CompTIA CertMaster Learn for Network+ N10-007
PBX (Private Branch Exchange)
A device used to route incoming calls to direct dial numbers and provide facilities such as voice mail, Automatic Call Distribution (ACD), and Interactive Voice Response (IVR)
Anti-ESD Wrist Strap
A device worn around an individual's wrist and attached to a ground point to dissipate static charges more effectively and avoid equipment damage.
Type I (Bare Metal) Hypervisor A
A hypervisor that is installed directly onto the computer and manages access to the host hardware without going through a host OS.
Application Layer
OSI model layer providing support to applications requiring network services (file transfer, printing, email, databases, and so on).
Transport Layer
OSI model layer responsible for ensuring reliable data delivery. In TCP/IP, this service is provided by the TCP protocol.
Data Link Layer
OSI model layer responsible for transferring data between nodes. This layer is split into two sublayers: Media Access Control (MAC) and Logical Link. Devices operating at this layer include network adapters, bridges, switches, and wireless access points.
Session Layer
OSI model layer that provides services for applications that need to exchange multiple messages (dialog control).
Presentation Layer
OSI model layer that transforms data between the formats used by the network and applications.
Phishing
Obtaining user authentication or financial information through a fraudulent request for information
Network ID
Of an IP address, the number common to all hosts on the same IP network.
Host ID
Of an IP address, the unique number that identifies a host on an IP network.
TTL (Time to Live)
Of an IP packet, this field is nominally the number of seconds a packet is allowed to stay on the network before being discarded; otherwise packets could endlessly loop around an internet.
Tagged/Untagged Port
On a switch with VLANs configured, a port with an end station host connected operates in untagged mode (access port). A tagged port will normally be part of a trunk link
OSI (Open Systems Interconnection) Reference Model
created by the ISO to aid the understanding of how a network system functions in terms of both software and hardware components. The model divides the actions of hardware and software into seven separate sub-tasks: Physical, Data Link, Network, Transport, Session, Presentation, and Application, each with a separate function. The model serves as a functional reference for network communication. It does not represent any individual standard although many protocols do comply with its guidelines.
SC (Subscriber Connector)
Push/pull connector used with fiber optic cabling.
GSM (Global System for Mobile Communication)
2G cellular data standard, capable of links of up to about 14.4 Kbps.
Dynamic DNS
A DNS server that allows clients to update their records automatically when their IP addresses change (if they are assigned by DHCP for instance). The main issue is ensuring that updates are secure.
Cable (Hybrid Fiber Coax)
A Internet connection is usually available along with a telephone/television service (Cable Access TV [CATV]). These networks are often described as as they combine a fiber optic core network with coax links to consumer premises equipment but are more simply just described as "cable". Consumers interface with the service via a cable "modem" (actually functioning more like a bridge).
CAN (Campus Area Network)
A LAN that spreads over several buildings within the same overall area.
Metro Ethernet
A Metropolitan Area Network (MAN) using Ethernet standards and switching fabric.
NGFW/Layer 7 Firewall
A Next Generation Firewall (NGFW) is capable of parsing application layer protocol headers and data (such as HTTP or SMTP) so that sophisticated,content-sensitive ACLs can be developed.
Open Port
A TCP or UDP port number that is configured to accept packets. These ports can be considered a potential security vulnerability if abused by hackers.
Closed Port
A TCP or UDP port number that rejects connections or ignores all packets directed at it.
DHCP (Dynamic Host Configuration Protocol) Server
A TCP/IP networking service that allows a client to request an appropriate IP configuration from a server. The server is configured with a range of addresses to lease. Hosts can be configured to acquire an IP address dynamically or be assigned a static IP address, based on the host's MAC address. The server can also provide other TCP/IP configuration information, such as the location of DNS servers. utilizes UDP ports 67 and 68. It is important to monitor the network to ensure that only valid DHCP servers are running on the network.
ATM (Asynchronous Transfer Mode)
A WAN transfer protocol. The small size of the cells and their fixed length mean delays can be predictable so that time-sensitive data is readily accommodated
Packet Filtering
A basic type and feature of firewall that inspects the headers of IP packets and, based on a set of rules, can filter or manage packets.
Elasticity
A benefit or capability of the cloud allowing it to scale to meet peak demand.
DHCP (Dynamic Host Configuration Protocol) Discover
A broadcast sent by a node when it is ready to communicate with a DHCP server.
Tap
A device used to eavesdrop on communications at the physical layer. In Ethernet, this can be inserted between a switch and a node while a passive form of this can intercept emanations from unshielded cable.
Console Router
A device used to provide remote access to the command-line interface of multiple switch and/or router appliances.
RFID (Radio Frequency IDentification)
A chip allowing data to be read wirelessly. These types of wireless tags are used in barcodes and smart cards and can be powered or unpowered
Packet Switching
A circuit switched network (such as the PSTN) establishes a dedicated channel between two communicating devices. This is a way to make more efficient use of the available bandwidth by splitting data into small packets and routing them via any available path.
Custom Subnet
A collection of IP addresses that are divided into smaller groups to serve a network's needs.
iptables
A command line utility provided by many Linux distributions that allows administrators to edit the rules enforced by the Linux kernel firewall.
tcpdump
A command-line packet sniffer
SPoF (Single Point of Failure)
A component or system that would cause a complete interruption of a service if it failed. These are mitigated by providing redundant parts, connections, or services that either provide failover (the replacement is automatically switched in) or swift replacement.
Gateway
A computer or other device that acts as a translator between two completely dissimilar computer systems.
Honeypot/Honeynet
A computer setup to entice attackers with the purpose of discovering attack strategies and weaknesses in the security configuration.
dhclient
A configuration utility that enables you to configure and manage DHCP settings on the network interfaces of a computer. Supported on Linux and UNIX.
MD5 (Message Digest Algorithm v5)
A cryptographic hash function designed in 1990 by Ronald Rivest and uses a 128-bit hash value. It is now known to have extensive vulnerabilities.
SHA (Secure Hash Algorithm)
A cryptographic hashing algorithm created to address possible weaknesses in MDA
routing table
A database created manually or by a route-discovery protocol that contains network addresses as perceived by a specific router.
Implicit Deny
A default firewall rule used to block any traffic that has not matched a rule.
Blackhole
A means of mitigating DoS or intrusion attacks by dropping (discarding) traffic.
SaaS (Software as a Service)
A different model of provisioning software applications. Rather than purchasing software licenses for a given number of seats, a business would access software hosted on a supplier's servers on a pay-as-you-go or lease arrangement (on-demand).
ISDN (Integrated Services Digital Network)
A digital phone/fax/data service, often used to provide Internet connectivity. There are two classes of this service: Basic Rate Interface (BRI) provides two 64 Kbps (B channels) for data and one 16 Kbps (D channel) for link management control signals; Primary Rate Interface (PRI) provides either T1 or E1 capacity levels (23B or 30B) channels, depending on location in the world and one 64 Kbps D channel.
RIP (Routing Information Protocol)
A distance vector-based routing protocol that uses a hop count to determine the distance to the destination network.
Cross-connect
A distribution frame providing a central termination point for cabling. Horizontal cross-connects distribute wiring to user work areas. On a data network, these are usually implemented as patch panels.
Disaster Recovery Plan
A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.
Backbone
A fast link that connects the various segments of a network.
Hardware Failure
A fault in a physical electronic components of a computer system, cable, or other component. These often require that a component or system be partially or completely replaced.
Flood Guard
A firewall or IPS that prevents DDoD attacks where multiple compromised "bots" attempt to deny network connectivity by flooding it with malicious packets.
Stateful Firewall
A firewall that maintains stateful information about the session established between two hosts (including malicious attempts to start a bogus session). Information about each session is stored in a dynamically updated state table.
Circuit Switching
A form of switching that establishes a temporary dedicated path between nodes. The telephone network (PSTN) uses this form of switching.
Domain
A group of computers which share a common accounts database, referred to as the directory.
Social Engineering
A hacking technique, widely publicized by Kevin Mitnick in his book "The Art of Deception," whereby the hacker gains useful information about an organization by deceiving its users or by exploiting their unsecure working practices. Typical methods include impersonation, domination, and charm.
Bridge
A hardware device used to divide an overloaded network into separate segments. Intrasegment traffic (traffic between devices on the same segment) remains within this segment and cannot affect the other segments. This device works most efficiently if the amount of intersegment traffic (traffic between devices on different segments) is kept low. Segments on either side of the hardware are in separate collision domains but the same broadcast domain. The function of these devices is now typically performed by switches.
OSPF (Open Shortest Path First)
A hierarchical link-state interior gateway routing protocol, this is well suited to large organizations with multiple redundant paths between various networks. It has high convergence performance.
InfiniBand
A high-speed switching fabric used in SANs and data center networks.
Extended Unique Identifier (EUI-64)
A host computer running IPv6 can use this IEEE standard to self-assign its interface addresses. With this standard, the MAC address is padded in the center with FFFE, extending it to 64 bits in length.
Dual Stack
A host operating multiple protocols simultaneously on the same interface. Most hosts are capable of dual stack IPv4 and IPv6 operation for instance.
Enterprise LAN
A larger network with hundreds or thousands of servers and clients.
Repeater
A layer 1 device that takes a signal and repeats it to the devices that are connected to it. These can be used to maintain signal integrity and amplitude across a connection or a network
API (Application Programming Interface)
A library of programming utilities used, for example, to enable software developers to access functions of the TCP/IP network stack under a particular operating system.
Bus Topology
A linear network with all nodes attached directly to the main cable. The ends of themust be terminated so that the signal is absorbed once it has passed all of the connected devices. Signal transmission normally occurs in both directions from the source.
Log
A list of events that contains metadata on those events and serves as a valuable information in understanding and aiding performance, troublshooting, and security (auditing).
IPv6 Addresses
A long-term solution to the problem of address space exhaustion by using a 128-bit addressing scheme assigned to a computer on a TCP/IP network.
ANT+
A low-power connectivity standard working in the 2.4 GHz range closely associated with fitness monitors and sensor equipment.
Logic Bomb
A malicious program or script that is set to run under particular circumstances or in response to a defined event.
Static Route
A manually-defined route created by adding routing entries in the router's memory. These routes will only change if you manually edit them
Beaconing
A means for a network node to advertise its presence and establish a link with other nodes, such as the management frame sent by an AP. Legitimate software and appliances do this but it is also associated with Remote Access Trojans (RAT) communicating with a Command & Control server.
Authentication
A means for a user to prove their identity to a computer system. is implemented as either something you know (a username and password), something you have (a smart card or key fob), or something you are (biometric information). Often, more than one method is employed (2- factor ).
NAC (Network Access Control)
A means of ensuring endpoint security; that is, ensuring that all devices connecting to the network conform to a "health" policy (patch level, antivirus/firewall configuration, and so on).
Separation of Duties
A means of establishing checks and balances against the possibility that critical systems or procedures can be compromised by rogue use of access permissions. It includes least privilege, SOPs, shared authority, auditing, mandatory vacations, and other policies.
IaaS (Infrastructure as a Service)
A means of provisioning IT resources such as servers, load balancers, and Storage Area Network (SAN) components quickly. Rather than purchase these components and the Internet links they require, you rent them on an as-needed basis from the service provider's data center
DHCP (Dynamic Host Configuration Protocol) Request
A message returned to a DHCP server by a client that asks to lease an IP address from the DHCP server.
Data Rollup
A method of optimizing logs by summarizing them over a certain period of time through averaging out individual sample values.
Smartphone
A mobile device that provides both phone and SMS text messaging functionality and general purpose computing functionality, such as web browsing and email plus running software apps. These devices typically have screen sizes of between 4 and 5.5 inches.
LLMNR (Link-Local Multicast Name Resolution)
A modified form of DNS that allows clients to perform name resolution on a local link without needing a server.
Host Name
A name assigned to a computer by an administrator. This name consists of letters, numbers, and hyphens.
Cache-only Name Server
A name server that doesn't maintain a zone (primary or secondary). They often rely on forwarding to resolve queries for client resolvers.
DNS Forwarder
A name server that has been configured to provide forwarding, transmitting a client query to another DNS server and routing the replies it gets back to the client.
Authoritative Name Server
A name server that holds complete records for a particular domain. This means that a record in the zone identifies the server as a name server for the domain.
DoS (Denial of Service)
A network attack that aims to disrupt a service, usually by overloading it.
SAN (Storage Area Network)
A network dedicated to data storage, typically consisting of storage devices and servers connected to switches via Host Bus Adapters.
Intranet
A network designed for information processing within a company or organization. This network uses the same technologies as the Internet but is owned and managed by a company or organization.
Peer-to-Peer
A network in which there is no dedicated server, but instead, each computer connected to the network acts as both a server and client (each computer is a peer of the other computers).
Botnet
A network of computers that have been compromised by Trojan/rootkit/worm malware. Providing this network can also subvert any firewalls between the controller (or herder) and the compromised computers (zombies) they can be remotely controlled and monitored using covert channels.
Extranet
A network of semi-trusted hosts, typically representing business partners, suppliers, or customers. Hosts must authenticate to join this network.
Broadcast Domain
A network or segment where any node connected to the network can directly transmit to any other node in the area without a central routing device. Microsegmentation does not stop broadcasts.
Client
A network provides connectivity to file servers. Server is a model for providing network resources from a centrally controlled location. The server computer or application hosts the resource. A computer or application requests the resource from the server. You will require a for each type of server to which you have a connection - for example, Windows, NetWare, or Linux.
MAN (Metropolitan Area Network)
A network that covers the area of a city (that is, no more than tens of kilometers). the network is larger than a LAN and smaller than a WAN, but it can operate at speeds that are comparable with LANs.
Hybrid Topology
A network that uses a combination of physical or logical topologies. In practice most networks use hybrid topologies
Toner Probe (Tone Generator/Fox and Hound)
A network tone generator and probe are used to trace a cable from one end to the other. This may be necessary when the cables are bundled and have not been labeled properly.
Ring Topology
A network topology in which all of the computers are connected in a circle. This topology comprises a series of point-to-point links between each device. Signals pass from device to device in a single direction with the signal regenerated at each device.
Star Topology
A network topology in which each node is connected to a central point, typically a switch or a router. The central point mediates communications between the attached nodes. When a device such as a hub is used, the hub receives signals from a node and repeats the signal to all other connected nodes. Therefore the bandwidth is still shared between all nodes. When a device such as a switch is used, point-to-point links are established between each node as required. The circuit established between the two nodes can use the full bandwidth capacity of the network media.
Flood/Flooding
A network transmission state in which data arrives at a receiving node too quickly to be processed.
Packet Sniffer
A network troubleshoting application that provides a comprehensive view of an organization's network. As data flows across a network, this application can monitor the packet flow by intercepting it, logging it, and analyzing the information according to baseline specifications.
Alert
A notification that is sent to an administrator if a network threshold is exceeded. These could be a low priority stating that something has been recorded in a log, or high priority notification via SMS or email or physical alarm.
RARP (Reverse ARP)
A now obsolete autoconfiguration mechanisms, this allows a host to obtain an IP address from a server configured with a list of MAC:IP address mappings. However, it can only be used to obtain an IP address, which is inadequate for most implementations of IP. It has been replaced by BOOTP.
Decimal
A number system of base 10 where a digit can take any one of ten different values (0 - 9).
Hexadecimal
A number system of base 16 where a digit can take any one of 16 different values, 0-9 and A-F representing values greater than 9.
Multicast
A packet sent to a selection of hosts (in IP, those belonging to a multicast group)
Broadcast
A packet sent to all hosts on the local network (or subnet). Routers do not ordinarily forward broadcast traffic. The address of IP is one where the host bits are all set to 1; at the MAC layer it is the address ff:ff:ff:ff:ff:ff.
Anti-ESD Mat
A pad used for standing or working on and designed to dissipate electrical charge in order to avoid damanging equipment.
Crosstalk
A phenomenon whereby one wire causes interference in another as a result of their close proximity. the wires ensures the emitted signals from one wire are cancelled out by the emitted signals from the other and it also protects the wires from external interference.
Bottleneck
A point of poor performance that reduces the productivity of the whole network. This can occur because a device is underpowered or faulty, or because of a user behavior.
Ethernet (802.3)
A popular Local Area Networking technology defining media access and signaling methods.
DMZ (Demilitarized Zone)
A private network connected to the Internet must be protected against intrusion from the Internet.
NetBEUI/NetBIOS
A proprietary Microsoft network transport protocol typically found in non-routed networks. is a session management protocol used to provide name registration and resolution services on legacy Microsoft networks.
FTPS
A type of FTP using SSL for confidentiality.
Syslog
A protocol enabling different appliances and software applications to transmit logs or event records to a central server.
Dynamic Routing Protocol
A protocol running on a router that can automatically detect network traffic congestion or device failures and calculate a different routing path.
EGP (Exterior Gateway Protocol)
A protocol that can perform routing between autonomous systems.
IGP (Interior Gateway Protocol)
A protocol that performs routing within a network under the administrative control of a single owner, also referred to as an Autonomous System (AS).
SIP (Session Initiation Protocol)
A protocol used to establish, disestablish, and manage VoIP and conferencing communications sessions. It handles user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/video), and session management and termination
FTP (File Transfer Protocol)
A protocol used to transfer files across the Internet. Variants include S(ecure)FTP, FTP with SSL (FTPS and FTPES) and T(rivial)FTP. FTP utilizes ports 20 and 21.
Certificate
A public key that has been certified by some agency, validating that the owner of the key is really who he or she says he or she is. This allows a sender to encrypt a message using the public key in the knowledge that only the recipient will be able to read it (using their linked private key). can also be used as proof of identity (for authentication or signing documents). Most are based on the X.509 standard though PGP web of trust are also popular.
SSH (Secure Shell)
A remote administration and file copy program that is flexible enough to support VPNs too (using port forwarding). This runs on TCP port 22.
Backdoor
A remote administration utility providing a means of configuring a computer. Remote admin software may be installed intentionally, in which case it must be properly secured. These may also be installed by malware.
Dial-up
A remote network access method that utilizes the local telephone line (Plain Old Telephone System [POTS]) to establish a connection between two computers fitted with modems.
NS (Name Server)
A resource record that identifies authoritative DNS name servers for the zone.
MX (Mail eXchanger)
A resource record used to identify an email server for the domain.
A (Address)
A resource record used to resolve a host name to an IPv4 address. This is the most common type of record in a DNS zone.
BIA (Business Impact Analysis)
A risk assessment will identify a range of threats and for each significant threat perform a to determine the likelihood of the threat exploiting a vulnerability and the cost to the business should a vulnerability be exposed.
Learned Route
A route that was communicated to the router by another router using a dynamic routing protocol. use these dynamic protocols to exchange information about connected networks periodically and select the best available route to a particular destination.
Flat Routing System
A routing system where all routers can inter-communicate with one another. Each network ID requires a separate entry in the routing table, which can be problematic in very large internetworks.
Hierarchical Routing System
A routing system where certain routers form a routing backbone and other routers are grouped into logical collections, sometimes called areas or domains.
RAS (Remote Access Server)
A server configured to process remote connections
Proxy Server
A server that mediates the communications between a client and another server. can filter and often modify communications as well as providing caching services to improve performance.
DHCP (Dynamic Host Configuration Protocol) relay Agent
A service that captures a BOOTP broadcast and forwards it through the router as a unicast transmission to a DHCP server on a remote subnet.
Protocol
A set of rules enabling systems to communicate (exchange data). A single network will involve the use of many of these. In general terms, this defines header fields to describe each packet, a maximum length for the payload, and methods of processing information from the headers.
802 Protocols
A set of standards, published by the LAN/MAN Standards Committee of the Institute of Electrical and Electronics Engineers (IEEE), define technologies working at the physical and data link layers of the OSI model. These layers are subdivided into two sub-layers. The Logical Link Control (LLC) sub-layer is used with other, such as 802.3 and 802.11, which are conceived as operating at a Media Access Control (MAC) sublayer and the physical (PHY) layer.
Analog
A signal can be either or digital. An signal is characterized by a continually changing wave, while a digital signal has discrete states (for example, 1 or 0). Some devices still use signaling, as the wave form requires less capacity and can travel farther. However, most new technologies use digital signaling, to eliminate the need for conversion and to reduce the errors introduced by signaling.
TFTP (Trivial File Transfer Protocol
A simplified form of FTP supporting only file copying (FTP can also enumerate directory contents, create directories, remove files and directories, and so on). TFTP works over UDP port 69.
SIM (Subscriber Identity Module)
A small chip card that identifies the user and phone number of a mobile device, via an International Mobile Subscriber Identity (ISMI). This card also provides a limited amount of local storage, for contacts
Content Filter
A software application or gateway that filters client requests for various types of internet content (web, FTP, IM, and so on). The software can work on the basis of keywords, URLs, time of day/total browsing time, and so on.
Network Operating System (NOS) Firewall
A software-based firewall running under a network server OS, such as Windows or Linux. The server would function as a gateway or proxy (see below) for a network segment.
DMVPN (Dynamic Multipoint VPN)
A software-based mechanism that allows VPNs to be built and deleted dynamically.
CAM (Content Addressable Memory)
A special type of memory optimized for searching rather than random access. The MAC address table is often also referred to as the table
Default Route
A special type of static route that identifies the next hop router for an unknown destination. This route is only used if there are no matches for the destination in the rest of the routing table.
Appliance Firewall
A stand-alone hardware firewall that performs the function of a firewall only. The functions of the firewall are implemented on the appliance firmware.
NAS (Network Attached Storage)
A storage device with an embedded OS that supports typical network file access protocols (TCP/IP and SMB for instance).
Multifactor Authentication
A strong authentication method that requires multiple forms of authentication schemes, including something you know, something you have, or something you are (for example, protecting use of a smart card certification [something you have] with a PIN [something you know]).
Multilayer Switch
A switch that can route based on the contents of packets at layers 3 and up. A layer 3 switch is used to route more effectively in a VLAN environment.
Managed Switch
A switch that must be set up via a web interface or command line to effectively use and includes configuring settings for each of the switch port interfaces.
DSL (Digital Subscriber Line)
A technology for transferring data over voice-grade telephone lines. This technology uses the higher frequencies available in a copper telephone line as a communications channel. The use of a filter prevents this from contaminating voice traffic with noise. The use of advanced modulation and echo cancelling techniques enable high bandwidth, full-duplex transmissions.
nslookup
A tool for querying DNS server records.
Crimper
A tool to join a network jack to the ends of network patch cable.
Mesh Topology
A topology often used in WANs where each device has (in theory) a point-to-point connection with every other device (fully connected); in practice, only the more important devices are directly interconnected (partial mesh).
Point-to-Point/Point-to Multipoint Topology
A topology where two nodes have a dedicated connection to one another. In a point-to-multipoint topology, a central node mediates links between remote nodes
Anycast
A transmission method in which data is sent from a server to the nearest host within a group.
GRE (Generic Routing Encapsulation)
A tunneling protocol allowing the transmission of encapsulated frames or packets from different types of network protocol over an IP network.
SFTP (Secure File Transfer Protocol)
A type of FTP using SSH for confidentiality.
Ransomware
A type of malware that tries to extort money from the victim, by appearing to lock their computer or by encrypting their files for instance.
LAN (Local Area Network)
A type of network covering various different sizes but generally considered to be restricted to a single geographic location and owned/managed by a single organization.
Load Balancer
A type of switch or router that distributes client requests between different resources, such as communications links or similarly-configured servers. This provides fault tolerance and improves throughput.
Patch Panel
A type of wiring cross-connect with IDCs to terminate fixed cabling on one side and modular jacks to make cross-connections to other equipment on the other. Patch panels simplify Moves, Adds, and Changes (MACs) in network administration.
IP Address
A unique address given to each IP host. This can be manually assigned or dynamically allocated (using a DHCP server).
MAC (Media Access Control) Address
A unique hardware address that is hard-coded into a network card by the manufacturer
ip
A utility providing information about the IP configuration of a UNIX/Linux-based workstation
ifconfig
A utility providing information about the IP configuration of a UNIX/Linux-based workstation.
ipconfig
A utility providing information about the IP configuration of a Windows workstation.
Jitter
A variation in the time it takes for a signal to reach the recipient.
Password Policy
A weakness of password-based authentication systems is when users demonstrate poor password practice.
captive portal
A web page or website to which a client is redirected before being granted full network access. This might allow limited network browsing, provide an authentication me
OOB (Out-of-Band) Management
Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.
IPv6 Link-local Addressing
Addresses that are used to communicate and automatically assigned on private network segments with no router. These addresses usually begin with FE80, but can range from FE80 to FCFF. They are the equivalent of self-assigned IPv4 automatic private IP addressing (APIPA) addresses.
IPv6 Transitional Addresses
Addresses used on mixed networks to support routing of IPv6 data across IPv4 networks. This class will be phased out when all routers convert to IPv6
Resource Record
Allows the DNS server to resolve requests that arrive from other network hosts into IP addresses. DNS zones contain numerous of these, including SOA, NS, A, AAAA, etc.
Tunneling
Also called encapsulation, this is the act of wrapping up data from one protocol for transfer over a different type of network.
Load Testing
Also called stress testing, this is when a network administrator tests their systems under load to simulate working conditions or for assessing likely future problems under higher loads.
NGFW (Next Generation Firewall)
Also known as a Layer 7 Firewall or Application Layer Gateway, this firewall can inspect and parse (interpret) the contents of packets at the application layer.
Baud
Also known as the symbol rate, this means the number of symbols per second transmitted in an analog signal (a symbol being some characteristic of the signal, such as a change in frequency or amplitude).
OCx (Optical Carrier)
Alternative designation for SONET bandwidth service levels.
Jumbo Frame
An Ethernet frame with a payload larger than 1500 bytes (up to about 9000 bytes). are often used on Storage Area Networks.
Subnet Mask
An IP address consists of a Network ID and a Host ID. This mask is used to distinguish these two components within a single IP address. It is used to "mask" the host ID portion of the IP address and thereby reveal the network ID portion. The typical format for a mask is 255.255.0.0. Classless network addresses can also be expressed in the format 169.254.0.0/16, where /16 is the number of bits in the mask. IPv6 uses the same /nn notation to indicate the length of the network prefix.
Management URL
An IP address or FQDN used to access the management interface of a network appliance
Hub
An OSI layer 1 network device used to implement a star network topology on legacy Ethernet networks. These devices may also be known as "multiport repeaters" or concentrators. They are the central points of connection for segments and act like repeaters so that every segment receives signals sent from any other segment.
Digital Certificate
An X.509 digital certificate is issued by a Certificate Authority (CA) as a guarantee that a public key it has issued to an organization to encrypt messages sent to it genuinely belongs to that organization
TACACS+ (Terminal Access Controller Access Control System)
An alternative to RADIUS developed by Cisco. The version in current use is TACACS+; TACACS and XTACACS are legacy protocols
Divide and Conquer Approach
An approach to troubleshooting in which, rather than starting at the top or bottom, you start with the layer of the OSI Mdel most likely to be causing the problem and then working either down or up depending on what your tests revea.
Top-to-Bottom vs Bottom-to-Top Approach
An approach to troubleshooting that follows working your way up or down the OSI Model to methodically diagnose and resolve an issue.
Multimeter
An electrical meter capable of measuring voltage, resistance, and current
An electronic store and forward messaging system.
Distributed Switching
An enterprise network will feature multiple switch appliances arranged in a fault-tolerant hierarchy and often centrally managed and automated using Software Defined Networking (SDN)
Flow Control
An important function of TCP which handles the flow of packets to ensure the sender does not inundate the receiver with packets.
Troubleshooting Documentation
An organized set of information describing the issue, information gathered, possible causes you isolated, corrections formulated, results, and any external resources. This could be within a support ticket system.
ICMPv6 (Internet Control Message Protocol v6)
An updated version of ICMP for IPv6 that supports error messaging and informational messaging.
Neighbor
Another node on the same link.
Physical Layer
Lowest layer of the OSI model providing for the transmission and receipt of data bits from node to node
SSO (Single Sign-on)
Any authentication technology that allows a user to authenticate once and receive authorizations for multiple services. Kerberos is a typical example of an authentication technology providing this.
Algorithm
Any defined method of performing a process but in encryption, the term specifically refers to the technique used to encrypt a message. The strength of an algorithm depends to a large extent on the size of its key (the code that enables a message to be encrypted or decrypted). A minimum key size of 2048 bits is considered secure by NIST. There are a number of in use for different types of encryption. Some of the main technologies are SHA-1 and MD5 (hash functions), 3DES, AES, RC (Rivest Cipher), IDEA, Blowfish/Twofish, and CAST (used for symmetric encryption [where the same key is used to encrypt and decrypt]), and Diffie-Hellman, RSA, ElGamal, and ECC (used for asymmetric encryption, where two linked keys are used).
Cloud Computing
Any environment where software (Software as a Service and Platform as a Service) or computer/network resources (Infrastructure as a Service and Network as a Service) are provided to an end user who has no knowledge of or responsibility for how the service is provided. These services provide elasticity of resources and pay-per-use charging models. These service access arrangements can be public, hosted private, or private (this type of cloud could be onsite or offsite relative to the other business units).
CSU/DSU (Channel Service Unit/Data Service Unit)
Appliance providing connectivity to a digital circuit. The encodes the signal from Data Terminal Equipment (DTE) - that is, a PBX or router - to a signal that can be transported over the cable. is used to perform diagnostic tests on the line.
SDN (Software Defined Networking)
Application Programming Interfaces (API) and compatible hardware allowing for programmable network appliances and systems
MAC Filter
Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it.
Protocol Binding
Assigning a protocol to a network interface card (NIC).
Serial Cable
Asynchronous serial transmission (RS-232) is one of the oldest PC bus standards. The serial port is now little used but does provide an "out-of-band" means of configuring network appliances such as switches and routers. Updated serial signaling technologies include USB and Firewire, which can be used for home networking.
Network Monitoring
Auditing software that collects status and configuration information from network devices. Many products are based on the Simple Network Management Protocol (SNMP).
CHAP (Challenge Handshake Authentication Protocol)
Authentication scheme developed for dial-up networks that uses an encrypted three-way handshake to authenticate the client to the server. The challenge-response is repeated throughout the connection (though transparently to the user) to guard against replay attacks.
Trunk
Backbone links between switches and routers. Trunking protocols enable switches to exchange data about VLAN configurations. The 802.1q protocol is often used to tag frames destined for different VLANs across trunk links.
ST (Straight Tip) Connector
Bayonet-style twist-and-lock connector for fiber optic cabling.
Power Failures
Blackouts that put systems and infrastructure offline.
IDC (Insulation Displacement Connector)
Block used to terminate twisted pair cabling. The main formats are 110 and Krone.
Crossover Cable
Cabling where the transmit pair at one end is connected to the receive pair at the other. This enables two hosts to communicate directly without a hub (or the connection of two hubs).
MMF (Multimode Fiber)
Category of fiber optic cable. is cheaper (using LED optics rather than lasers) but supports shorter distances (up to about 500m).
SMF (Single Mode Fiber)
Category of fiber optic cable. is more expensive supports much longer distances (up to about 70 km).
Switching Loop
Causes broadcast frames to circulate the network perpetually. Such loops at the data link layer can cause what are often called broadcast storms.
LTE (Long Term Evolution)
Cellular provider (3GPP) upgrade to 3G technologies such as W-CDMA and HSPA. The advanced version of this is designed to provide 4G standard network access.
Default Account
Default administrative and guest accounts configured on servers and network devices are possible points of unauthorized access
Hoaxes
Email, instant messaging, and website pop-ups are commonly used to spread false information, such as false virus or spyware alerts.
route
Command utility to configure and manage the routing table on a Windows or Linux host
CIA Triad
Confidentiality, Integrity, and Availability - the goals for providing a secure information management system.
Host
In TCP/IP networking terminology, this is a device that can directly communicate on a network.
Heat Map
In a Wi-Fi site survey, a diagram showing signal strength at different locations.
Public vs. Private Addressing
Classful IP addresses are divided into blocks representing different network sizes. Public IPs are allocated to companies through ISPs. Certain address blocks are designated private and can be used on a LAN without registering them. Such addresses are not routable over the Internet though.
PAN (Personal Area network
Close range networking (usually based on Bluetooth or NFC) allowing communications between personal devices, such as smartphones, laptops, and printers/peripheral devices.
RJ (Registered Jack) Connector
Connector used for twisted pair cabling.
Benefits of Subnetting
Conserving IP addresses, improving network performance, and providing a more secure network environment.
Transceiver
Converts the signal from the computer to a signal that can be sent over the network medium (and vice versa - that is, it transmits and receives). These are usually incorporated onto the network adapter and are specific to a particular media type. There are also modular versions of these, such as Small Form Factor Pluggable (SFP/SFP+/QSFP/QSFP+) and Gigabit Interface Converter (GBIC), designed to plug into switches and other network equipment.
Port Mirroring
Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch.
DHCP (Dynamic Host Configuration Protocol) Reservation
DHCP lease assignments that enable you to configure a permanent IP address for a client.
DNS Records
DNS servers store information about resources in different types of records
PII (Personally Identifiable Information)
Data that can be used to identify or contact an individual (or in the case of identity theft, to impersonate them).
Attenuation
Degradation of a signal as it travels over media. This determines the maximum distance for a particular media type at a given bit rate.
T-carrier
Developed by Bell Labs to allow multiple calls to be placed on a single cable. Each channel provides enough bandwidth for a voice communication session and is known as a DS0 or a Kilostream link.
MPLS (Multiprotocol Label Switching)
Developed by Cisco from ATM as a means of providing traffic engineering (congestion control), Class of Service, and Quality of Service within a packet switched, rather than circuit switched, network.
AP (Access Point)
Device that provides connectivity between wireless devices and a cabled network. with Internet connectivity located in public buildings (cafes, libraries, airports for instance) are often referred to as hotspots.
Media Converter
Device to convert one media type to another (such as fiber optic to UTP).
PPP (Point to Point Protocol)
Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks. Often used to connect to an ISP's routers and out to the Internet.
EMI (Electromagnetic Interference)
EMI sources (such as fluorescent lights, air conditioning, and power cables) can corrupt signals.
PDU (Protocol Data Unit)
Each network protocol working at a particular network layer encapsulates data using fields in a header plus a payload containing the PDU from the upper layer. At layer 2, PDUs are called frames, at layer 3 they are called datagrams or packets, and at layer 4 they are called segments if they use TCP or datagrams if they use UDP.
Network Separation
Enforcing a security zone by separating a segment of the network from access by the rest of the network. This could be accomplished using firewalls or VPNs or VLANs. A physically separate network or host (with no cabling or wireless links to other networks) is referred to as air-gapped.
Power Level Controls
Enterprise-class wireless access points and adapters support configurable power level controls. In some circumstances, increasing power can increase range and overcome local interference.
False Positive/False Negative
Error in monitoring or identification technology that either reports an event as an incident when it is not (false positive) or does not report an event as an incident (false negative).
Straight-through Cable
Ethernet cables and connectors carry data over Transmit (Tx) and Receive (Rx) pairs. Normally, a host would be linked to a connectivity device such as a hub or a switch using _____ and connectors. The hub receives the Tx signal from the host on its Tx pair, performs a crossover, and broadcasts it to the destination host on the Rx pair
IV (Initialization Vector) Attack
Faults in the way that WEP implements the stream cipher used to encrypt traffic mean that the key can be recovered using cryptanalysis tools such as Aircrack given sufficient packets to analyze. Such tools can typically crack both 64-bit and 128-bit WEP encryption in a matter of minutes. WPA is not vulnerable to this attack (though weak passwords are still vulnerable to dictionary cracking).
IEEE (Institute of Electrical and Electronics Engineers)
Formed as a professional body to oversee the development and registration of electronic standards.
EAP (Extensible Authentication Protocol)
Framework for negotiating authentication methods, supporting a range of authentication devices. EAP-TLS uses PKI certificates, Protected EAP (PEAP) creates a TLS-protected tunnel between the supplicant and authenticator to secure the user authentication method, and Lightweight EAP (LEAP) is a password-based mechanism used by Cisco.
Bandwidth
Generally used to refer to the amount of data that can be transferred through a connection over a given period. It more properly means the range of frequencies supported by transmission media, measured in Hertz.
IPv6 Global Addresses
Globally routable public addresses. Also known as aggregatable global unicast addresses, they are designed such that they can be summarized for efficient routing. These are the equivalent of the entire IPv4 public address space.
Firewall
Hardware or software that filters traffic passing into or out of a network (for example, between a private network and the Internet). A basic packetfiltering works at Layers 3 and 4 (Network and Transport) of the OSI model.
Resilience
Having multiple paths in a network so that if one link fails, the network can remain operational by forwarding frames over a different path.
SONET
High-speed fiber optic network used for the new generation of telecommunications backbones. Service levels are defined in multiple of the original bandwidth (51.84 Mbps) and are variously titled STS, OCx, or SDH.
FC (Fibre Channel)
High-speed network communications protocol used to implement SANs.
ES (End Systems)
Hosts with no capacity to forward packets to other IP networks.
LACP (Link Aggregation Control Protocol [IEEE 802.3ad/802.1ax])
IEEE protocol governing the use of bonded Ethernet ports (NIC teaming).
EUI (Extended Unique Identifier)
IEEE's preferred term for a network interface's unique identifier. An EUI-48 corresponds to a MAC address while an EUI-64 is one that uses a 64-bit address space. There is an IPv6 translation mechanism to convert EUI-48 addresses to EUI-64 ones.
iSCSI (Internet SCSI)
IP tunneling protocol that enables the transfer of SCSI data over an IP-based network to create a SAN.
ICMP (Internet Control Message Protocol)
IP-level protocol for reporting errors and status information supporting the function of troubleshooting utilities such as ping.
SSID (Service Set ID)
Identifies a particular Wireless LAN (WLAN). This "network name" can be used to connect to the correct network. When multiple APs are configured with the same network name, this is referred to as an E(xtended) SSID.
Biometric
Identifying features stored as digital data can be used to authenticate a user. Typical features used include facial pattern, iris, retina, or fingerprint pattern, and signature recognition. This requires the relevant scanning device, such as a fingerprint reader, and a database of information (template).
OS Fingerprinting
Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans
Approaching Multiple Problems
If a user outlines multiple, separate issues during a single troubleshooting session, treat them each as separate problems and tackle on at a time. This may include filling out a separate support ticket.
IP Exclusions
In DHCP, the ability to configure a range of IP addresses (or a single IP address) to be excluded from those being offered for automatic assigning to DHCP clients. These addresses are often reserved for mission critical devices.
TLD (Top-level Domains)
In DNS hierarchy, the domains immediately below the root, including .com, .org, .net, and more.
Octets
In IPv4 address structure, the 32 bits that are subdivided into four groups of 8 bits (1 byte).
Dotted Decimal Notation
In IPv4, a way of writing each octet so that it is converted to a decimal value. The decimal numbers are separated using a period.
Broadband
In a technical ense, a transmission that divides the available media bandwidth into a number of transmission paths or channels. WAN signaling generally uses this form of transmission and consequently the term is used generally to refer to 1 MBps+ Internet links such as DSL or cable.
Addressing (Network)
In order to communicate on a network, each host must have an . Different protocols use different methods of addressing. For example, IPv4 uses a 32-bit binary number, typically expressed as a 4-part decimal number (dotted decimal notation) while IPv6 uses a 128-bit binary number expressed in hexadecimal. A routable scheme such as IP also provides identification for distinct networks as well as hosts.
Access Layer
In terms of network hierarchy, this layer allows end-user devices, such as computers, printers, and smartphones to connect to the network. It also prevents the attachment of unauthorized devices.
Core Layer
In terms of network hierarchy, this provides a highly available network backbone. Its purpose should be kept simple: provide redundant traffic paths for data to continue to flow around the access and distribution layers of the network.
Classful Addressing
In the early days of IP addressing, the network ID was determined automatically from the first octet of the address. When subnet masks were introduced, the "default" masks (255.0.0.0, 255.255.0.0, and 255.255.255.0) that corresponded to treating the first octet as classful were commonly described as "class A", "class B", and "class C" masks. The Internet no longer uses classful addressing but many LANs use the private IP address ranges and the default masks.
MSDS (Materials Safety Data Sheet)
Information sheet accompanying hazardous products or substances explaining the proper procedures for handling and disposal.
IR (Infrared)
Infrared Data Association (IrDA) was a wireless networking standard supporting speeds up to about 4 Mbps. These types of sensors are used in mobile devices and with IR blasters to control appliances.
IPsec
Layer 3 protocol suite providing security for TCP/IP. It can be used in two modes (transport, where only the data payload is encrypted, and tunnel, where the entire IP packet is encrypted and a new IP header added).
Status Indicator
Light Emitting Diodes (LED) are used to indicate the status of various devices, including PC power supplies, batteries, drive activity, and network activity. Network equipment LEDs usually show connection speed and activity
MTTR/MTTF/MTBF
Mean Time to Failure (MTTF) and Mean Time Between Failures (MTBF) represent the expected lifetime of a product or system. Mean Time to Repair (MTTR) is a measure of the time taken to correct a fault so that the system is restored to full operation.
GPS (Global Positioning System)
Means of determining a receiver's position on the Earth based on information received from satellites. The receiver must have line-of-sight to such satellites.
TKIP (Temporal Key Integrity Protocol)
Mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard
RDP (Remote Desktop Protocol)
Microsoft's protocol for operating remote connections to a Windows machine (Terminal Services), allowing specified users to log onto the Windows computer over the network and work remotely. The protocol sends screen data from the remote host to the client and transfer mouse and keyboard input from the client to the remote host. It uses TCP port 3389
CDMA (Code Division Multiple Access)
Method of multiplexing a communications channel using a code to key the modulation of a particular signal. This method is associated with Sprint and Verizon cellular phone networks.
TDMA (Time Division Multiple Access)
Method of multiplexing a communications channel using time slots. GSM uses this method whereby groups of phone calls are bundled with each call getting assigned a channel and time slot. The receiving device only listens to the assigned channel and time slot to assemble the call.
Administrative Distance
Metric determining the trustworthiness of routes derived from different routing protocols.
Cell Phone
Mobile telephony works through a series of base station transmitters (cells) that connect to the cellular and telephone networks. This network can be used for voice and data communications. Data communications are divided into 2G (GSM; up to about 14 Kbps), 2.5G (GPRS, HSCSD, and EDGE; up to about 48 Kbps), and 3G (WCDMA; up to about 2 Mbps).
AES (Advanced Encryption Standard)
Modern encryption suite providing symmetric encryption (the same key is used to encrypt and decrypt). is a very strong cipher with many applications, including being part of the WPA2 Wi-Fi encryption scheme.
ISAKMP (Internet Security Association and Key Management Protocol)
Most commonly referred to as part of the Internet Key Exchange (IKE) protocol as used in IPsec. This is a framework for creating a Security Association (SA). An SA establishes that two hosts trust one another (authenticate) and agree secure protocols and cipher suites to use to exchange data.
IP (Internet Protocol)
Network (internet) layer protocol in the TCP/IP suite providing packet addressing and routing for all higher level protocols in the suite.
Directly Connected Route
Once a router has received a packet, it goes through the same process that the source host did to calculate whether the packet needs to be routed to another router or whether the packet can be delivered locally to another interface
Documenting Findings, Actions, and Outcomes
Once an issue has been resolved, this is the process of recording what happened during the troubleshooting practice and the outcomes in order to effectively inform future issues and ensure troubleshooting efficiency.
Hop
One link in the path from a host to a router or from router to router. Each time a packet passes through a router, the count of these (or TTL) is decreased by one.
RTP (Real-time Transport Protocol)
Opens a data stream for video and voice applications over UDP. The data is packetized and tagged with control information (sequence numbering and time-stamping).
SLA (Service Level Agreement)
Operating procedures and standards for a service contract
Site Survey
Planning a wireless deployment by identifying optimum locations for antenna and access point placement to provide the required coverage for clients and identifying sources of interference
Threshold
Points of reduced or poor performance that generate an administrative alert, such as packet loss or link bandwidth drop
Standards and Guidelines
Policy sets the overall tone for how something should be done and is usually intended for a general audience. More detailed guidance and standards may be produced for different audiences, such as end users and technical staff. In addition to internal standards, many job tasks may be guided by external standards, legislation, and "best practice" guidance. External standards may come from industry practice, professional organizations, or legislation.
Frame Relay
Packet switched WAN protocol running over T-carrier or ISDN. Frame Relay is no longer widely deployed.
Loopback Address
Part of a Class A IP address range used to configure a special address typically used to check that TCP/IP is correctly installed on the local host.
POTS (Plain Old Telephone System
Parts of telephone network "local loop" using voice-grade cabling. Data transfer over this network is slow (33.3Kbps) and requires dial-up modems.
Physical Security
Physical access to premises and equipment should not be overlooked in designing security. Barriers can be physical and/or psychological. Entry control mechanisms range from ID badges and simple key locks to certificate-based (physical tokens) or biometric access control.
Registered Ports
Ports that fall between 1024 and 49,151 that are registered to software makers for use by specific applications and services that are not as well-known as the services in the "well-known" range.
Dynamic Ports
Ports that fall between 49,152 and 65,535 that are set aside for use by unregistered services and services (typically, client applications) needing a temporary connection.
Port Security
Preventing a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.
SLIP (Serial Line IP)
Prior to the emergence of PPP, this protocol provided dial-up TCP/IP support
Incident Response Policy
Procedures and guidelines covering appropriate priorities, actions, and responsibilities in the event of security incident
Fault Tolerance (Redundancy)
Protection against system failure by providing extra (redundant) capacity.
STP (Spanning Tree Protocol)
Protocol allowing multiple bridges/switches to arrange themselves in such a way as to enable loop-free broadcast communications when redundant links are present between the devices. The frames exchanged are called Bridge Protocol Data Units (BPDU).
TCP (Transmission Control Protocol)
Protocol in the TCP/IP suite operating at the transport layer to provide connection-oriented, guaranteed delivery of packets. Hosts establish a session to exchange data and confirm delivery of packets using acknowledgements. This overhead means the system is relatively slow.
PaaS (Platform as a Service)
Provides resources somewhere between SaaS and IaaS.
110 Block
Punch-down cross-connect format offering high density (supporting up to 300 pairs). 110 wiring blocks are used for various applications. The 110 IDC format is used in most patch panels and wall jacks.
Packet Sniffing
Recording data from frames as they pass over network media.
Backup
Recovery of data can be provided through the use of a backup system. Most systems provide support for tape devices. This provides a reasonably reliable and quick mechanism for copying critical data. Different types (full, incremental, or differential) balance media capacity, time required to , and time required to restore.
Automatic Allocation
Refers to an address that is leased permanently to a client. This is distinct from static allocation as the administrator does not pre-determine which particular IP address will be leased.
IS (Intermediate Systems)
Routers that interconnect IP networks and can perform packet forwarding on behalf of hosts that cannot do so themselves.
Dynamic Routing
Routers that perform route discovery operations to build and update routing tables themselves by using specially designed software
Encryption
Scrambling the characters used in a message so that the message can be seen but not understood or modified unless it can be deciphered.
BYOD (Bring Your Own Device)
Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data
IP AM (IP Address Management)
Software consolidating management of multiple DHCP and DNS services to provide oversight into IP address allocation across an enterprise network.
H.323
Session control protocol for VoIP and messaging networks running over TCP port 1720.
Bluetooth
Short-range radio-based technology, the most used version of this working at up to 10m (30 feet) at up to 1 Mbps and used to connect peripherals (such as mice, keyboards, and printers) and for communication between two devices (such as a laptop and smartphone). The advantage of radio-based signals is that devices do not need line-of-sight, though the signals can still be blocked by thick walls and metal and can suffer from interference from other radio sources operating at the same frequency (2.4 GHz). A low energy version of this is designed for small battery-powered devices that transmit small amounts of data infrequently.
LC (Lucent Connector)
Small Form Factor (SFF) version of the SC push-pull fiber optic connector; available in simplex and duplex versions.
MT-RJ (Mechanical Transfer Registered Jack)
Small Form Factor duplex fiber optic connector with a snap-in design; used for multimode networks.
Key Benefits of IPv6
Small, efficient IP headers, stateless auto-reconfiguration of hosts, a new field in the header to guarantee network resource allocation, and network-layer encryption and authentication with IPSec.
Shoulder Surfing
Social engineering tactic to obtain someone's password or PIN by observing him or her as he or she types it in.
SIEM (Security Information and Event Management)
Software designed to assist with security logging and alerting. provides correlation between observables and indicators and usually includes graphing tools to assist analysis of trends
Application Firewall
Software designed to run on a server to protect a particular application only (a web server firewall, for instance, or a firewall designed to protect an SQL Server database). This is a type of host-based firewall and would typically be deployed in addition to a network firewall.
DS (Intrusion Detection System)
Software or security appliance designed to monitor network traffic (NIDS) or configuration files and logs on a host (HIDS) to record and detect unusual activity. Many systems can automatically take preventive action (Intrusion Prevention System [IPS]). Detection is either signature-based or anomaly- based (or both). IDS software typically requires a lengthy period of configuration and "training" to recognize baseline "normal" activity.
DLP (Data Loss Prevention)
Software that can identify data that has been classified and apply "fine-grained" user privileges to it to prevent copying it or forwarding by email, for instance.
Network Mapper
Software that can scan a network and identify hosts, addresses, protocols, network interconnections, and so on.
Port Scanner
Software that enumerates the status of TCP and UDP ports on a target system. can be blocked by some firewalls and IDS.
Signature-based Monitoring
Software that monitors a system for malware infection, intrusion detection, or performance may be configured to recognize threat signatures or definitions based on known malware or attack patterns. This sort of system is quite simple to install but cannot provide any defense against unknown threats (zero day exploits) and requires its signature database to be kept up to date
Driver
Software that provides an interface between the operating system and the device.
Eavesdropping
Some transmission media are susceptible to listening in on communications sent over the media.
Account Expiration
Some user accounts may be created to allow only temporary access (for guest users, contractors, temporary staff, and so on).
Antenna
Specially arranged metal wires that can send and receive radio signals. These are used for radio-based wireless networking. For WLANs, are small and short-range (~45m [150 feet] indoor range) and generally send and receive in all directions (omni-directional).
FCoE (Fibre Channel over Ethernet)
Standard allowing for a mixed use Ethernet network with both ordinary data and storage network traffic.
LDAP (Lightweight Directory Access Protocol)
Standard for accessing and updating information in an X.500-style network resource directory. This protocol uses port 389.
Power Anomalies
Surges and spikes in electrical power that can damage devices, cause very brief power outages (brown outs) or can cause systems to lockup or reboot.
Pre-shared Key
Symmetric encryption technologies, require both parties to use the same private key. This key must be kept secret, which means that making the key known to both parties securely is a significant security problem. A pre-shared key is normally generated from a passphrase. A passphrase should be longer than a password and contain a mixture of characters.
Satellite
System of microwave transmissions where orbital satellites relay signals between terrestrial receivers or other orbital satellites. This type of connectivity is enabled through a reception antenna connected to the PC or network through a DVB-S modem
QoS (Quality of Service)
Systems that differentiate data passing over the network that can reserve bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth is often described as Class of Service (CoS).
NTP (Network Time Protocol)
TCP/IP application protocol allowing machines to synchronize to the same time clock. NTP runs over UDP port 123.
POP (Post Office Protocol)
TCP/IP application protocol providing a means for a client to access email messages stored in a mailbox on a remote server. The server usually deletes messages once the client has downloaded them. POP3 utilizes TCP port 110.
IMAP (Internet Message Access Protocol)
TCP/IP application protocol providing a means for a client to access email messages stored in a mailbox on a remote server. supports mailbox management functions, such as creating subfolders and access to the same mailbox by more than one client at the same time. IMAP4 utilizes TCP port number 143.
Telnet
TCP/IP application protocol supporting remote command-line administration of a host (terminal emulation). This is unauthenticated and has therefore been superseded by SSH or graphical remote configuration utilities. This protocol runs over TCP port 23.
BOOTP (Bootstrap Protocol)
TCP/IP protocol enabling a host to acquire IP configuration information from a server or download a configuration program using TFTP. is an earlier, simpler form of DHCP and also works over UDP port 67. Unlike DHCP, the configuration settings for each host must be manually configured on the server
IGMP (Internet Group Management Protocol)
TCP/IP suite network protocol supporting multicast operations.
Establishing a Plan of Action
Taken after you establish a probably cause, you'll create an action plan to resolve the issues, which could be to repair, replace, or ignore an issue.
Establishing a Probable Cause
Taken after you identify the problem, you use the answers to your initial questioning to establish a rough idea of where to look, what to look for, and what to diagnose.
T568A/T568B
Termination standards defined in the ANSI/TIA/EIA 568 Commercial Building Telecommunications Standards. 568A is mandated by the US government and for US residential wiring but the only commercial rule is not to mix the two on the same network. Wiring a cable with both 568A and 568B termination creates a crossover cable.
Licensing
Terms governing the installation and use of operating system and application software.
IPv6 Reserved Addresses
The 0000::/8 block (that is, IPv6 addresses where the first bits are 0000 0000) is reserved for special functions. These include two special addresses: unspecified address and loopback address
ARP Poisoning
The Address Resolution Protocol (ARP) maps IP addresses to network interfaces (MAC addresses). This is the process of injecting a false IP:MAC lookup into the victim's ARP cache. This can be used to perform a variety of attacks, including DoS, spoofing, and man-in-the-middle.
DiffServ
The Differentiated Services Code Point (DSCP) field is used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of Service (QoS) or Class of Service (CoS) scheduling.
10xBASE
The Ethernet-type networks can be subdivided into several types of network. The IEEE 802.3 standard uses the following notation to indicate Ethernet type: x-BASE-y, where "x" indicates the data rate (in Mbps), "BASE" denotes that baseband transmission is used and "y" either describes the maximum media distance or the cable type. More recent standards define gigabit (1000BASE-Y) and 10 Gigabit (10GBASE-Y) speeds.
DHCPv6 (Dynamic Host Configuration Protocol v6)
The IPv6 equivalent of DHCP for IPv4 networks. It is used to configure IPv6 hosts with IP addresses, IP prefixes, and other configuration data required to operate in an IPv6 network.
Scalability
The ability for additional users or devices to be added to the network without having to significantly re-design or re-engineer the existing infrastructure
Adaptability
The ability for new or changed services and applications to be accommodated with minimum disruption to the existing physical and logical topology. For example, if the customer wants to switch from a traditional telephone system to Voice-over-IP, the network will be able to accommodate this without requiring the installation of new cable.
Third-party/Cloud-hosted DNS
The act of having another organization be responsible for hosting your DNS records. Typically, this would be for Internet-accessible resources rather than local network ones. The DNS hosting provider must ensure the reliability and availability of services. A hosting provider might use cloud-based servers to do this, replicating the DNS information to multiple physical servers accessible using different Internet routes
Transfer Rate
The amount of data that can be sent over a network connection in a given amount of time, typically measured in bits or bytes per second (or some more suitable multiple thereof).
Frame
The basic "unit" of data transmitted at layer 2. These contain several components - the source and target MAC (hardware) addresses as well as the data and error checking regions. Start and stop signals signify the beginning and the end of the frame respectively.
netstat
Utility to show network information on a machine running TCP/IP, notably active connections and the routing table.
ESD (Electrostatic Discharge)
The charging of a metal object due to it being in close proximity to electrical sources or if they are brushed against.
Preventive Measures
The concept of implementing resolutions that not only solve an immediate problem but also eliminating the factors that cause the problem or creating solutions that prevent the problem from occurring again.
Active Directory
The database that contains the users, groups, and computer accounts in a Windows Server domain.
Attack Surface
The degree of exposure a network or piece of software has to attack. For example, the more ports a server has open or the more features installed under an OS, the greater the likelihood of an attacker finding a vulnerability.
HOSTS File
The first method for resolving host names to IP addresses before DNS was available, which was a text file of host name to IP address mappings.
DHCPDISCOVER
The first step in DHCP client initialization where it broadcasts to find a DHCP server. All communications are sent using UDP, with the server listening on port 67 and the client on port 68.
Identifying the Problem
The first step in the troubleshooting process, used to establish what the best source of information about the problem may be. In this step, you gather information, question users, identify symtoms, duplicate the problem, and determine if anything has changed.
RF (Radio Frequency)
The frequency in which network or other communications take place. These waves propagate at different frequencies and wavelengths. Wi-Fi network products typically work at 2.4 GHz or 5 GHz
Internet of Things
The global network of personal devices, such as phones, tablets, and fitness trackers), home appliances, home control systems, vehicles, and other items that have been equipped with sensors, software, and network connectivity. This is a term generally used to refer to Internet-enabled devices and appliances.
DHCP ACK
The last step in the DHCP client initialization where, assuming the DHCPOFFER is still valid, the server will respond to a DHCPREQUEST from the client with an acknowledgement packet.
NDA (Non-Disclosure Agreement)
The legal basis for protecting information assets.
MTU (Maximum Transmission Unit)
The maximum size in bytes of a packet's payload. If the payload cannot be encapsulated within a single packet of the transporting layer, it must be fragmented.
TCP/IP
The network protocol suite used by most operating systems and the Internet. It is widely adopted, industry standard, vendor independent and open. It uses a 4-layer network model that corresponds roughly to the OSI model as follows: Network Interface (Physical/Data Link), Internet (Network), Transport (Transport), Application (Session, Presentation, Application).
IPv6 Address Compression
The process of shortening the IPv6 addresses (which is a series of eight 16-bit numbers expressed as hexadecimal digits) by omitting leading zeros and replacing consecutive fields of zeros with a double colon.
DHCPREQUEST
The packet sent when the client accepts the DHCPOFFER from the server.
ACL (Access Control List)
The permissions attached to or configured on a network resource, such as folder, file, or firewall. This list specifies which subjects (user accounts, host IP addresses, and so on) are allowed or denied access and the privileges given over the object (read only, read/write, and so on).
Baseline
The point from which something varies. A configuration is the original or recommended settings for a device while a performance is the originally measured throughput.
AAA (authentication, authorization, and accounting)
The principal stages of security control. A resource should be protected by all three types of controls.
Name Resolution Order
The process a client goes through when attempting to resolve a name, for example, starting with checking the DNS cache to quering DNS to using LLMNR to using NetBIOS.
Troubleshooting
The process of applying a methodical approach to resolving issues. Having ensured that any data has been backed up, the first step is to gather information. The next is to analyze the problem, again consulting documentation, web resources, or manufacturer's help resources if necessary. The next step is to choose and apply the most suitable solution. Having applied a solution, the next step is to test the system and related systems to verify functionality. The last step is to document the problem, steps taken, and the outcome. If the problem cannot be solved, it may be necessary to escalate it to another technician or manager.
ANDing
The process of applying a subnet mask by converting both the IP address and subnet mask to binary, then combinging the two binary numbers, thus yielding the network number of that address.
Microsegmentation
The process of dividing up a network by using switches so that only two nodes exist in each collision domain.
OS Hardening
The process of making the OS (or Network OS) configuration secure.
Static IP Addressing
The process of manually configuring TCP/IP parameters for all devices on a network. This was the original method for configuration, though static IP addressing still has uses today.
Throughput Tester
The process of measuring the amount of data that the network can transfer in typical conditions via a software application. Goodput is typically used to refer to the actual "useful" data rate at the application layer (less overhead from headers and lost packets).
Escalation
The process of referring a problem to a senior technician, manager, or third party with either more or more specific skills, or due to a unique problem that another individual specializes in.
Name Resolution
The process of resolving a host name or FQDN to its IP address, as well as ensuring the names are unique.
Rollback/Downgrading
The process of reverting to a previous version of software or firmware for some reason, such as if a newly-applied software update interferes with system functionality.
Convergence (Steady State)
The process whereby routers agree on routes through the network. As the network changes constantly (what with router failures, addressing changes, and unforeseen events), routers must be capable of adapting to these changes and communicating them quickly to other routers to avoid loops
SMTP (Simple Mail Transfer Protocol)
The protocol used to send mail between hosts on the Internet. Messages are sent over TCP port 25.
DHCP (Dynamic Host Configuration Protocol) Address Pool
The range of IP addresses that a DHCP server can allocate to clients on a particular subnet. Microsoft refers to this as a scope.
PUA (Privileged User Agreement)
The rules of behavior for privileged users, i.e. ones who are given rights to administer resources.
Topology
The shape or structure of a network. These may be either physical (the actual appearance of the network layout) or logical (the flow of data across the network).
MAC Address Table
The table on a switch keeping track of MAC addresses associated with each port.
Data Deduplication
The techniques used to consolidate multiple copies of the same file in a single location.
Smart Jack
The termination point for a telecoms access provider's cabling, also referred to as the Network Interface Unit (NIU).
Latency
The time it takes for a signal to reach the recipient.
DNS Root
The top of the DNS hierarchy, which is often represented by a period (.).
Traffic Shaping
These applications enable administrators to closely monitor network traffic and to manage that network traffic. The primary function of a this application is to optimize network media throughput to get the most from the available bandwidth.
Switch
These devices perform the functions of a specialized bridge: the device receives incoming data into a buffer, then the destination MAC address is compared with an address table. The data is then only sent out to the port with the corresponding MAC address
Directory Services
These provide general and security information (permissions) for network users and objects.
Fire Suppression
These systems are mandatory in most public and private commercial premises. They can be water-based, dry pipe, or gas-based systems
tracert/traceroute
This TCP/IP utility is used to trace the route taken by a packet as it "hops" to the destination host on a remote network.
Rollover Cable
This cable is used to connect the serial port on a host or modem to the console port on a network appliance
Class E Addresses
This class of addresses are set aside for research and experimentation. The technical definition of this class of addresses is any address where the first octet (on the left) begins with binary 1111.
Class D Addresses
This class of addresses are set aside to support multicast transmissions. Any network can use them, regardless of the base network ID. The technical definition of this class of addresses is any address where the first octet (on the left) begins with binary 1110.
Class B Addresses
This class of addresses provides a balance between the number of network addresses and the number of hosts per network. Most organizations lease this class of addresses for use on networks that connect to the Internet. The technical definition of this class of addresses is any address where the first octet (on the left) begins with binary 10.
Class C Addresses
This class of addresses provides a large number of network addresses for networks with a small number of hosts per network. The technical definition of this class of addresses is any address where the first octet (on the left) begins with binary 110.
Class A Addresses
This class of addressses provides a small number of network addresses for networks with a large number of hosts per network. Originally designed for use only by extremely large networks, this class of addresses is too expensive for most organizations. The technical definition of this class of addresses is any address where the first octet (on the left) begins with a binary 0.
ICMP Destination Unreachable
This class of message indicates that a local host or a host on a remote network (or a protocol or port on a host) cannot be contacted. might be caused by some sort of configuration error or by a host or router not being available.
Token
This contains some sort of authentication data.
Modem (Modulator/Demodulator)
This device is used to interface a computer with the telephone network for data and fax communications.
Digital Signaling
This form of signaling using discrete states to represent simple values, such as 1 or
Baseband
This form of transmission uses the complete bandwidth of the media as a single transmission path. LAN signaling normally uses this transmission method.
Network Adapter (NIC [Network Interface Card])
This hardware componenet allows a physical connection between the host and the transmission media. It can address other cards and can recognize data that is destined for it, using a unique address known as the Media Access Control (MAC) address. The card also performs error checking.
DNS (Domain Name System)
This industry standard name resolution system provides name to IP address mapping services on the Internet and large intranets. is a hierarchical, distributed database.
LLC (Logical Link Control)
This is a division of the data link layer described by the IEEE. It is responsible for establishing and maintaining a link between communicating devices for the transmission of frames. This process occurs at a service level (that is, whether the network is connection-oriented or connectionless) and at the flow and error control levels.
Cryptographic Algorithm
This is a mathematical function that transforms plaintext into ciphertext in such a way that the plaintext cannot be recovered without knowledge of the appropriate key.
ICMP Time Exceeded
This is used when the Time to Live (TTL) of a packet reaches zero. The TTL field in a packet has a maximum value of 255 and this value is reduced by one every time the packet crosses a router. The TTL is eventually reduced to zero if the packet is looping (because of a corrupted routing table) or when congestion causes considerable delays. The router then discards the packet and a warning packet is sent back to the source host.
Business Continuity Plan (BCP)/Continuity of Operations Plan (COOP)
This plan is designed to ensure that critical business functions demonstrate high availability and fault tolerance. Typically, this is achieved by allowing for redundancy in specifying resources. Examples include cluster services, RAID disk arrays, UPS. should not be limited to technical elements however; they should also consider employees, utilities, suppliers, and customers. Associated with business continuity is the disaster recovery plan, which sets out actions and responsibilities for foreseen and unforeseen critical incidents.
AUP (Acceptable Use Policy)
This policy governs employees' use of company equipment
Change Management
This process ensures that planned changes are introduced effectively. A large part of this is documenting changes and informing users.will generally spark a new risk assessment process as the impact of the changes on the current security configuration needs to be assessed. Two key concepts are the submission of a Request for Change (RFC) and the Change Advisory Board (CAB), responsible for authorizing change. When a system or procedure is changed, it is vital to document the change, explaining who authorized and actioned it, why it was made, details of what was changed, and the date that the change was made.
MLD (Multicast Listener Discovery Protocol)
This protocol allows nodes to join a multicast group and discover whether members of a group are present on a local subnet.
SMB (Server Message Block)
This protocol is used for requesting files from Windows servers and delivering them to clients. It allows machines to share files and printers, thus making them available for other machines to use.
Neighbor Discovery Protocol
This protocol replaces some functions of ARP and ICMP on IPv6 networks, and is used to perform address resolution while greatly reducing the number of hosts that are likely to receive network discovery messages, thus making it more efficient than ARP.
TCP/IP Layer Model
This protocol suite maps to a four-layer conceptual model: Application, Transport, Internet, and Link (or Network Interface). This model is referred to as the Internet Protocol Suite or the DoD (Department of Defense) model or the ARPA model. Each layer in the Internet Protocol Suite corresponds to one or more layers of the OSI model.
Firmware
This refers to software instructions stored semi-permanently (embedded) on a hardware device (BIOS instructions stored in a ROM chip on the motherboard for instance).
CNAME (Canonical Name)
This resource record is used to represent an alias for a host (A or AAAA)
AAAA (Address)
This resource record performs the same function as an A record but for resolving a host name to an IPv6 address.
Ground Connection
This safety feature ensures that, if an electrical connection short circuits into a metal chassis, the current flows to the earth rather than electrocuting someone handling a faulty device.
Action Plan
This sets out the steps you take to solve a problem.
PON (Passive Optical Network)
This technology underpins some "near" fiber solutions (FTTx - Fiber to the Home, Fiber to the Curb, and so on). Cheap, unpowered optical repeaters (Optical Network Units [ONU]) process signals to and from Optical Line Termination (OLT) units at the exchange.
Coaxial Cable
This type of cable is formed from two separate conductors that share a common axis. The outer conductor, a wire mesh, is isolated from the inner conductor, a copper wire, by plastic insulation
Default Subnet Mask
This uses the value of eight 1s in binary, or 255 in decimal, to mask an entire octet of the IP address.
ping
This utility sends a configurable number and size of ICMP packets to a destination host.
SSL (Secure Sockets Layer)
This was developed by Netscape to provide privacy and authentication over the Internet. It is application independent (working at layer 5 [Session]) and can be used with a variety of protocols, such as HTTP or FTP.
Cable Stripper
Tool for stripping the cable jacket or wire insulation. Specialist tools are required to strip the various layers from fiber optic cable.
Performance Monitor
Tool for viewing CPU, memory, and pagefile utilization, accessible through the Performance and Reliability Monitor
6to4
Transmits IPv6 traffic over IPv4 networks by mapping IPv4 addresses onto a special range of IPv6 prefixes.
DTLS (Datagram TLS)
Transport Layer Security (TLS) is usually used with TCP-based protocol. This is UDP that is secured with TLS. This is often used for VPNs.
Cable Tester/Certifier
Troubleshooting devices designed to locate breaks in cable runs, faults in cable, and other problems with an installation (crosstalk, attenuation, noise, EMI, resistance, and so on). A is pre-programmed with the criteria of a particular wiring standard (TIA/EIA Cat 6 for example) and can test links against these criteria.
BNC (Bayonet Neill-Concelman)
Twist and lock connector for coaxial cable
Half-duplex
Two-way communications not taking place simultaneously.
Full-duplex
Two-way communications taking place simultaneously.
SOHO (Small Office Home Office)
Typically used to refer to network devices designed for small-scale LANs (up to 10 users).
DHCPv6 Prefix Delegation (PD)
Used by Internet Service Providers (ISP) to provide routable address prefixes to a SOHO router, installed as Customer Premises Equipment (CPE).
TDR (Time Domain Reflectometer)
Used to measure the length of a cable run and are able to locate open and short circuits, kinks/sharp bends, and other imperfections in cables that could affect performance
OTDR (Optical Time Domain Reflectometer)
Used to measure the length of a fiber optic cable run and are able to locate faults
HR Policy
Users are usually seen as the weak point of any security system. Other security considerations for the department are coordinating secure recruitment and termination procedures. This means screening new employees through background checks, ensuring employees are set up with the correct privileges when they join or change job roles, and ensuring that privileges are revoked if the employee is fired or retires.
Bandwidth Speed Tester
Uses speed test sites, which are a web service that measures the bandwidth and latency of a visitor's Internet connection. Tests typically measure the data rate for the downloads and the upload data rate. These sites allow you to test your connection bandwidth and latency in a real world setting to see what the actual performance is.
Bonding
Using multiple network adapters for a single link for fault tolerance and load balancing. For Ethernet, this type of "adapter teaming" is defined in 802.3ad. 802.11n/ac Wi-Fi channels can also be to improve bandwidth.
CIDR (Classless Interdomain Routing)
Using network prefixes to aggregate routes to multiple network blocks ("supernetting"). This replaced the old method of assigning class-based IP addresses based on the network size.
Packet Flow Monitoring
Using statistics or metadata about network traffic to identify routes, applications, and interfaces that might be over-utilized or that are creating bottlenecks.
mtr (my traceroute)
Utility combining the ping and traceroute commands.
dig (Domain Information Groper)
Utility to query a DNS and return information about a particular domain name.
Nmap
Versatile port scanner used for topology, host, service, and OS discovery and enumeration.
DHCPOFFER
When a DHCP server responds to the client with an IP address and other configuration information after a DHCPDISCOVER broadcast from the client. The IP addressing information is offered for a period of time.
ARP (Address Resolution Protocol)
When two systems communicate using TCP/IP, an IP address is used to identify the destination machine. The IP address must be mapped to a device (the network adapter's MAC address). This protocol performs the task of resolving an IP address to a hardware address. Each host caches known mappings in a table for a few minutes. It is also the name of a utility used to manage the cache.
Spoofing
Where the attacker disguises their identity. Some examples include IP spoofing, where the attacker changes their IP address, or phishing, where the attacker sets up a false website
Man-in-the-middle
Where the attacker intercepts communications between two hosts.
Penetration Testing
White hat hacking to try to discover and exploit any weaknesses in network security.
Channel
Wi-Fi frequency bands are divided into multiple smaller to allow multiple networks to operate at the same location without interfering with one another.
MIMO (Multiple Input Multiple Output)/MU-MIMO
Wireless technology used in 802.11n and 4G standards. is the use of multiple reception and transmission antennas to boost bandwidth.
Reasons for Escalation
You may need to escalate an issue if the problem is beyond your knowledge, would better be dealt with by a supplier or other third party, a customer becomes difficult, or the scope is very large, among other reasons
Pay-per-use
a feature of cloud usage that allows end users to pay only for services they use as they scale to meet various demands (elasticity).
PSTN (Public Switched Telephone Network)
a global communications network that is capable of carrying more than simply voice-call services. The basis of this network is circuit-switched, but the infrastructure can also carry packet-switched data services.
CSIRT (Computer Security Incident Response Team)
a group of individuals at a company with extensive decision making and technical skills required to deal with incidents.
Inventory
a list of things, usually stored in a database. are usually compiled for assets.
FQDN (Fully Qualified Domain Name)
a name in DNS specifying a particular host within a subdomain within a top-level domain.
Binary
a number system of base 2 where a digit can take any one of two different values (0 and 1). This is used whenever an on/off state is needed
Troubleshooting Model
a standardized step-by-step approach to the troubleshooting process. The model serves as a framework for correcting a problem on a network without introducing further problems or making unnecessary modifications to the network.
Contention
a system, each network device competes with the other connected devices for use of the transmission media. based systems require a set of protocols that reduce the possibility of data collisions, since if the devices compete and simultaneously send data packets, neither packet will reach its intended destination.
Internet
a worldwide network of networks based on the TCP/IP protocol.
CRC (Cyclical Redundancy Check)
algorithm treats a block of transmitted data as a single large binary number and divides this by a 16- or 32-bit number (called the polynomial). The remainder of this division is termed the checksum. This is transmitted with the data and is compared to the checksum generated by the receiving modem. If the two are not the same, the data block is rejected and a request for data re-transmission is sent to the source.
Classless Addressing
an addressing scheme whereby the concept of address classes and default masks is abandoned in favor of representing the address with an appropriately sized network prefix.
Evil Twin
an attack where the attacker creates a malicious wireless access point masquerading as a genuine one, enabling the attacker to harvest confidential information as users connect via the AP.
Router
are able to link dissimilar networks and can support multiple alternate paths between locations based upon the parameters of speed, traffic loads, and cost. works at layer 3 (Network) of the OSI model. form the basic connections of the Internet. They allow data to take multiple paths to reach a destination (reducing the likelihood of transmission failure). can access source and destination addresses within packets and can keep track of multiple active paths within a given source and destination network.
Fiber Optic Cable
cable employs light signals as the basis for data transmission as opposed to the electrical signals that are used by the other main cable types.
Shielding
can counteract the risk of media leak signals to some extent . Twisted pair cabling can be shielded or screened; whole rooms can be shielded using metal paint or wire mesh
Plenum
designed to be fire resistant and uses Teflon coatings for the jacket material so it produces a minimal amount of smoke
BGP (Border Gateway Protocol)
designed to be used between routing domains, or Autonomous Systems (AS), and as such is used as the routing protocol on the Internet, primarily between ISPs. Autonomous systems are designed to hide the complexity of private networks from the public internet. Border (or edge) routers for each AS exchange only as much route information as is required to access other autonomous systems, rather than hosts within each AS. Autonomous System Numbers (ASN) are allocated to ISPs by IANA via the various regional registries.
PPTP (Point to Point Tunneling Protocol)
developed by Cisco and Microsoft to support VPNs over PPP and TCP/IP. uses TCP port 1723. Encryption can be provided by Microsoft Point-to-Point Encryption.
Broadcast Storm
frames that circulate the network perpetually, but at the data link layer. This issue may quickly consume all link bandwidth and crash network appliances.
Password Cracker
guessing software can attempt to crack user passwords by running through all possible combinations (brute force
Patch Management
identifying, testing, and deploying OS and application updates.
Loop Protection
if broadcast traffic is allowed to continually loop around a network, the number of broadcast packets increases exponentially, crashing the network.
Port
in tcp/udp apps its a unique number assigned to a particular application protocol (such as HTTP or SMTP). The number (with the IP address) forms a socket between client and server.
Default Gateway
is a TCP/IP address parameter that identifies the location of a router on the local subnet that the host can use to contact other networks.
EIGRP (Enhanced Interior Gateway Routing Protocol)
is a distance vector-based routing protocol using a metric composed of several administrator weighted elements including reliability, bandwidth, delay, and load. , the version now in use, supports classless addressing and more efficient route selection.
SNMP (Simple Network Management Protocol)
is a widely used framework for management and monitoring remote devices. It is part of the TCP/IP protocol suite (operating at the Application layer of the OSI model)
802.1X
is an authentication standard, developed to allow remote, wireless, and wired authentication to be centrally managed. A client device such as an access point passes authentication information to a RADIUS server on the wired network for validation. The authentication information could be a username and password or could employ smart cards or tokens.
HSP A+ (High Speed Packet Access)
is one of a number of data access standards over cellular networks (3GPP). It is usually described as a 3.5G standard as it provides significantly better bandwidth than technologies it replaces (168 Mbps downstream and 22 Mbps upstream).
Twisted Pair Cable
is two insulated copper wires twisted about each other; a cable is made up of a number of pairs (usually four in data networking). The twisting of the wires acts to reduce interference and crosstalk. Each pair of wires is twisted at a different rate to ensure that the pairs do not interfere with each other. Drawbacks of twisted pair cabling are its sensitivity to EMI and eavesdropping and its attenuation (it cannot be used for long-distance transmission). Cabling is categorized according to EIA/TIA standards; Cat3 cable was specified for 10 Mbps Ethernet and Cat5 for 100 Mbps (Fast Ethernet). Cabling is now either Cat5e or Cat6, both of which support Gigabit Ethernet. Most cabling is unshielded (UTP) though in continental Europe, foil screened cabling is commonly used (Foil Twisted Pair [FTP] or Screened Twisted Pair [ScTP]). Screened cable is less susceptible to EMI and eavesdropping but is more complex to install and consequently more expensive.
RADIUS (Remote Authentication Dial-in User Service)
is used by ISPs to authenticate and audit internet access by account holders. also widely used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server, which processes the request.
bps (Bits per Second)
is used to describe data transfer speed - the higher the number, the higher the transmission speed.
Environment
means ensuring stable supply of essential utilities (communications links, power, heating, water, transportation), protection against disaster (such as fire or flood), and shielding for communications systems (wired and wireless) to prevent eavesdropping.
Port Forwarding
means that a router takes requests from the Internet for a particular application (say, HTTP/port 80) and sends them to a designated host on the LAN.
RAID (Redundant Array of Independent/Inexpensive Disks/Devices)
multiple hard disks can be configured to provide improved performance and/or protection for data (fault tolerance). Several levels of backup are suggested by this system, ranging from level 0 to level 6, each level representing a particular type of fault tolerance (note that 0 provides no fault tolerance).
Mailbox
part of a message store designed to receive emails for a particular recipient.
ISP (Internet Service Provider)
provides a connection to the Internet and other web- and email-related services. A connection to these organizations' Internet routing equipment can be made using a variety of methods.
Disposal
refers to both information security and environmental damage issues when decommissioning out-of-date or used systems
Packet Loss/Drops
refers to packets that do not reach their destination due to transmission errors, congestion, or security policies.
PKI (Public Key Infrastructure)
solves the issue of making a link between a particular public-private key pair and a specific user. Under this system, keys are issued as digital certificates by a Certificate Authority (CA). The CA acts as a guarantor that the user is who he or she says he or she is. Under this model, it is necessary to establish trust relationships between users and CAs. In order to build trust, CAs must publish and comply with Certificate Policies and Certificate Practice Statements.
PoE (Power over Ethernet
specification allowing power to be supplied via switch ports and ordinary data cabling to devices such as VoIP handsets and wireless access points. Devices can draw up to about 13W (or 25W for PoE+).
SMS (Short Message Service)
system for sending text messages between cell phones
NFC (Nearfield Communications)
tandard for peer-to-peer (2-way) radio communications over very short (around 4") distances, facilitating contactless payment and similar technologies. This technology is based on RFID.
DHCP (Dynamic Host Configuration Protocol) Scope
the IP addresses that a DHCP server is configured with and can assign to clients.
Root Bridge
the bridge at the top of the hierarchy when bridges are organized for spanning tree. The switch with the lowest bridge ID (comprised of a priority value and the MAC address) will be selected as the root
First Responder
the first individuals on a scene who take the critical first steps when a security incident is discovered
IPv6 Prefix
the leftmost bits of the address that are used for routing IPv6 packets.
IANA (Internet Assigned Numbers Authority)
the organization that organizes, maintains, and key elements of the Internet, including assigning processes to port numbers 0 through 1023.
Neighbor Discovery
the process of using Internet Control Message Protocol (ICMPv6) messages and solicited-host multicast addresses to determine the link-layer address of a host on the local link, verify that a neighbor host can be reached, and track neighboring devices.
ICMP Echo Request/Reply
these are used for testing a connection with the ping utility. If a request message reaches the destination host, it generates a reply and sends it back to the source. If the request message does not reach its destination, an appropriate error message is generated.
Kerberos
this is an authentication standard and protocol. Windows networks use this protocol for client and server authentication. This provides a Single Sign-On (SSO) authentication scheme where clients authenticate once to a Key Distribution Center and are granted service tickets to use particular applications without having to log on to each application separately.
Packet Analyzer
this is software that decodes a network traffic capture (obtained via a packet sniffer) and displays the captured packets for analysis, allowing inspection of the packet headers and payload (unless the communications are encrypted).
Distribution Layer
this layer provides fault-tolerant interconnections between different access blocks and either the core or other distribution blocks. This layer is often used to implement traffic policies, such as routing boundaries, filtering, or Quality of Service (QoS).
NAPT (Network Address Port Translation)
this maps private host IP addresses onto a single public IP address. Each host is tracked by assigning it a random high TCP port for communications.
NA T (Network Address Translation)
to map the private address to one or more publicly accessible IP addresses
Cat Cable Standards
twisted pair cabling is rated by the ANSI/TIA/EIA "cat" standards for different Ethernet applications. Cat3 is rated for 10 Mbps applications at up to 100m, Cat5 for 100 Mbps and Cat5e and Cat6 for 1 Gbps. Cat6 and Cat6a are also rated for 10 Gbps at 55m and 100m respectively.
HTTP
used to provide web content to browsers. uses port 80
Loopback Test
used to verify the integrity of a port. To perform the test, a signal is generated by test software and sent to a loopback plug, connected to the port. The signal passes around the bus, network, or circuit and returns back to the plug. The plug compares what was sent to what was received, to evaluate whether the signal has degraded.
Asymmetric Algorithm
uses different keys (public and private; the keys are linked but the private key is not derivable from the public one). The most popular type of asymmetric cryptography (RSA) is based on the fact that factoring large numbers to discover whether they are prime (a number that is only divisible by itself and 1) is difficult. If there were a breakthrough in mathematics that made factoring large numbers less computationally intensive, the security of these cryptographic products would be broken. Elliptic Curve Cryptography (ECC) is a different means of creating key pairs such that it is easy to determine that the keys are linked but very difficult to determine one key from the other. The other advantage of ECC is that the algorithm is more efficient, allowing smaller keys to give the same level of security as larger RSA keys.
APIPA (Automatic Private IP Addressing)
was developed as a means for Windows clients configured to obtain an address automatically that could not contact a DHCP server to communicate on the local subnet. The host randomly selects an address from the range 169.254.0.1 - 169.254.254.255. This is also called a link-local address.