containing a telephone company's telephone-switching equipment is referred to as a central office (CO). COs are categorized into five hierarchical classes. A Class 1 CO is a long-distance office serving a regional area. A Class 2 CO is a second-level long-distance office; that is, it is subordinate to a Class 1 office. A Class 3 CO is a third-level long-distance office. A Class 4 CO is a fourth-level long-distance office, which provides telephone subscribers access to a live operator. A Class 5 CO is at the bottom of the five-layer hierarchy and physically connects to customer devices in a local area.
cable tester
A cable tester can test the conductors in an Ethernet cable. It contains two parts. By connecting these parts of the cable tester to each end of a cable under test, you can check the wires in the cable for continuity (that is, check to make sure that there are no opens, or breaks, in a conductor). I In addition, you can verify an RJ-45 connector's pinouts (which are wires connected to the appropriate pins on an RJ-45 connector).
crossover cable
A cable that can be used to directly connect two devices—such as two computer systems—or as a means to expand networks that use devices such as hubs or switches. A traditional crossover cable is a UTP cable in which the wires are crossed for the purposes of placing the transmit line of one device on the receive line of the other. A T1 crossover is used to connect two T1 CSU/ DSU devices in a back-to-back configuration.
link state
A category of routing protocol that maintains a topology of a network and uses an algorithm to determine the shortest path to a destination network.
distance vector
A category of routing protocol that sends a full copy of its routing table to its directly attached neighbors.
CRAM-MD5
A challenge-response authentication mechanism.
classful mask
A classful mask is the default subnet mask applied to Class A, B, and C IPv4 networks. Specifically, Class A networks have a classful mask of 255.0.0.0. Class B networks have a classful mask of 255.255.0.0, and Class C networks have a classful mask of 255.255.255.0.
workstation
A client computer on a network that does not offer any services of its own but that uses the services of the servers on the network.
AS (autonomous system)
A collection of connected IP routing prefixes under the control of a network administrator or entity that offers a common and defined routing policy to the Internet
Collision
A collision occurs when two devices on an Ethernet network simultaneously transmit a frame. Because an Ethernet segment cannot handle more than one frame at a time, both frames become corrupted.
ifconfig
A command used on Linux- and UNIX-based systems to obtain configuration for and configure network interfaces.
PPP (Point-to-Point Protocol)
A common Layer 2 protocol offering features such as multilink interface, looped link detection, error detection, and authentication. A common dial-up networking protocol that includes provisions for security and protocol negotiation. Provides host-to-network and switch-to-switch connections for one or more user sessions.
Challenge-Response Authentication Mechanism Message Digest 5 (CRAM-MD5)
A common variant of HMAC frequently used in e-mail systems. Like CHAP, CRAM-MD5 only performs one-way authentication (the server authenticates the client).
IEEE 802.11b
A commonly deployed IEEE wireless standard that uses the 2.4 GHz RF range and offers speeds up to 11 Mbps. Under ideal conditions, the transmission range can be as far as 75 meters.
SGCP (Simple Gateway Control Protocol)
A communication protocol used with VoIP.
transport protocol
A communications protocol responsible for establishing a connection and ensuring that all data has arrived safely. It is defined in Layer 4 of the OSI model.
broadband
A communications strategy that uses analog or digital signaling over multiple communications channels.
channel
A communications path used for data transmission.
UDP (User Datagram Protocol)
A communications protocol that provides connectionless, unreliable communication services and operates at the transport layer of the OSI model. It requires a network layer protocol such as IP to guide it to the destination host.
QSFP (quad small factor pluggable)
A compact, hotpluggable transceiver used for data communications.
ISP (Internet service provider)
A company or organization that provides facilities for clients to access the Internet.
software firewall
A computer running firewall software. For example, the software firewall could protect the computer itself (for example, preventing incoming connections to the computer). Alternatively, a software firewall could be a computer with more than one network interface card that runs firewall software to filter traffic flowing through the computer.
T-line
A digital communication line used in WANs. Commonly used T designations are T1 (Trunk Level 1) and T3 (Trunk Level 3). It is also possible to use only part of a T1 line, which is known as fractional T1. T1 lines support a data transmission rate of up to 1.544 Mbps.
local loop
A connection between a customer premise and a local telephone company's central office.
half duplex
A connection in which data is transmitted in both directions but not simultaneously. Compare with full duplex.
circuit-switched connection
A connection that is brought up on an as-needed basis. A circuit-switched connection is analogous to phone call, where you pick up a phone, dial a number, and a connection is established based on the number you dial.
Transmission Control Protocol (TCP0
A connection-oriented transport protocol. Connection-oriented transport protocols provide reliable transport, in that if a segment is dropped, the sender can detect that drop and retransmit that dropped segment. Specifically, a receiver acknowledges segments that it receives. Based on those acknowledgments, a sender can determine which segments were successfully received.
TCP (Transmission Control Protocol)
A connection-oriented, reliable data transmission communication service that operates at the transport layer of the OSI model. TCP is part of the TCP/IP suite.
User Datagram Protocol (UDP)
A connectionless transport protocol. Connectionless transport protocols provide unreliable transport, in that if a segment is dropped, the sender is unaware of the drop, and no retransmission occurs.
RJ-11 connector
A connector used with telephone systems. Can have up to six conductors
RJ-45 connector
A connector used with twisted-pair cable. Can support eight conductors for four pairs of wires.
CSMA/CA (carrier sense multiple access with collision avoidance)
A contention media access method that uses collision avoidance techniques.
CSMA/CD (carrier sense multiple access with collision detection)
A contention media access method that uses collisiondetection and retransmission techniques.
security policy
A continually changing document that dictates a set of guidelines for network use. These guidelines complement organizational objectives by specifying rules for how a network is used.
loop
A continuous circle that a packet takes through a series of nodes in a network until it eventually times out.
MSA (master service agreement)
A contract between parties, in which the parties agree to most of the terms that will govern future transactions or future agreements.
WAN (wide-area network)
A data communications network that serves users across a broad geographic area. WANs often use transmission devices such as modems or CSUs/ DSUs to carry signals over leased lines or common carrier lines.
coaxial cable
A data cable, commonly referred to as coax, that is made of a solid copper core insulated and surrounded by braided metal and covered with a thick plastic or rubber covering. Coax is the standard cable used in cable television and in older bus topology networks.
WEP (Wired Equivalent Privacy)
A data encryption method used to protect the transmission between 802.11 wireless clients and access points. WEP security has come under scrutiny because it uses an insufficient key length and provides no automated method for distributing the keys.
MIB (Management Information Base)
A data set that defines the criteria that can be retrieved and set on a device using SNMP.
content engine
A dedicated appliance whose role is to locally cache content received from a remote network (for example, a destination on the Internet). Subsequent requests for that content can be serviced locally, from the content engine, thus reducing bandwidth demand on a WAN.
dedicated line
A dedicated circuit used in WANs to provide a constant connection between two points.
default static route
A default static route is an administratively configured entry in a router's routing table that specifies where traffic for all unknown networks should be sent.
CAT (Computer and Telephone)
A designation of resources, usually wiring, used to provide service to computers or telephones.
frame
A grouping of information transmitted as a unit across the network at the data link layer of the OSI model.
hardware loopback
A device plugged into an interface for the purposes of simulating a network connection. This enables the interface to be tested as if it is operating while connected.
ISDN terminal adapter
A device that enables communication over an ISDN link.
patch panel
A device in which the cables used in coaxial or twistedpair networks converge and are connected. The patch panel is usually in a central location
packet sniffer
A device or application that enables data to be copied from the network and analyzed. In legitimate applications, it is a useful network troubleshooting tool.
concentrator
A device that combines several communications channels into one. It is often used to combine multiple terminals into one line.
cable modem
A device that provides Internet access over cable television lines.
bridge
A device that connects and passes packets between two network segments that use the same communications protocol. Bridges operate at the data link layer of the OSI model. A bridge filters, forwards, or floods an incoming frame based on the packet's MAC address.
wireless access point (AP)
A device that connects to a wired network and provides access to that wired network for clients that wirelessly attach to the AP.
repeater
A device that regenerates and retransmits signals on a network. Repeaters usually are used to strengthen signals going long distances.
punchdown block
A device used to connect network cables from equipment closets or rooms to other parts of a building. Connections to networking equipment such as hubs or switches are established from the punchdown block. Also used in telecommunications wiring to distribute phone cables to their respective lo
temperature monitor
A device used to monitor temperature typically in a server room or wiring closet.
DTE (data terminal equipment)
A device used at the user end of a user network interface that serves as a data source, a destination, or both. DTE devices include computers, protocol translators, and multiplexers.
loopback plug
A device used for loopback testing
line conditioner
A device used to stabilize the flow of power to the connected component. Also known as a power conditioner or voltage regulator
throughput tester
A device used to test the actual data throughput of a network cable.
cable tester
A device used to check for electrical continuity along a length of cable. Cable tester is a generic term that can be applied to devices such as volt/ohm meters and TDRs.
modem (modulator-demodulator)
A device used to modulate and demodulate the signals that pass through it. It converts the direct current pulses of the serial digital code from the controller into the analog signals compatible with the telephone network.
TDR (time-domain reflectometer)
A device used to test copper cables to determine whether and where a break is on the cable. For optical cables, an optical TDR is used.
tone generator
A device used with a tone locator to locate and diagnose problems with twisted-pair cabling. Commonly referred to as fox and hound.
proxy
A device, application, or service that acts as an intermediary between two hosts on a network, eliminating the capability for direct communication.
interface
A device, such as a card or plug, that connects pieces of hardware with a computer so that information can be moved from place to place (for example, between computers and printers, hard drives, and other devices, or between two or more nodes on a network). Also, the part of an application or operating system that the user sees.
E3
A digital circuit in the same E-carrier family of standards as an E1. An E3 circuit's available bandwidth is 34.4 Mbps.
Integrated Services Digital Network (ISDN)
A digital telephony technology that supports multiple 64-kbps channels (known as bearer channels or B channels) on a single connection. ISDN was popular back in the 1980s for connecting PBXs, which are telephone switches owned and operated by a company, to a telephone company's central office. ISDN has the ability to carry voice, video, or data over its B channels. ISDN also offers a robust set of signaling protocols: Q.921 for Layer 2 signaling and Q.931 for Layer 3 signaling. These signaling protocols run on a separate channel in an ISDN circuit (known as the delta channel, data channel, or D channel).
warm site
A disaster recovery site offering most equipment and applications. Compare to a cold site that refers to a disaster recovery site with limited hardware and typically only a reserved location. A hot site is one with duplicate hardware and software and can be operational within minutes of a disaster.
cold site
A disaster recovery site that provides office space, but the customer provides and installs all the equipment needed to continue operations.
hot site
A disaster recovery term used to describe an alternative network site that can be immediately functional in the event of a disaster at the primary site.
IGRP (Interior Gateway Routing Protocol)
A distance vector interior gateway protocol (IGP) developed by Cisco.
Routing Information Protocol (RIP)
A distance-vector routing protocol that uses a metric of hop count. The maximum number of hops between two routers in an RIP-based network is 15. Therefore, a hop count of 16 is considered to be infinite. RIP is considered to be an IGP.
backup schedule
A document or plan that defines what type of backups are made, when, and what data is backed up.
MSDS (material safety data sheet)
A document defining the hazards of working with a chemical or compound, safety precautions, and guidelines for dealing with spills or accidents.
link-state routing
A dynamic routing method in which routers tell neighboring routers of their existence through packets called link-state advertisements (LSAs). By interpreting the information in these packets, routers can create maps of the entire network. Compare with distance-vector routing.
WINS database
A dynamically built database of NetBIOS names and IP addresses used by WINS.
BNC (British Naval Connector/ Bayonet Neill-Concelman) connector
A family of connectors typically associated with thin coaxial cabling and 10BASE2 networks. BNC connectors use a twist- andlock mechanism to connect devices to the network.
TACACS (Terminal Access Controller Access-Control System)
A family of related protocols handling remote authentication and related services for networked access control through a centralized server.
store-and-forward
A fast-packetswitching method that produces higher latency than other switching methods because the entire contents of the packet are copied into the switch's onboard buffers. CRC calculations are performed before the packet can be passed on to the destination address.
HT (High Throughput)
A feature of 802.11n for increased throughput on the network. The newer Very High Throughput (VHT) 802.11ac standard further increases network throughput.
ToS (Type of Service)
A field in an IPv4 header that defines such things as the priority of the packet.
NFS (Network File System)
A file sharing and access protocol most commonly associated with UNIX and Linux systems
FTPS (File Transfer Protocol Security)
A file transfer protocol that uses SSL/TLS to add security.
packet filtering
A firewall method in which each packet that attempts to pass through the firewall is examined to determine its contents. The packet is then allowed to pass, or it is blocked, as appropriate.
unified threat management (UTM)
A firewall or gateway that attempts to bundle multiple security functions into a single physical or logical device.
host firewall
A firewall system installed and configured on and used for an individual host. Contrast to a network firewall that provides firewall services for all network nodes.
patch
A fix for a bug in a software application. Patches can be downloaded from the Internet to correct errors or security problems in software applications.
IV (initialization vector)
A fixedsize input used in cryptography. The larger initialization vector, the more it increases the difficulty in cracking and minimizes the risk of replay
archive bit
A flag that is set on a file after it has been created or altered. Some backup methods reset the flag to indicate that it has been backed up.
VLAN (virtual LAN)
A group of devices located on one or more LAN segments, whose configuration is based on logical instead of physical connections. This enables the devices to operate as if they were connected to the same physical switch, regardless of whether they are connected to the same switch.
array
A group of devices arranged in a fault-tolerant configuration. See also RAID.
internetwork
A group of networks connected by routers or other connectivity devices so that the networks function as one network.
dynamic window
A flow control mechanism that prevents the sender of data from overwhelming the receiver. The amount of data that can be buffered in a dynamic window varies in size, hence its name.
DWDM (dense wavelengthdivision multiplexing)
A form of multiplexing optical signals that replaces SONET/SDH regenerators with erbium doped fiber amplifiers (EDFAs) and can also amplify the signal and allow it to travel a greater distance. The main components of a DWDM system include a terminal multiplexer, line repeaters, and a terminal demultiplexer
DDNS (Dynamic Domain Name Service)
A form of DNS that enables systems to be registered and deregistered with DNS dynamically. DDNS is facilitated by DHCP, which passes IP address assignments to the DNS server for entry into the DNS server records. This is in contrast with the conventional DNS system, in which entries must be manually made.
SDP (Session Description Protocol)
A format of streaming media initialization parameters.
token
A frame that provides controlling information. In a token ring network, the node that possesses the token is the one that is allowed to transmit next.
GNU privacy guard (GPC)
A free variant of pretty good privacy (PGP), which is an asymmetric encryption algorithm.
trace route
A function of the TCP/IP suite, implemented in utilities such as traceroute and tracert, which enables the entire path of a packet to be tracked between source and destination hosts. It is used as a troubleshooting tool.
ICS (industrial control system)
A general term used to describe industrial control systems such as supervisory control and data acquisition (SCADA) systems.
PC (personal computer)
A generalpurpose computer intended for use by individual users.
NIU (network interface unit)
A generic term for a network interface device (NID) or point of demarcation.
half duplex
A half-duplex connection allows a device to either receive or transmit data at any one time. However, a half-duplex device cannot simultaneously transmit and receive.
punch-down tool
A hand tool that enables the connection of twistedpair wires to wiring equipment such as a patch panel. When terminating wires on a punch-down block (for example, a 110 block), you should use a punch-down tool, which is designed to properly insert an insulated wire between two contact blades in a punch down block, without damaging the blades.
gateway
A hardware or software solution that enables communications between two dissimilar networking systems or protocols. A gateway can operate at any layer of the OSI model but is commonly associated with the application layer.
intelligent hub/switch
A hub or switch that contains some management or monitoring capability.
passive hub
A hub that has no power and therefore does not regenerate the signals it receives. Compare with active hub.
active hub
A hub that has power supplied to it for the purposes of regenerating the signals that pass through it.
partial-mesh topology
A hybrid of a hub-and-spoke topology and a full-mesh topology. A partial-mesh topology can be designed to provide an optimal route between selected sites, while avoiding the expense of interconnecting every site to every other site.
HIDS (host intrusion detection system)
A intrusion detection system that is based at the host (rather than the network). It monitors and analyzes data coming to and from the host
HIPS (host intrusion prevention system)
A intrusion prevention system that is based at the host (rather than the network). It responds and reacts to threats coming to and from the host.
hub
A largely obsolete hardware device that acts as a connection point on a network that uses twisted-pair cable. It operates at the physical layer of the OSI model and forwards signals to all ports. Also known as a concentrator or a multiport repeater.
BOOTP (Bootstrap Protocol)
A legacy broadcast-based TCP/IP protocol used by a network device to obtain an IP address and other network information, such as server address and default gateway from a configuration server.
SFP (small form-factor pluggable)
A line of small optical transceivers that have recently become available.
bus topology
A linear LAN architecture in which all devices connect to a common cable, called a bus or backbone.
link-local IP address
A link-local IP address is a nonroutable IP address usable only on a local subnet.
IS-IS (Intermediate System-toIntermediate System)
A link-state protocol that discovers the shortest path for data to travel using the shortest path first (SPF) algorithm. IS-IS routers distribute topology information to other routers, allowing them to make the best path decisions.
Intermediate System-to-Intermediate System (IS-IS)
A link-state routing protocol similar in its operation to OSPF. IS-IS uses a configurable, yet dimensionless, metric associated with an interface and runs Dijkstra's shortest path first algorithm. Although using IS-IS as an IGP offers the scalability, fast convergence, and vendor interoperability benefits of OSPF, it has not been deployed as widely as OSPF.
OSPF (Open Shortest Path First)
A link-state routing protocol used on TCP/IP networks. Compare with distance-vector routing. A link-state routing protocol that uses a metric of cost, which is based on the link speed between two routers. OSPF is a popular IGP because of its scalability, fast convergence, and vendor interoperability.
bridging address table
A list of MAC addresses that a bridge keeps and uses when it receives packets. The bridge uses the bridging address table to determine which segment the destination address is on before it sends the packet to the next interface or drops the packet (if it is on the same segment as the sending node).
Security log
A log located in the Windows Event Viewer that provides information on audit events that the administrator has determined to be security-related. These events include logons, attempts to log on, attempts to access areas that are denied, and attempts to log on outside normal hours.
syslog (system log)
A log, accessed through Event Viewer on Windows Server platforms, that provides information and warnings on events logged by operating system components and hardware devices. These events include driver failures, device conflicts, read/write errors, timeouts, and bad block errors.
domain
A logical boundary of an Active Directory structure on Windows servers. Also, a section of the DNS namespace.
dedicated leased line
A logical connection interconnecting two sites. This logical connection might physically connect through a service provider's facility or a telephone company's central office. The expense of a dedicated leased line is typically higher than other WAN technologies offering similar data rates, because with a dedicated leased line, a customer does not have to share bandwidth with other customers.
subnet
A logical division of a network, based on the address to which all the devices on the network are assigned.
decibel (dB) loss
A loss of signal power. If a transmission's dB loss is too great, the transmission cannot be properly interpreted by the intended recipient.
Bluetooth
A low-cost, short-range RF technology designed to replace many of the cords used to connect devices. Bluetooth uses 2.4 GHz RF and provides transmission speeds up to 24 Mbps.
CRC (cyclical redundancy check)
A method used to check for errors in packets that have been transferred across a network. A computation bit is added to the packet and recalculated at the destination to determine whether the entire content of the packet has been correctly transferred.
cyclic redundancy check (CRC)
A mathematical algorithm that is executed on a data string by both the sender and receiver of the data string. If the calculated CRC values match, the receiver can conclude that the data string was not corrupted during transmission.
nm (nanometer)
A measurement equal to one billionth of a meter
Kbps (Kilobits per second)
A measurement of the number of kilobits transmitted, or capable of being transmitted, in a second.
Baseline
A measurement of performance of a device or system for the purposes of future comparison.
RTT (Round Trip Time or Real Transfer Time)
A measurement of the length of time it takes for data to be sent and returned.
Mbps (megabits per second)
A measurement of the number of megabits sent, or capable of being sent, in a second.
MBps (megabytes per second)
A measurement of the number of megabytes sent in a second.
static window
A mechanism used in flow control that prevents the sender of data from overwhelming the receiver. The amount of data that can be buffered in a static window is configured dynamically by the protocol.
MT-RJ connector
A media connector used with fiber-optic cabling.
SYN
A message sent to initiate a TCP session between two devices. The full term is synchronization packet.
guaranteed flow control
A method of flow control in which the sending and receiving hosts agree on a rate of data transmission. After the rate is determined, the communication takes place at the guaranteed rate until the sender is finished. No buffering takes place at the receiver.
flow control
A method of controlling the amount of data transmitted within a given period of time. Different types of flow control exist. See also dynamic window and static window
circuit switching
A method of sending data between two parties in which a dedicated circuit is created at the beginning of the conversation and is broken at the end. All data transported during the session travels over the same path, or circuit.
LSA (link state advertisements)
A method of OSPF communication in which the router sends the local routing topology to all other local routers in the same OSPF area
prefix notation
A method of indicating how many bits are in a subnet mask. For example, /24 is prefix notation for a 24-bit subnet mask. Prefix notation is also known as slash notation.
dotted-decimal notation
A method of writing an IPv4 address or subnet mask, where groups of 8 bits (called octets) are separated by periods.
DSSS (direct sequence spread spectrum)
A modulation technique in which the transmitted signal takes up more than the information signal that modulates the carrier or broadcast frequency
sag
A momentary drop in the voltage provided by a power source.
Ethernet Crossover Cable
A much more rare form of networking cable used to. One end is T568A while the other is T568B.
Multicast
A multicast communication flow is a one-to-many flow.
Internet Group Management Protocol (IGMP)
A multicast protocol used between clients and routers to let routers know which of their interfaces has a multicast receiver attached.
Protocol Independent Multicast (PIM)
A multicast protocol used between multicast-enabled routers to construct a multicast distribution tree.
FHSS (frequency hopping spread spectrum)
A multiple access method of transferring radio signals in the frequency-hopping code division multiple access (FH-CDMA) scheme
CDMA (code division multiple access)
A multiple-access channel method used to provide bandwidth sharing.
hostname
A name assigned to a system for the purposes of identifying it on the network in a more user-friendly manner than by the network address.
EUI (extended unique identifier)
A naming convention for MAC addresses.
ICMP (Internet Control Message Protocol)
A network layer Internet protocol documented in RFC 792 that reports errors and provides other information relevant to IP packet processing. Utilities such as ping and tracert use functionality provided by ICMP.
server-based networking
A network operating system dedicated to providing services to workstations, or clients. See also client/server networking.
NIPS (network intrusion prevention system)
A network security system that monitors, blocks, and reports malicious network activity.
backbone
A network segment that acts as a trunk between other network segments. Backbones typically are high-bandwidth implementations, such as fiber-optic cable.
MAN (metropolitan-area network)
A network that spans a defined geographic location, such as a city or suburb.
private network
A network to which access is limited, restricted, or controlled. Most corporate networks are private networks. Compare with public network.
toner probe
A network tool used to locate the ends of a run of network cable.
personal-area network (PAN)
A network whose scale is smaller than a LAN. As an example, a connection between a PC and a digital camera via a USB cable is considered to be a PAN.
public network
A network, such as the Internet, to which anyone can connect with the most minimal of restrictions. Compare with private network.
Nessus
A network-vulnerability scanner available from Tenable Network Security.
Nmap
A network-vulnerability scanner.
next hop
A next-hop IP address is an IP address on the next router to which traffic should be forwarded.
DB-9
A nine-pin connector used for serial port or parallel port connection between PCs and peripheral devices.
remote node
A node or computer connected to a network through a remote connection. Dialing in to the Internet from home is an example of the remote node concept.
client
A node that uses the services from another node on a network.
NetBEUI (NetBIOS Extended User Interface)
A nonroutable, Microsoft proprietary networking protocol designed for use in small networks.
packet
A packet refers to a unit of data that travels in communication networks.
broadcast
A packet-delivery system in which a copy of a packet is transmitted to all hosts attached to the network.
1000BaseTX
A pair of Twisted Pair cables. Allows for Backwards compatibility.
PPTP (Point-to-Point Tunneling Protocol)
A protocol that encapsulates private network data in IP packets. These packets are transmitted over synchronous and asynchronous circuits to hide the Internet's underlying routing and switching infrastructure from both senders and receivers.
downtime
A period of time during which a computer system or network is unavailable. This may be due to scheduled maintenance or hardware or software failure.
PVC (permanent virtual circuit)
A permanent dedicated virtual link shared in a Frame Relay network, replacing a hardwired dedicated end-to-end line.
administrator
A person responsible for the control and security of the user accounts, resources, and data on a network.
cracker
A person who attempts to break software code or gain access to a system to which he or she is not authorized. See also hacker.
hacker
A person who carries out attacks on a computer software program. See also cracker.
POP3 (Post Office Protocol version 3)
A protocol that is part of the TCP/IP suite used to retrieve mail stored on a remote server. The most commonly used version of POP is POP3. POP3 is an application layer protocol.
HTTPS (Hypertext Transfer Protocol Secure)
A protocol that performs the same function as HTTP but does so over an encrypted link, ensuring the confidentiality of any data that is uploaded or downloaded. Also referred to as S-HTTP.
DHCP (Dynamic Host Configuration Protocol)
A protocol that provides dynamic IP addressing to DHCPenabled workstations on the network.
segment
A physical section of a network.
butt set
A piece of test equipment typically used by telephone technicians. The clips on a butt set can connect to the tip and ring wires on a punch-down block (for example, a 66 block or a 110 block) connecting to a telephone.
disaster recovery plan
A plan for implementing duplicate computer services if a natural disaster, a human-made disaster, or another catastrophe occurs. A disaster recovery plan includes offsite backups and procedures to activate information systems in alternative locations.
BYOD (bring your own device)
A policy governing employees bringing personally owned devices (laptops, smartphones, and the like) to the workplace and the use of those devices to access company data.
RSA
A popular and widely deployed asymmetric encryption algorithm. Utilized for publickey cryptography. Can be used for encryption purposes. RSA is used as a secure solution for e-commerce.
PGP (Pretty Good Privacy)
A popular encryption/decryption program used for cryptography
RIP (Routing Information Protocol)
A protocol that uses hop count as a routing metric to control the direction and flow of packets between routers on an internetwork.
IPsec (IP Security)
A protocol used to provide strong security standards for encryption and authentication on virtual private networks.
LLDP (Link Layer Discovery Protocol)
A protocol used by network devices for advertising on an IEEE 802 local area network.
HTTP (Hypertext Transfer Protocol)
A protocol used by web browsers to transfer pages, links, and graphics from the remote node to the user's computer.
RDP (Remote Desktop Protocol)
A presentation layer protocol that supports a Remote Desktop Connection between an RDP client (formerly known as "Windows Terminal Client") and a server.
IGMP (Internet Group Management Protocol)
A protocol used for communication between devices within the same multicast group. IGMP provides a mechanism for systems to detect and make themselves aware of other systems in the same group.
RTSP (Real-Time Streaming Protocol)
A protocol used for establishing and maintaining communications with a media server.
OCSP (online certificate status protocol)
A protocol used for obtaining the revocation status of an X.509 digital certificate.
subdomain
A privately controlled segment of the DNS namespace that exists under other segments of the namespace as a division of the main domain. Sometimes also called a child domain.
trouble ticket
A problem report explaining the details of an issue being experienced in a network.
port mirroring
A process by which two ports on a device, such as a switch, are configured to receive the same information. Port mirroring is useful in troubleshooting scenarios.
change control
A process in which a detailed record of every change made to the network is documented.
firewall
A program, system, device, or group of devices that acts as a barrier between one network and another. Firewalls are configured to enable certain types of traffic to pass while blocking others.
GLBP (Gateway Load Balancing Protocol)
A proprietary Cisco protocol that adds basic loadbalancing functionality in an attempt to overcome the limitations of existing redundant router protocols.
WAP (Wireless Application Protocol / Wireless Access Point)
A protocol for wireless mobile access (now outdated) and the devices that make it possible for hosts to connect (widely used).
IMAP4 (Internet Message Access Protocol version 4)
A protocol that enables email to be retrieved from a remote server. It is part of the TCP/IP suite, and it is similar in operation to POP3 but offers more functionality.
CARP (Common Address Redundancy Protocol)
A protocol that enables multiple hosts on the same network to share a set of IP addresses and thus provides failover redundancy. It is commonly used with routers and firewalls and can provide load balancing.
EIGRP (Enhanced Interior Gateway Routing Protocol)
A protocol that enables routers to exchange information more efficiently than earlier network protocols. Routers configured to use EIGRP keep copies of their neighbors' routing information and query these tables to help find the best possible route for transmissions to follow.
DLR (device level ring)
A protocol that provides a means of detecting, managing, and recovering from faults in a ring-based topology network.
LDAP (Lightweight Directory Access Protocol)
A protocol used to access and query compliant directory services systems, such as Microsoft Active Directory.
MGCP (Media Gateway Control Protocol)
A protocol for controlling IP-based media gateways through the public switched telephone networks (PSTNs).
Address Resolution Protocol (ARP)
A protocol in the TCP/IP suite used to resolve IP addresses to MAC addresses. -the ARP command returns a Layer 2 address for a Layer 3 address.
RF (radio frequency)
A rate of oscillation used by radio waves and radio signals.
decibel (dB)
A ratio of radiated power to a reference value. In the case of dBi, the reference value is the signal strength (that is, the power) radiated from an isotropic antenna, which represents a theoretical antenna that radiates an equal amount of power in all directions (in a spherical pattern). An isotropic antenna is considered to have gain of 0 dBi.
SOA (start of authority)
A record of information containing data on DNS zones and other DNS records. A DNS zone is the part of a domain for which an individual DNS server is responsible. Each zone contains a single SOA record.
cold spare
A redundant piece of hardware stored in case a component should fail. Typically used for server systems.
SNAT (Static NAT)
A simple form of NAT. SNAT maps a private IP address directly to a static unchanging public IP address. See also NAT.
router
A router is considered a Layer 3 device, meaning that it makes its forwarding decisions based on logical network addresses. Most modern networks use IP addressing. Controls the flow of data between two or more network segments.
black-hole router
A router that drops packets that cannot be fragmented and are exceeding the MTU size of an interface without notifying the sender.
GRE (generic routing encapsulation)
A routing encapsulation method that comes in a plain wrapper.
static routing
A routing method in which all routes must be entered into a device manually and in which no route information is exchanged between routing devices on the network. Compare with dynamic routing.
routing protocol
A routing protocol (for example, RIP, OSPF, or EIGRP) that advertises route information between routers, which describes how to reach specified destination networks.
Exterior Gateway Protocol (EGP)
A routing protocol that operates between autonomous systems, which are networks under different administrative control. Border Gateway Protocol (BGP) is the only EGP in widespread use today.
Administrative distance (AD)
A routing protocol's index of believability. Routing protocols with a smaller AD are considered more believable that routing protocols with a higher AD.
dynamic routing
A routing system that enables routing information to be communicated between devices automatically and that can recognize changes in the network topology and update routing tables accordingly. Compare with static routing
F-type connecter
A screw-type connector used with coaxial cable. In computing environments, it is most commonly used to connect cable modems to ISP equipment or incoming cable feeds.
WPA2 (Wi-Fi Protected Access v2)
A secure wireless data encryption method based on 802.11i that replaces WPA.
RADIUS (Remote Authentication Dial-In User Service)
A security standard that employs a client/ server model to authenticate remote network users. Remote users are authenticated using a challengeand-response mechanism between the remote-access server and the RADIUS server.
TACACS+ (Terminal Access Controller Access Control System Plus)
A security protocol designed to provide centralized validation of users who are attempting to gain access to a router or network access server (NAS). TACACS+ is a set of security protocols designed to provide authentication, authorization, and accounting (AAA) of remote users. TACACS+ uses TCP port 49 by default.
Wired Equivalent Privacy (WEP)
A security standard for WLANs. With WEP, an AP is configured with a static WEP key. Wireless clients needing to associate with an AP are configured with an identical key (making this a preshared key [PSK] approach to security). The IEEE 802.11 standard specifies a 40-bit WEP key, which is considered to be a relatively weak security measure.
collision domain
A segment of an Ethernet network between managing nodes, where only one packet can be transmitted at a time. Switches, bridges, and routers can be used to segment a network into separate collision domains.
HVAC (heating, ventilation, and air conditioning)
A self-defining acronym
worm
A self-replicating program that can perform destructive acts to a single computer or across a network, both wired and wireless.
TFTP (Trivial File Transfer Protocol)
A simplified version of FTP that enables file transfers but does not offer any security or file management capabilities. TFTP uses TCP/IP port 69.
domain name server
A server that runs application software that enables the server to perform a role associated with the DNS service
proxy server
A server that acts as a go-between for a workstation and the Internet. A proxy server typically provides an increased level of security, caching, NAT, and administrative control. Intercepts requests being sent from a client and forwards those request on to their intended destination. The proxy server then sends any return traffic to the client which initiated the session. This provides address hiding for the client. Also, some proxy servers conserve WAN bandwidth by offering a content caching function. In addition, some proxy servers offer URL filtering to, for example, block users from accessing social networking sites during working hours.
name server
A server that contains a database of name resolution information used to resolve network names to network addresses.
web server
A server that runs an application and makes the contents of certain directories on that server, or other servers, available to clients for download, via a protocol such as HTTP.
WWW (World Wide Web)
A service running on the Internet that has become so successful that it is often mistaken for the Internet itself.
Terminal Services
A service on Windows Server platforms that enables clients to connect to the server as if it were a multiuser operating system. All the processing for the client session is performed on the server. Only screen updates and user input are transmitted across the network connection. Window Server 2008 R2 and later versions have replaced Terminal Services with Remote Desktop Services (RDS).
network as a service (NaaS)
A service provider offering where clients can purchase data services (for example, e-mail, LDAP, and DNS services) traditionally hosted in a corporate data center.
ADSL (asymmetric digital subscriber line)
A service that transmits digital voice and data over existing (analog) phone lines.
MU-MIMO (multiuser multiple input, multiple output)
A set of advanced MIMO technologies included with IEEE 802.11ac that dramatically enhances wireless throughput.
OCx (Optical Carrier)
A set of standards used for digital signals with SONET fiber networks.
byte
A set of bits (usually 8) that operate as a unit to signify a character.
password
A set of characters used with a username to authenticate a user on a network and to provide the user with rights and permissions to files and resources.
address
A set of numbers used to identify and locate a resource or device on a network. An example is an IP address such as 192.168.2.1.
XML (Extensible Markup Language)
A set of rules for the encoding of documents in a machine-readable format.
protocol
A set of rules or standards that control data transmission and other interactions between networks, computers, peripheral devices, and operating systems.
Open Systems Interconnect (OSI) reference model
A seven layer model created by the ISO to standardize and explain the interactions of networking protocols. Commonly referred to as the OSI model or the OSI stack. This seven-layer model categorizes various network technologies.
Short
A short occurs when two copper connectors touch each other, resulting in current flowing through that short rather than the attached electrical circuit, because the short has lower resistance.
brownout
A short-term decrease in the voltage level, usually caused by the startup demands of other electrical devices.
carrier
A signal that carries data. The carrier signal is modulated to create peaks and troughs, which represent binary bits.
PAP (Password Authentication Protocol)
A simple authentication protocol in which the username and password are sent to the remote-access server in clear text, making it possible for anyone listening to network traffic to steal both. PAP typically is used only when connecting to older UNIXbased remote-access servers that do not support any additional authentication protocols.
multicast
A single-packet transmission from one sender to a specific group of destination nodes.
transparent bridging
A situation in which the bridges on a network tell each other which ports on the bridge should be opened and closed, which ports should be forwarding packets, and which ports should be blocking packets—all without the assistance of any other device.
MAC (Media Access Control) address
A six-octet number, described in hexadecimal, that uniquely identifies a host on a network. It is a unique number burned into the network interface.
Telco (telephone company)
A slang term for the telephone provider in question.
antivirus software
A software application that detects and removes viruses.
NetBIOS (Network Basic Input/ Output System)
A software application that enables different applications to communicate between computers on a LAN.
SNMP agent
A software component that enables a device to communicate with, and be contacted by, an SNMP management system.
IDS (intrusion detection system)
A software application or hardware device that monitors a network or system for malicious or nonpolicy-related activity and reports to a centralized management system.
TMS (transportation management system)
A software module that sits between warehouse management and an ERP system.
WMS (warehouse management system)
A software module that is used to provide management tools for warehouse operations.
virus
A software program designed specifically to adversely affect a system or network. A virus is usually designed to be passed on to other systems with which it comes in contact.
service pack
A software update that fixes multiple known problems and in some cases provides additional functionality to an application or operating system.
mesh
A type of network topology in which each node connects to every other node. The mesh network provides a high level of redundancy because it provides alternative routes for data to travel should a single route become unavailable.
GSM (Global System for Mobile Communications)
A standard created by the European Telecommunications Standards Institute (ETSI) used to describe communication protocols for second-generation (2G) cellular networks and devices. It has now become the default global standard for mobile communications in more than 219 countries and territories.
1000BaseLX
A standard for Gigabit Ethernet intended for use with long-wavelength (LX) transmissions over long cable runs of fiber optic cabling.
proprietary
A standard or specification created by a single manufacturer, vendor, or other private enterprise.
Telnet
A standard terminal emulation protocol in the TCP/IP stack. Telnet is used to perform terminal emulation over TCP/IP via remote terminal connections, enabling users to log in to remote systems and use resources as if they were connected to a local system. Telnet has been replaced in most instances by the more secure SSH.
IEEE 802.3
A standard that specifies physical layer attributes, such as signaling types, data rates, and topologies, as well as the media access method used. It also defines specifications for the implementation of the physical layer and the MAC sublayer of the data link layer, using CSMA/CD. This standard also includes the original specifications for Fast Ethernet.
IEEE 1394
A standard that defines a system for connecting up to 63 devices on an external bus. IEEE 1394 is used with consumer electronic devices such as video cameras and MP3 players. IEEE 1394 is based on a technology developed by Apple called FireWire. FireWire was subsequently replaced by Thunderbolt.
IEEE 802.1
A standard that defines the OSI model's physical and data link layers. This standard allows two IEEE LAN stations to communicate over a LAN or WAN and is often called the internetworking standard.
NAT (Network Address Translation)
A standard that enables the translation of IP addresses used on one network to a different IP address that is acceptable for use on another network. This translation enables multiple systems to access an external network, such as the Internet, through a single IP address.
service set identifier (SSID)
A string of characters that identify a WLAN. Aps participating in the same WLAN can be configured with identical SSIDs. An SSID shared among multiple APs is called an extended service set identifier (ESSID).
TCP/IP (Transmission Control Protocol/Internet Protocol)
A suite of protocols that includes TCP and IP. TCP/IP was originally designed for use on large internetworks but has now become the de facto protocol for networks of all sizes.
IPv4 (Internet Protocol version 4)
A suite of protocols used for communication on a local area network and for accessing the Internet.
UTP (unshielded twisted-pair)
A type of cable that uses multiple twisted pairs of copper wire in a casing that does not provide much protection from EMI. The most common network cable in Ethernet networks, UTP is rated in categories including Category 1 through Category 7, as well as Category 5e and Category 6a.
CAM (content addressable memory)
A type of computer memory used in high-speed searching applications.
Syslog
A syslog-logging solution consists of two primary components: syslog servers, which receive and store log messages sent from syslog clients; and syslog clients, which can be a variety of network devices that send logging information to a syslog server.
SCADA (supervisory control and data acquisition)
A system operating with coded signals to remotely control a device or equipment.
directory services
A system that enables network resources to be viewed as objects stored in a database. This database can then be divided and distributed among different servers on the network. An example of directory services includes LDAP or Microsoft Active Directory
full duplex
A system in which data simultaneously transmits in two directions. Compare with half duplex.
DCS (distributed computer system)
A system in which the whole is divided into many parts. The best example of this is using multiple computers to work together and appear to the user as a single entity.
UPS (uninterruptible power supply)
A system that provides protection against power surges and power outages. During blackouts, a UPS gives you time to shut down systems or devices on the network before the temporary power interruption becomes permanent. A UPS is also called battery backup.
resolver
A system that requests the resolution of a name to an IP address. This term can be applied to both DNS and WINS clients.
ARP table
A table of entries used by ARP to store resolved ARP requests. Entries can also be manually stored
DNAT (Destination Network Address Translation)
A technique for transparently changing the destination of an end route and performing the inverse function for any replies.
multiplexing
A technique of combining multiple channels over a transmission path and then recovering or demultiplexing the separate channels at the receiving end. Examples include FDM, TDM, CDM, and WDM.
encapsulation
A technique used by protocols in which header and trailer information is added to the protocol data unit as it is passed down through the protocol stack on a sending system. The reverse process, decapsulation, is performed at the receiving system as the packet travels up through the protocol suite.
MPLS (multiprotocol label switching)
A technology designed to speed up network traffic flow by moving away from the use of traditional routing tables. Instead of routing tables, MPLS uses short labels to direct packets and forward them through the network.
VRF (virtual routing and forwarding)
A technology that allows multiple instances of a routing table to coexist within the same router at the same time.
FC (Fibre Channel)
A technology that defines full gigabit-per-second (commonly runs at 2-, 4-, 8-, and 16-gigabit per second data rates) data transfer over fiber-optic cable. Commonly used with storage-area network (SAN) implementations.
Fibre Channel
A technology that defines full gigabit-per-second (commonly runs at 2-, 4-, 8-, and 16-gigabit per second data rates) data transfer over fiber-optic cable. Commonly used with storage-area network (SAN) implementations.
FDM (frequency-division multiplexing)
A technology that divides the output channel into multiple smaller-bandwidth channels, each of which uses a different frequency range.
clustering
A technology that enables two or more computers to act as a single system to provide improved fault tolerance, load balancing, and failover capability
FCoE (Fibre Channel over Ethernet)
A technology that encapsulates Fibre Channel frames over Ethernet networks allowing FC to use 10 Gigabit Ethernet networks (or higher) while preserving the Fibre Channel protocol.
Zeroconf
A technology that performs three basic functions: assigning link-local IP addresses, resolving computer names to IP addresses, and locating network services.
baseband
A term applied to any medium that can carry only a single data signal at a time. Compare with broadband.
PSTN (public switched telephone network)
A term that refers to all the telephone networks and services in the world. The same as POTS, PSTN refers to the world's collection of interconnected public telephone networks that are both commercial and government owned. All the PSTN is digital, except the connection between local exchanges and customers (which is called the local loop or last mile), which remains analog.
multihomed
A term used to refer to a device that has more than one network interface.
multiplatform
A term used to refer to a programming language, technology, or protocol that runs on different types of CPUs or operating systems.
bit-error rate tester (BERT)
A test to determine the number of received bits of a data stream that has changed due to noise, interference, or other distortion. When troubleshooting a link where you suspect a high bit-error rate (BER), you can use a piece of test equipment called a bit-error rate tester (BERT), which contains both a pattern generator (which can generate a variety of bit patterns) and an error detector (which is synchronized with the pattern generator and can determine the number of bit errors) and can calculate a BER for the tested transmission link.
HOSTS file
A text file that contains hostname-to-IP address mappings. All commonly used platforms accommodate static name resolution using the HOSTS file.
OTDR (optical time-domain reflectometer)
A tool used to locate problems with optical media, such as cable breaks.
wire crimper
A tool used to create networking cables. The type of wire crimping tool used depends on the cable being made.
crimper
A tool used to join connectors to the ends of network cables.
multimeter
A tool used to measure voltage, current, and resistance.
cable stripper
A tool used to strip the sheathing from copper cabling.
blackout
A total loss of electrical power
ITS (intelligent transportation system)
A traffic management system intended for use in creating smart transportation networks.
loopback testing
A troubleshooting method in which the output and input wires are crossed or shorted in a manner that enables all outgoing data to be routed back into the card.
MMF (multimode fiber)
A type of fiber in which many beams of light travel through the cable, bouncing off the cable walls. This strategy actually weakens the signal, reducing the length and speed at which the data signal can travel. See also SMF.
USB (universal serial bus)
A type of interface between a computer system and peripheral devices. The USB interface enables you to add or remove devices without shutting down the computer. USB supports up to 127 devices. USB also supports autodetection and plug and play.
distance-vector routing
A type of routing in which a router uses broadcasts to inform neighboring routers on the network of the routes it knows about. Compare with linkstate routing.
MDIX (media dependent interface crossover)
A type of port found on Ethernet networking devices in which the wiring is crossed so that the transmit line of one device becomes the receive line of the other. MDI-X is used to connect hubs and switches to client computers.
MDI (medium-dependent interface)
A type of port found on Ethernet networking devices, such as hubs and switches, in which the wiring is straight through. MDI ports are sometimes called uplink ports. They are intended for use as connectivity points to other hubs and switches.
Trojan
A type of program that appears legitimate but performs some illicit activity when it is run.
Event Viewer
A utility available on Windows server systems and client systems. It is commonly used to gather systems information and also is used in the troubleshooting process.
TTL (Time To Live)
A value assigned to a packet of data to prevent it from moving around the network indefinitely. The TTL value is decremented each time the packet crosses a router, until it reaches 0, at which point it is removed from the network.
PSK (pre-shared key)
A value (key) shared with another party so that they can encrypt messages to then be securely sent.
Metric
A value assigned to a route, and lower metrics are preferred over higher metrics.
metric
A value that can be assigned to a route to encourage or discourage the use of the route. See also cost.
cost
A value used to encourage or discourage the use of a certain route through a network. Routes that are to be discouraged are assigned a higher cost, and those that are to be encouraged are assigned a lower cost. See also metric.
Static NAT (SNAT)
A variant of NAT in which an inside local IP address is statically mapped to an inside global IP address. SNAT is useful for servers inside a network, which need to be accessible from an outside network.
Dynamic NAT (DNAT)
A variant of NAT in which inside local addresses are automatically assigned an inside global address from a pool of available addresses.
Port Address Translation (PAT)
A variant of NAT in which multiple inside local IP addresses share a single inside global IP address. PAT can distinguish between different flows based on port numbers.
ASP (application service provider)
A vendor who provides computer-based services over the network.
SVC (switched virtual circuit)
A virtual circuit dynamically established on demand to form a dedicated link. It is broken when transmission is complete.
virtual desktop
A virtual desktop solution allows a user to store data in a centralized data center, as opposed to the hard drive of their local computer. Then, with appropriate authentication credentials, that user can access his data from various remote devices (for example, his smartphone or another computer).
surge
A voltage increase that is less dramatic than that of a spike but can last much longer. Sometimes called a swell. The opposite of a brownout.
ISO (International Organization for Standardization)
A voluntary organization founded in 1946 that is responsible for creating international standards in many areas, including communications and computers. This also includes the development of the OSI model.
Wi-Fi
A voluntary standard that manufacturers can adhere to, which aims to create compatibility between wireless devices. Wi-Fi is an abbreviation for wireless fidelity.
hotspot
An area in which an access point provides public wireless broadband network services to mobile visitors through a WLAN. Hotspots are often located in heavily populated places such as airports, hotels, and coffee shops.
IEEE 802.11a
A wireless networking standard operating in the 5 GHz band. 802.11a supports a maximum theoretical data rate of 54 Mbps. Depending on interference, 802.11a could have a range of 150 feet at the lowest speed setting. Higher-speed transmissions would see a lower range. 802.11a uses the CSMA/CA media access method and is incompatible with 802.11b and 802.11g.
infrastructure topology
A wireless topology that defines a wireless network composed of an access point connected to a wired LAN. Wireless devices communicate with the wired LAN through the access point (AP).
infrared
A wireless data communication method that uses light pulses in the infrared range as a carrier signal.
IrDA
A wireless networking technology that uses infrared beams to send data transmissions between devices.
microwaves
A wireless technology sometimes used to transmit data between buildings and across vast distances.
buffer
An area of memory in a device used to temporarily store data before it is forwarded to another device or location.
NAS (network-attached storage)
An array of disks providing network storage capacity to the users on the network. It is a specialized file-level computer storage device connected to a network.
E1
An E1 circuit contains 32 channels, in contrast to the 24 channels on a T1 circuit. Only 30 of those 32 channels, however, can transmit data (or voice or video). Specifically, the first of those 32 channels is reserved for framing and synchronization, and the 17th channel is reserved for signaling (that is, to set up, maintain, and tear down a session).
CSU/DSU (channel service unit/ data service unit)
Acts as a translator between the LAN data format and the WAN data format. Such a conversion is necessary because the technologies used on WAN links are different from those used on LANs.
channel service unit/data service unit (CSU/DSU)
Acts as a digital modem that terminates a digital circuit (for example, a T1 or an E1 circuit).
honey pot
Acts as a distracter. Specifically, a system designated as a honey pot appears to be an attractive attack target. One school of thought on the use of a honey pot is to place one or more honey-pot systems in a network to entice attackers into thinking the system is real. The attackers then use their resources attacking the honey pot, resulting in their leaving the real servers alone.
noise
Another name for EMI. See also EMI.
E1 (E-Carrier Level 1)
An E1 link operates over two separate sets of wires, typically twisted-pair cable, and carries data at a rate of 2.048 million bits per second. E1 is the European equivalent of T1 used in the United States.
E3 (E-Carrier Level 3)
An E3 link carries 16 E1 signals with a data rate of 34.368 million bits per second. E3 is the European equivalent of T3 used in the United States.
XDSL (extended digital subscriber line)
All the variations of DSL available are lumped together under the label XDSL.
virtual server
Allows a single physical server to host multiple virtual instances of various operating systems. This allows, for example, a single physical server to simultaneously host multiple Microsoft Windows servers and multiple Linux servers.
single sign-on (SSO)
Allows a user to authenticate once to gain access to multiple systems, without requiring the user to independently authenticate with each system.
Punch-down Blocks
Allows for faster and a more reliable connection. Allows copper conductor to make a connection.
peer-to-peer network
Allows interconnected devices (for example, PCs) to share their resources with one another. These resources could be, for example, files or printers. A network environment that does not have dedicated servers, where communication occurs between similarly capable network nodes that act as both clients and servers
Network Address Translation (NAT)
Allows private IP addresses (as defined in RFC 1918) to be translated into Internet-routable IP addresses (public IP addresses).
route redistribution
Allows routes learned by one routing protocol to be injected into the routing process of another routing protocol.
frequency-hopping spread spectrum (FHSS)
Allows the participants in a communication to hop between predetermined frequencies. Security is enhanced because the participants can predict the next frequency to be used but a third party cannot easily predict the next frequency. FHSS can also provision extra bandwidth by simultaneously using more than one frequency.
DLP (data leak prevention)
Also commonly expressed as data loss prevention, it is a system designed to detect and respond to potential breaches.
TA (terminal adaptor)
Also known as adapter, this is a device that connects a node to an ISDN network.
CAT6a
Also called augmented 6. Offers improvements over Category 6 by offering a minimum of 500 MHz of bandwidth. It specifies transmission distances up to 100 meters with 10 Gbps networking speeds.
fiber-optic cable
Also known as fiber optics or optical fiber, a physical medium that can conduct modulated light transmissions. Compared with other transmission media, fiber-optic cable is more expensive, but it is not susceptible to EMI or crosstalk, and it is capable of high data rates and increased distances.
MaaS (Mobility as a Service)
Also known as Transportation as a Service, this is a shift toward mobility solutions that are consumed as a service as opposed to personal vehicles.
client-to-site VPN
Also known as a remote-access VPN, a client-to-site VPN interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost.
coaxial cable
Also known as coax, a coaxial cable is composed of two conductors. One of the conductors is an inner insulated conductor. This inner conductor is surrounded by another conductor. This second conductor is sometimes made of a metallic foil or woven wire.
Demark
Also known as demarcation point or a demarc extension, this is the point in a telephone network where the maintenance responsibility passes from a telephone company to a subscriber (unless the subscriber purchased an inside wiring plan). This demarc is typically a box mounted to the outside of a customer's building (for example, a residence).
TCP/IP stack
Also known as the DoD model, this four-layer model (as opposed to the seven-layer OSI model) targets the suite of TCP/IP protocols.
Hub
An Ethernet hub is an older technology used to interconnect network components, such as clients and servers. Hubs vary in their number of available ports. A hub does not perform any inspection of the traffic it passes. Rather, a hub simply receives traffic in a port and repeats that traffic out all of its other ports.
Marking
Alters bits within a frame, cell, or packet to indicate how a network should treat that traffic. Marking alone does not change how a network treats a packet. Other tools (such as queuing tools) can, however, reference markings and make decisions (for example, forwarding decisions or dropping decisions) based on those markings.
APT (Advanced Persistent Tool)
Although CompTIA uses Tool, most use Threat as the last word of the acronym. In either case, it is an unauthorized person in a network, undetected, for an exceedingly long period of time.
GPG (GNU Privacy Guard)
An IETF RFC 4880-compliant alternative to the PGP suite of cryptographic software.
IKE (Internet Key Exchange)
An IPsec protocol that uses X.509 certificates for authentication.
BRI (Basic Rate Interface)
An ISDN digital communications line that consists of three independent channels: two B channels each at 64 Kbps and one D channel at 16 Kbps. ISDN BRI is often referred to as 2B+D. See also ISDN and PRI.
SLA (service level agreement)
An agreement between a customer and provider detailing the level of service to be provided on a regular basis and in the event of problems.
FTP bounce
An FTP bounce attack uses the FTP PORT command to covertly open a connection with a remote system. Specifically, an attacker connects to an FTP server and uses the PORT command to cause the FTP server to open a communications channel with the intended victim, which might allow a connection from the FTP server, while a connection directly from the attacker might be denied.
Gigabit Ethernet
An IEEE 802.3 specification that defines standards for data transmissions of 1 Gbps. See also 1000BASE-T.
1000BaseT
An IEEE 802.3ab standard that specifies Gigabit Ethernet over Category 5 or better UTP cable. The standard allows for full-duplex transmission using four pairs of twisted cable up to 100 meters.
IEEE 802.1X
An IEEE security standard designed for authenticating wireless devices. This standard uses Extensible Authentication Protocol (EAP).
LACP (Link Aggregation Control Protocol)
An IEEE specification that provides a control method of bundling several physical ports into one single channel.
IEEE 802.11g
An IEEE wireless standard that is backward compatible with 802.11b. 802.11g offers a data rate of 54 Mbps. Like 802.11b, 802.11g uses the 2.4 GHz RF range.
CIDR (classless interdomain routing)
An IP addressing scheme that enables a single IP address to designate many unique IP addresses. CIDR addressing uses an IP address followed by a / and the IP network prefix. An example of a CIDR address is 192.168.100.0/16. CIDR is sometimes called supernetting.
iSCSI (Internet Small Computer System Interface)
An IP-based networking storage standard for linking and managing data storage facilities. iSCSI allows SCSI commands to be sent over IP networks, including LANs, WANs, and the Internet.
SNTP (Simple Network Time Protocol)
An IP-based protocol used to coordinate time among devices across the network.
VRRP (Virtual Router Redundancy Protocol)
An IP-based routing protocol that automatically assigns available routers to participating hosts.
Encapsulating Security Payload (ESP)
An IPsec protocol that provides authentication, integrity, and encryption services.
PRI (Primary Rate Interface)
An ISDN circuit built on a T1 or E1 circuit. PRI has a transfer rate of 1.544 Mbps
HDLC (High-Level Data Link Control)
An ISO developed bitoriented synchronous data link layer protocol used for point-to-point or point-to-multipoint connections.
PPPoE (Point-to-Point Protocol over Ethernet)
An Internet connection authentication protocol that uses two separate technologies, Ethernet and PPP, to provide a method for multiple users to share a common digital subscriber line (DSL), cable modem, or wireless connection to the Internet. Commonly used between a DSL modem in a home (or business) and a service provider. Specifically, PPPoE encapsulates PPP frames within Ethernet frames. PPP is used to leverage its features, such as authentication.
SMTP (Simple Mail Transfer Protocol)
An Internet protocol used for the transfer of email messages and attachments.
NNTP (Network News Transfer Protocol)
An Internet protocol that controls how news articles are to be queried, distributed, and posted. NNTP uses port 119.
link light
An LED on a networking device, such as a hub, switch, or NIC. The illumination of the link light indicates that, at a hardware level, the connection is complete and functioning.
DR (designated router)
An OSPF router intended to reduce network traffic by maintaining the complete routing database and then sending updates to the other routers on the shared network segment
SNMP trap
An SNMP utility that sends an alarm to notify the administrator that something within the network activity differs from the established threshold, as defined by the administrator.
CCTV (closed-circuit TV)
An acronym for video cameras used to watch a particular place and send (transmit) to a particular location.
A Record
An address record. This refers to one of three machines typically: the host sending data, the host receiving data, or an intermediary between the two (the next hop).
MOU (memorandum of understanding)
An agreement (bilateral or multilateral) between parties defining terms and conditions of an agreement.
MOA (memorandum of agreement)
An agreement expressing a convergence of will between the parties and indicating an intended common line of action.
SLIP (Serial Line Internet Protocol)
An antiquated IP-based protocol for modem connections and serial ports
Anycast
An anycast communication flow is a one-to-nearest (from the perspective of a router's routing table) flow.
uninterruptible power supply (UPS)
An appliance that provides power to networking equipment in the event of a power outage.
SIP (Session Initiation Protocol)
An application layer protocol designed to establish and maintain multimedia sessions such as Internet telephony calls
NMS (network management system)
An application that acts as a central management point for network management. Most NMS systems use SNMP to communicate with network devices. See also SNMP.
SSH (Secure Shell)
An application, such as Telnet, that enables a session to be opened on a remote host. SSH differs from Telnet in that it provides additional authentication methods and encryption for data as it traverses the network. SSH uses TCP/IP port 22.
SMB (server message block)
An application-layer network protocol used primarily for providing shared access to files, printers, and ports as well as miscellaneous communications between nodes
SDN (software defined network)
An approach to networking that allows network administrators to programmatically manage network behavior dynamically via open interfaces and provide abstraction of lower-level functionality
UTM (unified threat management)
An approach to threat management that combines multiple securityrelated products (antivirus software, IPS, and so on) into a single management console.
plug and play
An architecture designed to enable the operating system to detect hardware devices and for the driver to be automatically loaded and configured.
VDSL (variable digital subscriber line)
An asymmetric version of DSL that supports high-bandwidth applications such as VoIP and HDTV. It is the fastest available form of DSL and uses fiber-optic cabling.
HDMI (High-Definition Multimedia Interface)
An audio/video interface for transferring data and compressed or uncompressed data to a monitor, projector, television, or digital audio device.
rights
An authorization provided to users that allows them to perform certain tasks. The network administrator generally assigns rights. Slightly different from but often used with the term permissions.
electromagnetic interference (EMI)
An electromagnetic waveform that can be received by network cable (possibly corrupting data traveling on the cable) or radiated from a network cable (possibly interfering with data traveling on another cable).
bit
An electronic digit used in the binary numbering system. Bit is a contraction of the terms binary and digit.
Advanced Encryption Standard (AES)
An encryption algorithm for securing sensitive networks used by U.S. government agencies. Has become the encryption standard for corporate networks. AES is available in 128-bit key, 192-bit key, and 256-bit key versions.
CVW (collaborative virtual workspace)
An environment, often called a CVE, used for collaboration and interaction of participants that may be spread over large distances.
EAP (Extensible Authentication Protocol)
An extension of PPP that supports authentication methods more secure than a standard username and password combination. EAP is commonly used as an authentication protocol for token cards, smart cards, and digital certificates.
TTLS (Tunneled Transport Layer Security)
An extension of TLS that adds tunneling and is often combined with EAP.
host ID
An identifier used to uniquely identify a client or resource on a network.
MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)
An implementation of CHAP specific to Microsoft operating systems and commonly offered in both server and desktop operating systems.
SFTP (Secure File Transfer Protocol)
An implementation of File Transfer Protocol (FTP) that uses Secure Shell (SSH) technology to provide additional authentication and encryption services for file transfers.
UNC (Universal Naming Convention)
An industry-naming standard for computers and resources that provides a common syntax that should work in most systems, including Windows and UNIX. An example of a UNC name is \\servername\sharename.
surge protector
An inexpensive and simple device placed between a power outlet and a network component to protect the component from spikes and surges. Also known as a surge suppressor.
datagram
An information grouping transmitted as a unit at the network layer. See also packet.
spike
An instantaneous, dramatic increase in the voltage input to a device. Spikes are responsible for much of the damage done to network hardware components.
ASIC (application-specific integrated circuit)
An integrated circuit designed for a particular use instead of for general-purpose uses.
wide-area network (WAN) link
An interconnection between two devices in a WAN.
campus-area network (CAN)
An interconnection of networks located in nearby buildings (for example, buildings on a college campus).
ISDN (Integrated Services Digital Network)
An internationally adopted standard for providing end-to-end digital communications between two points. ISDN is a dialup technology allowing data, voice, and other source traffic to be transmitted over a dedicated link.
NIDS (network intrusion detection system)
An intrusion detection system that analyzes and monitors at the network level rather than the host level.
Point-to-Point Tunneling Protocol (PPTP)
An older VPN protocol (that supported the dial-up networking feature in older versions of Microsoft Windows). Like L2TP and L2F, PPTP lacks native security features. However, Microsoft's versions of PPTP bundled with various versions of Microsoft Windows were enhanced to offer security features.
legacy
An older computer system or technology.
Common Address Redundancy Protocol (CARP)
An open standard variant of HSRP, which provides first-hop router redundancy.
IANA (Internet Assigned Numbers Authority)
An organization responsible for IP addresses, domain names, and protocol parameters. Some functions of IANA, such as domain name assignment, have been devolved into other organizations.
TIA (Telecommunications Industry Association)
An organization that, along with the Electronic Industries Association (EIA), develops standards for telecommunications technologies.
Interior Gateway Protocol (IGP)
An routing protocol that operates within an autonomous system, which is a network under a single administrative control. OSPF and EIGRP are popular examples of IGPs.
broadcast storm
An undesirable condition in which broadcasts become so numerous that they bog down the flow of data across the network.
brownout
An undesirable condition in which broadcasts become so numerous that they bog down the flow of data across the network.
APC
Angled Physical contact. Allows for a more precise signal to go through. 8 degree angle. Color coded green.
VTC (video teleconference)
Any combination of audio and video real-time technologies.
boundless medium (unbound medium)
Any medium that does not have physical constraints. Examples of unbound media are infrared, wireless, and microwave. Compare with bound medium.
unbound medium (or boundless medium)
Any medium that does not have physical constraints. Examples of unbound media are infrared, wireless, and microwave. Compare with bound medium.
SIEM (Security Information and Event Management)
Any of a family of products that combine security information management and event management to achieve a more holistic approach to security.
VoIP (Voice over IP)
Any of a number of technologies that enable voice communication across the Internet Protocol.
NFC (near field communication)
Any protocol that enables two electronic devices to establish communication by bringing them within 1.6 inches of each other. This is gaining in popularity for use with a smartphone and electronic payment systems.
interference
Anything that can compromise a signal's quality. On bound media, crosstalk and EMI are examples of interference. In wireless environments, atmospheric conditions that degrade a signal's quality would be considered interference.
WWW, Software
Application
Client Software
Application Layer
DHCP
Application Layer
DNS
Application Layer
FTP
Application Layer
HTTP
Application Layer
POP3
Application Layer
RDP
Application Layer
SMB
Application Layer
SMTP
Application Layer
SNMP
Application Layer
Telnet
Application Layer
application-level firewall
Application-layer firewalls operate at the application layer of the OSI model. Application layer firewalls can inspect data packets traveling to or from an application.
data link layer
As Layer 2 of the OSI model, this layer is concerned with the packaging of data into frames and transmitting those frames on a network, performing error detection/correction, uniquely identifying network devices with an address, and handling flow control.
transport layer (OSI model)
As Layer 4 of the OSI model, it acts as a dividing line between the upper layers and lower layers. Specifically, messages are taken from the upper layers (Layers 5[nd]7) and encapsulated into segments for transmission to the lower layers (Layers 1[nd]3). Similarly, data streams coming from lower layers are decapsulated and sent to Layer 5 (the session layer) or some other upper layer, depending on the protocol.
link aggregation
As defined by the IEEE 802.3ad standard, link aggregation allows multiple physical connections to be logically bundled into a single logical connection.
differentiated services (DiffServ)
As its name suggests, DiffServ differentiates between multiple traffic flows. Specifically, packets are marked, and routers and switches can then make decisions (for example, dropping or forwarding decisions) based on those markings.
Server
As its name suggests, a server serves up resources to a network. These resources might include e-mail access as provided by an e-mail server, web pages as provided by a web server, or files available on a file server.
Asset management
As related to networks, this is a formalized system of tracking network components and managing the lifecycle of those components.
EDNS (Extension Mechanisms for DNS)
As specified by the Internet Engineering Task Force as RFC 2671, EDNS increases the size of the flags fields, return codes, and label types available in basic DNS.
wireless router
Attaches to a wired network and provides access to that wired network for wirelessly attached clients, like a wireless AP. However, a wireless router is configured such that the wired interface that connects to the rest of the network (or to the Internet) is on a different IP network than the wireless clients. Typically, a wireless router performs NATing between these two IP address spaces.
cable modem
Attaches to the same coaxial cable (typically in a residence) that provides television programming. A cable modem can use predetermined frequency ranges to transmit and receive data over that coaxial cable.
social engineering
Attackers sometimes use social techniques (which often leverage people's desire to be helpful) to obtain confidential information. For example, an attacker might pose as a member of an IT department and ask a company employ for their login credentials in order for the "IT staff to test the connection." This type of attack is called social engineering.
AAAA
Authentication, authorization, accounting, and auditing. Authentication is the process to determine whether someone is authorized to use the network—if the person can log on to the network. Authorization refers to identifying the resources a user can access after the user is authenticated. Accounting refers to the tracking methods used to identify who uses the network and what they do on the network. Auditing refers to the ability to associate actions with the machine/user in question.
AAA
Authentication, authorization, and accounting. Authentication is the process to determine whether someone is authorized to use the network—if the person can log on to the network. Authorization refers to identifying the resources a user can access after the user is authenticated. Accounting refers to the tracking methods used to identify who uses the network and what they do on the network.
permissions
Authorization provided to users that allows them to access objects on a network. Network administrators generally assign permissions. Permissions are slightly different from but are often used with rights.
Characteristics of fiber transceivers
Bidirectional, Duplex
Copper Category Standards
CAT 3, 5, 5e, 6, 6a, and 7
CAT5e
Data-grade cable used on networks that run at 10/100 Mbps and even up to 1000 Mbps. Category 5e cabling can be used up to 100 meters, depending on the implementation and standard used. Category 5e cable provides a minimum of 100 MHz of bandwidth.
route command
Can add, modify, or delete routes in the IP routing table of Microsoft Windows and UNIX hosts. In addition, the route command can be used to view the IP routing table of Microsoft Windows hosts.
arp command
Can be used in either the Microsoft Windows or UNIX environment to see what a Layer 2 MAC address corresponds to a Layer 3 IP address.
content switch
Can be used to load balance requests for content across a group of servers containing that content. If one of the servers in the group needed to have maintenance performed, that server could be administratively removed from the group, as defined on the content switch. As a result, the content switch can help maximize up time when performing server maintenance. It minimizes the load on individual servers by distributing its load across multiple identical servers. A content switch also allows a network to scale because one or more additional servers could be added to the server group defined on the content switch if the load on existing servers increases.
netstat command
Can display a variety of information about IP-based connections on a Windows or UNIX host.
dig command
Can resolve a FQDN to an IP address on UNIX hosts.
host command
Can resolve a FQDN to an IP address on hosts.
hold-down timers
Can speed the convergence process of a routing protocol. After a router makes a change to a route entry, the hold-down timer prevents any subsequent updates for a specified period of time. This approach can help stop flapping routes (which are routes that oscillate between being available and unavailable) from preventing convergence.
RJ-11
Commonly used for phones. A phone line connection or port found on modems, telephones, and house phone outlets.
unicast
Communication that takes place over a network between a single sender and a single receiver
dB
Decibels. A measurement.
Class D network
Class D network addresses within the range of 224.0.0.0 to 239.255.255.255 are used for multicasting data to multicast-capable hosts on a network.
classification
Classification is the process of placing traffic into different categories.
NGFW (Next Generation Firewall)
Combining a traditional firewall with any other network device (such as an intrusion prevention system) to get additional functionalities.
ICA (Independent Computer Architecture)
Contrary to the CompTIA acronym, the C is more correctly Computing, and this is a Cisco proprietary protocol for application servers.
CWDM (course wave-division multiplexing)
Contrary to the CompTIA acronym, most in the industry use coarse for the C portion and it is a method of multiplexing in which different signals operate at different speeds. The best example of this is cable modems, allowing for different speeds of uploading and downloading.
Spanning Tree Protocol (STP)
Defined by the IEEE 802.1D standard, it allows a network to have redundant Layer 2 connections, while logical preventing a loop, which could lead to symptoms such as broadcast storms and MAC address table corruption.
Access Point
Data Link Layer
Bridge
Data Link Layer
Data Flow
Data Link Layer
Error Recovery
Data Link Layer
Ethernet Physical Address
Data Link Layer
Frame
Data Link Layer
Frames
Data Link Layer
Header
Data Link Layer
MLPS
Data Link Layer
Mac Addressing
Data Link Layer
ISAKMP (Internet Security Association and Key Management Protocol)
Defined by RFC 2408, ISAKMP is a protocol typically used by IKE for key exchange.
Power over Ethernet (PoE)
Defined by the IEEE 802.3af and 802.3at standards, PoE allows an Ethernet switch to provide power to an attached device (for example, a wireless access point, security camera, or IP phone), by applying power to the same wires in a UTP cable that are used to transmit and receive data. A technology that enables electrical power to be transmitted over twisted-pair Ethernet cable. The power is transferred, along with data, to provide power to remote devices.
SPB (Shortest Path Bridging)
Defined in IEEE 802.1aq, this is a standard defining a routing (Layer 2) protocol.
ad hoc topology
Defines a wireless network layout whereby devices communicate directly among themselves without using an access point. Sometimes called an unmanaged or peer-to-peer wireless topology.
Client
Defines the device an end-user uses to access a network. This device might be a workstation, laptop, smartphone with wireless capabilities, a tablet, or a variety of other end-user terminal devices.
bound medium
Describes any medium that has physical constraints, such as coaxial, fiberoptic, and twisted pair. Compare with unbound medium.
QoS (quality of service)
Describes the strategies used to manage and increase the flow of network traffic. QoS features enable administrators to predict bandwidth use, monitor that use, and control it to ensure that bandwidth is available to the applications that need it.
RG-6/59
Designations for the coaxial cable used in thin coaxial networks that operat
TKIP (Temporal Key Integrity Protocol)
Designed to address the shortcomings of the WEP security protocol. TKIP is an encryption protocol defined in IEEE 802.11i.
time domain reflectometer (TDR)
Detects the location of a fault in a copper cable by sending an electric signal down the copper cable and measuring the time required for the signal to bounce back from the cable fault. A TDM can then mathematically calculate the location of the fault.
optical time domain reflectometer (OTDR)
Detects the location of a fault in a fiber cable by sending light down the fiber-optic cable and measuring the time required for the light to bounce back from the cable fault. The OTDM can then mathematically calculate the location of the fault.
Media
Devices need to be interconnected via some sort of media. This media could be copper cabling. Alternatively, it could be a fiber-optic cable. Media might not even be a cable, as is the case with wireless networks, where radio waves travel through the media of air.
full-mesh topology
Directly connects every site to every other site.
nbtstat command
Displays NetBIOS information for IP-based networks. The nbt prefix of the nbtstat command refers to NetBIOS over TCP/IP, which is called NBT (or NetBT). This command can, for example, display a listing of NetBIOS device names learned by a Microsoft Windows-based PC.
TDM (time-division multiplexing)
Divides a single communication channel into multiple channels, enabling data signals to be transferred simultaneously as subchannels in one communication channel. Despite being only a single channel, data signals take turns sending data.
Dynamic Host Configuration Protocol (DHCP)
Dynamically assigns IP address information (for example, IP address, subnet mask, DNS server's IP address, and default gateway's IP address) to network devices.
crosstalk
Electronic interference caused when two wires are too close to each other, and the adjacent cable creates interference.
VNC (virtual network connection)
Enables remote login, in which clients can access their own desktops while being physically away from their computers.
Hz (hertz)
Equivalent to cycles per second, hertz is the unit of frequency defined as the number of cycles per second of a periodic phenomenon.
PUA (privileged user agreement)
Established, and agreed upon, rules of behavior that define what privileged users can and cannot do with their elevated permissions.
Ethernet
Ethernet is a Layer 1 technology developed by Xerox and encompasses a variety of standards, which specify various media types, speeds, and distance limitations.
EMI (electromagnetic interference)
External interference of electromagnetic signals that causes a reduction in data integrity and increased error rates in a transmission medium.
Fiber Transceiver: GBIC
Gigabit Interface card. - 100BASE-SX - GB Ethernet - Range - 550 meters - IEEE.3Z - hot-swappable
internal loopback address
Functionality built in to the TCP/IP stack that enables you to verify the correct functioning of the stack. You can ping any IPv4 address in the 127.x.x.x range, except the network address (127.0.0.0) or the broadcast address (127.255.255.255). The address 127.0.0.1 is most commonly used. In IPv6, the localhost (loopback) address is 0:0:0:0:0:0:0:1 or can also be expressed as ::1.
RJ-45
Has a rectangular shape. Commonly used on the end of Ethernet cables. The 8-pin modular connector used with CAT6/5e/5 cable
CAT6
High-performance UTP cable that can transmit data up to 10 Gbps.
110 Block
Higher Bandwidth used with CAT5 cables and up. Greater termination density. More common today. 100, 200, 300 pairs at rows of 50 pairs each. Mounted Horizontally.
uptime
How long a device has been on and operating.
session
How long the dialog remains open between two nodes.
intrusion detection system (IDS)
IDS devices can recognize the signature of a well-known attack and respond to stop the attack. However, an IDS sensor does not reside in-line with the traffic flow. Therefore, one or more malicious packets might reach an intended victim before the traffic flow is stopped by an IDS sensor.
intrusion prevention system (IPS)
IPS devices can recognize the signature of a well-known attack and respond to stop the attack. An IPS device resides in-line with the traffic flow, unlike an IDS sensor.
BPDU (bridge protocol data unit)
Identifies the status of ports and bridges across the network. BPDUs are simple data messages exchanged between switches. They contain information on ports and provide the status of those ports to other switches.
congestion avoidance
If an interface's output queue fills to capacity, newly arriving packet are discarded (or tail dropped). Congestion avoidance can prevent this behavior. RED is an example of a congestion-avoidance mechanism.
Warchalking
If an open WLAN (or a WLAN whose SSID and authentication credentials are known) is found in a public place, a user might write a symbol on a wall (or some other nearby structure) to let others know the characteristics of the discovered network. This practice, which is a variant of the decades-old practice of hobos leaving symbols as messages to fellow hobos, is called warchalking.
cable certifier
If you are working with existing cable and want to determine its category, or if you simply want to test the supported frequency range (and therefore data throughput) of the cable, you can use a cable certifier.
nondesignated port
In STP terms, nondesignated ports block traffic to create a loop-free topology.
hot spare
In a RAID configuration, a drive that sits idle until another drive in the RAID array fails, at which point the hot spare takes over the role of the failed drive.
designated port
In a STP topology, every network segment has a single designated port, which is the port on that segment that is closest to the root bridge, in terms of cost. Therefore, all ports on a root bridge are designated ports.
root port
In a STP topology, every nonroot bridge has a single root port, which is the port on that switch that is closest to the root bridge, in terms of cost.
client/server network
In a client/server network, a dedicated server (for example, a file server or a print server) provides shared access to a resource (for example, files or a printer). Clients (for example, PCs) on the network with appropriate privilege levels can gain access to those shared resources.
Frame Length field
In a data frame, the field that specifies the length of a frame.
Frame Type field
In a data frame, the field that names the protocol being sent in the frame.
data field
In a frame, the field or section that contains the data.
Supplicant
In a network using 802.1X user authentication, a supplicant is the device that wants to gain access to a network.
ring topology
In a ring topology, traffic flows in a circular fashion around a closed network loop (that is, a ring). Typically, a ring topology sends data, in a single direction, to each connected device in turn, until the intended destination receives the data.
beaconing
In a wireless network, beaconing refers to the continuous transmission of small packets (beacons) that advertise the presence of a base station (access point).
remote control
In networking, having physical control of a remote computer through software.
port
In physical networking terms, a pathway on a networking device that enables other devices to be connected. In software terms, a port is the entry point into an application, a system, or a protocol stack.
MAC layer
In the OSI model, the lower of the two sublayers of the data link layer. It is defined by the IEEE as being responsible for interaction with the physical layer
Internet layer
In the TCP/IP architectural model, the layer responsible for addressing, packaging, and routing functions. Protocols that operate at this layer are responsible for encapsulating packets into Internet datagrams. All
Trunk
In the context of an Ethernet network, a trunk is a single physical or logical connection that simultaneously carries traffic for multiple VLANs. However, a trunk also refers to an interconnection between telephone switches, in the context of telephony.
T3
In the same T-carrier family of standards as a T1, a T3 circuit offers an increased bandwidth capacity. Although a T1 circuit combines 24 DS0s into a single physical connection to offer 1.544 Mbps of and width, a T3 circuit combines 672 DS0s into a single physical connection, with a resulting bandwidth capacity of 44.7 Mbps.
stateful firewall
Inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, the stateful firewall permits that traffic. The process of inspecting traffic to identify unique sessions is called stateful inspection.
traffic shaping
Instead of making a minimum amount of bandwidth available for specific traffic types, you might want to limit available bandwidth. Both policing and shaping tools can accomplish this objective. Collectively, these tools are called traffic conditioners. Traffic shaping delays excess traffic by buffering it as opposed to dropping the excess traffic.
Policing
Instead of making a minimum amount of bandwidth available for specific traffic types, you might want to limit available bandwidth. Both policing and trafficshaping tools can accomplish this objective. Collectively, these tools are called traffic conditioners. Policing can drop exceeding traffic, as opposed to buffering it.
metropolitan-area network (MAN)
Interconnects locations scattered throughout a metropolitan area.
wide-area network (WAN)
Interconnects network components that are geographically separated.
local-area network (LAN)
Interconnects network components within a local region (for example, within a building).
site-to-site VPN
Interconnects two sites, as an alternative to a leased line, at a reduced cost.
RFI (radio frequency interference)
Interference that affects radio frequency communication.
carrier sense multiple access collision avoidance (CSMA/CA)
Just as CSMA/CD is needed for half-duplex Ethernet connections, CSMA/CA is needed for WLAN connections because of their half-duplex operation. Similar to how an Ethernet device listens to an Ethernet segment to determine whether a frame exists on the segment, a WLAN device listens for a transmission on a wireless channel to determine whether it is safe to transmit. In addition, the collision-avoidance part of the CSMA/CA algorithm causes wireless devices to wait for a random backoff time before transmitting.
Challenge Handshake Authentication Protocol (CHAP)
Like PAP, CHAP performs one-way authentication. However, authentication is performed through a three-way handshake (challenge, response, and acceptance messages) between a server and a client. The three-way handshake allows a client to be authenticated without sending credential information across a network.
physical layer
Layer 1 of the OSI model, where all physical connectivity is defined.
data link layer
Layer 2 of the OSI model, which is above the physical layer. Data comes off the cable, goes through the physical layer, and goes into the data link layer. The data link layer has two distinct sublayers: MAC and LLC.
network layer
Layer 3 of the OSI model, which is where routing based on node addresses (IP addresses) occurs. Routing based on logical addresses.
transport layer
Layer 4 of the OSI model. Protocols at this layer perform functions such as segmenting data so that it can be sent over the network and then reassembling the segmented data on the receiving end. The transport layer also deals with some of the errors that can occur in a stream of data, such as dropped and duplicated packets.
session layer (OSI Model)
Layer 5 of the OSI model, which establishes, manages, and terminates sessions between applications on different nodes.
presentation layer (OSI model)
Layer 6 of the OSI model, which prepares information to be used by the application layer. It is responsible for the formatting of data being exchanged and securing the data with encryption.
Application layer (OSI model)
Layer 7 of the OSI model, it provides application services to a network. supports services used by end-user applications. Another function of the application layer is advertising available services.
multilayer switch
Like a router, a multilayer switch can make traffic forwarding decisions based on Layer 3 information. Although multilayer switches more closely approach wire-speed throughput that most routers, routers tend to have a greater feature set and are capable of supporting more interface types than a multilayer switch.
Switch
Like an Ethernet hub, an Ethernet switch interconnects network components. Like a hub, switches are available with a variety of port densities. However, unlike a hub, a switch doesn't simply take traffic in on one port and forward copies of that traffic out all other ports. Rather, a switch learns which devices reside off of which ports. As a result, when traffic comes in a switch port, the switch interrogates the traffic to see where it's destined. Then, based on what the switch has learned, the switch forwards the traffic out of the appropriate port, and not out all of the other ports.
Fiber connection type LC
Local connector / Lucian Connector. - Half the size of SC connector. - Greater density - Half duplex
Transport
Name Of Layer 4
Session
Name Of Layer 5
Presentation
Name Of Layer 6
Application
Name Of Layer 7
multiple input multiple output (MIMO)
MIMO uses multiple antennas for transmission and reception. These antennas do not interfere with one another, thanks to MIMO's use of spatial multiplexing, which encodes data based on the antenna from which the data will be transmitted. Both reliability and throughput can be increased with MIMO's simultaneous use of multiple antennas.
F-Type Connector
Modern coaxial cable connector used in residential areas. - threaded connector - commonly used on RG-6 cable
encryption
Modifying data for security purposes prior to transmission so that the data cannot be read without the decryption method.
Direct-sequence spread spectrum (DSSS)
Modulates data over an entire range of frequencies using a series symbols called chips. A chip is shorter in duration thana bit, meaning that chips are transmitted at a higher rate than the actual data. These chips not only represent encoded data to be transmitted, but also what appears to be random data. Because both parties involved in a DSSS communication know which chips represent actual data and which chips do not, if a third-party intercepted a DSSS transmission, it would be difficult for that party to eavesdrop on the data, because he would not easily know which chips represented valid bits. DSSS is more subject to environmental factors, as opposed to FHSS and OFDN because it uses of an entire frequency spectrum.
PTP (Point-to-Point)
More commonly referenced as PPP, this protocol is used to establish a direct connection between two nodes.
LWAPP (Lightweight Access Point Protocol
More commonly known as Lightweight, this is a protocol simplifying communication with multiple access points at the same time.
RG (Radio Guide)
More frequently used as Radio Grade, this is a specification commonly used with connection types.
multimode fiber (MMF)
Multimode fiber-optic cabling has a core with a diameter large enough to permit the injection of light into the core at multiple angles. The different paths (that is, modes) that light travels can lead to multimode delay distortion, which causes bits to be received out of order because the pulses of light representing the bits traveled different paths (and therefore, different distances).
volume set
Multiple disks or partitions of disks that have been configured to read as one drive.
Data Link
Name Of Layer 2
Network
Name Of Layer 3
Internet Security Association and Key Management Protocol (ISAKMP)
Negotiates parameters for an IPsec session.
media converter
Network media converters are used to interconnect different types of cables within an existing network. For example, the media converter can be used to connect newer Gigabit Ethernet technologies with older 100BASE-T networks.
wireless networking
Networking that uses any unbound media, such as infrared, microwave, or radio waves.
default gateway
Normally a router or a multihomed computer to which packets are sent when they are destined for a host on a different network.
copy backup
Normally, a backup of the entire hard drive. A copy backup is similar to a full backup, except that the copy backup does not alter the state of the archive bits on files.
InterNIC (Internet Network Information Center)
Now known just as NIC (Network Information Center), this is the organization that was primarily responsible for domain name allocation.
CAT7
Offers improvements over Category 6a by offering 600 MHz of bandwidth and improved crosstalk suppression. It specifies transmission distances up to 100 meters with 10 Gbps networking speeds.
demilitarized zone (DMZ)
Often contains servers that should be accessible from the Internet. This approach would, for example, allow users on the Internet to initiate an e-mail or a web session coming into an organization's e-mail or web server. However, other protocols would be blocked.
integrated services (IntServ)
Often referred to as hard QoS because IntServ can make strict bandwidth reservations. IntServ uses signaling among network devices to provide bandwidth reservations. Resource Reservation Protocol (RSVP) is an example of an IntServ approach to QoS. Because IntServ must be configured on every router along a packet's path, a primary drawback of IntServ is its lack of scalability.
administrator account
On a Windows system, the default account that has rights to access everything and to assign rights to other users on the network. Unlike other user accounts, the Administrator account cannot be deleted.
dig
On a Linux, UNIX, or Mac OS system, you can use the dig command to perform manual DNS lookups.
Connectors go...
On the end of every cable
FM (frequency modulation)
One form of radio modulation, this communication technique transmits information over a radio wave.
ping command
One of the most commonly used command-line commands. It can check IP connectivity between two network devices. Multiple platforms (for example, routers, switches, and hosts) support the ping command. A TCP/IP stack utility that works with ICMP and that uses echo requests and replies to test connectivity to other systems.
ESP (Encapsulated Security Packets)
One of the two separate protocols IPsec consists of (the other being AH). ESP provides encryption services.
AH (Authentication Header)
One of the two separate protocols IPsec consists of (the other being ESP). AH provides the authentication and integrity checking for data packets.
current state modulation
One way to electrically or optically represent a binary 1 or 0 is to use current state modulation, which represents a binary 1 with the presence of voltage (on a copper cable) or the presence of light (on a fiber-optic cable). Similarly, the absence of light or voltage represents a binary 0.
state transition modulation
One way to electrically or optically represent a binary 1 or 0 is to use the transition between a voltage level (for example, going from a state of no voltage to a state of voltage, or vice versa, on a copper cable) or the transition of having light or no light on a fiber optic cable to represent a binary 1. Similarly, a binary 0 is represented by having no transition in a voltage level or light level from one time period to the next. This approach of representing binary digits is called state transition modulation.
optical carrier (OC)
Optical networks often use OC levels to indicate bandwidth. As a base reference point, the speed of an OC-1 link is 51.84 Mbps. Other OC levels are multiples of an OC-1. For example, an OC-3 link has three times the bandwidth of an OC-1 link (that is, 3 * 51.84 Mbps = 155.52 Mbps).
pretty good privacy (PGP)
PGP is a widely deployed asymmetric encryption algorithm and is often used to encrypt e-mail traffic.
connection-oriented communication
Packet transfer in which delivery is guaranteed.
connectionless communication
Packet transfer in which delivery is not guaranteed.
virtual switch
Performs Layer 2 functions (for example, VLAN separation and filtering) between various server instances running on a single physical server.
Password Authentication Protocol (PAP)
Performs one-way authentication (that is, a client authenticates with a server). However, a significant drawback to PPP, other than its unidirectional authentication, is its clear-text transmission of credentials, which could permit an eavesdropper to learn authentication credentials.
Domain Name System (DNS) server
Performs the task of taking a domain name (for example, www.ciscopress.com) and resolving that name into a corresponding IP address (for example, 10.1.2.3).
Bits
Physical Layer
Coax / Fiber
Physical Layer
Hub
Physical Layer
Media
Physical Layer
Modem
Physical Layer
Repeater
Physical Layer
Signals
Physical Layer
Transciever
Physical layer
policies and procedures
Policies refer to an organization's documented rules regarding what is to be done, or not done, and why. Network procedures differ from policies in that they identify the way in which tasks are to be performed.
SSL/TLS
Presentation Layer
Syntax, Encryption, Compression
Presentation Layer
Firewall
Primarily a network security appliance, a firewall can protect a trusted network (for example, a corporate LAN) from an untrusted network (for example, the Internet) by allowing the trusted network to send traffic into the untrusted network and receive the return traffic from the untrusted network, while blocking traffic for sessions that were initiated on the untrusted network.
protocol analyzer
Protocol analyzers can be hardware- or software-based, with their primary function being to analyze network protocols such as TCP, UDP, HTTP, FTP, and more
SNMP (Simple Network Management Protocol)
Provides network devices with a method to monitor and control network devices; manage configurations, statistics collection, performance, and security; and report network management information to a management console. SNMP is part of the TCP/IP suite.
satellite (WAN technology)
Provides WAN access to sites where terrestrial WAN solutions are unavailable. Satellite WAN connections can suffer from long round-trip delay (which can be unacceptable for latency-sensitive applications) and are susceptible to poor weather conditions.
Secure Sockets Layer (SSL)
Provides cryptography and reliability for upper layers (Layers 5[nd]7) of the OSI model. SSL, which was introduced in 1995, has largely been replaced by Transport Layer Security (TLS). However, recent versions of SSL (for example, SSL 3.3) have been enhanced to be more comparable with TLS. Both SSL and TLS are able to provide secure web browsing via HTTPS.
QSFP
Quad- Small form-factor pluggable. Contains four channels. Transmission speeds of 4x4GBps. Can support 4 10GB Ethernet.
omnidirectional antenna
Radiates power at relatively equal power levels in all directions (somewhat similar to the theoretical isotropic antenna). Omnidirectional antennas are popular in residential WLANs and SOHO locations.
RG
Radio Grade Coaxial Cable
dial-up networking
Refers to the connection of a remote node to a network using POTS.
regulations
Regulations are actual legal restrictions with legal consequences.
two-factor authentication (TFA)
Requires two types of authentication from a user seeking admission to a network. For example, a user might need to know something (for example, a password) and have Something (for example, a specific fingerprint that can be checked with a biometric authentication device).
edge label switch router (ELSR)
Resides at the edge of an MPLS service provider's cloud and interconnects a service provider to one or more customers.
label switch router (LSR
Resides inside a service provider's MPLS cloud and makes frame forwarding decisions based on labels applied to frames.
single-mode fiber (SMF)
SMF cabling has a core with a diameter large enough to permit only a single path for light pulses (that is, only one mode of propagation). By having a single path for light to travel, SMF eliminates the concern of multimode delay distortion.
remote-access VPN
See client-to-site VPN.
slash notation
See prefix notation.
fox and hound
See toner probe.
link-state advertisement (LSA)
Sent by routers in a network to advertise the networks the routers know how to reach. Routers use those LSAs to construct a topological map of a network. The algorithm run against this topological map is Dijkstra's shortest path first algorithm.
Control Protocols
Session Layer
Stateful Inspection
Session Layer
Tunneling Protocols
Session Layer
S-FTP: Copper
Shielded Foil Twisted Pair. Has a braided shielding around the twisted pair and adds further protection against electro-magnetic interference.
STP : Copper
Shielded Twisted Pair. Has additional shielding to protect against interference. The cable needs to be grounded.
classless interdomain routing (CIDR)
Shortens a classful subnet mask by removing right-justified 1s from a classful mask. As a result, CIDR allows contiguous classful networks to be aggregated. This process is sometimes called route aggregation.
IDF
Some networks use multiple wiring closets. When this is the case, the wiring closet, known as the main distribution frame (MDF), connects to secondary wiring closets, or intermediate distribution frames (IDFs). See also MDF.
packet-switched connection
Similar to a dedicated leased line, because most packet-switched networks are always on. However, unlike a dedicated leased line, packet-switched connections allow multiple customers to share a service provider's bandwidth.
multifactor authentication
Similar to two-factor authentication, multifactor authentication requires two or more types of successful authentication before granting access to a network.
SFP+
Small Form Factor Pluggable Plus. A type of SFP that can send and receive data at rates of up to 10 Gbps.
SFP
Small Form-factor Pluggable. - Transmission speeds up to 1GB - Replaces the GBIC - Greater port density
DaaS (Desktop as a Service)
Software that separates the desktop environment and associated application software from the physical client device that is used to access it.
CASB (cloud access security broker)
Software that sits between cloud service users and cloud applications to monitor all activity and enforce security policies.
virtual private network (VPN)
Some VPNs can support secure communication between two sites over an untrusted network (for example, the Internet).
T-carrier (terrestrial carrier)
T-carrier lines are high-speed dedicated digital lines that can be leased from telephone companies. T-carrier lines can support both voice and data transmissions and are often used to create point-to-point private networks.
T1
T1 circuits were originally used in telephony networks, with the intent of one voice conversation being carried in a single channel (that is, a single DS0). A T1 circuit consists of 24 DS0s, and the bandwidth of a T1 circuit is 1.544 Mbps.
T1/E1
T1 lines are a form of T-Carrier lines that offer transmission speeds of 1.544 Mbps. E1 refers to the European equivalent of T1. See also T-carrier.
T3/E3
T3 carrier lines offer transmission speeds of up to 44.736 Mbps, using 672 64 Kbps B channels. E3 refers to the European equivalent of T3. See also T-carrier.
toner probe
Sometimes called a fox and hound, a toner probe allows you to place a tone generator at one end of the connection (for example, in someone's office), and use a probe on the punch-down block to audibly detect to which pair of wires the tone generator is connected.
private IP addresses
Specific Class A, B, and C networks have been designed for private use. Although these networks are routable (with the exception of the 169.254.0.0-169.254.255.255 address range), within the organization, service providers do not route these private networks over the public Internet.
CNAME (canonical name)
Specifies an alias or nickname for a canonical hostname record in a Domain Name System (DNS) database. CNAME records are used to give a single computer multiple names (aliases).
Fiber connection type ST
Straight tip. Older form of connector. Push in and twist
time-division multiplexing (TDM)
Supports different communication sessions (for example, different telephone conversations in a telephony network) on the same physical medium, by allowing sessions to take turns. For a brief period of time, defined as a time slot, data from the first session is sent, followed by data from the second sessions. This continues until all sessions have had a turn, and the process repeats itself.
EIA/TIA
The Electronic Industries Alliance/Telecommunications Industry Association is a trade organization responsible for a number of communications standards.
100BaseT
The IEEE 802.3 specification for running Ethernet at 100 Mbps over twisted-pair cabling. The maximum length of a 100BASET segment is 100 meters (328 feet).
568A/568B standards
Telecommunications standards from the Telecommunications Industry Association (TIA) and the Electronics Industry Association (EIA). These 568 standards specify the pin arrangements for the RJ-45 connectors on UTP or STP cables. The number 568 refers to the order in which the wires within the UTP cable are terminated and attached to the connector.
Fast Ethernet
The IEEE 802.3u specification for data transfers of up to 100 Mbps over twisted-pair cable. See also 100BASE-FX, 100BASE-T, and 100BASE-TX.
default gateway
The IP address of a router (or multilayer switch) to which a networked device sends traffic destined for a subnet other than the device's local subnet.
RTP (Real-Time Transport Protocol)
The Internet-standard protocol for the transport of realtime data, including audio and video.
ESS (extended service set)
The ESS refers to two or more basic service sets (BSS) connected, therefore using multiple APs. The ESS is used to create WLANs or larger wireless networks and is a collection of APs and clients.
RTO (recovery time objective)
The acceptable duration of time within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in business continuity.
SA (security association)
The establishment of shared security attributes between two entities on a network to support secure communications between them
RFC (Request For Comments)
The process by which standards relating to the Internet, the TCP/IP suite, and associated technologies are created, commented on, and approved.
master name server
The supplying name server that has authority in a DNS zone.
Gbps (gigabits per second)
The throughput of a given network medium in terms of 1 billion bps.
IEEE 802.11ac
The 802.11ac wireless standard provides even higher throughput for WLANs on the 5 GHz frequency range. The specifications goal is at least 1 gigabit per second throughput for multistation WLANs and a single station link throughput of at least 500 Mbps. It supports MIMO spatial streams as well as the newer MU-MIMO technology. 802.11ac is backward compatible with 802.11b, g, and n.
IEEE 802.11n
The 802.11n wireless standard significantly increased throughput in both the 2.4 GHz and 5 GHz frequency range. The baseline goal of the standard reaches speeds of 100 Mbps, but given the right conditions, 802.11n speeds can reach 600 Mbps. 802.11n is backward compatible with 802.11b and g.
ARP ping
The ARP utility that resolves IP addresses to MAC addresses. The ARP ping utility tests connectivity by pinging a MAC address directly.
BSSID (basic service set identifier)
The BSSID is the MAC address of the wireless access point (AP).
committed information rate (CIR)
The CIR of an interface is the average traffic rate over the period of a second.
primary name server
The DNS server that offers zone data from files stored locally on the machine.
AAAA record
The DNS record that maps a hostname to a 128-bit IPv6 address. This is also known as the IPv6 address record.
physical address
The MAC address on every NIC. The physical address is applied to a NIC by the manufacturer. Except for rare occurrences, it is never changed
network interface layer
The Network Interface Layer of the TCP/IP stack (also known as the network access layer) encompasses the technologies addressed by Layers 1 and 2 (that is, the physical and data link layers) of the OSI model.
Time To Live (TTL)
The TTL field in an IP header is decremented once for each router hop. Therefore, if the value in a TTL field is reduced to 0, a router discards the frame and sends a time exceeded ICMP message back to the source.
Wi-Fi Protected Access (WPA)
The Wi-Fi Alliance (a nonprofit organization formed to certify interoperability of wireless devices) developed its own security standard to address the weaknesses of Wired Equivalent Privacy (WEP). This new security standard was called Wi-Fi Protected Access (WPA) Version 1.
D (delta) channel
The channel used on ISDN to communicate signaling and other related information. Use of the D channel leaves the B channels free for data communication. See also B (bearer) channel.
physical topology
The actual physical layout of the network. Common physical topologies include star, bus, mesh, and ring. Compare with logical topology. The way a network's components are physically interconnected determines the network's physical topology.
logical topology
The actual traffic flow of a network determines the network's logical topology.
source address
The address of the host that sent the frame. The source address is contained in the frame so that the destination node knows who sent the data.
logical addressing scheme
The addressing method used in providing manually assigned node addressing.
logical topology
The appearance of the network to the devices that use it, even if in physical terms the layout of the network is different. See also physical topology.
failover
The automatic switching from one device or system to another. Servers can be configured in a failover configuration so that if the primary server fails, the secondary server automatically takes over
wireless channel
The band of frequency used for wireless communications. Each IEEE wireless standard specifies the channels that can be used.
network interface layer
The bottom layer of the TCP/IP architectural model, which is responsible for sending and receiving frames.
fault tolerance
The capability of a component, system, or network to endure a failure.
RPO (recovery point objective)
The maximum acceptable period in which data might be lost from a major incident
POTS (plain old telephone system)
The current analog public telephone system. A POTS connection connects a customer device (such as a telephone) to the public switched telephone network (PSTN).
RSTP (Rapid Spanning Tree Protocol)
The default protocol for preventing loops on Ethernet networks.
latency
The delay induced by a piece of equipment or device used to transfer data.
FQDN (fully qualified domain name)
The entire domain name. It specifies the name of the computer, the domain in which it resides, and the top-level DNS domain (for example, www.marketing.quepublishing.com).
authentication
The process by which a user's identity is validated on a network. The most common authentication method is a username and password combination.
supernetting
The process of aggregating IP network addresses and using them as a single network address range.
EGP (exterior gateway protocol)
The exterior gateway protocol defines distance-vector protocols commonly used between hosts on the Internet to exchange routing table information. BGP is an example of an EGP. See BGP.
inherited rights
The file system or directory access rights valid at a given point as a result of those rights being assigned at a higher level in the directory structure.
microsegmentation
The process of using switches to divide a network into smaller segments.
cracking
The process of attempting to break software code, normally to defeat copyright protection or alter the software's functioning. Also the process of attempting to gain unauthorized access to a computer system. See also hacker
subnetting
The process of using parts of the node portion of an assigned IP address to create more network IDs. Although subnetting increases the number of network IDs, it decreases the number of node addresses available for each network ID.
intrusion detection
The process or procedures that warn you about successful or failed unauthorized access to a system.
hardware address
The hardwareencoded MAC address burned into every NIC.
cloud computing
The hosting, storage, and delivery of computing as a service rather than a product. The end user accesses remotely stored programs and other resources through the Internet without the need for expensive local networking devices, services, and support. Various industry cloud computing concepts include public, private, hybrid, and community cloud.
shared system
The infrastructure component routed directly into an internetwork's backbone for optimal systems access. It provides connectivity to servers and other shared systems.
handshake
The initial communication between two data communication devices, during which they agree on protocol and transfer rules for the session.
IGP
The interior gateway protocol (IGP) identifies the protocols used to exchange routing information between routers within a LAN or interconnected LANs. See EGP
MTU (maximum transmission unit)
The largest data size that a protocol/layer can transmit.
maximum transmission unit (MTU)
The largest packet size supported on an interface.
SDLC (software development life cycle)
The life cycle of software development.
connectivity
The linking of nodes on a network for communication to take place.
Fiber-optic cable
The longest Bounded transmission media. No RF frequency or other emitting signal.
attenuation
The loss of signal experienced as data transmits over distance and across the network medium.
OS (operating system)
The main computer program that manages and integrates all the applications running on a computer. The OS handles all interactions with the processor.
MLA (master license agreement)
The main contract defining services to be offered by a provider.
MDF
The main distribution frame is a type of wiring closet. The primary wiring closet for a network typically holds the majority of the network gear, including routers, switches, wiring, servers, and more. This is also typically the wiring closet where outside lines run into the network. This main wiring closet is known as the MDF. One of the key components in the MDF is a primary patch panel. The network connector jacks attached to this patch panel lead out to the building for network connections. See also IDF.
vertical cross-connect
The main or vertical cross-connect is the location where outside cables enter the building for distribution. This may include Internet and phone cabling.
hop
The means by which routing protocols determine the shortest way to reach a given destination. Each router constitutes one hop. If a router is four hops away from another router, for example, three routers, or hops, exist between the first router and the destination. In some cases, the final step is also counted as a hop.
Availability
The measure of a network's uptime.
Latency
The measure of delay in a network.
Reliability
The measure of how error-free a network transmits packets.
polling
The media access method for transmitting data in which a controlling device is used to contact each node to determine whether it has data to send.
IaaS (Infrastructure as a Service)
The most basic method of cloud service computing; the users install everything from the operating system up.
Ethernet
The most common LAN technology. Ethernet can be implemented using coaxial, twistedpair, or fiber-optic cable. Ethernet typically uses the CSMA/CD media access method and has various implementation standards.
Internet domain name
The name of an area of the DNS namespace. The Internet domain name normally is expressed along with the top-level domain to which it belongs (for example, comptia.org).
protocol data unit (PDU)
The name given to data at different layers of the OSI model. Specifically, the PDU for Layer 4 is segment. The Layer 3 PDU is packet, the Layer 2 PDU is frame, and the Layer 1 PDU is bit.
destination address
The network address to which data is sent.
IPv6 (Internet Protocol version 6)
The newer version of IP, which has a larger range of usable addresses than IPv4, and enhanced security.
ICANN (Internet Corporation for Assigned Names and Numbers)
The nonprofit organization responsible for coordinating domain names and addresses.
SOP (standard operating procedure)
The normal, accepted way that business is conducted.
block size
The number of IP addresses in a subnet, including the subnet's address and the subnet's directed broadcast address.
frequency
The number of cycles of an alternating current signal over a unit of time. Frequency is expressed in hertz (Hz).
IEEE 802.11
The original IEEE wireless standard, which defines standards for wireless LAN communication.
network ID
The part of a TCP/IP address that specifies the network portion of the IP address. The network ID is determined by the class of the address, which in turn is determined by the subnet mask used.
zone transfer
The passing of DNS information from one name server to a secondary name server
biometrics
The science and technology of measuring and analyzing biological data. Biometrics are used for security purposes to analyze and compare characteristics such as voice patterns, retina patterns, and hand measurements.
demarcation point
The point at which communication lines enter a customer's premises. Sometimes shortened to simply demarc
MTBF (mean time between failures)
The predicted time between inherent failures of a system.
tip and ring
The red and green wires found in an RJ-11 wall jacks, which carry voice, ringing voltage, and signaling information between an analog device (for example, a phone or a modem) and an RJ-11 wall jack.
ARIN (American Registry for Internet Numbers)
The regional Internet registry responsible for managing both IPv4 and IPv6 IP number distribution.
hot swap
The removal and replacement of a component in a system while the power is still on and the system is functioning
collision
The result of two frames simultaneously transmitting on an Ethernet network and colliding, thereby destroying both frames.
DLC (data link control)
The service provided by the data link layer of the OSI model.
topology
The shape or layout of a physical network and the flow of data through the network.
plenum
The space between the structural ceiling and a dropdown ceiling. It is commonly used for heating, ventilation, and air conditioning systems and to run network cables. Plenum cabling is fire retardant and minimizes toxic fumes released by network cabling if that cable were to catch on fire. As a result, plenum cabling is often a requirement of local fire codes for cable in raised flooring or in other open-air return ducts.
baud rate
The speed or rate of signal transfer. Baud rate bandwidth is measured in cycles per second, or hertz (Hz). The word baud is derived from the name of French telegraphy expert J. M. Baudot.
BCP (business continuity plan)
The strategy for addressing potential threats to a company and creation of systems to aid in the prevention of threats and recovery from problems.
Offsite
The term offsite in the context of virtualization technologies refers to hosting virtual devices on hardware physically located in a service provider's data center.
Onsite
The term onsite in the context of virtualization technologies refers to hosting virtual devices on hardware physically located in a corporate data center.
ESSID (extended service set identifier)
The terms ESSID and SSID are used interchangeably, but they are different. The SSID is the name used with basic service set (BSS) networks, and the ESSID is the network name used with an ESS wireless network design. With an ESS, not all APs necessarily use the same name.
communication
The transfer of information between nodes on a network.
transport layer (TCP/IP stack)
The transport layer of the TCP/IP stack maps to Layer 4 (transport layer) of the OSI model. The two primary protocols found at the TCP/IP stack's transport layer are TCP and UDP.
Why are the wires twisted in TP?
The twists help prevent electro-magnetic interference.
Jitter
The uneven arrival of packets.
IP address
The unique address used to identify the network number and node address of a device connected to a TCP/IP network. IPv4 addresses typically are expressed in dotted-decimal format, such as 192.168.1.1. A typical IPv6 address looks like 2001:0:4137:9e76: 18d1:2094:b980:a30.
MIMO (multiple input, multiple output)
The use of multiple antennas—often at both the transmitter and receiver—to improve communications in IEEE 802.11n and 802.11ac Wi-Fi networks.
ICS (Internet connection sharing)
The use of one device with access to the Internet as an access point for other devices to connect.
bandwidth
The width of the range of electrical frequencies, or how many channels the medium can support. Bandwidth correlates to the amount of data that can traverse the medium at one time, but other factors determine the maximum speed supported by a cable.
public switched telephone network (PSTN)
The worldwide telephony network consisting of multiple telephone carriers.
distributed denial of service (DDoS)
These attacks can increase the amount of traffic flooded to a target system. Specifically an attacker compromises multiple systems, and those compromised systems, called zombies, can be instructed by the attacker to simultaneously launch a DDoS attack against a target system.
buffer overflow
This attack occurs when an attacker leverages a vulnerability in an application, causing data to be written to a memory area (that is, a buffer) that's being used by a different application.
customer premise equipment (CPE)
This device resides at a customer site. A router, as an example, can be a CPE that connects a customer with an MPLS service provider.
poison reverse
This feature of a distance-vector routing protocol causes a route received on one interface to be advertised back out of that same interface with a metric considered to be infinite.
split horizon
This feature of a distance-vector routing protocol prevents a route learned on one interface from being advertised back out of that same interface.
Internet layer
This layer of the TCP/IP stack maps to Layer 3 (network layer) of the OSI model. Although multiple routed protocols (for example, IPv4 and IPv6) may reside at the OSI model's network layer, the Internet layer of the TCP/IP stack focuses on IP as the protocol to be routed through a network.
link efficiency
To make the most of the limited bandwidth available on slower speed links, you might choose to implement compression or link fragmentation and interleaving (LFI). These QoS mechanisms are examples of link efficiency mechanisms.
horizontal cross-connect
Ties the telecommunication room to the end user. Specifically, the horizontal cabling extends from the telecommunications outlet, or network outlet with RJ-45 connectors, at the client end. It includes all cable from that outlet to the telecommunication room to the horizontal cross-connect. The term horizontal cross-connect refers to the distribution point for the horizontal cable.
electrostatic discharge (ESD) wrist strap
To prevent static electricity in your body from damaging electrical components on a circuit board, you can wear an ESD wrist strap. The strap is equipped with a clip that you can attach to something with a ground potential (for example, a large metal desk). While wearing the wrist strap, if you have any static buildup in your body, the static flows to the object with a ground potential to which your strap is clipped, thus avoiding damage to any electrical components that you might touch.
transmit
To send data using light, electronic, or electric signals. In networking, this is usually done in the form of digital signals composed of bits.
twisted-pair cable
Today's most popular media type is twisted-pair cable, where individually insulated copper strands are intertwined into a twisted-pair cable. Two categories of twisted-pair cable include shielded twisted pair (STP) and unshielded twisted pair (UTP).
Flow Control
Transport Layer
Port Numbers
Transport Layer
Reliability
Transport Layer
Segments
Transport Layer
TCP/UDP
Transport Layer
STP (shielded twisted-pair)
Twisted-pair network cable that has shielding to insulate the cable from EMI.
host
Typically refers to any device on the network that has been assigned an IP address.
bus topology
Typically, it uses a cable running through the area requiring connectivity, and devices to be networked can tap into that cable.
traceroute command
UNIX command that display every router hop along the path from a source host to a destination host on an IP network. Information about the router hop can include the IP address of the router hop and the round-trip delay of that router hop.
UTP : Copper
Un-shielded Twisted Pair. No additional shielding. The most common twisted pair cabling.
unidirectional antenna
Unidirectional antennas can focus their power in a specific direction, thus avoiding potential interference with other wireless devices and perhaps reaching greater distances than those possible with omnidirectional antennas. One application for unidirectional antennas is interconnecting two nearby buildings.
Border Gateway Protocol (BGP)
Used between gateway hosts on the Internet. BGP examines the routing table, which contains a list of known routers, the addresses they can reach, and a cost metric associated with the path to each router so that the best available route is chosen. BGP communicates between the routers using TCP.
Active Directory
Used in Windows network environments, this is a directory services system that enables network objects to be stored in a database. This database can then be divided and distributed among different servers on the network.
carrier sense multiple access collision detect (CSMA/CD)
Used on an Ethernet network to help prevent a collision from occurring and to recover if a collision does occur. CSMA/CD is only needed on half-duplex connections.
Crimper
Used to attach a connector (for example, an RJ-45 connector) to the end of an unshielded twisted-pair (UTP) cable.
Straight-through cable
Used to interconnect different network node types. Switch-Router, Host-Switch, WAP-Router
Wi-Fi Protected Access Version 2 (WPA2)
Uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for integrity checking and Advanced Encryption Standard (AES) for encryption. These algorithms enhance the security offered by WPA.
Why twist the cables?
Uses balanced pair operation. One signal is positive and the other is negative. Twists allow one to receive info over any interference.
virtual PBX
Usually a VoIP telephony solution hosted by a service provider, which interconnects with a company's existing telephone system.
extended service set (ESS)
WLANs containing more than one AP are called ESS WLANs. Like BSS WLANs, ESS WLANs operate in infrastructure mode. When you have more than one AP, take care to prevent one AP from interfering with another. Specifically, nonoverlapping channels (that is, channels 1, 6, and 11 for the 2.4-GHz band) should be selected for adjacent wireless coverage areas.
basic service set (BSS)
WLANs that have just one AP are called BSS WLANs. BSS WLANs are said to run in infrastructure mode because wireless clients connect to an AP, which is typically connected to a wired network infrastructure. A BSS network is often used in residential and SOHO locations, where the signal strength provided by a single AP is sufficient to service all of the WLAN's wireless clients.
convergence
When a change in the network routing is made, it takes some time for the routers to detect and accommodate this change; this is known as convergence.
congestion management
When a device, such as a switch or router, receives traffic faster than it can be transmitted, the device attempts to buffer (or store) the extra traffic until bandwidth becomes available. This buffering process is called queuing or congestion management.
hub-and-spoke topology
When interconnecting multiple sites (for example, multiple corporate locations) via WAN links, a hub-and-spoke topology has a WAN link from each remote site (a spoke site) to the main site (the hub site).
orthogonal frequency-division multiplexing (OFDM)
Whereas DSSS uses a high modulation rate for the symbols it sends, OFDM uses a relatively slow modulation rate for symbols. This slower modulation rate, combined with the simultaneous transmission of data over 52 data streams, helps OFDM support high data rates while resisting crosstalk between the various data streams.
nslookup
Windows and Linux/ UNIX command-line utility used to query Domain Name System (DNS) servers and clients to obtain DNS information.
channel bonding
With channel bonding, two wireless bands can be logically bonded together, forming a band with twice the bandwidth of an individual band. Some literature refers to channel bonding as 40-MHz mode, which refers to the bonding of two adjacent 20-MHz bands into a 40-MHz band.
symmetric encryption
With symmetric encryption, both the sender and receiver of a packet use the same key (a shared key) for encryption and decryption.
Automatic Private IP Addressing (APIPA)
a windows system assigns itself an IP address in the absence of a DHCP server. Addresses are assigned from the 169.254.x.x address range.
unshielded twisted-pair (UTP)
cable Blocks EMI from the copper strands making up a twisted-pair cable by twisting the strands more tightly (that is, more twists per centimeter [cm]). By wrapping these strands around each other, the wires insulate each other from EMI.
shielded twisted-pair (STP)
cable STP cabling prevents wires in a cable from acting as an antenna, which might receive or transmit EMI. STP cable might have a metallic shielding, similar to the braided wire that acts as an outer conductor in a coaxial cable.
Asynchronous Transfer Mode (ATM)
high-speed networking standard designed to support voice, video and data communications, and to improve utilization and quality of service (QoS) on high-traffic networks. ATM is normally utilized by internet service providers on their private long-distance networks. ATM operates at the data link layer (Layer 2 in the OSI model) over either fiber or twisted-pair cable. provides transfer speeds ranging from 1.544 Mbps to 622 Mbps.
Supervisory Control and Data Acquisition (SCADA)
network Specialized network that provides control of remote equipment for monitoring and control of that equipment. A power plant or gas refinery would have a SCADA network.
Asymmetric encryption
uses public and private keys to encrypt and decrypt data.
Crossover cable
used to connect to similar devices. Switch-Switch, Router-Router, Host-Router.