CompTIA Network+
OC-1
51.84 Mbps, STS-1 signal method
10 GbE
10 Gigabit Ethernet. A very fast Ethernet designation, with a number of fiber-optic and copper standards.
Scanner
A device that senses alterations of light and dark. It enables the user to import photographs, other physical images, and text into the computer in digital form.
uninterruptible power supply
A device that supplies continuous clean power to a computer system the whole time the computer is on. Protects against power outages and sags. Is often used mistakenly when people mean stand-by power supply or system (SPS).
warm site
A facility with all of the physical resources, computers, and network infrastructure needed to recover from a primary site disaster. This does not have current backup data, and it may take a day or more to recover and install backups before business operations can recommence.
Mean Time Between Failures
A factor typically applied to a hardware component that represents the manufacturer's best guess (based on historical data) regarding how much time will pass between major failures of that component.
external network address
A number added to the MAC address of every computer on an IPX/SPX network that defines every computer on the network; this is often referred to as a network number.
Windows domain
A group of computers controlled by a computer running Windows Server, which is configured as a domain controller.
computer network
A group of computers that are connected together and communicate with one another for a common purpose.
Botnet
A group of computers under the control of one operator, used for malicious purposes.
object
A group of related counters used in Windows logging utilities.
People/organization network
A group of users who share a common purpose for communicating.
layer
A grouping of related tasks involving the transfer of information. Also, a particular level of the OSI seven-layer model, for example, Physical, Data Link, and so forth.
Experimental Bits (Exp)
A relative value used to determine the importance of the labeled packet to be able to prioritize some packets over others
security policy
A set of procedures defining actions employees should perform to protect the network's security.
protocol suite
A set of protocols that are commonly used together and operate at different levels of the OSI seven-layer model.
multicast addresses
A set of reserved addresses designed to go from one system to any system using one of the reserved addresses. Any 224.X.X.X address
License Restriction
A set of rules stating how the licensing of a product must be controlled and handled. This is usually for software.
File Transfer Protocol
A set of rules that allows two computers to talk to one another as a file transfer is carried out. This is the protocol used when you transfer a file from one computer to another across the Internet. FTP is unencrypted by default
Simple Network Management Protocol
A set of standards for communication with network devices (switches, routers, WAPs) connected to a TCP/IP network. Used for network management.
routing loop
A situation where interconnected routers loop traffic, causing the routers to respond slowly or not respond at all.
Bits per second
A measurement of how fast data is moved across a transmission medium. A Gigabit Ethernet connection moves 1,000,000,000 bps
signal strength
A measurement of how well your wireless device is connecting to other devices.
Decibel
A measurement of the quality of a signal.
sequential
A method of storing and retrieving information that requires data to be written and read sequentially. Accessing any portion of the data requires reading all the preceding data.
distributed control system
A small controller added directly to a machine used to distribute the computing load. An extension of ICS
Keylogger
A small hardware device or malware that monitors each keystroke a user types on the computer's keyboard. Used to capture passwords and other private information
PING (Packet Internet Groper)
A small network message sent by a computer to check for the presence and response of another system. Also, a command-line utility to check the up/down status of an IP addressed host. This command uses ICMP packets.
phishing
A social engineering technique where the attackers poses as a trusted source in order to obtain sensitive information. Typically done via email or text message
Open port
A socket that is prepared to respond to any IP packets destined for that socket's port number. Also called a listening port
listening port
A socket that is prepared to respond to any IP packets destined for that socket's port number. Also called an open port
SNMP agent
A software component that enables a device to communicate with, and be contacted by, an SNMP management system. The software redirects the information that the NMS needs to monitor the remote managed devices. A device with this software installed on it is also called a managed device
host-based firewall
A software firewall installed on an individual machine that provides firewall services for just that machine, such as Windows Firewall.
default
A software function or operation that occurs automatically unless the user specifies something else.
name resolution
A method that enables one computer on the network to locate another to establish a session. All network protocols perform name resolution in one of two ways: either via broadcast or by providing some form of name server.
Remote installation services
A tool introduced with Windows 2000 that can be used to initiate either a scripted installation or an installation of an image of an operating system onto a PC.
snapshot
A tool that enables you to save an extra copy of a virtual machine as it is exactly at the moment it is taken.
packet sniffer
A tool that intercepts and logs network packets.
protocol analyzer
A tool that monitors the different protocols running at different layers on the network and that can give Application, Session, Network, and Data Link layer information on every frame going through a network.
Vulnerability Scanner
A tool that scans a network for potential attack vectors.
Wireless survey tool
A tool used to discover wireless networks in an area; it also notes signal interferences.
partially meshed topology
A topology in which not all of the nodes are directly connected
OC-12
622.08 Mbps, STS-12 signal method
8P8C
8 position 8 contact. Four-pair connector used on the end of network cable. Erroneously referred to as an RJ-45 connector.
connectionless
A type of communication characterized by sending packets that are not acknowledged by the destination host. UDP is the quintessential example protocol in the TCP/IP suite.
Armored Virus
A type of computer virus that takes advantage of various mechanisms specifically designed to make tracing, disassembling and reverse engineering its code more difficult.
user
Anyone who uses a computer. You.
resource
Anything that exists on another computer that a person wants to use without going to that computer. Also an online information set or an online interactive option.
API
Application Programming Interface
open source
Applications and operating systems that offer access to their source code; this enables developers to modify applications and operating systems easily to meet their specific needs.
AS
Authentication Server
Something you are
Authentication factor that relies on a physical characteristic (fingerprint, face, eye, palm)
Something you know
Authentication factor that relies on a piece of knowledge (password, PIN).
Something you have
Authentication factor that relies on possession (FOB, Card, Cell Phone, Key)
mounting bracket
Bracket that acts as a holder for a faceplate in cable installations.
BPDU
Bridge Protocol Data Unit
BPDU Guard
Bridge Protocol Data Units Guard
BYOD
Bring Your Own Device
BPL
Broadband over Power Lines
central office
Building that houses local exchanges and a location where individual voice circuits come together.
dynamic ARP inspection
Cisco process that updates a database of trusted systems. This then watches for false or suspicious ARPs and ignores them to prevent ARP cache poisoning and other malevolent efforts.
Access Control Server
Cisco program/process/server that makes the decision to admit or deny a node based on posture assessment. From there, the ACS directs the edge access device to allow a connection or to implement a denial or redirect.
VLAN Trunking Protocol (VTP)
Cisco proprietary protocol to automate the updating of multiple VLAN switches.
Cisco IOS
Cisco's proprietary operating system.
EAP-Flexible Authentication via Secure Tunneling
Cisco's replacement for LEAP. All current operating systems support this
Independent Computing Architecture
Citrix technology that defined communication between client and server in remote terminal programs.
Private IP address ranges
Class A: 10.x.x.x Class B: 172.16.x.x - 172.31.x.x Class C: 192.168.x.x
CoS
Class of Service
CIDR
Classless Inter-Domain Routing
direct current
A type of electric circuit where the flow of electrons is in a complete circle
smurf
A type of hacking attack in which an attacker floods a network with ping packets sent to the broadcast address. The trick that makes this attack special is that the return address of the pings is spoofed to that of the intended victim. When all the computers on the network respond to the initial ping, they send their response to the intended victim.
Polymorphic Malware
A type of malicious software capable of changing its underlying code in order to avoid detection.
Replay Attack
A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network. Stealing a username and hashed password to a bank account and maliciously logging into the server later, for example
Dial-up
A type of network connection in which data is passed through phone lines. This is very slow, requires a modem, and uses the PPP protocol
Elliptic Curve Cryptography
A type of public key cryptography that requires a shorter key length than RSA. This method of public key cryptography is based on the algebraic structure of elliptic curves over finite fields. Typically used on small mobile devices, due to its low power and computing requirements. A form of asymmetric encryption
High-Speed WAN Internet Cards
A type of router expansion card that enables connection to two different ISPs.
Temporal Key Integrity Protocol
A type of wireless encryption used with WPA. An enhanced version of WEP that is part of the 802.11i standard and has an automatic key-update mechanism that makes it much more secure than WEP. This is not as strong as AES in terms of data protection.
unicast address
A unique IP address that is exclusive to a single system.
label
A unique identifier, used by MPLS-capable routers to determine how to move data
Metasploit
A unique tool that enables a penetration tester to use a massive library of attacks as well as tweak those attacks for unique penetrations.
MHz (Megahertz)
A unit of measure that equals a frequency of 1 million cycles per second.
Kilohertz (kHz)
A unit of measure that equals a frequency of 1000 cycles per second.
netstat
A universal command-line utility used to examine the TCP/IP connections open on a given host. Lists all the open ports and connections on a host
power users
A user account that has the capability to do many, but not all, of the basic administrator functions.
malicious user
A user who consciously attempts to access, steal, or damage resources.
Time to live (TTL)
A value that determines the number of hops the label can make it's eliminated
Wold Wide Web
A vast network of servers and clients communicating through the Hypertext Transfer Protocol (HTTP). Commonly accessed using graphical Web-browsing software such as Microsoft Internet Explorer and Google Chrome.
WPA2 - Enterprise
A version of WPA2 that uses a RADIUS server for authentication.
cable certifier
A very powerful cable testing device used by professional installers to test the electrical characteristics of a cable and then generate a certification report, proving that cable runs pass TIA/EIA standards.
Virtual Machine
A virtual computer accessed through a class of programs called hypervisor or virtual machine manager. This runs inside your actual operating system, essentially enabling you to run two or more operating systems at once.
Dynamic Multipoint VPN
A virtual private network solution optimized for connections between multiple locations directly
datagram TLS (DTLS) VPN
A virtual private network solution that optimizes connections for delay-sensitive applications, such as voice and video.
IPsec VPN
A virtual private networking technology that uses IPsec tunneling for security.
Trojan horse
A virus that masquerades as a file with a legitimate purpose, so that a user will run it intentionally. The classic example is a file that runs a game, but also causes some type of damage to the player's sytem.
ground loop
A voltage differential that exists between two different grounding points.
Dynamic Addressing
A way for a computer to receive IP information automatically from a server program.
thick AP
A wireless access point that is completely self-contained with a full set of management programs and administrative access ways. Each of these is individually managed by an administrator who logs into the WAP, configures it, and logs out.
Redundant Array of Independent Disks
A way to create a fault-tolerant storage system. This has six levels
SSID broadcast
A wireless access point feature that announces the WAP's SSID to make it easy for wireless clients to locate and connect to it. By default, most WAPs regularly announce their SSID. For security purposes, some entities propose disabling this broadcast.
Duplexing
Also called disk duplexing or drive duplexing, similar to mirroring in that data is written to and read from two physical drives for fault tolerance. In addition, separate controllers are used for each drive, for both additional fault tolerance and additional speed. Considered RAID level 1. See also Disk Mirroring.
short circuit
Allows electricity to pass between two conductive elements that weren't designed to interact together. Also called a short.
Security Assertions Markup Language
An XML-based standard used to exchange authentication and authorization information between different parties. This provides SSO for web-based applications.
MAC ACL
An access control list focused on MAC addresses that only allows certain devices to join a network.
Untrusted user
An account that has been granted no administrative powers.
trusted user
An account that has been granted specific authority to perform certain or all administrative tasks.
Archive bit
An attribute of a file that shows whether the file has been backed up since the last change. Each time a file is opened, changed, or saved, the archive bit is turned on. Some types of backups turn off the archive bit to indicate that a good backup of the file exists on tape.
Something you do
An authentication factor indicating action, such as gestures on a touch screen.
Somewhere you are
An authentication factor indicating location, often using geolocation technologies.
evil twin
An attack that lures people into logging into a rogue access point that looks similar to a legitimate access point. Done by a bad actor
Ping Flood
An attack that uses the Internet Control Message Protocol (ICMP) to flood a server with packets.
Layer 2 switch
Any device that filters and forwards frames based on the MAC addresses of the sending and receiving machines.
wireless analyzer
Any device that finds and documents all wireless networks in the area. Also known as a Wi-Fi analyzer.
Multifunction network device
Any device that works as multiple layers of the OSI seven-layer model, providing more than a single server.
Symmetric Key Algorithm
Any encryption method that uses the same key for both encryption and decryption.
hybrid toplogy
Any form of networking technology that combines a physical topology with a signaling topology
threat
Any form of potential attack against a network.
cleartext credentials
Any login process conducted over a network where account names, passwords, or other authentication elements are sent from the client or server in an unencrypted fashion.
key exchange
Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.
incident
Any negative situation that takes place within an organization.
Closed network
Any network that strictly controls who and what may connect to it
network threat
Any number of things that share one essential feature: the potential to damage network data, machines, or users.
malware
Any program or code (macro, script, and so on) that's designed to do something on a system or network that you don't want to have happen.
spyware
Any program that sends information about your system or your actions over the Internet. Attempts to hide itself from you/your anti-malware
Remote Shell
Allows you to send single commands to the remote server. Whereas rlogin is designed to be used interactively, this can be easily integrated into a cript
802.11g-ht
Along with the corresponding 802.11a-ht standard, technical terms for mixed mode 802.11a/802.11g operation. In mixed mode, both techologies are simultaneously supported.
802.11a-ht
Along with the corresponding 802.11g-ht standard, technical terms for mixed mode 802.11a/802.11g operation. In mixed-mode, both technologies are simultaneously supported.
daily backup
Also called a daily copy backup, makes a copy of all files that have been changed on that day without changing the archive bits of those files.
Network blocks
Also called blocks, contiguous ranges of IP addresses that are assigned to organizations and end users by IANA.
plaintext
Also called cleartext, unencrypted data in an accessible format that can be read without special utilities.
sniffer
Diagnostic program that can order a NIC to run in promiscuous mode.
DSL
Digital Subscriber Line
DS1
Digital signal 1
DS3
Digital signal level 3
Baseband
Digital signaling that has only one signal (a single signal) on the cable at a time. The signals must be in one of three states: one, zero, or idle.
DSSS
Direct Sequence Spread Spectrum
root directory
Directory that contains all other directories.
DAC
Discretionary Access Control
Netstat -n
Displays addresses and port numbers in numerical form (IP addresses not domain names) for open ports and connections on a host.
Netstat -r
Displays the current known routes in a routing table on a system. Same command as route print but for Linux/MacOS
Netstat -b
Displays the executables involved in creating each connection or listening port on a host.
Netstat -o
Displays the process ID associated with each connection on a host
subnet
Each independent network in a TCP/IP internetwork.
Global System for Mobile
Early cellular telephone networking standard which relied on a type of time-division multiplexing; obsolete
Enhanced Data Rates for GSM Evolution
Early cellular telephone technology that used a SIM card and offered speeds up to 384 Kbps; obsolete
Code Division Multiple Access
Early cellular telephone technology that used spread-spectrum transmission (and no sim cards). Obsolete.
EoP
Ethernet over Power
HDMI Ethernet Channel
Ethernet-enabled HDMI ports that combine video, audio, and data on a single cable
802.3
Ethernet. Name coined by Xerox for the first standard of network cabling and protocols. Ethernet is based on a bus topology. The IEEE 802.3 subcommittee defines the current Ethernet specifications.
Synchronous Digital Hierarchy
European fiber carries standard equivalent to SONET.
Comité Consultatif International Téléphonique et Télégraphique
European standards body that established the V standards for modems.
FCS
Frame Check Sequence
568A color order
Green white, green, orange white, blue, blue white, Orange, Brown white, Brown (positions 1 to 8)
GPO
Group Policy Object
NTFS permissions
Groupings of what Microsoft calls special permissions that have names like Execute, Read, and Write, and that allow or disallow users certain access to files.
private IP addresses
Groups of IP addresses set aside for internal networks; Internet routers block these addresses, such as 10.x.x.x/8, 172.(16-31).x.x/16, and 192.168.(0-255).x/24
Areas
Groups of logically associated OSPF routers designed to maximize routing efficiency while keeping the amount of broadcast traffic well managed. These are assigned a 32-bit value that manifests as an integer between 0 and 4,294,967,295 or can take a form similar to an IP address, for example, "0.0.0.0."
HEC
HDMI Ethernet Channel
HMI
Human Machine Interface
Biometric
Human physical characteristic that can be measured and saved to be compared as authentication in granting the user access to a network or resource. Can include fingerprints, facial scans, retinal scans, voice recognition, and others.
HTML
Hypertext Markup Language
HTTP
Hypertext Transfer Protocol
HTTPS
Hypertext Transfer Protocol over SSL. Also called Hypertext Transfer Protocol Secure
Link Aggregation Control Protocol
IEEE specification of certain features and options to automate the negotiation, management, load balancing, and failure modes of aggregated ports. A Cisco protocol to bind multiple switch ports into a single, load-distributed channel.
IEEE 1394
IEEE standard for FireWire communication.
IEEE 802.3
IEEE subcommittee that defined the standards for CSMA/CD (a.k.a. Ethernet).
IEEE 802.2
IEEE subcommittee that defined the standards for Logical Link Control (LLC).
IEEE 802.14
IEEE subcommittee that defined the standards for cable modems.
IEEE 802.11
IEEE subcommittee that defined the standards for wireless.
IPAM
IP Address Management
MAC reservation
IP address assigned to a specific MAC address in a DHCP server
Classless
IPv4 addressing scheme that does not rely on the original class blocks, such as Class A, Class B, and Class C.
Neighbor Advertisement
IPv6 packet sent in response to a multicast neighbor solicitation packet
Neighbor Solicitation
IPv6 process of finding a MAC address of a local host, given its IPv6 address
Port triggering
Opening an alternative assigned port when the initial port is contacted (for example FTP).
Bluetooth Characteristics
Operates at the 2.4 GHz range, has a distance of 100 meters, and transfer speeds of 3 Mbps
OC
Optical Carrier
OTDR
Optical Time Domain Reflectometer
568B color order
Orange white, orange, green white, blue, blue white, green, brown white, brown
OUI
Organizationally unique identifier
OEM
Original Equipment Manufacturer
OFDM
Orthogonal Frequency Division Multiplexing
Trap
Out-of-tolerance condition in an SNMP managed device. A command for setting SNMP agents to automatically send a notification to an SNMP manager
Device saturation
Overworking WAPs by attaching too many devices to a single SSID
PAP
Password Authentication Protocol
66 block
Patch panel used in telephone networks; displaced by 110 blocks in networking.
PMTU
Path MTU Discovery
PON
Passive optical network
Neighbor Discovery Protocol
IPv6 protocol that enables hosts to configure automatically their own IPv6 addresses and get configuration information like routers and DNS servers
What is the purpose of IPv6 tunneling?
IPv6 tunnels are used to pass IPv6 traffic over IPv4 networks. They accomplish this by encapsulating IPv6 packets within IPv4 packets.
Router Solicitation
In IPv6, a query from a host to find routers and get information to configure itself.
tunnel broker
In IPv6, a service that creates the actual tunnel and (usually) offers a custom-made endpoint client for you to use, although more advanced users can often make a manual connection.
Network layer
Layer 3 of the OSI seven-layer model.
LAN
Local Area Network
LEC
Local Exchange Carrier
integrity
Network process that ensures data sent to a recipient is unchanged when it is received at the destination host.
Next-generation Firewall
Network protection device that functions at multiple layers of the OSI model to tackle traffic no traditional firewall can filter alone.
peripherals
Noncomputer devices on a network, for example, fax machines, printers, or scanners.
OSPF
Open Shortest Path First
OSI
Open Systems Interconnection
Cache-Only DNS Servers (Caching-Only DNS Servers)
DNS servers that do not have any forward lookup zones. They resolve names of systems on the Internet for the network, but are not responsible for telling other DNS servers the names of any clients.
fail open
Defines the condition of doors and locks in the event of an emergency, indicating that the doors should be open and unlocked.
fail close
Defines the condition of doors and locks in the event of an emergency, indicating that the doors should close and lock.
Triggering
Defines what sets off an alert. Exceeding some sort of threshold
D channel
Delta Channel
DMZ
Demilitarized Zone
DWDM
Dense Wavelength Division Multiplexing
SIP Trunking
Connecting PBX systems from multiple locations seamlessly over the Internet via virtual connections
link aggregation
Connecting multiple NICs in tandem to increase bandwidth in smaller increments.
NIC teaming
Connecting multiple NICs in tandem to increase bandwidth in smaller increments. Can also be used to provide high availability (if one NIC fails, the other will take over)
Console port
Connection jack in a switch used exclusively to connect a computer that will manage the switch. This is found on many different types of managed devices.
wireless access point
Connects wireless network nodes to wireless or wired networks. Many of these are combination devices that act as high-speed hubs, switches, bridges, and routers, all rolled into one.
class license
Contiguous chunk of IP addresses passed out by the Internet Assigned Numbers Authority (IANA).
Blocks
Contiguous ranges of IP addresses that are assigned to organizations and end users by IANA. Also called network blocks.
Corporate-owned business only
Deployment model where the corporation owns all the mobile devices issued to employees. Employees have a whitelist of preapproved applications they can install
DHCP lease
Created by the DHCP server to allow a system requesting DHCP IP information to use that information for a certain amount of time.
Multiple SSIDs
Creating multiple SSIDs (a permanent and a guest) as a security measure. This helps protect the permanent network and devices
smart card
Device (such as a credit card) that you insert into your PC or use on a door pad for authentication.
Smart device
Device (such as a credit card, USB key, etc.) that you insert into your PC in lieu of entering a password.
Temperature Monitor
Device for keeping a telecommunications room at an optimal temperature.
demultiplexer
Device that can extract and distribute individual streams of data that have been combined together to travel along a single shared network cable.
butt set
Device that can tap into a 66- or 110-punchdown block to see if a particular line is working. Used by technicians to install and test telephone lines.
power converter
Device that changes AC power to DC power.
Modem (Modulator-Demodulator)
Device that converts a digital bit stream into an analog signal (modulation) and converts incoming analog signals back into digital signals (demodulation). Most commonly used to interconnect telephone lines to computers.
cable stripper
Device that enables the creation of UTP cables.
proxy server
Device that fetches Internet resources for a client without exposing that client directly to the Internet. Usually accepts requests for HTTP, FTP, POP3, and SMTP resources. Often caches, or stores, a copy of the requested resource for later use.
Optical power meter
Device that measures light intensity of light pulses within or at the terminal ends of fiber-optic cables. Also called a light meter
Firewall
Device that restricts traffic between a local network and the Internet.
Environmental monitor
Device used in telecommunications rooms that keeps track of humidity, temperature, and more.
Wireless bridge
Device used to connect two wireless network segments together, or to join wireless and wired networks together in the same way that wired bridge devices do.
DSL filter
Devices that are commonly used to prevent interference from analog devices, such as telephones, that use the same line as DSL devices
Biometric devices
Devices that scan fingerprints, retinas, or even the sound of the user's voice to provide a foolproof replacement for both passwords and smart devices.
key fob
Small device that can be easily carried in a pocket or purse or attached to a key ring. This device is used to identify the person possessing it for the purpose of granting or denying access to resources such as electronic doors
Subscriber Identity Module (SIM) card
Small storage device used in cellular phones to identify the phone, enable access to the cellular network, and store information such as contacts.
snap-ins
Small utilities that can be used with the Microsoft Management Console.
SDN
Software Defined Networking
SNMP manager
Software and station that communicates with SNMP agents (aka managed devices) to monitor and manage management information base (MIB) objects.
SaaS
Software as a Service
Backdoor
Software code that gives access to a program or a service that circumvents normal security protections. A form of malware
emulator
Software or hardware that converts the commands to and from the host machine into an entirely different platform. For example, a program that enables you to run Nintendo games on your PC.
Anti-Malware Program
Software that attempts to block several types of threats to a client including viruses, Trojan horses, worms, and other unapproved software installation and execution.
Antivirus
Software that attempts to prevent viruses from installing or executing on a client. Some antivirus software may also attempt to remove the virus or eradicate the effects of a virus after an infection.
terminal emulation
Software that enables a PC to communicate with another computer or network as if it were a specific type of hardware terminal.
virtual PBX
Software that functionally replaces a physical PBX telephone system.
IP Address Management
Software that includes at a minimum a DHCP server and DNS server that are specially designed to work together to administer IP addresses for a network.
Freeware
Software that is distributed for free, with no license fee.
shareware
Software that is protected by copyright, but the copyright holder allows (encourages!) you to make and distribute copies, under the condition that those who adopt the software after preview pay a fee. Derivative works are not allowed, and you may make an archival copy.
Type 2 hypervisor
Software to manage virtual machines that is installed as an application on top of an operating system.
Lights-out Management
Special "computer within a computer" features built into better servers, designed to give you access to a server even when the server itself is shut off.
Bridge Protocol data Units
Special STP frames that allow switches to communicate with each other to prevent loops form happening
NAT translation table
Special database in a NAT router that stores destination IP addresses and ephemeral source ports from outgoing packets and compares them against returning packets.
mailbox
Special holding area on an e-mail server that separates out e-mail for each user.
Mailboxes
Special separate holding areas for each user's e-mail.
virtual switch
Special software that enables virtual machines (VMs) to communicate with each other without going outside of the host system.
network protocol
Special software that exists in every network-capable operating system that acts to create unique identifiers for each system. It also creates a set of communication rules for issues like how to handle data chopped up into multiple packets and how to deal with routers. TCP/IP is the dominant network protocol today.
SCADA
Supervisory Control and Data Acquisition
CAT 5 UTP
Supports speeds up to 100 Mbps up to 100 meters
CAT 5e UTP
Supports speeds up to 100 Mbps with two pairs and up to 1000 Mbps with four pairs up to 100 meters
CAT 3 UTP
Supports speeds up to 16 megabits per second.
CAT 4 UTP
Supports speeds up to 20 megabits per second.
CAT 2 UTP
Supports speeds up to 4 Mbps
subnetting
Taking a single class of IP addresses and chopping it into multiple smaller groups.
flood guard
Technology in modern switches that can detect and block excessive traffic
in-band management
Technology that enables managed devices such as a switch or router to be managed by any authorized host that is connected to that network.
broadband over power line
Technology that makes possible high-speed Internet access over ordinary residential electrical lines and offers an alternative to DSL or high-speed cable modems.
omnidirectional antenna
Technology that sends wireless signals in all directions equally (sphere).
TIA/EIA
Telecommunications Industry Association/Electronics Industries Association
Permanent Virtual Circuit
Telecommunications companies provide this service to companies requiring a dedicated VPN circuit between two sites that require communications that are always on.
dial-up lines
Telephone lines with telephone numbers; they must dial to make a connection, as opposed to a dedicated line.
TKIP
Temporal Key Integrity Protocol
Amplification
The aspect of a DOS attack that makes a server do a lot of processing and responding.
TCP segment
The connection-oriented payload of an IP packet. This works on the Transport layer (layer 3 of the TCP/IP model).
internal connections
The connections between computers in a network.
International export control
The control of information leaving a country. This can include military info, nuclear info, and license keys.
Archive
The creation and storage of retrievable copies of electronic data for legal and functional purposes.
V.92 standard
The current modem standard, which has a download speed of 57,600 bps and an upload speed of 48 Kbps. These modems have several interesting features, such as Quick Connect and Modem on Hold.
socket pairs/endpoints
The data each computer stores about the connection between two computers' TCP/IP applications
Attenuation
The degradation of signal over distance for a networking cable or radio waves.
LDAPS
The deprecated secure version of LDAP. Made obsolete by LDAP version 2
keypad
The device in which an alphanumeric code or password that is assigned to a specific individual for a particular asset can be entered.
transceiver
The device that transmits and receives signals on a cable.
View
The different displays found in Performance Monitor.
DS0
The digital signal rate created by converting an analog sound into 8-bit chunks 8000 times a second, with a data stream of 64 Kbps. This is the simplest data stream (and the slowest rate) of the digital part of the phone system.
PerfMon
Performance Monitor
PDoS
Permanent Denial of Service
PVC
Permanent Virtual Circuit
Allow
Permission for data or communication to pass through or to access a resource. Specific allowances through a firewall are called exceptions.
share permissions
Permissions that only control the access of other users on the network with whom you share your resource. They have no impact on you (or anyone else) sitting at the computer whose resource is being shared.
security guard
Person responsible for controlling access to physical resources such as buildings, secure rooms, and other physical assets.
PAN
Personal Area Network
change management team
Personnel who collect change requests, evaluate the change, work with decision makers for approval, plan and implement approved changes, and document the changes.
hardware appliance
Physical network device, typically a "box" that implements and runs software or firmware to perform one or a multitude of tasks. Could be a firewall, a switch, a router, a print server, or one of many other devices.
Please Do Not Throw Sausage Pizza Away
Physical, Data Link, Network, Transport, Session, Presentation, Application
PGP
Pretty Good Privacy
port forwarding
Preventing the passage of any IP packets through any ports other than the ones prescribed by the system administrator.
port blocking
Preventing the passage of any TCP segments or UDP datagrams through any ports other than the ones prescribed by the system administrator.
PRI
Primary Rate Interface
External Data Bus
Primary data highway of all computers. Everything in your computer is tied directly or indirectly to this.
PBX
Private Branch Exchange
Network Time Protocol
Protocol that gives the current time
Internet Group Management Protocol
Protocol that routers use to communicate with hosts to determine a "group" membership in order to determine which computers want to receive a multicast. Once a multicast has started, this is responsible for maintaining the multicast as well as terminating at completion. Works at the Internet layer of the TCP/IP model
Hypertext Transfer Protocol Secure
Protocol to transfer hypertext from a Web server to a client in a secure and encrypted fashion. Uses Transport Layer Security (TLS) rather than Secure Sockets Layer (SSL) to establish a secure communication connection between hosts. It then encrypts the hypertext before sending it from the Web server and decrypts it when it enters the client. Uses port 443
Server Message Block
Protocol used by Microsoft clients and servers to share file and print resources.
Lightweight Access Point Protocol
Protocol used in wireless networks that enables interoperability between thin and thick clients and WAPs.
network segmentation
Separating network assets through various means, such as with VLANs or with a DMZ, to protect against access by malicous actors
SMB
Server Message Block
Forward proxy server
Server that acts as middleman between clients and servers, making requests to network servers on behalf of clients. Results are sent to the middleman server, which then passes them to the original client. The network servers are isolated from (don't see) the clients by this.
SLA
Service Level Agreement
SSID
Service Set Identifier
SMTP
Simple Mail Transfer Protocol
SNMP
Simple Network Management Protocol
SNTP
Simple Network Time Protocol
Synchronous Transport Signal
Signal method used by SONET. It consists of the STS payload and the STS overhead. A number is appended to the end of STS to designate signal speed.
SMF
Single Mode Fiber
SFF
Small Form Factor
SFP
Small Form-factor Pluggable. Designed for small form-factor fiber connectors
Mean Time to Recovery
The estimated amount of time it takes to recover from a hardware component failure.
Packet drops
The measurement of the amount of packets that a device can't handle.
FIN
The message used by TCP to close a connection
Top-level domain names
Peak of the hierarchy for naming on the Internet; these include the .com, .org, .net, .edu, .gov, .mil, and .int names, as well as international country codes such as .us, .eu, etc.
first responder
The person or robot whose job is to react to the notification of a possible computer crime by determining the severity of the situation, collecting information, documenting findings and actions, and providing the information to the proper authorities.
Radio Frequency Interference
The phenomenon where a Wi-Fi signal is disrupted by a radio signal from another device.
Wired/Wireless Considerations
The planning of structured cabling, determining any wireless requirements, and planning access to the Internet when building or upgrading networks.
contingency planning
The process of creating documents that set out how to limit damage and recover quickly from an incident
data backup
The process of creating extra copies of data to be used in case the primary data source fails.
geofencing
The process of using a mobile device's built-in GPS capabilities and mobile networking capabilities to set geographical contraints on where the mobile device can be used
Social Engineering
The process of using or manipulating people inside the networking environment to gain access to that network from the outside.
maintenance window
The time it takes to implement and thoroughly test a network change.
crimper
The tool used to secure a crimp (or an RJ-45 connector) onto the end of a cable
Upload
The transfer of information from a user's system to a remote computer system. Opposite of download.
RF emanation
The transmission, intended or unintended, of radio frequencies. These transmissions may come from components that are intended to transmit RF, such as a Wi-Fi network card, or something less expected, such as a motherboard or keyboard. These emanations may be detected and intercepted, posing a potential threat to security.
amplified DOS attack
The type of DSO attack that sends a small amount of traffic to a server, which produces a much larger response from the server that is sent to a spoofed IP address, overwhelming a victim machine.
light leakage
The type of interference caused by bending a piece of fiber-optic cable past its maximum bend radius. Light bleeds through the cladding, causing signal distortion and loss.
802.3z
The umbrella IEEE standard for all versions of Gigabit Ethernet other than 1000BaseT.
Differentiated Services
The underlying architecture that makes quality of service (QoS) work
cleartext
The unencrypted form of data. Also known as plaintext
MAC-48
The unique 48-bit address assigned to a network interface card. This is also known as the MAC address or the EUI-48.
Unit
The unique height measurement used with equipment racks; one equals 1.75 inches
Change request items
There are five items found in a change request: type of change, configuration procedures, rollback procedure, potential impact, and notification.
Collision avoidance
This is the technique used by a network interface to recover from or prevent a collision.
Warchalking
This is the term that describes marking the details of a vulnerable wi-fi network on or near the premises of the network.
sudo ifconfig eth0 up
This is used on MacOS/Linux to renew the system's DHCP information
ipconfig /renew
This is used on Windows operating systems to renew the system's DHCP information
Throughput Tester
This is used to measure the data flow in a network
Change Log
This keeps track of what has been changed or updated over time.
Collision detection
This means that a station sending data can tell when another station transmits at the same time.
Multiple access
This means that when the station transmits, all stations on the segment will hear the transmission.
Wireless reflection
This occurs when radio waves from WAPs bounce off of environmental materials (like metal).
Stateless Autoconfiguration
This provides all the information a host needs to access the Internet from a router using IPv6. Provides an IPv6 address, subnet mask, default gateway, and DNS information.
Extensible Markup Language
This provides the basic format or markup language for everything from RSS feeds to Microsoft Office documents
Ticket-granting service
This reads ticket granting tickets, issues tokens based on timestamps, and the tokens are then used by clients to prove authorization
Logical documentation
This shows the VLANs, domains, as well as port and primary TCP/IP information
EAP-PSK
This uses a pre-shared key that everyone uses to log in. Most popular form of authentication used in wireless networks today.
TCP
Transmission Control Protocol
TCP/IP
Transmission Control Protocol/Internet Protocol
TSP
Tunnel Setup Protocol
TIC
Tunnel information and control
Autonomous System Number
Used by Autonomous System Border Gateway Protocol (the only exterior gateway protocol) routers to communicate with each other. Like big ISPs communicating between each other
domain users and groups
Users and groups that are defined across an entire network domain.
jumbo frames
Usually 9000 bytes long, though technically anything over 1500 bytes qualifies, these frames make large data transfer easier and more efficient than using the standard frame size.
plenum
Usually a space between a building's false ceiling and the floor above it. Most of the wiring for networks is located in this space. This is also a fire rating for network cabling.
Conflicting permissions
When a user does not get access to a needed resource because one of his groups has Deny permission to that resource
Improper access
When a user who shouldn't have access gains access through some means
tailgating
When an unauthorized person attempts to enter through an already opened door.
compatibility issue
When different pieces of hardware or software don't work together correctly.
Ping of Death
When malicious users send malformed ping packets to a destination
Remote access policy
Whatever policy you have in place as to who/when/how users can remotely access the internal network from outside the infrastructure. What type of VPN, how to authenticate, etc.
Banner grabbing
When a malicious user gains access to an open port and uses it to probe a host to gain information and access, as well as learn details about running services.
Cloud bursting
When a private cloud is not powerful enough to meet peak demand and an application grows into a public cloud instead of grinding to a halt
MTU black hole
When a router's firewall features block ICMP requests, making MTU worthless.
Generic Routing Encapsulation
When paired with IPsec this is used to make a point-to-point tunnel connection that carries all sorts of traffic over Layer 3, including multicast and IPv6 traffic
Local backup
When the backup medium is stored close to the computer. Convenient since the backup is nearby but can be destroyed by a local disaster.
file hashing
When the download provider hashes the contents of a file and publishes the resulting message digest
Bandwidth saturation
When the frequency of a band is filled to capacity due to the large number of devices using the same bandwidth.
Switching loop
When you connect multiple switches together in a circuit causing a loop to appear. Better switches use spanning tree protocol (STP) to prevent this.
Zigbee
Wireless home automation control standard. Works at the 2.4GHz range, has distance of 10 meters, and transfer speeds up to 250 Kbps
heat map
a graphical representation of the RF sources on the site (uses different colors to represent intensity of signal)
parabolic antenna
a high- gain reflector antenna (with a dish) used for radio, television, and data communications. A type of directional antenna.
Class of service
a prioritization value used to apply to services, ports, or whatever a quality of service (QoS) device might use.
Advanced Persistent Threat
a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments
Certificate Authority
a trusted third party, such as VeriSign, that validates user identities by means of digital certificates
terminating resistor
an electrical device that absorbs transmitted signals on a cable, preventing the signals from reflecting, deflecting, and distorting
IT
information technology
IFG
interframe gap
classful
obsolete IPv4 addressing scheme that relied on the original class blocks, such as Class A, Class B, and Class C
Server Message Block port
tcp 445
core
the central glass of the fiber-optic cable that carries the light signal
distributed switching
the centralized installation, configuration, and handling of every switch in a virtualized network
cipher lock
A door unlocking system that uses a door handle, a latch, and a sequence of mechanical push buttons.
LC
A duplex type of Small Form Factor (SFF) fiber connector, designed to accept two fiber cables.
Flow
A stream of packets from one specific place to another
Rivest Cipher 4
A streaming symmetric-key algorithm
bastion host
A strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) that can be directly accessed from networks on the other side of the firewall (from the Internet). Any machine directly exposed to the public Internet
Bit Error Rate Test
An end-to-end test that verifies a T-carrier connection
mantrap
An entryway with two successive locked doors and a small space between them providing one-way entry or exit. This is a security measure taken to prevent tailgating.
Network closet
An equipment room that holds servers, switches, routers, and other network gear.
Setup log
An event log that contains a record of installation events, such as installing a role or feature.
BRI
Basic Rate Interface
BSSID
Basic Service Set Identifier
packet
Basic component of communication over a network. Group of bits of fixed maximum size and well-defined format that is switched and transmitted as a single entity through a network. Contains source and destination address, data, and control information.
B channel
Bearer channel
Long Term Evolution
Better known as 4G, a wireless data standard with theoretical download speeds of 300 Mbps and upload speeds of 75 Mbps
Quad small form-factor pluggable
BiDi fiber-optic connector used in 40GBase networks
BERT
Bit Error Rate Test
BOOTP
Bootstrap Protocol
BGP-4
Border Gateway Protocol
horizontal cabling
Cabling that connects the equipment room to the work areas.
CAN
Campus Area Network
real-time video
Communication that offers both audio and video via unicast messages.
unified voice services
Complete, self-contained Internet services that rely on nothing more than software installed on computers and the computers' microphone/speakers to provide voice telecommunication over the Internet. All of the interconnections to the PSTN are handled in the cloud.
NetFlow collector
Component process of NetFlow that captures and saves data from a NetFlow-enabled device's cache for future NetFlow analysis.
file server
Computer designated to store software, courseware, administrative tools, and other data on a LAN or WAN. It "serves" this information to other computers via the network when users enter their personal access codes.
CIA triad
Confidentiality, Integrity, Availability
DAI
Dynamic ARP Inspection
DDNS
Dynamic DNS
DHCP
Dynamic Host Configuration Protocol
DLL
Dynamic Link Library
DMVPN
Dynamic Multipoint Virtual Private Network
DNAT
Dynamic Network Address Translation
Exim
E-mail server for every major platform; fast and efficient
EAP-FAST
EAP-Flexible Authentication via Secure Tunneling
Alerts
For notification is something goes bad
VoIP Gateway
Interface between a traditional switched telephone network and a VoIP provider
Electromagnetic interference
Interference from one device to another, resulting in poor performance in the device's capabilities. This is similar to having static on your TV while running a hair dryer, or placing two monitors too close together and getting a "shaky" screen
Transparent proxy
Intermediary systems that sit between a user and a content provider. When a user makes a request to a web server, this device intercepts the request to perform various actions including caching, redirection and authentication. Must be inline between the clients and Internet and doesn't require client configuration
IDF
Intermediate Distribution Frame
IS-IS
Intermediate System to Intermediate System
IANA
Internet Assigned Numbers Authority
IAS
Internet Authentication Service
ICMP
Internet Control Message Protocol
SNMP agent ports
Listen on UDP 161 and UDP 10161 (when using TLS for encryption)
SNMP manager ports
Listen on UDP 162 and UDP 10162 (when using TLS for encryption)
PoE
Power over Ethernet
RIR
Regional Internet Registry
RJ
Registered Jack
CAT 1 UTP
Regular analog phone lines, not used for data communications
Access port
Regular port in a switch that has been configured as part of a VLAN. Access ports are ports that hosts connect to. They are the opposite of a trunk port, which is only connected to a trunk port on another switch.
Client/server
Relationship in which client software obtains services from a server on behalf of a user.
metric
Relative value that defines the "cost" of using a particular route.
RAS
Remote Access Server
RAT
Remote Access Trojan
RADIUS
Remote Authentication Dial-In User Service
RCP
Remote Copy Protocol
RDP
Remote Desktop Protocol
RSH
Remote Shell
RTU
Remote Terminal Unit
Dedicated connections
Remote connections that are never disconnected
cloud/server-based anti-malware
Remote storage and access of software designed to protect against malicious software where it can be singularly updated.
cloud/server based
Remote storage and access of software, especially anti-malware software, where it can be singularly updated. This central storage allows users to access and run current versions of software easily, with the disadvantage of it not running automatically on the local client. The client must initiate access to and launching of the software.
Mobile Device Management
Remotely controls smart phones and tablets, ensuring data security. Used to control an entire device
Offsite backup
Removing a backup to a remote location. Less convenient as a local backup but less susceptible to local disasters
link segments
Segments that link other segments together, but are unpopulated or have no computers directly attached to them.
proximity reader
Sensor that detects and reads a token that comes within range. The polled information is used to determine the access level of the person carrying the token.
Ticket Granting Ticket
Sent by an Authentication Server in a Kerberos setup if a client's hash matches its own, signaling that the client is authenticated but not yet authorized.
honeynet
The network created by a honeypot in order to lure in hackers.
Usenet
The network of UNIX users, generally perceived as informal and made up of loosely coupled nodes, that exchanges mail and messages. Started by Duke University and UNC-Chapel Hill. An information cooperative linking around 16,000 computer sites and millions of people. Usenet provides a series of "news groups" analogous to online conferences.
Radius client
The network server that receives the connection request from the RADIUS supplicant and communicates with the RADIUS server.
VPN concentrator
The new endpoint of the local LAN in L2TP. Usually a dedicated device that can act as an endpoint for the network
next hop
The next router a packet should go to at any given point.
baud rate
The number of bauds per second, In the early days of telephone data transmission, the baud rate was often analogous to bits per second. Due to advanced modulation of baud cycles as well as data compression, this is no longer true.
Error rate
The number of malformed/broken/fractured packets or frames coming to/from a device.
IP address
The numeric address of a computer connected to a TCP/IP network, such as the Internet. IPv4 addresses are 32 bits long, written as four octets of 8-bit binary. IPv6 addresses are 128 bits long, written as eight sets of four hexadecimal characters. IP addresses must be matched with a valid subnet mask, which identifies the part of the IP address that is the network ID and the part that is the host ID.
Password Authentication Protocol
The oldest and most basic form of authentication and also the least safe because it sends all passwords in cleartext.
trunking
The process of transferring VLAN data between two or more switches.
VLAN
Virtual Local Area Network
VM
Virtual Machine
VMM
Virtual Machine Manager
VNC
Virtual Network Computing
Nonrepudiation
not being able to deny having sent a message
PCV
polyvinyl chloride
U
unit
UART
universal asynchronous receiver transmitter
Subminiature version A connector
A connector commonly used on wireless devices to use different types of antennas.
primary zone
A forward lookup zone that is managed within and by the authoritative DNS server.
Class C Address Range
192.0.0.0 - 223.255.255.255
10GBaseT
A 10 GbE standard designed to run on CAT 6a UTP cabling. Maximum cable length of 100 m. Can use cat6 but will only get up to 55 meters
10GBaseLR/10GBaseLW
A 10 GbE standard using 1310-nm single-mode fiber. Maximum cable length up to 10 km.
10GBaseER/10GBaseEW
A 10 GbE standard using 1550-nm single-mode fiber. Maximum cable length up to 40 km.
10GBaseSR/10GBaseSW
A 10 GbE standard using 850-nm multimode fiber. Maximum cable length up to 300 m.
BNC connector
A connector used for 10Base2 coaxial cable. All BNC connectors have to be locked into place by turning the locking ring 90 degrees.
Wireshark
A popular protocol analyzer integrated with a frame capture tool.
Virtual Trunking Protocol
A proprietary Cisco protocol used to automate the updating of multiple VLAN switches.
Troubleshooting theory steps
(1) Identify the problem, (2) establish a theory of probable cause, (3) test the theory, (4) establish a plan of action, (5) implement and test the solution, (6) verify system functionality, (7) document findings
IPv6 loopback address
0:0:0:0:0:0:0:1, also expressed as ::1
MB (megabyte)
1,048,576 bytes
Class A address range
1.0.0.0 - 126.255.255.255
gigabyte
1024 megabytes
Class B address range
128.0.0.0 - 191.255.255.255
OC-3
155.52 Mbps, STS-3 signal method
APIPA Address range
169.254.x.x
Class D IP address range
224.X.X.X. These are multicast addresses
Media Gateway Control Protocol ports
2427 and 2727 (both TCP and UDP)
PoE standard
802.3af
PoE+ standard
802.3at
CCMP-AES
A 128-bit block cipher used in the IEEE 802.11i standard. Means WPA2 for the exam
DB-25
A 25-pin, D-shaped subminiature connector, typically use in parallel and older serial port connections
Service Set Identifier
A 32-bit identification string, sometimes called a network name, that's inserted into the header of each data packet processed by a wireless access point.
Digital signal level 3
A 44.736-Mbps line from the telco, with 28 DS1 channels plus overhead
preamble
A 7-byte series of alternating ones and zeroes followed by a 1-byte start frame delimiter, always precedes a frame. This gives a receiving NIC time to realize a frame is coming and to know exactly where the frame starts.
DB-9
A 9-pin, D-shaped subminiature connector, often used in serial port connections.
topology change notification
A BPDU that enables switches to rework themselves around a failed interface or device. Helps switch blocked ports into a forwarding state allowing replacement links to come online
Small Form Factor Pluggable
A Cisco module that enables you to add additional features to its routers.
posture assessment
A Cisco process that queries a host to see if it meets certain security criteria before allowing it to connect to the network. The server decides whether to grant a connection, deny a connection, or redirect the connection depending on the security compliance invoked.
Hot Standby Router Protocol
A Cisco proprietary protocol used to take multiple routers and group them together into a single virtual router with a single virtual IP address that clients use as a default gateway. Used to provide high availability for routers.
Bridge Protocol Data Units Guard
A Cisco switch feature that listens for incoming STP BPDU messages, disabling the interface if any are received. The goal is to prevent loops when a switch connects to a port expected to only have a host connected to it.
Port Aggregation Protocol
A Cisco-proprietary protocol that accomplishes port bonding (aka port aggregation).
Security type mismatch
A CompTIA term that means connecting manually to a wireless network with the wrong encryption type or automatically accessing a particular SSID and entering the wrong passphrase
DNS forwarding
A DNS server configuration that sends DNS requests to another DNS server.
Interior DNS
A DNS server that is not registered with the Internet and is used for local domains
reverse lookup zone
A DNS setting that resolves IP addresses to FQDNs. In other words, it does exactly the reverse of what DNS normally accomplishes using forward lookup zones.
Event Viewer
A GUI application that allows users to easily view and sort events recorded in the event log on a computer running a Windows-based operating system.
1000BaseT
A Gigabit Ethernet standard using CAT 5e/6 UTP cabling, with a 100-m maximum cable distance.
1000BaseSX
A Gigabit Ethernet standard using multimode fiber cabling, with a 220- to 500-m maximum cable distance.
1000BaseLX
A Gigabit Ethernet standard using single-mode fiber cabling, with a 5-km maximum cable distance.
1000BaseCX
A Gigabit Ethernet standard using unique copper cabling (twinax), with a 25-m maximum cable distance.
Traceroute
A Linux command-line utility used to follow the path a packet takes between two hosts (through a router).
domain controller
A Microsoft Windows Server system specifically configured to store user and server account information for its domain. Often abbreviated as "DC." These store all account and security information in the Active Directory directory service.
Net share
A Microsoft Windows command that manages shared resources. Can be used to share local resources with other systems
NetBIOS over TCP/IP
A Microsoft-created protocol that enables NetBIOS naming information to be transported over TCP/IP networks. The result is that Microsoft naming services can operate on a TCP/IP network without the need for DNS services.
Remote Desktop Protocol
A Microsoft-created remote terminal protocol
Microsoft Baseline Security Analyzer
A Microsoft-designed tool to test individual Windows-based PCs for vulnerabilities.
Teredo
A NAT-traversal IPv6 tunneling protocol, built into Microsoft Windows.
Secure Sockets Layer
A Protocol developed by Netscape for securely transmitting documents over the Internet. This worked by using a public key to encrypt sensitive data. This encrypted data was sent over this type of connection and then decrypted at the receiving end using a private key. Deprecated in favor of TLS.
American Registry for Internet Numbers
A Regional Internet Registry (RIR) that parcels out IP addresses to large internet service providers (ISPs) and major corporations in North America.
Captive Portal
A Wi-Fi network implementation used in some public facilities that directs attempts to connect to the network to an internal Web page for that facility; generally used to force terms of service on users
Network File System
A TCP/IP file system-sharing protocol that enables systems to treat files on a remote machine as though they were local files. This uses TCP port 2049, but many users choose alternative port numbers. Though still somewhat popular and heavily supported, this has been largely replaced by Samba/CIFS.
Domain Name System
A TCP/IP name resolution system that resolves host names to IP addresses, IP addresses to host names, and other bindings, like DNS servers and mails servers for a domain.
Internet Control Message Protocol
A TCP/IP protocol used to handle many low-level functions such as error reporting. These messages are usually request and response pairs such as echo requests and responses, router solicitations and responses, and traceroute requests and responses. There are also unsolicited "responses" (advertisements) which consist of single packets. These messages are connectionless. Works at the Internet layer (2) of the TCP/IP model and Network layer (3) of the OSI
rootkit
A Trojan horse that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools. Is used to escalate privileges on a host
Static VLAN
A VLAN that is manually configured port by port. This is the method typically used in production networks.
Layer 2 Tunneling Protocol
A VPN protocol developed by Cisco that can be run on almost any connection imaginable. This has no authentication or encryption but uses IPsec for all its security needs.
H.323
A VoIP standard that handles the initiation, setup, and delivery of VoIP sessions.
Thin Client
A WAP that can only be configured by a wireless controller
speed-test site
A Web site used to check an Internet connection's throughput.
WINS Proxy Agent
A Windows Internet Name Service (WINS) relay agent that forwards WINS broadcasts to a WINS server on the other side of a router to keep older systems from broadcasting in place of registering with the server.
NTLDR
A Windows NT/2000/XP/2003 boot file. Launched by the MBR or MFT, this looks at the BOOT.INI configuration file for any installed operating systems.
Net user
A Windows TCP/IP command used to display local user accounts
tracert
A Windows command-line utility used to follow the path a packet takes between two hosts (through a router) as well as how long it takes for each hop.
System Restore
A Windows utility that enables you to return your PC to a recent working configuration when something goes wrong. This returns your computer's system settings to the way they were the last time you remember your system working correctly—all without affecting your personal files or e-mail.
Zenmap
A Windows-based GUI version of nmap.
Secondary Lookup Zone
A backup lookup zone stored on another DNS server.
Independent Basic Service Set
A basic unit of organization in wireless networks formed by two or more wireless nodes communicating in ad hoc mode.
Ns (Nanosecond)
A billionth of a second. Light travels a little over 11 inches in 1 ns.
Advanced Encryption Standard
A block cipher created in the late 1990s that uses a 128-bit block size and a 128-, 192-, or 256-bit key size. Practically uncrackable. A form of symmetric encryption
cable modem
A bridge device that interconnects the cable company's DOCSIS service to the user's Ethernet network. In most locations, the cable modem is the demarc.
T1 crossover
A cable is used to connect two T1 CSU/DSU devices in a back-to-back configuration.
stranded core
A cable that uses a bundle of tiny wire strands to transmit signals. This is not quite as good a conductor as solid core, but it will stand up to substantial handling without breaking.
solid core
A cable that uses a single solid wire to transmit signals.
Shielded Twisted Pair
A cabling for networks composed of pairs of wires twisted around each other at specific intervals. The twists serve to reduce interference (also called crosstalk). The more twists, the less interference. The cable has metallic shielding to protect the wires from external interference.
DNS resolver cache
A cache used by Windows DNS clients to keep track of DNS information.
Badge
A card-shaped device used for authentication; something you have, a possession factor.
telecommunications room
A central location for computer or telephone equipment and, most importantly, centralized cabling. All cables usually run to the telecommunications room from the rest of the installation.
Industrial Control Systems
A centralized controller where the local controllers of a distributed control system (DCS) meet in order for global changes to be made.
Network Operations Center
A centralized location for techs and administrators to manage all aspects of a network
Domain Keys Identified Mail
A certificate used to authenticate anyone attempting to use email as a legitimate user (a specialized txt record in DNS)
Infrastructure change
A change that has impacts of a smaller scale (like changing to a new software, or something that only impacts a single department). This type of change is handled by the change management team.
prompt
A character or message provided by an operating system or program to indicate that it is ready to accept input.
complete algorithm
A cipher and the methods used to implement that cipher.
dedicated circuit
A circuit that runs from a breaker box to specific outlets.
Access control list
A clearly defined list of permissions that specifies what actions an authenticated user may perform on a shared resource. Can also be used on firewalls to determine what's allowed in/out
supplicant
A client computer in a RADIUS network wanting to be authenticated.
documentation
A collection of organized documents or the information recorded in documents. Also, instructional material specifying the inputs, operations, and outputs of a computer program or system.
user profile
A collection of settings that corresponds to a specific user account and may follow the user, regardless of the computer at which he or she logs on. These settings enable the user to have customized environment and security settings.
Password Policy
A collection of settings to control password characteristics such as length, complexity, lockout rules, etc.
high availability
A collection of technologies and procedures that work together to keep an application available at all times. Redundancy and fault tolerance
network
A collection of two or more devices interconnected by telephone lines, coaxial cables, satellite links, radio, and/or some other communication technique.
socket
A combination of a port number and an IP address that uniquely identifies a connection. Also called an endpoint
Network firewall
A combination of hardware and software that filters traffic between private networks or between a private network and a public network, such as the Internet. Typically a dedicated box (sometimes called a hardware firewall)
Net view
A command that displays shared resources and other hosts that are within your workgroup
netstat -s
A command that displays statistics for each protocol that can be used to diagnose problems.
route
A command that enables a user to display and edit the local system's routing table.
ntpdc
A command that puts the NTP server into interactive mode in order to submit queries.
arp -a
A command that shows a systems ARP cache
ip a
A command to show DNS server information in Linux
ipconfig /all
A command to show DNS server information in Windows
Arping
A command used to discover hosts on a network, similar to ping, but that relies on ARP rather than ICMP. This command won't cross any routers, so it will only work within a broadcast domain.
Net use
A command used to map a network share to a drive letter. Can also connect or disconnect a computer from a shared resource or can display information about connections.
nslookup
A command used to see default DNS server information
Net start
A command used to start a network service or list running network services on a system
Net stop
A command used to stop a network service running on a system
Net accounts
A command used to update the user accounts database and modifies password and logon requirements for all accounts
tcpdump
A command-line packet sniffing tool.
ifconfig
A command-line utility for Linux servers and workstations that displays the current TCP/IP configurations of the machine, similar to ipconfig for Windows systems. The newer command-line utility, ip, is replacing ifconfig on most systems.
ipconfig
A command-line utility for Windows that displays the current TCP/IP configuration of the machine; similar to macOS's ifconfig and UNIX/Linux's ip.
tracert -6 (also traceroute6)
A command-line utility that checks a path from the station running the command to a destination host. Adding the -6 switch to the command line specifies that the target host uses an IPv6 address. tracerout6 is a Linux command that performs a traceroute to an IPv6 addressed host.
ping -6
A command-line utility to check the up/down status of an IP addressed host. The "-6" switch included on the command line, using the Windows version of the ping, specifies that the host under test has an IPv6 address.
nbtstat
A command-line utility used to check the current NetBIOS name cache on a particular machine. The utility compares NetBIOS names to their corresponding IP addresses.
Virtual Local Area Network
A common feature among managed switches that enables a single switch to support multiple logical broadcast domains. Managed switches frequently take advantage of this feature.
multilink PPP
A communications protocol that logically joins multiple PPP connections, such as a modem connection, to aggregate the throughput of the links.
Local Exchange Carrier
A company that provides local telephone service to individual customers.
hot site
A complete backup facility to continue business operations. It is considered "hot" because it has all resources in place, including computers, network infrastructure, and current backups, so that operations can commence within hours after occupation. Most expensive backup site
Platform as a Service
A complete deployment and management system that gives programmers all the tools they need to administer and maintain a Web application.
Wireless Local Area Network
A complete wireless network network infrastructure serving a single physical locale under a single administration. No routers, only WAPs
Bootstrap Protocol
A component of TCP/IP that allows computers to discover and receive IP address from a DHCP server prior to booting the OS. Other items that may be discovered during this process are the IP address of the default gateway for the subnet and the IP addresses of any name servers.
buffer
A component of a fiber-optic cable that adds strength to the cable.
Host Bus Adapter
A component that connects a host to other devices in a storage network using fibre channel.
NetBIOS name
A computer name that identifies both the specific machine and the functions that machine performs. A NetBIOS name consists of 16 characters: the first 15 are an alphanumeric name, and the 16th is a special suffix that identifies the role the machine plays.
client
A computer program that uses the services of another computer program; software that extracts information from a server. Your autodial phone is a client, and the phone company is its server. Also, a machine that accesses shared resources on a server.
Programmable Logic Controller
A computer that controls a machine according to a set of ordered steps
server
A computer that shares its resources, such as printers and files, with other computers on the network.
name server
A computer whose job is to know the name of every other computer on the network.
split pair
A condition that occurs when signals on a pair of wires within a UTP cable interfere with the signals on another wire pair within that same cable.
hybrid cloud
A conglomeration of public and private cloud resources, connected to achieve some target result. There is no clear line that defines how much of this cloud infrastructure is private and how much is public.
remote terminal
A connection on a faraway computer that enables you to control that computer as if you were sitting in front of it and logged in. These programs all require a server and a client. The server is the computer to be controlled. The client is the computer from which you do the controlling.
VPN tunnel
A connection over the Internet between a client and a server; this enables the client to access remote resources as if they were local, securely.
persistent connection
A connection to a shared folder or drive that the computer immediately reconnects to at logon.
UDP datagram
A connectionless networking container used in UDP communication.
datagram
A connectionless transfer unit created with User Datagram Protocol designed for quick transfers over a packet-switched network.
reverse proxy server
A connectivity solution that gathers information from its associated servers and shares that information to clients. The clients don't know about the servers behind the scenes. This is the only machine with which they interact. Protects servers from nefarious clients
Zone
A container for a single domain that gets filled with records
user account
A container that identifies a user to the application, operating system, or network, including name, password, user name, groups to which the user belongs, and other information based on the user and the OS or NOS being used. Usually defines the rights and roles a user plays on a system.
Statement of work
A contract that defines the services, products, and time frames for the vendor to achieve.
Workgroup
A convenient method of organizing computers under Network/My Network Places in Windows operating systems.
Web of trust
A decentralized model used for sharing certificates without the need for a centralized CA. Requires a lot of maintenance
Network attached storage
A dedicated file server that has its own file system and typically uses hardware and software designed for serving and storing files. Runs over a standard network and shows up as normal shares on a network.
Local exchange
A defined grouping of individual phone circuits served by a single multiplexer
jitter
A delay in completing a transmission of all the frames in a message; caused by excessive machines on a network.
Small Form Factor
A description of later-generation, fiber-optic connectors designed to be much smaller than the first iterations of connectors.
Network interface
A device by which a system accesses a network. In most cases, this is a NIC or a modem.
cable tray
A device for organizing cable runs in a drop ceiling.
Universal Asynchronous Receiver Transmitter
A device inside a modem that takes the 8-bit-wide digital data and converts it into 1-bit-wide digital data and hands it to the modem for conversion to analog data. The process is reversed for incoming data.
DSL access multiplexer
A device located in a telephone company's central office that connects multiple customers to the Internet.
storage
A device or medium that can retain data for subsequent retrieval.
PoE injector
A device that adds power to an Ethernet cable so the cable can provide power to a device.
wireless range extender
A device that amplifies your wireless signal to get it out to parts of your location that are experiencing poor connectivity.
concentrator
A device that brings together at a common center connections to a particular kind of network (such as Ethernet) and implements that network internally.
Managed Switch
A device that can be assigned their own IP address to enable connection and configuration. VLANs can only be implemented through these devices
Satellite modem
A device that connects a computer to a satellite for purposes of accessing the Internet.
router
A device that connects separate networks and forwards a packet from one network to another based only on the network address for the protocol being used. Operates at Layer 3 (Network) of the OSI seven-layer model.
bridge
A device that connects two networks and passes traffic between them based only on the node address, so that traffic between nodes on one network does not appear on the other network. This device operates at Level 2 (Data Link layer) of the OSI seven-layer model.
DSL modem
A device that enables customers to connect to the Internet using a DSL connection.
Oscilloscope
A device that gives a graphical/visual representation of signal levels over a period of time.
media converter
A device that lets you interconnect different types of Ethernet cable.
demarc
A device that marks the dividing line of responsibility for the functioning of a network between internal users and upstream service providers. Aka demarcation point
multiplexer
A device that merges information from multiple input channels to a single output channel.
repeater
A device that takes all of the frames it receives on one Ethernet segment and re-creates them on another Ethernet segment. This allows for longer cables or more computers on a segment. These operate at Layer 1 (Physical) of the OSI seven-layer model. They do not check the integrity of the Layer 2 (Data Link) frame so they may repeat incorrectly formed frames. They were replaced in the early 1980s by bridges which perform frame integrity checking before repeating a frame.
Certified
A device that tests a cable to ensure that it can handle its rated amount of capacity
Channel service unit/digital service unit
A device that understands the Layer 1 details of serial links installed by a telco and how to use a serial cable to communicate with networking equipment such as routers.
line tester
A device used by technicians to check the integrity of telephone wiring. Can be used on a twisted-pair line to see if it is good, dead, or reverse wires, or if there is AC voltage on the line.
Service Level Agreement
A document between a customer and a service provider that defines the scope, quality, and terms of the service to be provided.
Memorandum of Understanding
A document that defines an agreement between two parties in situation where a legal contract is not appropriate.
Acceptable Use Policy
A document that defines what a person may and may not do on an organization's computers and networks. This defines ownership, web site access, and access times while on company assets
Forensics report
A document that describes the details of gathering, securing, transporting, and investigating evidence.
Multisource Agreement
A document that details the interoperability of network hardware from a variety of manufacturers.
hypertext
A document that has been marked up to enable a user to select words or pictures within the document, click them, and connect to further information. The basis of the World Wide Web.
physical network diagram
A document that shows all of the physical connections on a network. Cabling type, protocol, and speed are also listed for each connection.
logical network diagram
A document that shows the broadcast domains and individual IP addresses for all devices on the network. Only critical switches and routers are shown.
Wiring diagram
A document, also known as a wiring schematic, that usually consists of multiple pages and that shows the following: how the wires in a network connect to switches and other nodes, what types of cables are used, and how patch panels are configured. It usually includes details about each cable run. An example of physical documentation
Multiple In/Multiple Out
A feature of 802.11 WAPs that enables them to make multiple simultaneous connections.
group policy
A feature of Windows Active Directory that allows an administrator to apply policy settings to network users en masse.
tamper detection
A feature of modern server chasses that will log in the motherboard's nonvolatile RAM (NGRAM) if the chassis has been opened. The log will show chassis intrusion with a dat and time. Alternatively, the special stickers or zip ties that break when a device has been opened.
motion detection system
A feature of some video surveillance systems that starts and stops recordings based on actions caught by the camera(s).
InterVLAN Routing
A feature on advanced switches to provide routing between VLANs without using a physical router.
passive optical network
A fiber architecture that uses a single fiber to the neighborhood switch and then individual fiber runs to each final destination.
Capture file
A file in which the collected packets from a packet sniffer program are stored.
Dynamic Link Library
A file of executable functions or data that can be used by a Windows application. Typically provides one or more particular functions, and a program access the functions by creating links to it
NT File System
A file system for hard drives that enables object-level security, long filename support, compression, and encryption. Version 4.0 debuted with Windows NT 4.0. Later Windows versions continue to update this.
Unified Threat Management
A firewall that is also packaged with a collection of other processes and utilities to detect and prevent a wide variety of threats. These protections include intrusion detection systems, intrusion prevention systems, VPN portals, load balancers, and other threat mitigation apparatus.
virtual firewall
A firewall that is implemented in software within a virtual machine in cases where it would be difficult, costly, or impossible to install a traditional physical firewall
stateless firewall
A firewall that manages each incoming/outgoing packet as a stand-alone entity without regard to currently active connections. Uses pattern analysis and heuristics to decide which packets should be blocked
destination port
A fixed, predetermined number that defines the function or session type in a TCP/IP network.
deauthentication attack
A form of DOS attack that targets 802.11 Wi-Fi networks specifically by sending out a frame that kicks a wireless client off its current WAP connection. A rogue WAP nearby presents a stronger signal, which the client will prefer. The rogue WAP connects the client to the Internet and then proceeds to intercept communications to and from that client.
Typosquatting
A form of attack that relies on mistakes, such as typographical errors, made by Internet users when inputting information into a Web browser. Also known as URL hijacking
multifactor authentication
A form of authentication where a user must use two or more factors to prove his or her identity; for example, some sort of physical token that, when inserted, prompts for a password
Protocol Attack
A form of denial of service where a protocol is manipulated in a strange way to prevent a server from serving others.
Volume attack
A form of denial of service where a server is overwhelmed by a shear number of requests.
Application Attacks
A form of denial of service where an application stored on a server is prevented from responding to requests in a timely fashion.
Active Directory
A form of directory service used in networks with Windows servers. Creates an organization of related computers that share one or more Windows domains. Used primarily for local area networks
Change request
A formal or informal document suggesting a modification to some aspect of the network or computing environment.
primary lookup zone
A forward lookup zone stored in a text file.
broadcast
A frame or packet addressed to all machines, almost always limited to a broadcast domain.
normal backup
A full backup of every selected file on a system. This type of backup turns off the archive bit after the backup.
Asymmetric Digital Subscriber Line
A fully digital, dedicated connection to the telephone system that provides download speeds of up to 9 Mbps and upload speeds of up to 1 Mbps.
workstation
A general-purpose computer that is small enough and inexpensive enough to reside at a person's work area for his or her exclusive use.
SRV record
A generic DNS record that supports any type of server
cable tester
A generic name for a device that tests cables. Some common tests are continuity, electrical shorts, crossed wires, or other electrical characteristics.
Wide Area Network
A geographically dispersed network created by linking various computers and LANs over long distances, generally using leased phone lines. Multiple broadcast domains that are interconnected
Category (CAT) Rating
A grade assigned to cable to help network installers get the right cable for the right network technology. CAT ratings are officially rated in megahertz (MHz), indicating the highest-frequency bandwidth the cable can handle.
RG-59
A grade of coaxial cable used for cable television and early cable modem Internet connections. This has a characteristic impedance of 75 ohms.
RG-6
A grade of coaxial cable used for cable television and modern cable modem Internet connections. This has a characteristic impedance of 75 ohms. Thicker than RG-59
RG-58
A grade of small-diameter coaxial cable used in 10Base2 Ethernet networks. This has a characteristic impedance of 50 ohms.
Local Area Network
A group of PCs connected together via cabling, radio, or infrared that use this connectivity to share resources such as printers and mass storage.
man in the middle
A hacking attack where a person inserts him- or herself into a conversation/session between two others, covertly intercepting traffic thought to be only between those other people.
edge device
A hardware device that has been optimized to perform a task in coordination with other edge devices and controllers
DNS tree
A hierarchy of DNS domains and individual computer names organized into a tree-like structure, the top of which is the root.
Digital Subscriber Line
A high-speed Internet connection technology that uses a regular telephone line for connectivity. This comes in several varieties, including asymmetric and symmetric, and many speeds. Typical home-user connections are asymmetric with a download speed up to 9 Mbps and an upload speed of up to 1 Kbps.
fiber-optic cable
A high-speed physical medium for transmitting data that uses light rather than electricity to transmit data and is made of high-purity glass fibers sealed within a flexible opaque tube. Much faster than conventional copper wire.
Network map
A highly detailed illustration of a network, down to the individual computers. A network map will show IP addresses, ports, protocols, and more.
star-bus topology
A hybrid of the star and bus topologies that uses a physical star, where all nodes connect to a single wiring point such as a hub and a logical bus that maintains the Ethernet standards. One benefit of this is fault tolerance.
Structured Query Language
A language created by IBM that relies on simple English statements to perform database queries. This enables databases from different manufacturers to be queried using a standard syntax.
switch
A layer 2 (Data Link) multiport device that filters and forwards frames based on MAC addresses.
T1
A leased-line connection capable of carrying data at 1,54 mbps with 24 channels
T3 line
A leased-line connection capable of carrying data at 44.736 mbps with 672 channels
Modal Distortion
A light distortion problem unique to multimode fiber-optic cable. Does not effect single mode fiber
Collision light
A light on some older NICs that flickers when a network collision is detected.
Demilitarized Zone
A lightly protected or unprotected subnet positioned between an outer firewall and an organization's highly protected internal network. These are used mainly to host public address servers (such as Web servers).
Simple Network Time Protocol
A lightweight version of NTP
Record
A line in the zone data that maps a FQDN to an IP address
list of requirements
A list of all the things you'll need to do to set up your SOHO network, as well as the desired capabilities of the network.
routing table
A list of paths to various networks required by routers. This table can be built either manually or automatically.
cold site
A location that consists of a building, facilities, desks, toilets, parking, and everything that a business needs except computers. Cheapest backup site but takes weeks to bring online
system log
A log file that records issues dealing with the overall system, such as system services, device drivers, or configuration changes. Also called general logs
general logs
A log file that records issues dealing with the overall system, such as system services, device drivers, or configuration changes. Also called system logs
security log
A log that tracks anything that affects security, such as successful and failed logons and logoffs.
Adaptive Network Technology (Plus)
A low-speed, low-power networking technology; used in place of Bluetooth for connecting devices, such as smart phones and exercise machines. Works at the 2.4 GHz range, has a distance of 30 meters, and transfer speed of 20 Kbps.
Near Field Communication
A low-speed, short-range, networking technology designed for (among other things) small-value monetary transactions. Operates at 13.56 MHz, has a 4 cm range, and transfer speeds of 424 Kbps
dedicated server
A machine that does not use any client functions, only server functions.
ARP cache poisoning
A man-in-the-middle attack, where the attacker associates his MAC address with someone else's IP address (almost always the router), so all traffic will be sent to him first. The attacker sends out unsolicited ARPs, which can either be requests or replies.
Rack Diagrams
A map of what is physically installed in a rack.
polyvinyl chloride
A material used for the outside insulation and jacketing of most cables. Also a fire rating for a type of cable that has no significant fire protection.
hash
A mathematical function used in cryptography that is run on a string of binary digits of any length that results in a value of some fixed length. Not used for encryption. Used for data integrity checks
Cyclic Redundancy Check
A mathematical method used to check for errors in long streams of transmitted data with high accuracy.
Network Address Translation
A means of translating a system's IP address into another IP address before sending it out to a larger network. This manifests itself by a program that runs on a system or a router. A network using this provides the systems on the network with private IP addresses. The system running this software has two interfaces: one connected to the network and the other connected to the larger network. This program takes packets from the client systems bound for the larger network and translates their internal private IP addresses to its own public IP address, enabling many systems to share a single IP address.
latency
A measure of a signal's delay. When data stops moving for a moment due to a WAP unable to do the work
packet filtering
A mechanism that blocks any incoming or outgoing packet from a particular IP address or range of IP addresses. Also known as IP filtering. This controls access to IP-addressed devices.
Actuator
A mechanism that puts something into automatic action
document
A medium and the data recorded on it for human use; for example, a report sheet or book. BY extension, any record that has permanence and that can be read by a human or a machine
node
A member of a network or a point where one or more functional units interconnect transmission lines
Fully Meshed Topology
A mesh network where every node is directly connected to every other node.
unicast transmission
A message sent from one computer to a single other computer.
Equipment rack
A metal structure used in equipment rooms to secure network hardware devices and patch panels. Most are 19" wide. Devices designed to fit in these use a height measurement called units, or simply U.
Path MTU discovery
A method for determining the best MTU setting that works by adding a new feature called the "Don't Fragment (DF) flag" to the IP packet
port aggregation
A method for joining two or more switch ports logically to increase bandwidth
Anycast
A method of addressing groups of computers as though they were a single computer. This starts by giving a number of computers (or clusters of computers) the same IP address. Advanced routers then send incoming packets to the closest of the computers.
inheritance
A method of assigning user permissions, in which folder permissions flow downward into subfolders.
IP filtering
A method of blocking packets based on IP addresses.
Point Coordination Function
A method of collision avoidance defined by the 802.11 standard but has yet to be implemented
daisy-chain
A method of connecting together several devices along a bus and managing the signals for each device.
public key cryptography
A method of encryption and decryption that uses two different keys: a public key for encryption and a private key for decryption.
Stateful Filtering/Stateful Inspection
A method of filtering in which all packets are examined as a stream. Stateful devices can do more than allow or block; they can track when a stream is disrupted or packets get corrupted and act accordingly.
Stateless Filtering/Stateless Inspection
A method of filtering where the device that does the filtering looks at each IP packet individually, checking the packet for IP addresses and port numbers and blocking or allowing accordingly.
MAC address filtering
A method of limiting access to a wireless network based on the physical addresses of wireless NICs.
encryption
A method of securing messages by scrambling and encoding each packets as it is sent across an unsecure medium, such as the Internet. Each encryption level provides multiple standards and options.
two-factor authentication
A method of security authentication that requires two separate means of authentication, for example, some sort of physical token that, when inserted, prompts for a password. Also called multifactor authentication.
Metro Ethernet
A metropolitan area network (MAN) based on the Ethernet standard.
promiscuous mode
A mode of operation for a NIC in which the NIC processes all frames that it sees on the cable.
chat
A multiparty, real-time text conversation. The Internet's most popular version is known as Internet Relay Chat (IRC), which many groups use to converse in real time with each other.
Transmit beamforming
A multiple-antenna technology in 802.11n WAPs that helps get rid of dead spots.
Windows Internet Name Service
A name resolution service that resolves NetBIOS names to IP addresses.
flat name space
A naming convention that gives each device only one name that must be unique. NetBIOS uses this. TCP/IP's DNS uses a hierarchical name space.
Hierarchical Name Space
A naming scheme where the full name of each object includes its position within the hierarchy. An example of this is www.totalseminars.com, which includes not only the host name, but also the domain name. DNS uses this scheme for fully qualified domain names (FQDNs).
Pointer Record
A record that points IP addresses to host names
bridge loop
A negative situation in which bridging devices (usually switches) are installed in a loop configuration, causing frames to loop continuously. Switches using Spanning Tree Protocol (STP) prevent these by automatically turning off looping ports.
link status
A network analyzer report on how good the connection is between two systems
Virtual Private Network
A network configuration that enables a remote user to access a private network via the Internet. These employ an encryption methodology called tunneling, which protects the data from interception.
peer-to-peer
A network in which each machine can act as either a client or a server.
Server-based network
A network in which one or more systems function as dedicated file, print, or application servers, but do not function as clients.
Campus Area Network
A network installed in a medium-sized space spanning multiple buildings
broadcast domain
A network of computers that will hear each other's broadcasts. The older term collision domain is the same but rarely used today.
medianet
A network of far-flung routers and servers that provides sufficient bandwidth for video teleconferencing (VTC) via quality of service (QoS) and other tools.
Asynchronous Transfer Mode
A network technology that runs at speeds between 25 and 622 Mbps using fiber-optic cabling or Cat 5 or better UTP. A do it all network technology
guest network
A network that can contain or allow access to any resource that management deems acceptable to be used by insecure hosts that attach to the guest network.
logical topology
A network topology defined by signal paths as opposed to the physical layout of the cables.
Star Topology
A network topology in which all computers in the network connect to a central wiring point.
Ring Topology
A network topology in which all the computers on the network attach to a central ring of cable.
bus topology
A network topology that uses a single bus cable that connects all of the computers in line. These networks must be terminated to prevent signal reflection.
Nmap
A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner.
external connections
A network's connections to the winder Internet. Also a major concern when setting up a SOHO network.
security
A network's resilience against unwanted access or attack.
Java
A network-oriented programming language invented by Sun Microsystems (acquired by Oracle) and specifically designed for writing programs that can be safely downloaded to your computer through the Internet and immediately run without fear of viruses or other harm to our computer or files. Using these small programs (called "Applets"), Web pages can include functions such as animations, calculators, and other fancy tricks.
Automatic Private IP Addressing
A networking feature in operating systems that enables DHCP clients to self-configure an IP address and subnet mask automatically when a DHCP server isn't available.
session
A networking term used to refer to the logical stream of data flowing between two programs and being communicated over a network. Many different sessions may be emanating from any one node on a network.
network ID
A number used in IP networks to identify the network on which a device or machine exists.
patch panel
A panel containing a row of female connectors (ports) that terminate the horizontal cabling in the equipment room. Patch panels facilitate cabling organization and provide protection to horizontal cabling.
Unauthorized access
A person does something beyond his/her authority to do
lock
A physical device that prevents access to essential assets of an organization, such as servers, without a key
bridging loop
A physical wiring of a circuitous path between two or more switches, causing frames to loop continuously. Spanning Tree Protocol (STP) implemented in switches will discover and block looped paths.
Channel Service Unit/Data Service Unit
A piece of equipment that connect a T-carrier leased line from the telephone company to a customer's equipment (such as a router). It performs line encoding and conditioning functions, and it often has a loopback function for testing.
dead spot
A place that should be covered by the network signal but where devices get no signal.
Unshielded Twisted Pair
A popular cabling for telephone and networks composed of pairs of wires twisted around each other at specific intervals. The twists serve to reduce interference (also called crosstalk). The more twists, the less interference. The cable has no metallic shielding to protect the wires from external interference, unlike its cousin, STP. 10BaseT uses this; as do many other networking technologies. This is available in a variety of grades, called categories.
UNIX
A popular computer software operating system used on many Internet host systems.
Secure Hash Algorithm
A popular cryptographic hash
Message Digest algorithm (version 5)
A popular hashing function
Trunk port
A port on a switch configured to carry all VLAN data, regardless of VLAN number, between all switches in a LAN. These ports are used to connect switches to other switches
802.1X
A port-authentication network access control mechanism for networks.
channel
A portion of the wireless spectrum on which a particular wireless network operates. Setting the wireless networks to different channels enables separation of the networks.
vulnerability
A potential weakness in an infrastructure that a threat might exploit.
Counter
A predefined event that is recorded to a log file
Internal network
A private LAN, with a unique network ID, that resides behind a router.
intranet
A private TCP/IP network inside a company or organization.
VoIP PBX
A private branch exchange that uses VoIP instead of the traditional switched telephone circuites.
community cloud
A private cloud paid for and used by multiple similar organizations.
Private Branch Exchange
A private phone system used within an organization.
short message service alert
A proactive message regarding an out-of-tolerance condition of an SNMP managed device sent as an SMS text.
static routing
A process by which routers in an internetwork obtain information about paths to other routers. This information must be supplied manually.
Frequency Division Multiplexing
A process of keeping individual phone calls separate by adding a different frequency multiplier to each phone call, making it possible to separate phone calls by their unique frequency range.
site survey
A process that enables you to determine any obstacles to creating the wireless network you want.
Authentication
A process that proves good data traffic truly came from where it says it originated by verifying the sending and receiving users and computers.
roaming
A process where clients seamlessly change wireless access point (WAP) connections, depending on whichever WAP has the strongest signal covered by the broadcast area.
replication
A process where multiple computers might share complete copies of a database and constantly update each other
single sign-on
A process whereby a client performs a one-time login to a gateway system. That system, in turn, takes care of the client's authentication to any other connected systems for which the client is authorized to access.
virus
A program that can make a copy of itself without your necessarily being aware of it. All viruses carry some payload that may or may not do something malicious.
Telnet
A program that enables users on the Internet to log onto remote systems from their own host systems.
Adware
A program that monitors the types of Web sites you frequent and uses that information to generate targeted advertisements, usually pop-up windows.
port scanner
A program that probes ports on another system, logging the state of the scanned ports.
packet analyzer
A program that reads the capture files from packet sniffers and analyzes them based on monitoring needs.
interface monitor
A program that tracks the bandwidth and utilization of one or more interfaces on one or more devices in order to monitor traffic on a network.
Remote help
A program used to control the desktop of the user you are assisting
logical address
A programmable network address, unlike a physical address that is burned into ROM.
Lightweight Extensible Authentication Protocol
A proprietary EAP authentication used almost exclusively by CISCO wireless products. This is an interesting combination of MS-CHAP authentication between a wireless client and a RADIUS server.
Terminal Access Controller Access Control System Plus
A proprietary protocol developed by Cisco to support Authorization, Authentication, and Accounting (AAA) in a network with many routers and switches. It is similar to RADIUS in function, but uses TCP port 49 by default and separates AAA into different parts.
Address Resolution Protocol
A protocol in the TCP/IP suite used with the command-line utility of the same name to determine the MAC address that corresponds to a particular IP address. Resolves IP addresses to MAC addresses.
Extensible Authentication Protocol-Transport Layer Security
A protocol that defines the use of a RADIUS server as well as mutual authentication, requiring certificates on both the server and every client
Extensible Authentication Protocol-Tunneled Transport Layer Security
A protocol that defines the use of a RADIUS server, requiring only a single server-side certificate.
connectionless communication
A protocol that does not establish and verify a connection between the hosts before sending data; it just sends the data and hopes for the best. This is faster than connection-oriented protocols. UDP is an example of a connectionless protocol.
Dynamic DNS
A protocol that enables DNS servers to get automatic updates of IP addresses of computers in their forward lookup zones, mainly by talking to the local DHCP server.
Dynamic Host Configuration Protocol
A protocol that enables a DHCP server to set TCP/IP settings automatically for a DHCP client.
Point-to-Point Protocol
A protocol that enables a computer to connect to the Internet through a dial-in connection and to enjoy most of the benefits of a direct connection. This is considered to be superior to the Serial Line Internet Protocol (SLIP) because of its error detection and data compression features, which SLIP lacks, and the capability to use dynamic IP addresses.
Spanning Tree Protocol (STP)
A protocol that enables switches to detect and repair bridge loops automatically.
Internet Small Computer System Interface
A protocol that enables the SCSI command set to be transported over a TCP/IP network from a client to an iSCSI-based storage system. This is popular with storage area network (SAN) systems and is cheaper than fibre channel because it uses Ethernet.
Connection-Oriented Communication
A protocol that establishes a connection between two hosts before transmitting data and verifies receipt before closing the connection between the hosts. TCP is an example of a connection-oriented protocol.
Media Gateway Control Protocol
A protocol that is designed to be a complete VoIP or video presentation connection and session controller. This uses TCP ports 2427 and 2727.
Network Basic Input/Output System
A protocol that operates at the Session layer of the OSI seven-layer model. This protocol creates and manages connections based on the names of the computers involved.
Link Local Multicast Name Resolution
A protocol that serves the same function as a DNS server when a DNS server cannot be reached. It resolves names of devices connected collectively on a local network. Replaced NetBIOS depending on the version of Windows in use
Dynamic routing protocol
A protocol that supports the building of automatic routing tables, such as OSPF or RIP.
Trivial File Transfer Protocol
A protocol that transfers files between servers and clients. Unlike FTP, this requires no user login. Devices that need an operating system, but have no local hard disk (for example, diskless workstations and routers), often use this to download their operating systems. Uses UDP
Point-to-Point Tunneling Protocol
A protocol that works with PPP to provide a secure data link between computers using encryption.
User Datagram Protocol
A protocol used by some older applications, most prominently TFTP (Trivial FTP), to transfer files. These datagrams are both simpler and smaller than TCP segments, and they do most of the behind-the-scenes work in a TCP/IP network.
Common Address Redundancy Protocol
A protocol used to allow multiple hosts on the same network to share a set of IP addresses. This provides your network with redundancy.
Lightweight Directory Access Protocol
A protocol used to query and change a database used by the network. Runs on TCP port 389 by default.
Virtual Router Redundancy Protocol
A protocol used to take multiple routers and group them together into a single virtual router with a single virtual IP address that clients use as a default gateway. Used to provide high availability for routers.
Point-to-Point Protocol over Ethernet
A protocols that was originally designed to encapsulate PPP frames into Ethernet frames. Used by DSL providers to force customers to log into their DSL connections instead of simply connecting automatically.
certificate
A public encryption key signed with the digital signature from a trusted third party called a certificate authority (CA). This key serves to validate the identity of its holder when that person or company sends data to other parties.
Get (SNMP)
A query from an SNMP manager sent to the agent of a managed device for the status of a management information base (MIB) object.
monlist
A query that asks the NTP server about the traffic going on between itself and peers.
Frequency band
A range of frequencies that can be segmented into channels
Challenge Handshake Authentication Protocol
A remote access authentication protocol. It has the serving system challenge the remote client, which must provide an encrypted password.
SSH File Transfer Protocol
A replacement for FTP released after many of the inadequacies of SCP (such as the inability to see the files on the other computer) were discovered. A secure version of FTP designed to run over an SSH session.
Command
A request, typed from a terminal or embedded in a file, to perform an operation or to execute a particular program
Transport Layer Security
A robust update to SSL that works with almost any TCP application
Remote management
A router feature that allows configuration from a wireless client. A convenience that can be exploited by bad actors.
Multiprotocol Label Switching
A router feature that labels certain data to use a desired connection. It works with any type of packet switching (even Ethernet) to force certain types of data to use a certain path. Today's most common telephony packet switching technology
Aggregation
A router hierarchy in which every router underneath a higher router always uses a subnet of that router's existing routes.
DHCP relay
A router process that, when enabled, passes DHCP requests and responses across router interfaces. In common terms, DHCP communications can cross from one network to another within a router that has this enabled and configured.
DHCP issue limiting
A router security feature that only allows a certain number of IP addresses to be issued out via DHCP.
Client Isolation
A router security feature that prevents clients on the same SSID from seeing and connecting to each other.
MAC address clone
A router technique that helps cable modems not go down when you switch physical devices
gateway router
A router that acts as a default gateway in a TCP/IP network.
Forwarding Equivalence Class (FEC)
A set of packets that can be sent to the same place, such as a single broadcast domain of computers connected to a router
virtual router
A router that is implemented in software within a virtual machine. The scalability of a virtual machine makes it easy to add capacity to the router when it is needed. These are easily managed and are highly scalable without requiring the purchase of additional network hardware.
Router Advertisement
A router's response to a client's router solicitation, also sent at regular intervals, that gives the client information to configure itself (prefix, prefix length, and more).
F-connector
A screw-on connector used to terminate small-diameter coaxial cable such as RG-6 and RG-59 cables.
global unicast address
A second IPv6 address that every system needs in order to get on the Internet.
Backup Designated Router
A second router set to take over if the designated router fails.
HTTP over SSL
A secure form of HTTP in which hypertext is encrypted by Transport Layer Security (TLS) before being sent onto the network. It is commonly used for Internet business transactions or any time where a secure connection is required. The name reflects the predecessor technology to TLS called Secure Sockets Layer (SSL).
Principle of Least Privilege
A security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job.
Mandatory Access Control
A security model in which every resource is assigned a label that defines its security level. If the user lacks that security level, they do not get access
Authentication, Authorization, and Accounting
A security philosophy wherein a computer trying to connect to a network must first present some form of credential in order to be authenticated and then must have limitable permissions within the network. The authenticating server should also record session information about the client.
share level security
A security system in which each resource has a password assigned to it; access to the resource is based on knowing the password.
user-level security
A security system in which each user has an account, and access to resources is based on user identity.
Data Over Cable Service Interface Specification
A security technology used for filtering packets and maintaining customer privacy on cable Internet services
spoofing
A security threat where an attacker makes some data seem as though it came from somewhere else, such as sending an e-mail with someone else's e-mail address in the sender field. Faking IP or MAC addresses is a classic example
Closed Circuit Television
A self-contained, closed system in which video cameras feed their signal to specific, dedicated monitors and storage devices.
Fibre channel
A self-contained, high-speed storage environment with its own storage arrays, cables, protocols, and switches. This is critical part of storage area networks (SANs).
Frame Check Sequence
A sequence of bits placed in a frame that is used to check the primary data for errors.
Yost cable
A serial cable used to interface with a Cisco device for configuration. Also known as a rollover cable
password
A series of characters that enables a user to gain access to a file, a folder, a PC, or a program.
cipher
A series of complex and hard-to-reverse mathematics run on a string of ones and zeroes in order to make a new set of seemingly meaningless ones and zeroes.
OpenSSH
A series of secure programs developed by the OpenBSD organization to fix SSH's limitation of only being able to handle one session per tunnel.
Caching engine
A server dedicated to storing cache information on your network. These servers can reduce overall network traffic dramatically.
Storage Area Network
A server that can take a pool of hard disks and present them over the network as any number of logical disks. Provides block-level storage, runs on fibre channel,
Web server
A server that enables access to HTML documents by remote users.
Radius Server
A server that offers centralized authentication services to a network's access server, VPN server, or wireless access point via the RADIUS protocol. A AAA (authorization, authentication, and accounting) solution
Fractional T1 access
A service provided by many telephone companies wherein customers can purchase a number of individual channels in a T1 line in order to save money.
Extended Service Set Identifier
A service set identifier applied to an extended service set as a network naming convention. Multiple WAPs configured with a single SSID on the same broadcast domain
top-level domain servers
A set of DNS servers—just below the root servers—that handle the top-level domain names, such as .com, .org, .net, and so on.
program
A set of actions or instructions that a machine is capable of interpreting and executing. Used as a verb, it means to design, write, and test such instructions.
Transmission Control Protocol/Internet Protocol
A set of communication protocols developed by the U.S. Department of Defense that enables dissimilar computers to share information over a network.
change management documentation
A set of documents that defines procedures for changes to the network.
configuration management
A set of documents, policies, and procedures designed to help you maintain and update your network in a logical, orderly fashion.
non-discovery mode
A setting for Bluetooth devices that effectively hides them from other Bluetooth devices.
network share
A shared resource on a network.
Interframe gap
A short, predefined silence originally defined for CSMA/CD; also used in CSMA/CA. Also known as an interframe space (IFS).
bounce
A signal sent by one device taking many different paths to get to the receiving systems.
Session Initiation Protocol
A signaling protocol for controlling voice and video calls over IP. This competes with H.323 for VoIP dominance.
checksum
A simple error-detection method that adds a numerical value to each data packet, based on the number of data bits in the packet. The receiving node applies the same formula to the data and verifies that the numerical value is the same; if not, the data has been corrupted and must be re-sent.
Basic NAT
A simple form of NAT that translates a computer's private or internal IP address to a global IP address on a one-to-one basis.
manual tunnel
A simple point-to-point connection between two IPv6 networks. As a tunnel, it uses IPsec encryption.
UTP coupler
A simple, passive, double-ended connector with female connectors on both ends. These are used to connect two UTP cable segments together to achieve longer length when it is deemed unnecessary or inappropriate to use a single, long cable.
model
A simplified representation of a real object or process. In the case of networking, this represents logical tasks and subtasks that are required to perform network communication.
virtual IP
A single IP address shared by multiple systems. This is commonly the single IP address assigned to a home or organization that uses NAT to have multiple IP stations on the private side of the NAT router.
Zombie
A single computer under the control of an operator that is used in a botnet attack.
host
A single device (usually a computer) on a TCP/IP network that has an IP address; any device that can be the source or destination of a data packet. Also, a computer running multiple virtualized operating systems.
run
A single piece of installed horizontal cabling.
Network-Based Anti-Malware
A single source server that holds current anti-malware software. Multiple systems can access and run the software from that server. The single site makes the software easier to update and administer than anti-malware installed on individual systems.
Extended Service Set
A single wireless access point servicing a given area that has been extended by adding more access points
browser
A software program specifically designed to retrieve, interpret, and display Web pages
route aggregation
A solution used to optimize and decrease the size of a routing tables used by BGP
Syslog
A somewhat standardization of logging that works well with SNMP. Has a scale of 0-7 (extreme to just notification) rating system for events. Typically used in the Unix/Linux and MacOS world
cache
A special area of RAM that stores frequently accessed data. In a network there are a number of applications that take advantage of cache in some way.
worm
A special form of virus. Unlike other viruses, these do not infect other files on the computer. Instead, it replicates by making copies of itself on other systems on a network by taking advantage of security weaknesses in networking protocols.
Routing and Remote Access Service
A special remote access server program, originally only available on Windows Server, on which a PPTP endpoint is placed in Microsoft networks
loopback test
A special test often included in diagnostic software that sends data out of the NIC and checks to see if it comes back.
digital signal processor
A specialized microprocessor-like device that processes digital signals at the expense of other capabilities, much as the floating-point unit (FPU) is optimized for math functions. These are used in such specialized hardware as high-speed modems, multimedia sound cards, MIDI equipment, and real-time video capture and compression.
110-Punchdown Tool
A specialized tool for connecting UTP wires to a 110-block. Also called a 110-punchdown tool
punchdown tool
A specialized tool for connecting UTP wires to a 110-block. Also called a 110-punchdown tool
SPF record
A specialized txt record in DNS used to reduce spam
crossover cable
A specially terminated UTP cable used to interconnect routers or switches, or to connect network cards without a switch. Crossover cables reverse the sending and receiving wire pairs from one end to the other.
macro
A specially written application macro (collection of commands) that performs the same functions as a virus. These macros normally autostart when the application is run and then make copies of themselves, often propagating across networks.
DNS domain
A specific branch of the DNS name space. Top-level DNS domains include .com, .gov, and .edu.
Extension Mechanisms for DNS
A specification that expanded several parameter sizes but maintained backward compatibility with earlier DNS servers
bottleneck
A spot on a network where traffic slows precipitously.
Frequency Hopping Spread Spectrum
A spread-spectrum broadcasting method defined in the 802.11 standard that sends data on one frequency at a time, constantly shifting frequencies.
Direct Sequence Spread Spectrum
A spread-spectrum broadcasting method defined in the 802.11 standard that sends data out on different frequencies at the same time
Orthogonal Frequency Division Multiplexing
A spread-spectrum broadcasting method that combines the multiple frequencies of DSSS with FHSS's hopping capability.
Multipurpose Internet Mail Extensions
A standard for attaching binary files, such as executables and images, to the Internet's text-based mail (24-Kbps packet size).
Power over Ethernet
A standard that enables wireless access points (WAPs) to receive their power from the same Ethernet cables that transfer their data.
H.320
A standard that uses multiple ISDN channels to transport video teleconferencing (VTC) over a network.
LMHOSTS file
A static text file that resides on a computer and is used to resolve NetBIOS names to IP addresses. The LMHOSTS file is checked before the machine sends a name resolution request to a WINS name server. The LMHOSTS file has no extension.
Authorization
A step in the AAA philosophy during which a client's permissions are decided upon.
classless subnet
A subnet that does not fall into the common categories such as Class A, Class B, and Class C.
device driver
A subprogram to control communications between the computer and some peripheral hardware.
Virtual Private Cloud
A subset of a public cloud that has highly restricted, secure access (an Amazon term). Provides security, a legitimate public IP address, and a private network. Flexible, expandable, and can provide many types of services.
Caesar Cipher
A substitution cipher that shifts characters a certain number of positions in the alphabet
PortFast
A switch STP feature in which a port is placed in an STP forwarding state as soon as the interface comes up, bypassing the listening and learning states. This feature is meant for ports connected to end-user devices preventing TCN BPDUs from being sent out every time a PC is powered on and off.
Multilayer Switch
A switch that has functions that operate at multiple layers of the OSI seven-layer model.
Blowfish
A symmetric block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits. Not considered in the competition to be the AES.
Data Encryption Standard
A symmetric-key algorithm developed by the U.S. government in the 1970s and formerly in use in a variety of TCP/IP applications. It used a 64-bit block and a 56-bit key. Over time, the 56-bit key made it susceptible to brute-force attacks.
warm boot
A system restart performed after the system has been powered and operating. This clears and resets the memory, but does not stop and start the hard drive.
RADIUS server
A system that enables remote users to connect to a network service.
Supervisory Control and Data Acquisition
A system that has the basic components of a distributed control system (DCS), yet is designed for large-scale, distributed processes and functions with the idea that remote devices may or may not have ongoing communication with the central control.
Unified communication
A system that rolls many different network services into one. Instant messaging (IM), telephone service, and video conferencing are a few examples.
DNS server
A system that runs a special DNS server program.
Vulnerability Assessment
A systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm. Typically done inhouse using a special type of software and is usually credentialed
Source Address Table
A table stored by a switch, listing the MAC addresses and port of each connected device.
grandfather-father-son
A tape rotation strategy used in data backups
dedicated line
A telephone line that is an always open, or connected, circuit. Dedicated telephone lines usually do not have telephone numbers.
domain
A term used to describe a grouping of users, computers, and/or networks. In Microsoft networking, this is a group of computers and users that shares a common account database and a common security policy. For the Internet, this is a group of computers that shares a common element in their DNS hierarchical name.
connection
A term used to refer to communication between two computers.
Virtual network computing
A terminal emulation program
Secure Shell
A terminal emulation program that looks exactly like Telnet but encrypts the data. Has replaced Telnet on the Internet.
RG-8
A thick, rigid coaxial cable used in a 10Base5 network. Also called thicknet. Characterized by a 50-ohm impedance.
TCP three-way handshake
A three-packet conversation between TCP hosts to establish and start a data transfer session. The conversation begins with a SYN request by the initiator. The target responds with a SYN/ACK to the initiator. The initiator confirms receipt of the SYN/ACK with an ACK. Once this handshake is complete, data transfer can begin. This creates a TCP connection until it is closed using the FIN message or times out.
T connector
A three-sided, tubular connector found in 10Base2 Ethernet networking. The connector is in the shape of a T with the "arms" of the T ending with a female BNC connector and the "leg" having a male BNC connector. This is used to attach a BNC connector on a host between two cable segments.
Challenge-Response Authentication Mechanism-Message Digest 5
A tool for server authentication in SMTP servers.
multimeter
A tool for testing voltage (AC and DC), resistance, and continuity.
NAT64
A transition mechanism that embeds IPv4 packets into IPv6 packets for network traversal
Bring Your Own Device
A trend wherein users bring their own network-enabled devices to the work environment. These mobile devices must be easily and securely integrated and released from corporate network environments using on-boarding and off-boarding technologies. Lowest learning curve with high device/application management
Security Information and Event Management
A two-part process consisting of security event monitoring (SEM), which performs real-time monitoring of security events, and security information management (SIM), where the monitoring log files are reviewed and analyzed by automated and human interpreters. Aggregation and correlation are the two primary components of this
UDP flood
A type of DoS attack in which the attacker attempts to overwhelm the target system with UDP ping requests. Often the source IP address is spoofed, creating a DoS condition for the spoofed IP.
SYN Flood
A type of DoS where an attacker sends a large amount of SYN request packets to a server (while not waiting for a SYN/ACK response) in an attempt to deny service.
Bearer channel
A type of ISDN channel that carries data and voice information using standard DS0 channels at 64 Kbps.
Delta Channel
A type of ISDN line that transfers data at 16 Kbps
Primary Rate Interface
A type of ISDN that is actually just a full T1 line carrying 23 B channels
Static Network Address Translation
A type of Network Address Translation (NAT) that maps a single routable IP address to a single machine, allowing you to access that machine from outside the network. Similar to port forwarding
Remote Access Trojan
A type of Trojan horse that provides a "backdoor" into a computer for remote hackers to transmit files, snoop, run programs, and launch attacks on other computers
site-to-site
A type of VPN connection using two Cisco VPN concentrators to connect two separate LANs permanently. Connects two separate distant networks into one single network
client-to-site
A type of VPN connection where a single computer logs into a remote network and becomes, for all intents and purposes, a member of that network.
SSL VPN
A type of VPN that uses SSL encryption. Clients connect to the VPN server using a standard Web browser, with the traffic secured using SSL. The two most common types of SSL VPNs are SSL portal VPNs and SSL tunnel VPNs.
brute force
A type of attack wherein every permutation of some form of data is tried in an attempt to discover protected information. Most commonly used on password cracking.
Coaxial cable
A type of cable that contains a central conductor wire surrounded by an insulating material, which in turn is surrounded by a braided metal shield. The center wire and the braided metal shield share a common axis or centerline.
hotspot
A wireless access point that is connected to a cellular data network, typically 4G. The device can route Wi-Fi to and from the Internet. These can be permanent installations or portable. Many cellular telephones have the capability to become one of these.
thin AP
A wireless access point with minimal configuration tools installed. Instead, it is managed by a central controller. An administrator can manage a large number of then APs by logging into the central controller and performing management tasks on any thin APs from there.
Peer-to-peer mode
A wireless networking mode where each node is in direct contact with every other node in a decentralized free-for-all. This is similar to the mesh topology. Also called ad hoc mode
Ad hoc mode
A wireless networking mode where each node is in direct contact with every other node in a decentralized free-for-all. This is similar to the mesh topology. Also called peer-to-peer mode
Wi-Fi Protected Access
A wireless security protocol that addresses weaknesses and acts as an upgrade to WEP. This offers security enhancements such as dynamic encryption key generation (keys are issued on a per-user and per-session basis), an encryption key integrity-checking feature, user authentication through the industry-standard Extensible Authentication Protocol (EAP), and other advanced features that WEP lacks. Uses TKIP
Wired Equivalent Privacy
A wireless security protocol that uses a 64-bit encryption algorithm to scramble data packets. Used the RC4 streaming protocol. Weak initialization vectors caused this to be highly hackable.
802.16
A wireless standard (also known as WiMAX) with a range of up to 30 miles.
802.11i
A wireless standard that added security features. Created to mitigate the problems with WEP.
802.11ac
A wireless standard that operates at 5GHz, claims to provide wireless speeds of 1Gbps, uses MU-MIMO.
802.11a
A wireless standard that operates in the frequency range of 5 GHz, offers throughput of up to 54 Mbps, and uses OFDM.
ACL
Access Control List
ACS
Access Control Server
Carrier Sense Multiple Access with Collision Avoidance
Access method used only on wireless networks. Before hosts send out data, they first listen for traffic. If the network is free, they send out a signal that reserves a certain amount of time to make sure the network is free of other signals. If data is detected in the air, the hosts wait a random time period before trying again. If there are no other wireless signals, the data is sent out.
Block
Access that is denied to or from a resource. This may be implemented in a firewall, access control server, or other secure gateway.
FTP ports
Active FTP servers receive commands on TCP 21 and respond with data on TCP 20. TCP 21 only for passive
ANT+
Adaptive Network Technology (Plus)
Start of Authority (SOA) record
DNS record that defines the primary name server in charge of the forward lookup zone
ARP
Address Resolution Protocol
Area ID
Address assigned to routers in an OSPF network to prevent flooding beyond the routers in that particular network.
Mobile Application Management
Administers and delivers applications to corporate and personal smart phones and tablets. Used to control applications on a device
AES
Advanced Encryption Standard
APT
Advanced Persistent Threat
Time Domain Reflectometer
Advanced cable tester that tests the length of cables and their continuity or discontinuity, and identifies the location of any discontinuity due to a bend, break, unwanted crimp, and so on.
Application/context aware
Advanced feature of some stateful firewalls where the content of the data is inspected to ensure it comes from, or is destined for, an appropriate application. These firewalls look both deeply and more broadly to ensure that the data content and other aspects of the packet are appropriate to the data transfer being conducted. Packets that fall outside these criteria are denied by the firewall.
content switch
Advanced networking device that works at least at Layer 7 (Application layer) and hides servers behind a single IP. Called a content filter network appliance on the exam.
heating, ventilation, and air conditioning
All of the equipment involved in heating and cooling the environments within a facility. These items include boilers, furnaces, air conditioners and ducts, plenums, and air passages.
internal threats
All the things that a network's own users do to create problems on the network. Examples include accidental deletion of files, accidental damage to hardware devices or cabling, and abuse of rights and permissions.
Access control
All-encompassing term that defines the degree of permission granted to use a particular resource. That resource may be anything from a switch port to a particular file to a physical door within a building.
mixed mode
Also called high-throughput, or 802.11a-ht/802.11g-ht, one of three modes used with 802.11n wireless networks wherein the wireless access point (WAP) sends special packets that support older standards yet can also improve the speed of those standards via 802.
Internet Connection Sharing
Also known as Internet sharing, the technique of enabling more than one computer to access the Internet simultaneously using a single Internet connection. When you use Internet sharing, you connect an entire LAN to the Internet using a single public IP address.
110 block
Also known as a 110-punchdown block, a connection gridwork used to link UTP and STP cables behind an RJ-45 patch panel.
Type 1 hypervisor
Also known as a bare metal hypervisor it is a software program that acts as an operating system and also provides the ability to perform virtualization of other operating systems using the same computer.
Layer 3 switch
Also known as a router, filters and forwards data packets based on the IP addresses of the sending and receiving machines.
bare metal hypervisor
Also known as a type 1 hypervisor it is a software program that acts as an operating system and also provides the ability to perform virtualization of other operating systems using the same computer.
Unsecure protocol
Also known as an insecure protocol, transfers data between hosts in an unencrypted, clear text format. If the packets are intercepted between the communicating hosts, their data is completely exposed and readable.
Carrier sense
Also known as carrier detect, is the test that a NIC performs before transmitting on a network medium.
e-mail server
Also known as mail server, a server that accepts incoming e-mail, sorts the e-mail for recipients into mailboxes, and sends e-mail to other servers using SMTP.
public switched telephone network
Also known as plain old telephone service (POTS), the most common type of phone connection, which takes your sounds, translated into an analog waveform by the microphone, and transmits them to another phone
ARIN
American Registry for Internet Numbers
FireWire
An IEEE 1394 standard to send wide-band signals over a thin connector system that plugs into TVs, VCRs, TV cameras, PCs, and so forth. This serial bus developed by Apple and Texas Instruments enables connection of 60 devices at speeds ranging from 100 to 800 Mbps.
Remote Authentication Dial-In User Service
An AAA standard created to support ISPs with hundreds if not thousands of modems in hundreds of computers to connect to a single central database. This consists of three devices: the server that has access to a database of user names and passwords, a number of network access servers (NASs) that control the modems, and a group of systems that dial into the network.
Hypertext Markup Language
An ASCII-based script-like language for creating hypertext documents like those on the World Wide Web.
Synchronous Optical Network
An American fiber carrier standard for connecting fiber-optic transmission systems. This was proposed in the mid-1980s and is now an ANSI standard. This defines interface standards at Layer 1 (Physical) of the OSI seven-layer model.
10BaseT
An Ethernet LAN designed to run on UTP cabling. Runs at 10 Mbps and uses baseband signaling. Maximum length for the cabling between the NIC and the hub (or the switch, the repeater, and so forth) is 100 m. No more than 1024 nodes per hub/switch. Ran on cat3 or better
100BaseT4
An Ethernet LAN designed to run on UTP cabling. Runs at 100 Mbps up to 1oo meters and uses four-pair CAT 3 or better cabling. Made obsolete by 100BaseT. 1024 nodes per hub.
100BaseT
An Ethernet LAN designed to run on UTP cabling. Runs at 100 Mbps, uses baseband signaling, and uses two pairs of wires on CAT 5 or better cabling.
100BaseFX
An Ethernet LAN designed to run on fiber-optic cabling. Runs at 100 Mbps and uses baseband signaling. Maximum cable length is 400 m for half-duplex and 2 km for full-duplex. 1024 nodes per hub and multimode
prefix delegation
An IPv6 router configuration that enables it to request an IPv6 address block from an upstream source, then to disseminate it to local clients.
Intra-Site Automatic Tunnel Addressing Protocol
An IPv6 tunneling protocol that adds the IPv4 address to an IPv6 prefix.
6to4
An IPv6 tunneling protocol that doesn't require a tunnel broker. It is generally used to directly connect two routers because it normally requires a public IPv4 address. Deprecated protocol that enabled Ipv6 traffic over the IPv4 Internet
6in4
An IPv6 tunneling standard that can go through IPv4 Network Address Translation (NAT).
link light
An LED on NICs, hubs, and switches that lights up to show good connection between the devices. Called the network connection LED status indicator on the Network+ exam
Activity light
An LED on a NIC, hub, or switch that blinks rapidly to show data transfers over the network.
Label Edge Routers (LERs)
An MPLS router that has the job of adding MPLS labels to incoming packets that do not yet have a label; and stripping labels off outgoing packets
physical address
An address burned into a ROM chip on a NIC. A MAC address is an example of this type of address.
Uniform Resource Locator
An address that defines the type and the location of a resource on the Internet. These are used in almost every TCP/IP application.
content filter
An advanced networking device that implements content filtering, enabling administrators to filter traffic based on specific signatures or keywords (such as profane language).
protocol
An agreement that governs the procedures used to exchange information between cooperating entities; usually includes how much information is to be sent, how often it is sent, how to recover from transmission errors, and who is to receive the information
Internet Message Access Protocol version 4
An alternative to POP3. Currently in its fourth revision, this retrieves e-mail from an e-mail server like POP3, but has a number of features that make it a more popular e-mail too. This supports users creating folders on the e-mail server, for example, and allows multiple clients to access a single mailbox. This uses TCP port 143. Unencrypted
unidirectional antenna
An antenna that focuses all of its transmission energy in a single, relatively narrow direction. Similarly, its design limits its ability to receive signals that are not aligned with the focused direction.
Yagi antenna
An antenna that focuses its signal more towards a specific direction. A type of directional antenna. Also called a beam antenna
Beam antenna
An antenna that focuses its signal more towards a specific direction. A type of directional antenna. Also called a yagi antenna
directional antenna
An antenna that focuses its signal more towards a specific direction; as compared to an omnidirectional antenna that radiates its signal in all directions equally. The equivalent of a yagi antenna.
Intrusion Detection System/intrusion prevention system
An application (often running on a dedicated IDS box) that inspects incoming packets, looking for active intrusions. The difference between an IDS and an IPS is that an IPS can react to stop an attack. An IDS just sends a notification to an administrator that something is happening
Slow Loris Attack
An application attack focused on old versions of Apache. The malicious system starts conversations with the server and then never responds to the server's reply.
Samba
An application that enables UNIX systems to communicate using Server Message Blocks (SMBs). This, in turn, enables them to act as Microsoft clients and servers on the network.
Client/server application
An application that performs some or all of its processing on an application server rather than on the client. The client usually only receives the result of the processing.
cost
An arbitrary metric value assigned to a network route with OSFP-capable routers
Open Systems Interconnection (OSI) seven-layer model
An architecture model based on the OSI protocol suite, which defines and standardizes the flow of data between computers. A prescriptive model
TCP/IP model
An architecture model based on the TCP/IP protocol suite, which defines and standardizes the flow of data between computers. A descriptive model
honeypot
An area of a network that an administrator sets up for the express purpose of attracting a computer hacker. If a hacker takes the bait, the network's important resources are unharmed and network personnel can analyze the attack to predict and protect against future attacks, making the network more secure.
just a bunch of disks
An array of hard drives that are simply connected with no RAID implementations
private key
An asymmetric encryption key that does have to be protected and is used for decrypting.
public key
An asymmetric encryption key that does not have to be protected and is used for encrypting
Downgrade Attack
An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode that an attacker can exploit.
amplification attack
An attack instigated using small, simple requests that trigger very large responses from the target. DNS, NTP, ICMP, and SNMP lend themselves to being used in these kinds of attacks. Smurf attacks are a classic example of this
DNS cache poisoning
An attack that adds or changes information in a DNS server to point host names to incorrect IP addresses, under the attacker's control. When a client requests and IP address from this DNS server for a Web site, the poisoned server hands out an IP address of an attacker, not the legitimate site. When the client subsequently visits the attacker site, malware is installed.
Domain Hijacking
An attack that changes the registration of a domain name without permission from the owner. Usually used to extort the original domain owner by putting offensive things on the website
Permanent Denial of Service
An attack that damages a targeted machine, such as a router or server, and renders that machine inoperable.
denial of service attack
An attack that floods a networked server with so many requests that it becomes overwhelmed and ceases functioning.
Protected Extensible Authentication Protocol
An authentication protocol that uses a username and password function based on MS-CHAPv2 with the addition of an encrypted TLS tunnel similar to EAP-TLS.
Kerberos
An authentication standard designed to allow different operating systems and applications to authenticate each other. Relies heavily on timestamps and is used on wired networks
Domain Name System Security Extensions
An authorization and integrity protocol designed to prevent bad actors from impersonating legitimate DNS servers. Implemented through extension mechanisms for DNS (EDNS)
penetration test
An authorized attempt by either an internal audit team or an external security consulting firm to break into the organization's information system. Typically uncredentialled
penetration testing (pentesting)
An authorized, network hacking process that will identify real-world weaknesses in network security and document the findings.
Pretty Good Privacy
An e-mail security that uses public key encryption, employs a web of trust. A form of asymmetric encryption
bridged connection
An early type of DSL connection that made the DSL line function the same as if you snapped an Ethernet cable into your NIC.
denial of service
An effort to prevent users from gaining normal use of a resource.
hub
An electronic device that sits at the center of a star topology network, providing a common point for the connection of network devices. In a 10BaseT Ethernet network, this contains the electronic equivalent of a properly terminated bus cable. These are rare today and have been replaced by switches. Basically a multiport repeater
digital signature
An encrypted hash of a private encryption key that verifies a sender's identity to those who receive encrypted data or messages.
tunnel
An encrypted link between two programs on two separate computers.
Block ciper
An encryption algorithm in which data is encrypted in "chunks" of a certain length at a time. Popular in wired networks.
Asymmetric-Key Algorithm
An encryption method in which the key used to encrypt a message and the key used to decrypt it are different, or asymmetrical.
stream cipher
An encryption method that encrypts a single bit at a time. Popular when data comes in long streams (such as with older wireless networks or cell phones).
Border Gateway Protocol
An exterior gateway routing protocol that enables groups of routers to share routing information so that efficient, loop-free routes can be established. Is a hybrid in that this protocol has aspects of both distance vector and link state protocols. The primary routing protocol for the Internet
iSCSI target
An external iSCSI storage device that hosts one or more hard disks.
Frame Relay
An extremely efficient data transmission technique used to send digital information such as voice, data, LAN, and WAN traffic quickly and cost-efficiently to many destinations from one port.
network diagram
An illustration that shows devices on a network and how they connect.
RSA (Rivest, Shamir, Adleman)
An improved asymmetric cryptography algorithm that enables secure digital signatures.
Rapid Spanning Tree Protocol
An improvement over STP and is based on the IEEE standard 802.1w. 802.1w has the advantage of faster convergence over the original STP
host ID
An individual computer name in the DNS naming convention
Internet Service Provider
An institution that provides access to the Internet in some form, usually for a fee.
Open Shortest Path First
An interior gateway routing protocol developed for IP networks based on the shortest path first or link state algorithm. Converges very quickly
Open Systems Interconnection
An international standard suite of protocols defined by the International Organization for Standardization (ISO) that implements the OSI seven-layer model for network communications between computers.
hop count
An older metric used by RIP routers. The number of routers that a packet must cross to get from a router to a given network. These were tracked and entered into the routing table within a router so the router could decide which interface was the best one to forward a packet.
Internet Relay Chat
An online group discussion. Also called chat
Backup generator
An onsite generator that provides electricity if the power utility fails.
Apache HTTP Server
An open source HTTP server program that runs on a wide variety of operating systems.
Miredo
An open source implementation of Teredo for Linux and some other UNIX-based systems. It is a NAT-traversal IPv6 tunneling protocol.
Aircrack-ng
An open source tool for penetration testing many aspects of wireless networks.
Dense Wavelength Division Multiplexing
An optical multiplexing technology in which a large number of optical signals of different optical wavelength could be combined to travel over relatively long fiber cables
Coarse Wavelength Division Multiplexing
An optical multiplexing technology in which few signals of different optical wavelength could be combined to travel a fairly short distance.
light meter
An optical power meter used by technicians to measure the amount of light lost through light leakage in a fiber cable.
A records
DNS records that map host names to their IPv4 addresses.
SNMP Community
An organization of SNMP agents/managed devices
10Base5
An outdated Ethernet standard that operates at 10 Mbps, is baseband, uses thick RG-8 coaxial cable up to 500 meters long. Used in a 10Base5 network. Also called thicknet. Characterized by a 50-ohm impedance.
1000BaseX
An umbrella Gigabit Ethernet standard. Also known as 802.3z. Comprises all Gigabit standards with the exception of 1000BaseT, which is under the 802.3ab standard.
rogue DHCP server
An unauthorized DHCP server installed in a computer network
Rogue Access Point
An unauthorized wireless access point (WAP) installed in a computer network. Usually done accidently by a regular user (good actor).
Wi-Fi Protected Access 2
An update to the WPA protocol that used the Advanced Encryption Standard algorithm, making it much harder to crack.
802.11n
An updated 802.11 standard that increases transfer speeds and adds support for multiple in/multiple out (MIMO) by using multiple antennas. This can operate on either the 2.4- or 5-GHz frequency band, has a maximum throughput of 400 Mbps, and uses OFDM. Superseded by 802.11ac
broadband
Analog signaling that sends multiple signals over the cable at the same time. The best example of this is cable television. The zero, one, and idle states exist on multiple channels on the same cable.
APC
Angled Physical Contact
Network interface unit
Another name for a demarc
Authoritative name servers
Another name for authoritative DNS servers.
signaling topology
Another name for logical topology.
network name
Another name for the service set identifier (SSID).
Response
Answer from an agent upon receiving a Get protocol data unit (PDU) from the SNMP manager.
virus shield
Anti-malware program that passively monitors a computer's activity, checking for viruses only when certain events occur, such as a program executing or a file being downloaded.
Host-Based Anti-Malware
Anti-malware software that is installed on individual systems, as opposed to the network at large.
Thick Client
Any WAP that you can access directly and configure singularly via its own interface
demarc extension
Any cabling that runs from the network interface to whatever box is used by the customer as a demarc.
half-duplex
Any device that can only send or receive data at any given moment.
Full Duplex
Any device that can send and receive data simultaneously.
full-duplex
Any device that can send and receive data simultaneously.
AAAA records
DNS records that map host names to their IPv6 addresses.
Web services
Applications and processes that can be accessed over a network, rather than being accessed locally on the client machine. These include things such as Web-based e-mail, network-shareable documents, spreadsheets and databases, and many other types of cloud-based applications.
hardening
Applying security hardware, software, and processes to your network to prevent bad things from happening.
full backup
Archive created where every file selected is backed up, and the archive bit is turned off for every file backed up.
backup
Archive of important data that the disaster recovery team can retrieve in case of some disaster
Cycling
As a new log file/record appears in a file, the oldest record in the file is deleted.
logical addressing
As opposed to physical addressing, the process of assigning organized blocks of logically associated network addresses to create smaller manageable networks called subnets. IP addresses are one example of this.
ADSL
Asymmetric Digital Subscriber Line
ATM
Asynchronous Transfer Mode
Extensible Authentication Protocol
Authentication wrapper that compliant applications can used to accept one of many types of authentication. While this is a general-purpose authentication wrapper, its only substantial use is in wireless networks.
AAA
Authentication, Authorization, and Accounting
secondary (slave) DNS server
Authoritative DNS server for a domain. Unlike a primary (master) DNS server, no additions, deletions, or modifications can be made to the zones on this type of DNS server, which always gets all information from the primary DNS server in a process known as a zone transfer
Discretionary Access Control
Authorization method based on the idea that there is an owner of resource who may at his or her discretion assign access to that resource. This is considered much more flexible than mandatory access control (MAC).
Wi-Fi Protected Setup
Automated and semi-automated process to connect a wireless device to a WAP. The process can be as simple as pressing a button on the device or pressing the button and then entering a PIN code. Very easy to hack
APIPA
Automatic Private Internet Protocol Addressing
Zero configuration networking (Zeroconf)
Automatically generated IP addresses when a DHCP server is unreachable.
ASN
Autonomous System Number
services
Background programs in an operating system that do the behind-the-scenes grunt work that users don't need to interact with on a regular basis.
incremental backup
Backs up all files that have their archive bits turned on, meaning they have been changed since the last backup of any type. This type of backup turns the archive bits off after the files have been backed up.
BDR
Backup Designated Router
Cloud backup
Backup method in which files are backed up to the cloud as they change. Takes a long time to get the first/initial backup completed but is very convenient and highly protected from disasters
BCP
Business Continuity Plan
CYOD
Choose Your Own Device
raceway
Cable organizing device that adheres to walls, making for a much simpler, though less neat, installation than running cables in the walls.
802.11 jammer
Can be used to conduct denial of service attacks of single channels to entire frequency bands. Federally illegal devices
CNAME
Canonical Name
CSMA/CA
Carrier Sense Multiple Access with Collision Avoidance
CSMA/CD
Carrier Sense Multiple Access with Collision Detection
STS payload
Carries Data in Synchronous Transport Signal (STS).
STS overhead
Carries the signaling and protocol information in Synchronous Transport Signal (STS).
cat 3
Category 3 wire, a TIA/EIA standard for UTP wiring that can operate at up to 16 Mbps.
cat 5
Category 5 wire, a TIA/EIA standard for UTP wiring that can operate at up to 100 Mbps at 100 meters.
cat 5e
Category 5e wire; TIA/EIA standard for UTP wiring with improved support for 100 Mbps using two pairs and support for 1000 Mbps using four pairs up to 100 meters.
cat 6
Category 6 wire, a TIA/EIA standard for UTP wiring with improved support for 1Gbps up to 100 meters; supports 10 Gbps up to 55 meters
cat 6a
Category 6a wire. A TIA/EIA standard for UTP wiring with support for 10-Gbps speeds up to 100 meters.
cat 7
Category 7 wire, a standard (unrecognized by TIA) for UTP wiring with support for 10+ Gbps at 600 MHz max frequency (up to 100 meters, shielded)
Enhanced Interior Gateway Routing Protocol
Cicso's proprietary hybrid protocol that has elements of both distance vector and link state routing.
wireless controller
Central controlling device for thin client WAPs. Typically used in enterprise environments.
Software as a Service
Centralized applications that are accessed over a network. This does away with optical media. Office 365, Google Docs, and Dropbox are good examples of this
CHAP
Challenge Handshake Authentication Protocol
CRAM-MD5
Challenge-Response Authentication Mechanism-Message Digest 5
Strategic Change
Change of a larger scale, such as organizational restructuring. Typically handled by corporate not the change management team
CSU/DSU
Channel service unit/digital service unit
File Integrity Monitoring
Checking for changes in all sorts of aspects of files such as attributes/size, content, credentials, hash values, privileges/security settings, and configuration values. Performed by SIEM
CCTV
Closed Circuit Television
CWDM
Coarse Wavelength Division Multiplexing
CDMA
Code Division Multiple Access
logic bomb
Code written to execute when certain conditions are met, usually with malicious intent
CCITT
Comité Consultatif International Téléphonique et Télégraphique
IP helper
Command used in Cisco switches and routers to enable, disable, and manage internetwork forwarding of certain protocols such as DHCP, TFTP, Time Service, TACACS, DNS, NetBIOS, and others. The command is technically ip helper-address
domain information groper
Command-line tool in non-Windows systems used to diagnose DNS problems.
pathping
Command-line tool that combines the features of the ping command and the tracert/traceroute commands. Used when routers prevent tracert/traceroute from functioning
hostname
Command-line tool that returns the host name of the computer it is run on.
CARP
Common Address Redundancy Protocol
CIFS
Common Internet File System
frequently asked questions
Common abbreviation coined by BBS users and spread to Usenet and the Internet. This is a list of questions and answers that pertains to a particular topic, maintained so that users new to the group don't all bombard the group with similar questions.
original equipment manufacturer
Contrary to the name, does not create original hardware, but rather purchases components from manufacturers and puts them together in systems under its own brand name. Also known as value-added resellers (VARs)
SOHO Network Access Control
Control over information, people, access, machines, and everything in between. Used highly for BYOD management with MAC filtering, whitelisting, and blacklisting
Enterprise Network Access Control
Control over information, people, access, machines, and everything in between. Used highly for BYOD management with onboarding/offboarding, force antimalware, and geofencing in an enterprise environment
traffic shaping
Controlling the flow of packets into or out of the network according to the type of packet or other rules. Also called bandwidth shaping
COPE
Corporate Owned, Personally Enabled
COBO
Corporate-owned business only
endpoints
Correct term to use when discussing the data each computer stores about the connection between two computers' TCP/IP applications.
CCMP
Counter Mode Cipher Block Chaining Message Authentication Code Protocol
Near-End Crosstalk
Crosstalk at the same end of a cable from which the signal is being generated.
far end crosstalk
Crosstalk on the opposite end of a cable from the signal's source.
ransomware
Crypto-malware that uses some form of encryption to lock a user out of a system. Once the crypto-malware encrypts the computer, usually encrypting the boot drive, in most cases the malware then forces the user to pay money to get the system decrypted.
CPE
Customer Premises Equipment
CRC
Cyclic Redundancy Check
DORA
DHCP four-way handshake
DHCP four-way handshake
DHCP process in which a client gets a lease for an IPv4 address - Discover, Offer, Request, and Ack.
DSLAM
DSL Access Multiplexer
DES
Data Encryption Standard
DOCSIS
Data-Over-Cable Service Interface Specification
stateless DHCP
Describes a DHCPv6 server that only passes out information like DNS servers' IP addresses, but doesn't give clients IPv6 addresses.
synchronous
Describes a connection between two electronic devices where neither must acknowledge (ACK) when receiving data.
Stateful DHCPv6
Describes a server that works very similarly to an IPv4 DHCP server, passing out IPv6 addresses, subnet masks, and default gateways as well as optional items like DNS server addresses. Typically used to favor a local DNS server rather than the ISP's DNS server
Universal Naming Convention
Describes any shared resource in a network using the convention \\<server name>\<name of shared resource>.
system life cycle
Description of typical beginning and end of computing components. Handling such devices at the end includes system life cycle policies and asset disposal.
DR
Designated Router
Single Mode Fiber
Designed to carry signal long distance using lasers. Almost always yellow cabling
DCS
Distributed Control System
DCF
Distributed Coordination Function
DDOS
Distributed Denial of Service
Material Safety Data Sheet
Document that describes the safe handling procedures for any potentially hazardous, toxic, or unsafe material.
exit plan
Documents and diagrams that identify the best way out of a building in the event of an emergency. It may also define other procedures to follow.
configuration management documentation
Documents that define the configuration of a network. These would include wiring diagrams, network diagrams, baselines, and policy/procedure/configuration documentation.
contingency plan
Documents that set out how to limit damage and recover quickly from an incident
DKIM
Domain Keys Identified Mail
DNS
Domain Name System
DNSSEC
Domain Name System (DNS) Security Extensions
channel overlap
Drawback of 2.4-GHz wireless networks where channels shared some bandwidth with our channels. This is why only three 2.4-GHz channels can be used in the United States (1, 6, and 11).
Flat-surface Connector
Early fiber-optic connector that resulted in a small gap between fiber-optic junctions due to the flat grind faces of the fibers. It was replaced by Angled Physical Contact (APC) connectors.
end-to-end principle
Early network concept that originally meant that applications and work should happen only at the endpoints in a network, such as in a single client and a single server.
byte
Eight contiguous bits, the fundamental data unit or personal computers. Soring the equivalent of one character, this is also the basic unit of measurement for computer storage. These are counted in powers of two.
home page
Either the Web page that your browser is set to use when it starts up or the main Web page for a business, organization, or person. Also, the main page in any collection of Web pages
crosstalk
Electrical signal interference between two cables that are in close proximity to each other.
EMI
Electromagnetic Interference
Ohm rating
Electronic measurement of a cable's or an electronic component's resistance.
ESD
Electrostatic Discharge
ECC
Elliptic Curve Cryptography
round-robin DNS
Enables load balancing between servers and increases fault tolerance. A method of increasing name resolution availability by pointing a host name to a list of multiple IP addresses in a DNS forward lookup zone. After pointing a client to one IP address in the list, DNS will point the next client that requests resolution for the same domain name to the next IP address in the list, and so on.
Group Policy Object
Enables network administrators to define multiple rights and permissions to entire sets of users all at one time
virus definition or data files
Enables the virus protection software to recognize the viruses on your system and clean them. These files should be updated often. Also called signature files, depending on the virus protection software in use.
overlay tunnel
Enables two IPv6 networks to connect over an IPv4 network by encapsulating the IPv6 packets within IPv4 headers, transporting them across the IPv4 network, then de-encapsulating the IPv6 data.
EDGE
Enhanced Data rates for GSM Evolution
EIGRP
Enhanced Interior Gateway Routing Protocol
SFP+
Enhanced small form-factor pluggable
Regional Internet Registries
Entities under the oversight of the Internet Assigned Numbers Authority (IANA), which parcels out IP addresses.
Internet Corporation for Assigned Names and Numbers
Entity that sits at the very top of the Internet hierarchy, with the authority to create new top-level domains (TLDs) for use on the Internet.
static routes
Entries in a router's routing table that are not updated by any automatic route discovery protocols. These must be added, deleted, or changed by a router administrator. These are the opposite of dynamic routes.
HSPA+
Evolved High Speed Packet Access
ESS
Extended Service Set
ESSID
Extended Service Set Identifier
EUI-48
Extended Unique Identifier, 48-bit
EUI-64
Extended Unique Identifier, 64-bit. Uses a hosts MAC address to generate a unique 64-bit ID to automatically configure a host address when using IPv6
CAT 6a UTP
Extends the length of 10-Gbps communication to the full 100 meters commonly associated with UTP cabling.
EAP
Extensible Authentication Protocol
EAP-TLS
Extensible Authentication Protocol-Transport Layer Security
EAP-TTLS
Extensible Authentication Protocol-Tunneled Transport Layer Security
XML
Extensible Markup Language
EDNS
Extension Mechanisms for DNS
wiremap
Extensive network testing using a better cable tester. Confirms that all the wires are in the appropriate slots of the crimp
EDB
External Data Bus
pad
Extra data added to an Ethernet frame to bring the data up to the minimum required size of 64 bytes.
Hypertext Transfer Protocol
Extremely fast protocol used for network file transfers on the World Wide Web.
Physical contact (PC) connector
Family of fiber-optic connectors that enforces direct physical contact between two optical fibers being connected.
FEXT
Far End Crosstalk
Multiuser MIMO
Feature of 802.11ac networking that enables a WAP to broadcast to multiple users simultaneously.
Network appliance
Feature-packed network box that incorporates numerous processes such as routing, network address translation (NAT), switching, intrusion detection systems, firewall, and more.
FCC
Federal Communications Commission
FDDI
Fiber Distributed Data Interface
Ultra Physical Contact (UPC) Connector
Fiber-optic connector that makes physical contact between to two fiber-optic cables. The fibers within a UPC are polished extensively for a superior finish and better junction integrity.
FUBAR
Fouled Up Beyond All Recognition.
Angled Physical Contact
Fiber-optic connector that makes physical contact between two fiber-optic cables. It specifies an 8-degree angle to the curved end, lowering signal loss. These connectors have less connection degradation from multiple insertions compared to other connectors.
ST connector
Fiber-optic connector used primarily with 2.5-mm, single-mode fiber. It uses a push on, then twist-to-lock mechanical connection commonly called stick-and-twist although ST actually stands for Straight Tip.
SC connector
Fiber-optic connector used to terminate single-mode and multi-mode fiber. It is characterized by its push-pull, snap mechanical coupling, known as "stick and click." Commonly referred to as Subscriber Connector, Standard Connector, and, sometimes, square connector.
10BaseFL
Fiber-optic implementation of Ethernet that runs at 10 Mbps using baseband signaling. Maximum segment length is 2 km.
FC
Fibre Channel
FIM
File Integrity Monitoring
FTP
File Transfer Protocol
riser
Fire rating that designates the proper cabling to use for vertical runs between floors of a building.
Firesheep
Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks
network-based firewall
Firewall, perhaps implemented in a gateway router or as a proxy server, through which all network traffic must pass inspection to be allowed or blocked.
SOHO firewall
Firewall, typically simple, that is built into the firmware of a SOHO router.
patch antenna
Flat, plate-shaped antenna that generates a half-sphere beam; used for broadcasting to a select area
FreeRADIUS
Free RADIUS server software for UNIX/Linux systems.
TXT record
Freeform type of DNS record that can be used for anything.
FDM
Frequency Division Multiplexing
FHSS
Frequency Hopping Spread Spectrum
FAQ
Frequently Asked Questions
Bidirectional (bidi) transceiver
Full-duplex fiber-optic connector that relies on wave division multiplexing (WDM) to differentiate wave signals on a single fiber, creating single-strand fiber transmission.
FQDN
Fully Qualified Domain Name
port authentication
Function of many advanced networking devices that authenticates a connecting device at the point of connection.
shoulder surfing
Gaining compromising information, passwords, and pin codes through observation (as in looking over someone's shoulder). Walking up to an unattended computer is also considered this
shell
Generally refers to the user interface of an operating system. A shell is the command processer that is the actual interface between the kernel and the user.
GRE
Generic Routing Encapsulation
card
Generic term for anything that you can snap into an expansion slot.
toners
Generic term for two devices used together—a tone generator and a tone locator (probe)—to trace cables by sending an electrical signal along a wire at a particular frequency. The tone locator then emits a sound when it distinguishes that frequency. Also referred to as Fox and Hound.
GBIC
Gigabit Interface Converter. Designed for ST and SC fiber connectors
GSM
Global System for Mobile
GFS
Grandfather-Father-Son
Session software
Handles the process of differentiating among various types of connections on a PC.
platform
Hardware environment that supports the running of a computer system.
HVAC
Heating, Ventilation and Air Conditioning
Hex (Hexadecimal)
Hex symbols based on a numbering system of 16 (computer shorthand for binary numbers), using 10 digits and 6 letters to condense 0s and 1s to binary numbers. Hex is represented by digits 0 through 9 and alpha A through F, so that 09h has a value of 9, and 0Ah has a value of 10.
HA
High Availability
Patch panels and punch down tools are used on which kind of network cables?
Horizontal runs are punched down to the back of a patch panel on one end and the back of the wall jack of a work area at the other end.
HBA
Host Bus Adapter
top listener
Host that receives the most data on a network.
top talker
Host that sends the most data on a network.
HSRP
Hot Standby Router Protocol
dBi
Identifies the gain of an antenna and is commonly used with omnidirectional antennas. Higher numbers indicate the antenna can transmit and receive over greater distances. The unit of measurement for decibels
Transitive trust
If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C.
CAT 6 UTP
Improved support for speeds up to 1Gbps at 100 meters or 10 Gbps at 55 meters
Authentication Server
In Kerberos, a system that hands out Ticket-Granting Tickets to clients after comparing the client hash to its own.
ephemeral port
In TCP/IP communication, an arbitrary number generated by a sending computer that the receiving computer uses as a destination address when sending a return packet. Typically between 49152-65535
Port (Logical Connection)
In TCP/IP, 16-bit numbers between 0 and 65535 assigned to a particular TCP/IP process or application. For example, Web servers use port 80 (HTTP) to transfer Web pages to clients. The first 1024 ports are called well-known ports. They have been pre-assigned and generally refer to TCP/IP processes and applications that have been around for a long time.
Remote Terminal Unit
In a SCADA environment, has the same functions as a controller plus additional autonomy to deal with the connection loss. It is also designed to take advantage of some form of long-distance communication.
default gateway
In a TCP/IP network, the IP address of the router that interconnects the LAN to a wider network, usually the Internet. This router's IP address is part of the necessary TCP/IP configuration for communicating with multiple networks using IP.
segmentation
In a TCP/IP network, the process of chopping requested data into chunks that will fit into a packet (and eventually into the NIC's frame), organizing the packets for the benefit of the receiving system, and handing them to the NIC for sending.
HOSTS file location
In a Windows-based computer, the HOSTS file is found in the C:\Windows\System32\Drivers\etc folder
work area
In a basic structured cabling network, often simply an office or cubicle that potentially contains a PC attached to the network
Human Machine Interface
In a distributed control system (DCS), a computer or set of controls that exists between a controller and a human operator. The human operates this computer, which in turn interacts with the controller.
operator
In a distributed control system, the operator is a human who runs the computer-controlled resources through a human machine interface.
Data normalization
In a relational database, it is the process of organizing data to minimize redundancy. The process of decomposing relations with anomalies to produce smaller, well-structured relations. Makes data more efficient
Bottom of label stack (S)
In certain situations, a single packet may have multiple MPLS labels. This single bit value is set to 1 for the initial label.
port (physical connector)
In general, the portion of a computer through which a peripheral device may communicate, such as video, USB, serial, and network ports. In the context of networking, the jacks found in computers, switches, routers, and network-enabled peripherals into which network cables are plugged.
persistent agent
In network access control systems, a small scanning program that, once installed on the computer, stays installed and runs every time the computer boots up. Composed of modules that perform a thorough inventory of each security-oriented element in the computer.
Security Considerations
In network design and construction, planning how to keep data protected from unapproved access. Security of physical computers and network resources is also considered.
Agent-less
In terms of posture assessment, refers to a client that has its posture checked and presented by non-permanent software, such as a Web app program, that executes as part of the connection process. Agent-less software does not run directly within the client but is run on behalf of the client.
Agent
In terms of posture assessment, refers to software that runs within a client and reports the client's security characteristics to an access control server to be approved or denied entry to a system.
guest
In terms of virtualization, an operating system running as a virtual machine inside a hypervisor.
Link layer
In the TCP/IP model, any part of the network that deals with complete frames.
Internet layer
In the TCP/IP model, the layer that deals with the Internet Protocol, including IP addressing and routers.
endpoint
In the TCP/IP world, the session information stored in RAM. The combination of the IP address and port number. Also called a socket
Federal Communications Commission
In the United States, regulates public airwaves and rates PCs and other equipment according to the amount of radiation emitted.
Wavelength
In the context of laser pules, the distance the signal has to travel before it completes its cyclical oscillation and starts to repeat. Measured in nanometers, wavelength can be loosely associated with colors.
Virtual Machine Manager
In virtualization, a layer of programming that creates, supports, and manages virtual machine. Also known as a hypervisor.
hypervisor
In virtualization, a layer of programming that creates, supports, and manages virtual machine. Also known as a virtual machine manager (VMM).
Basic Service Set
In wireless networking, a single access point servicing a given area.
IBSS
Independent Basic Service Set
ICA
Independent Computing Architecture
ICS
Industrial Control Systems
continuity tester
Inexpensive network tester that can only test for continuity on a line.
log
Information about the performance of some particular aspect of a system that is stored for future reference. These are also called counters in Performance Monitor or facilities in syslog.
Router prefix
Information sent from the ISP to the gateway router allowing the gateway router to determine the network ID of the LAN.
IR
Infrared
IaaS
Infrastructure as a Service
IV
Initialization Vector
stateful firewall
Inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, this firewall permits that traffic. Uses state tables to keep track of sessions
IEEE
Institute of Electrical and Electronics Engineers
ISDN
Integrated Services Digital Network
ICANN
Internet Corporation for Assigned Names and Numbers
IETF
Internet Engineering Task Force
IGMP
Internet Group Management Protocol
IIS
Internet Information Services
IMAP4
Internet Message Access Protocol v4
IP
Internet Protocol
IPsec
Internet Protocol Security
IPv4
Internet Protocol version 4
IPv6
Internet Protocol version 6
IRC
Internet Relay Chat
ISP
Internet Service Provider
iSCSI
Internet Small Computer System Interface
4to6
Internet connectivity technology that encapsulates IPv4 traffic into an IPv6 tunnel to get to an IPv6-capable router.
IoT
Internet of Things
ISATAP
Intra-Site Automatic Tunnel Addressing Protocol
IDS
Intrusion Detection System
IPS
Intrusion Prevention System
KDC
Key Distribution Center
kbps
Kilobits per second. A data transfer rate
Label Distribution Protocol (LDP)
LSRs and LERs use this to communicate dynamic information about their state
PostScript
Language defined by Adobe Systems, Inc., for describing how to create an image on a page. The description is independent of the resolution of the device that will actually create the image. It includes a technology for defining the shape of a font and creating a raster image at many different resolutions and sizes.
Satellite latency
Latency caused due to the extreme distance between the ground antenna and space satellite.
L2TP
Layer 2 Tunneling Protocol
Canonical Name
Less common type of DNS record that acts as a computer's alias.
LED
Light Emitting Diode. Solid-state device that vibrates at luminous frequencies when current is applied.
LWAPP
Lightweight Access Point Protocol
LDAP
Lightweight Directory Access Protocol
LEAP
Lightweight Extensible Authentication Protocol
Infrared
Line-of-sight networking technology that uses light pulses on the non-visible (to humans) spectrum. Has a range of 1 meter or farther (line of sight) and has a transfer speed of 1 Gbps
LACP
Link Aggregation Control Protocol
LLMNR
Link Local Multicast Name Resolution
ping6
Linux command-line utility specifically designed to ping hosts with an IPv6 address.
ip
Linux terminal command that displays the current TCP/IP configuration of the machine; similar to Windows' ipconfig and macOS's ifconfig
Building entrance
Location where all the cables from the outside world (telephone lines, cables from other buildings, and so on) come into a building.
cable drop
Location where the cable comes out of the wall at the workstation location.
LLC
Logical Link Control
history logs
Logs that track the history of how a user or users access network resources, or how network resources are accessed throughout the network.
LTE
Long Term Evolution
Label switching router (LSR)
Looks for and forwards packets based on their MPLS label (aka MPLS routers)
MDF
Main Distribution Frame
vertical cross connect
Main patch panel in a telecommunications room.
crypto-malware
Malicious software that uses some form of encryption to lock a user out of a system, often with a demand for payment—ransomware—to unlock the system.
MIB
Management Information Base
Asset management
Managing each aspect of a network, from documentation to performance to hardware. The documentation we use to keep track of all the network equipment and assets.
MAC
Mandatory Access Control
MSDS
Material Safety Data Sheet
MTU
Maximum Transmission Unit
MTBF
Mean Time Between Failures
MTTF
Mean Time to Failure
MTTR
Mean Time to Recovery
MT-RJ Connector
Mechanical Transfer-Registered Jack. A high density fiber cable connector
MAC
Media Access Control
MGCP
Media Gateway Control Protocol
MOU
Memorandum of Understanding
MD5
Message Digest algorithm (version 5)
Messages, usually text, sent from one person to another via computer. E-mail can also be sent automatically to a large number of addresses, known as a mailing list.
multicast
Method of sending a packet in which the sending computer sends it to a group of interested computers.
out-of-band management
Method to connect to and administer a managed device such as a switch or router that does not use a standard network-connected host as the administrative console. A computer connected to the console port of a switch is an example of out-of-band management.
door access controls
Methodology to grant permission or to deny passage through a doorway. The method may be computer-controlled, human-controlled, token-oriented, or many other means.
MAN
Metropolitan Area Network
MBSA
Microsoft Baseline Security Analyzer
Internet Information Services
Microsoft's Web server program for managing Web servers.
MS-CHAP
Microsoft's dominant variation of the CHAP protocol, uses a slightly more advanced encryption protocol. Offers the most security for the exam compared to PAP and CHAP
NetBIOS Extended User Interface
Microsoft's first networking protocol, designed to work with NetBIOS. This is long obsolesced by TCP/IP. This did not support routing.
Network Policy Server
Microsoft's implementation of a RADIUS server.
MAM
Mobile Application Management
MDM
Mobile Device Management
Choose Your Own Device
Mobile deployment model where corporate employees select among a catalog of approved mobile devices. Less learning curve
Corporate Owned, Personally Enabled
Mobile device deployment strategy where everyone has the same device, there's high control, little privacy for users, and a high learning curve.
Infrastructure mode
Mode in which wireless networks use one or more wireless access points to connect the wireless network nodes centrally. This configuration is similar to the star topology of a wired network.
Gigabit Interface Converter
Modular port that supports a standardized, wide variety of gigabit interface modules
4G
Most popularly implemented as Long Term Evolution (LTE), a wireless data standard with theoretical download speeds of 300 Mbps and upload speeds of 75 Mbps.
Internet Protocol Security
Network layer encryption protocol.
Electrostatic Discharge
Movement of electrons from one body to another. A real menace to PC's, as it can cause permanent damage to the semiconductors.
Distributed Denial of Service
Multicomputer assault on a network resource that attempts, with sheer overwhelming quantity of requests, to prevent regular users from receiving services from the resource. Can also be used to crash systems.
MMF
Multimode Fiber
Metropolitan Area Network
Multiple computers connected via cabling, radio, leased phone lines, or infrared that are within the same city. A perfect example of one of these is Chattanooga's gigabit network available to all city citizens.
MIMO
Multiple in/multiple out
Clustering
Multiple pieces of equipment, such as servers, connected, which appear to the user and the network as one logical device, providing data and services to the organization for both redundancy and fault tolerance.
MPLS
Multiprotocol Label Switching
MSA
Multisource agreement
MU-MIMO
Multiuser MIMO
mtr
My TraceRoute
NTFS
NT File System
Ethernet
Name coined by Xerox for the first standard of network cabling and protocols. Based on a bus topology. The IEEE 802.3 subcommittee defines the current specifications
key pair
Name for the two keys generated in asymmetric-key algorithm systems.
Basic Service Set Identifier
Naming scheme in wireless networks. A single WAP with a single SSID
NEXT
Near End Crosstalk
NFC
Near Field Communication
NDP
Neighbor Discovery Protocol
NetBEUI
NetBIOS Extended User Interface
NetBT
NetBIOS over TCP/IP
NAC
Network Access Control
NAS
Network Access Server
NAT
Network Address Translation
NetBIOS
Network Basic Input/Output System
NFS
Network File System
NIC
Network Interface Card
NIU
Network Interface Unit
NMS
Network Management System
NNTP
Network News Transfer Protocol
NOC
Network Operations Center
NPS
Network Policy Server
NTP
Network Time Protocol
NaaS
Network as a Service
NAS
Network attached storage
plenum-rated cable
Network cable type that resists burning and does not give off excessive smoke or noxious fumes when burned.
connection-oriented
Network communication between two hosts that includes negotiation between the hosts to establish a communication session. Data segments are then transferred between hosts, with each segment being acknowledged before a subsequent segment can be sent. Orderly closure of the communication is conducted at the end of the data transfer or in the event of a communication failure. TCP is the only example protocol in the TCP/IP suite.
loopback plug
Network connector that connects back into itself, used to connect loopback tests. Same as loopback adapter.
NDA
Non-Disclosure Agreement
client/server network
Network that has dedicated server machines and client machines.
managed network
Network that is monitored by the SNMP protocol consisting of SNMP managed devices, management information base (MIB) items, and SNMP manager(s).
Point-to-Point Topology
Network topology in which two computers are directly connected to each other without any other intervening connection components such as hubs or switches.
Shortest path first
Networking algorithm for directing router traffic.
Dual stack
Networking device, such as a router or PC, that runs both IPv4 and IPv6.
managed device
Networking devices, such as routers and advanced switches, that must be configured to use.
Zero-day attack
New attack that exploits a vulnerability that has yet to be identified.
NGFW
Next Generation Firewall
Fast Ethernet
Nickname for the 100-Mbps Ethernet standards. Originally applied to 100BaseT.
Are subnet masks sent out of a host?
No! Subnet masks are never sent out of the host and are not part of the IP packet
Is cost of implementation found in a change request?
No! The cost is not included in a change request. Cost is evaluated by the change-management team and approved or denied by management.
e-mail alert
Notification sent by e-mail as a result of an event. A typical use is a notification sent from an SNMP manager as a result of an out of tolerance condition in an SNMP managed device.
port number
Number used to identify the requested service (such as SMTP or FTP) when connecting to a TCP/IP host. Some example port numbers include 80 (HTTP), 20 (FTP), 69 (TFTP), 25 (SMTP), and 110 (POP3).
Carrier Sense Multiple Access with Collision Detection
Obsolete access method that older Ethernet systems used in wired LAN technologies, enabling frames of data to flow through the network and ultimately reach address locations. Hosts on these networks first listened to hear if there is any data on the wire. If there was none, they sent out data. If a collision occurred, then both hosts waited a random time period before retransmitting the data. Full-duplex Ethernet completely eliminated this access method.
route redistribution
Occurs in a multiprotocol router. A multiprotocol router learns route information using one routing protocol and disseminates that information using another routing protocol.
TIA/EIA 606
Official methodology for labeling patch panels.
VLAN hopping
Older technique to hack a switch to change a normal switch port from an access port to a trunk port. This allows the station attached to the newly created trunk port to access different VLANs. Modern switches have preventative measures to stop this type of abuse.
Fiber Distributed Data Interface
Older technology fiber-optic network used in campus-sized installations. It transfers data at 100 Mbps and uses a token bus network protocol over a ring topology
802.11g
Older wireless standard that operates on the 2.4-GHz band, has a maximum throughput of 54 Mbps, and used OFDM. Backwards compatible with 802.11bm was superseded by 802.11n
Baud
One analog cycle on a telephone line.
single point of failure
One component or system that, if it fails, will bring down an entire process, workflow, or organization.
Secure Copy Protocol
One of the first SSH-enabled programs to appear after the introduction of SSH. This was one of the first protocols used to transfer data securely between two hosts and thus might have replaced FTP. Works well but lacks features such as a directory listing.
Tunnel Information and Control Protocol
One of the protocols that sets up IPv6 tunnels and handles configuration as well as login.
Tunnel Setup Protocol
One of the protocols that sets up IPv6 tunnels and handles configuration as well as login.
Post Office Protocol version 3
One of the two protocols that receive e-mail from SMTP servers. Uses TCP port 110. Old and obsolete, this protocol was replaced by IMAP. Unencrypted
UC gateway
One of three components of a UC network, it is an edge device used to add extra services to an edge router. Connects geographically distanced unified communication systems
UC server
One of three components of a UC network, it is typically a dedicated box that supports any UC-provided service. The cornerstone of any local unified communication
UC device
One of three components of a UC network, it is used to handle voice, video, and more. A VoIP phone with camera and large display (for VTC) built in
legacy mode
One of three modes used with 802.11n wireless networks where the wireless access point (WAP) sends out separate packets just for legacy devices.
greenfield mode
One of three modes used with 802.11n wireless networks wherein everything is running at a higher speed.
TIA/EIA 568A
One of two four-pair UTP crimping standards for 10/100/1000BaseT networks. Often shortened to T568A. The other standard is TIA/EIA 568B.
TIA/EIA 568B
One of two four-pair UTP crimping standards for 10/100/1000BaseT networks. Often shortened to T568B. The other standard is TIA/EIA 568A.
Distributed Coordination Function
One of two methods of collision accordance defined by the 802.11 standard and the only one currently implemented. It Specifies strict rules for sending data onto the network media
Approval process
One or more decision makers consider a proposed change and the impact of the change, including funding. If the change, the impact, and the funding are acceptable, the change is permitted.
Autonomous System
One or more networks that are governed by a single protocol, which provides routing for the internet backbone.
Local Connector (LC)
One popular type of Small Form Factor (SFF) connector, considered by many to be the predominant fiber connector.
Start Frame Delimiter
One-byte section of an Ethernet packet that follows the preamble and precedes the Ethernet frame.
vulnerability management
Ongoing process of identifying vulnerabilities and dealing with them.
BNC coupler
Passive connector used to join two segments of coaxial cables that are terminated with BNC connectors.
inbound traffic
Packets coming in from outside the network.
outbound traffic
Packets leaving the network from within it.
type
Part of an Ethernet frame that describes/labels the frame contents.
Transmission Control Protocol
Part of the TCP/IP protocol suite, operates at layer 4 (Transport) of the OSI seven-layer model. TCP is a connection-oriented protocol.
Bandwidth
Piece of the spectrum occupied by some form of signal, such as television, voice, or fax data. Signals require a certain size and location of bandwidth to be transmitted. The higher the bandwidth, the faster the signal transmission, allowing for a more complex signal such as audio or video. Because bandwidth is a limited space, when one user is occupying it, others must wait their turn. Bandwidth is also the capacity of a network to transmit a given amount of data during a given period.
POTS
Plain Old Telephone Service
PaaS
Platform as a Service
PCF
Point Coordination Function
convergence
Point at which the routing tables for all routers in a network are updated. When all router tables reflect all routes (also called steady state)
PPP
Point-to-Point Protocol
PPPoE
Point-to-Point Protocol over Ethernet
PPTP
Point-to-Point Tunneling Protocol
PTR
Pointer Record
Quality of Service
Policies that control how much bandwidth a protocol, PC, user, VLAN, or IP address may use. A mechanism for performing traffic shaping. Enables the prioritization of different traffic types with bandwidth approaches a connection's maximum capacity.
Internet Authentication Service
Popular RADIUS server for Microsoft environments.
Splunk, ELK, ArcSight
Popular SIEM options
Nessus
Popular and extremely comprehensive vulnerability testing tool.
Cacti
Popular network graphing program. An open-source NMS for graphing SNMP data
PAT
Port Address Translation
PAgP
Port Aggregation Protocol
Private port numbers
Port numbers 49152-65535, recommended by the IANA to be used as ephemeral port numbers. Also called dynamic port numbers
Dynamic port numbers
Port numbers 49152-65535, recommended by the IANA to be used as ephemeral port numbers. Also called private port numbers
Well-known port numbers
Port numbers from 0 to 1204 that are used primarily by client applications to talk to server applications in TCP/IP networks.
registered ports
Port numbers from 1024 to 49151. The IANA assigns these ports for anyone to use for their applications.
What is the role of port numbers in IP headers?
Port numbers identify sending and receiving processes in a sender and receiver.
Uplink port
Port on a switch that enables you to connect two switches together using a straight-through cable.
subnet ID
Portion of an IP address that identifies bits shared by all hosts on that network.
POP3
Post Office Protocol version 3
insider threats
Potential for attacks on a system by people who work in the organization.
Alert
Proactive message sent from an SNMP manager as a result of a trap issued by an agent. Alerts may be sent as e-mail, SMS message, voicemail, or other avenue.
Frequency mismatch
Problem in older wireless networks with manual settings where the WAP transmitted on one channel and a wireless client was set to access on a different channel
disk striping with parity
Process by which data is spread among multiple (at least three) drives, with parity information as well to provide fault tolerance. The most commonly implemented type is RAID 5, where the data and parity information is spread across three or more drives.
disk striping
Process by which data is spread among multiple (at least two) drives. Increases speed for both reads and writes of data, but provides no fault tolerance.. Also known as RAID level 0
disk mirroring
Process by which data is written simultaneously to two or more disk drives. Read and write speed is decreased but redundancy in case of catastrophe is increased. Also known as RAID level 1
dynamic routing
Process by which routers in an internetwork automatically exchange information with other routers. Requires a dynamic routing protocol, such as OSPF or RIP.
Remote Login (rlogin)
Program in UNIX that enables you to log into a server remotely. Unlike Telnet, this can be configured to log in automatically.
e-mail client
Program that runs on a computer and enables you to send, receive, and organize e-mail.
regedit.exe
Program used to edit the Windows Registry.
PLC
Programmable Logic Controller
software
Programming instructions or data stored on some type of binary storage device
software defined networking
Programming that allows a master controller to determine how network components will move traffic through the network. Used in virtualization.
PEAP
Protected Extensible Authentication Protocol
PDU
Protocol Data Unit
Internet Protocol version 6
Protocol in which addresses consist of eight sets of four hexadecimal numbers, each number being a value between 0000 and ffff, using a colon to separate the numbers. No Address may be all 0s or all ffffs.
Internet Protocol version 4
Protocol in which addresses consist of four sets of numbers, each number being a value between 0 an d 255, using a period to separate the numbers (often called dotted decimal format). None of these addresses may be all 0s or all 255s. Examples include 192.168.0.1 and 64.176.19.164
Intermediate System to Intermediate System
Protocol similar to, but not as popular as, OSPF, but with support for IPv6 since inception.
Real-time Transport Protocol
Protocol that defines the type of packets used on the Internet to move voice or data from a server to clients. The vast majority of VoIP solutions available today use this.
Compensating Controls
Provides alternative fixes to any of the other security control functions (deterrent, preventative, detective, and corrective). Assists and mitigates the risk an existing control is unable to mitigate.
Remote Copy Protocol
Provides the capability to copy files to and from the remote server without the need to resort to FTP or Network Files System (NFS, a UNIX form of folder sharing). This can also be used in scripts and shares TCP port 514 with RSH.
Infrastructure as a Service
Providing servers, switches, and routers to customers for a set rate. This is commonly done by large-scale, global providers that use virtualization to minimize idle hardware, protect against data loss and downtime, and respond to spikes in demand. AWS and Microsoft Azure are examples of this.
PKI
Public Key Infrastructure
PSTN
Public Switched Telephone Network
QSFP
Quad Small Form-Factor Pluggable. Designed for 40 Gbps ethernet
QoS
Quality of Service
Absorption
Quality of some building materials (such as brick, sheetrock, and wood) to reduce or eliminate a Wi-Fi signal.
RFID
Radio Frequency Identification
RFI
Radio Frequency Interference
Initialization Vector
Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
RSTP
Rapid Spanning Tree Protocol
Fire ratings
Ratings developed by Underwriters Laboratories (UL) and the National Electrical Code (NEC) to define the risk of network cables burning and creating noxious fumes and smoke.
Radio Grade (GR) ratings
Ratings developed by the U.S. military to provide a quick reference for the different types of coaxial cables.
incident response
Reaction to any negative situations that take place within an organization that can be stopped, contained, and remediated without outside resources.
ROM
Read Only Memory
mirroring
Reading and writing data at the same time to two drives for fault-tolerance purposes. Considered RAID level 1.
RTP
Real-time Transport Protocol
NS records
Records that list the authoritative DNS servers for a domain.
MX records
Records within DNS servers that are used by SMTP servers to determine where to send mail.
RPO
Recovery Point Objective
RTO
Recovery Time Objective
RAID
Redundant Array of Independent Disks
small office/home office
Refers to a classification of networking equipment, usually marketed to consumers or small businesses, which focuses on low price and ease of configuration. These networks differ from enterprise networks, which focus on flexibility and maximum performance.
Remote Access Server
Refers to both the hardware component (servers built to handle the unique stresses of a large number of clients calling in) and the software component (programs that work with the operating system to allow remote access to the network) of a remote access solution.
local
Refers to the computer(s), server(s), and/or LAN that a user is physically using or that is in the same room or building.
remote
Refers to the computer(s), server(s), and/or LAN that cannot be physically used due to its distance from the user.
network topology
Refers to the way that cables and other pieces of hardware connect to one another.
RC4
Rivest Cipher version 4
SNMP version 3
Robust SNMP version with TLS encryption. Today's version
Rogue AP
Rogue Access Point
RBAC
Role Based Access Control
edge router
Router that connects one automated system (AS) to another.
RIP
Routing Information Protocol
RRAS
Routing and Remote Access Service
path vector
Routing protocol in which routers maintain path information. This information gets updated dynamically.
regulations
Rules of law or policy that govern behavior in the workplace, such as what to do when a particular event occurs.
network access policy
Rules that define who can access the network, how it can be accessed, and what resources of the network can be used.
Virtualization
Running multiple systems simultaneously on one physical computer. Uses a host's actual hardware when creating the other systems. Saves power, consolidates hardware, makes system recovery easy, and is nice for IT research
Network management station
SNMP console computer that runs the SNMP manager software
snmpwalk
SNMP manager PDU that collects management information base (MIB) information in a tree-oriented hierarchy of a MIB object and any of its subordinate objects. This command queries the object and then automatically queries all of the objects that are subordinated to the root object being queried.
SNMP version 1
SNMP version that has a limited command set and does not support encryption
SNMP version 2
SNMP version with expanded command set and basic encryption
Management Information Base
SNMP's version of a server. A database that is queried to be able to talk to SNMP agents.
SFTP
SSH File Transfer Protocol
quarantine network
Safe network to which stations are directed that either do not require or should not have access to protected resources.
sneakernet
Saving a file on a portable medium and walking it over to another computer.
War driving
Searching for wireless signals from an automobile or on foot using a portable computing device.
power redundancy
Secondary source of power in the event that primary power fails. The most common redundant power source is an uninterruptible power supply (UPS).
SCP
Secure Copy Protocol
SHA
Secure Hash Algorithm
SSH
Secure Shell
SSL
Secure Sockets Layer
SAML
Security Assertions Markup Language
SEM
Security Event Management
SIM
Security Information Management
SIEM
Security Information and Event Management. Aggregation and correlation are the two primary components of this
Deterrent Controls
Security controls that attempt to discourage individuals from causing a security incident. The malicious actors need to know the controls exist. Lighting, signage, and security guards are an example of this
Detective Controls
Security controls that attempt to discover that a security incident occurred. Alarms, cameras, motion detectors, infrared detectors, log files, are all examples of this.
Preventative Controls
Security controls that attempt to stop a security incident from happening. The malicious actors do not need to know the controls exist. Fences/gates, barricades, mantraps, air gaps, safes, protected distribution systems, faraday cages, locks, are all examples of this.
video surveillance
Security measures that use remotely monitored visual systems that include IP cameras and closed-circuit televisions (CCTVs).
SIP
Session Initiation Protocol
distance vector
Set of routing protocols that calculates the total cost to get to a particular network ID and compares that cost to the total cost of all the other routes to get to that same network ID.
Algorithm
Set of rules for solving a problem in a given number of steps. These use keys to encrypt cleartext into ciphertext
rack monitoring system
Set of sensors in an equipment closet or rack-mounted gear that can monitor and alert when an out-of-tolerance condition occurs in power, temperature, and/or other environmental aspects.
permissions
Sets of attributes that network administrators assign to users and groups that define what they can do to resources.
Protocols
Sets of clearly defined rules, regulations, standards, and procedures that enable hardware and software developers to make devices and applications that function properly at a particular layer.
Application Programming Interface
Shared functions, subroutines, and libraries that allow programs on a machine to communicate with the OS and other programs.
STP
Shielded Twisted Pair
patch cables
Short (2 to 5 foot) UTP cables that connect patch panels to switches.
SMS
Short Message Service
CAB files
Short for cabinet files. These files are compressed and most commonly used during Microsoft OS installation to store many smaller files, such as device drivers.
1000BaseTX
Short-lived gigabit-over-UTP standard from TIA/EIA. Considered a competitor to 1000BaseT, it was simpler to implement but required the use of CAT 6 cable.
dotted decimal notation
Shorthand method for discussing and configuring binary IP addresses. 192.168.0.1 for example
Netstat -a
Shows all active ports on a host (even ones without current connections)
non-persistent agent
Software used in posture assessment that does not stay resident in client station memory. It is executed prior to login and may stay resident during the login session but is removed from client RAM when the login or session is complete. The agent presents the security characteristics to the access control server, which then decides to allow, deny, or redirect the connection.
Public cloud
Software, platforms, and infrastructure delivered through networks that the general public can use.
private cloud
Software, platforms, and infrastructure, delivered via the Internet or an internal corporate intranet, which are solely for the use of one organization.
Rogue anti-malware program
Some free anti-malware applications that are actually malware
loopback address
Sometimes called the localhost, a reserved IP address used for internal testing: 127.0.0.1.
SAT
Source Address Table
Protocol data unit
Specialized type of command and control packet found in SNMP management systems (and others)
Administrative accounts
Specialized user accounts that have been granted sufficient access rights and authority to manage specified tasks. Some exist as a default on the system and have all authority throughout the system. Others must be explicitly assigned the necessary powers to administer given resources.
signature
Specific pattern of bits or bytes that is unique to a particular virus. Virus scanning software maintains a library of signatures and compares the contents of scanned files against this library to detect infected files.
Optical Carrier
Specification used to denote the optical data carrying capacity (in Mbps) of fiber-optic cables in networks conforming o the SONET standard. This standard is an escalating series of speeds, designed to meet the needs of medium-to-large corporations. SONET establishes OCs from 51.8 Mbps (OC-1) to 39.8 Gbps (OC-768).
Maximum Transmission Unit
Specifies the largest size of a data unit in a communications protocol, such as Ethernet
IEEE 1905.1
Standard that integrates Ethernet, Wi-Fi, Ethernet over power lines, and Multimedia over Coax (MoCA).
cross-platform support
Standards created to enable terminals (and now operating systems) from different companies to interact with one another.
structured cabling
Standards defined by the Telecommunications Industry Association/Electronic Industries Alliance (TIA/EIA) that define methods of organizing the cables in a network for ease of repair and replacement.
V standards
Standards established by CCITT for modem manufacturers to follow (voluntarily) to ensure compatible speeds, compression, and error correction.
SFD
Start Frame Delimiter
SOA
Start of Authority
SOW
Statement of Work
SNAT
Static Network Address Translation
Baseline
Static image of a system's (or network's) performance when all elements are known to be working properly. Can be used to identify irregular activity that needs to be investigated.
Security procedures
Step by step how-to document that describes the exact actions necessary to implement a specific security control. Usually these are system and software specific. purpose is to ensure the integrity of business processes.
IP camera
Still-frame or video camera with a network interface and TCP/IP transport protocols to send output to a network resource or destination.
SAN
Storage Area Network
flow cache
Stores sets of flows for interpretation and analysis.
SQL
Structured Query Language
SMA connector
Subminiature version A connector
DHCP snooping
Switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources. Typically used to block attacks that use a rogue DHCP server.
SDSL
Symmetric DSL
SDH
Synchronous Digital Hierarchy
SONET
Synchronous Optical Network
STS
Synchronous transport signal
Key Distribution Center
System for granting authentication in Kerberos. A Windows server that has been set up to be a domain controller
Radio Frequency Identification
System of tags which contain data that can be read from a distance using radio waves. Can operate anywhere from 20 KHz to 10 GHz and has a range of 10 cm to 100 meters. Often used for package, luggage, and equipment tracking.
Network Access Server
System that controls the modems in a RADIUS network.
POP3 port
TCP 110
Network News Transfer Protocol port
TCP 119
IMAPv4 port
TCP 143
H.323 port
TCP 1720
SSH port
TCP 22
SFTP port
TCP 23
Telnet port
TCP 23
SMTP port
TCP 25
HTTPS port
TCP 443
Traditional TLS (encrypted) SMTP port
TCP 465
TACACS+ port
TCP 49
Session Initiation Protocol ports
TCP 5060 and 5061
rlogin port
TCP 513
STARTTLS (IMAP, POP3, SMTP) port
TCP 587
TightVNC port
TCP 5900
LDAPS port
TCP 636
HTTP port
TCP 80
Traditional TLS (encrypted) IMAP port
TCP 993
Traditional TLS (encrypted) POP3 port
TCP 995
Remote Desktop Protocol port
TCP/UDP 3389
LDAP port
TCP/UDP 389
proprietary
Term used to describe technology that is unique to, and owned by, a particular vendor
TACACS+
Terminal Access Controller Access Control System Plus
TA
Terminal Adaptor
My Traceroute
Terminal command in Linux that dynamically displays the route a packet is taking. Similar to traceroute
optical time domain reflectometer
Tester for fiber-optic cable that determines continuity and reports the location of cable breaks.
TCP/IP Layer 4
The Application layer combines the features of the top three layers of the OSI model. It consists of the processes that applications use to initiate, control, and disconnect from a remote system.
OSI layer 7
The Application layer provides tools for programs to use to access the network (and the lower layers). HTTP, SSL/TLS, FTP, SMTP, DNS, DHCP, and IMAP are all examples of protocols that operate at the Application layer.
Integrated Services Digital Network
The CCITT standard that defines a digital method for telephone communications. Originally designed to replace the current analog telephone systems. These lines have telephone numbers and support up to 128-Kbps transfer rates. This also allows data and voice to share a common phone line. Never very popular, this is now relegated to specialized niches.
OSI layer 2
The Data Link layer identifies devices on the Physical layer. MAC addresses are part of the Data Link layer. Bridges and switches operate at the Data Link layer.
E1
The European counterpart of a T1 connection that carries 32 channels at 64 Kbps for a total of 2.048 Mbps—making it slightly faster than a T1.
E3
The European counterpart of a T3 line that carries 16 E1 lines (512 channels), for a total bandwidth of 34.368 Mbps—making it a little bit slower than an American T3.
localhost
The HOSTS file alias for the loopback address of 127.0.0.1, referring to the current machine.
Ethernet over Power
The IEEE 1901 standard, also known as HomePlug HD-PLC, provides high-speed home networking through the building's existing power infrastructure.
802 committee
The IEEE committee responsible for all Ethernet standards.
802.3ab
The IEEE standard for 1000BaseT.
IEEE 1284
The IEEE standard for the now obsolete parallel communication.
802.3at
The IEEE standard that improves upon the older 802.3af by supplying more power over Ethernet connections. PoE+ provides about 30 watts.
OSI layer 6
The Presentation layer, which can also manage data encryption, hides the differences among various types of computer systems.
802.3af
The IEEE standard that specifies a way of supplying electrical Power over Ethernet (PoE). Has a maximum wattage of 15.4 watts
802.11
The IEEE subcommittee that defined the standards for wireless.
Extended Unique Identifier, 48-bit
The IEEE term for the 48-bit MAC address assigned to a network interface. The first 24 bits of this are assigned by the IEEE as the organizationally unique identifier (OUI)
Internet address
The IPv6 address that is given to a system (at least in part) by the gateway router.
prefix length
The IPv6 term for subnet mask. In most cases it's /64
TCP/IP Layer 2
The Internet layer is the same as OSI's Network layer. Any part of the network that deals with pure IP packets—getting a packet to its destination—is on the Internet layer.
Internet Protocol
The Internet standard protocol that handles the logical naming for the TCP/IP protocol using IP addresses.
TCP/IP Layer 1
The Link layer (Network Interface layer) is similar to OSI's Data Link and Physical layers. The Link layer consists of any part of the network that deals with frames.
TEMPEST
The NSA's security standard that is used to combat radio frequency (RF) emanation by using enclosures, shielding, and even paint.
OSI layer 3
The Network layer moves packets between computers on different networks. Routers operate at the Network layer. IP and IPX operate at the Network layer.
Set
The PDU with which a network management station commands an agent to make a change to a management information base (MIB) object.
OSI layer 1
The Physical layer defines hardware connections and turns binary into physical pulses (electrical or light). Repeaters and hubs operate at the Physical layer.
OSI layer 5
The Session layer manages connections between machines. Sockets operate at the Session layer.
OSI layer 4
The Transport layer breaks data down into manageable chunks with TCP; at this layer. UDP also operates at the Transport layer.
TCP/IP Layer 3
The Transport layer combines the features of OSI's Transport and Session layers. It is concerned with the assembly and disassembly of data, as well as connection-oriented and connectionless communication.
Performance Monitor
The Windows logging utility.
Types of Windows logs
The application logs, security logs, setup logs, system logs, and forwarded events logs. Windows does NOT log network events.
Local user accounts
The accounts unique to a single Windows system. Stored in the local system's registry.
dumpster diving
The act of digging through trash and recycling receptacles to find information that can be useful in an attack. A form of social engineering
Air gap
The act of physically separating a network from every other network.
Network as a Service
The act of renting virtual server space over the Internet.
Tethering
The act of using a cellular-network-connected mobile device as a mobile hotspot. Can be done using a cable or wirelessly.
protocol stack
The actual software that implements the protocol suite on a particular operating system.
broadcast address
The address a NIC attaches to a frame when it wants every other NIC on the network to read it. In TCP/IP, this address is 255.255.255.255. In Ethernet, this address is FF-FF-FF-FF-FF-FF. Is found in the first field (destination) of the frame.
link-local address
The address that a computer running IPv6 gives itself after first booting. The first 64 bits of a link-local address are always FE80::/64.
wattage (watts or W)
The amount of amps and volts needed by a particular device to function.
impedance
The amount of resistance to an electrical signal on a wire. It is used as a relative measure of the amount of data a cable can handle.
Recovery time objective
The amount of time needed to restore full functionality from when the organization ceases to function.
Data correlation
The analysis and reporting of data in a way that humans can understand. Used for alerts and triggering
Logical Link Control
The aspect of the NIC that talks to the operating system, places outbound data coming "down" from the upper layers of software into frames, and creates the FCS on each frame. This also deals with incoming frames by processing those addressed to the NIC and erasing ones addressed to other machines on the network.
Mean time to failure
The average number of hours that a system can run without failing.
Basic Rate Interface
The basic ISDN configuration, which consists of two B channels (which can carry voice or data at a rate of 64 Kbps) and one D channel (which carries setup and configuration information, as well as data, at 16 Kbps).
Classless Inter-Domain Routing
The basis of allocating and routing classless addresses, not restricting subnet masks to /8, /16,or /24, which classful addressing did.
Internet of Things
The billions of everyday objects that can communicate with each other, specifically over the Internet. These include smart home appliances, automobiles, video surveillance systems, and more.
implicit deny
The blocking of access to any entity that has not been specifically granted access. May also be known as implicit deny any. An example might be a whitelist ACL. Any station that is not in the whitelist is implicitly denied access.
segment
The bus cable to which the computers on an Ethernet network connect.
information technology
The business of computers, electronic communications, and electronic commerce.
fault tolerance
The capability of any system to continue functioning after some part of the system has failed. RAID is an example of a hardware device that provides fault tolerance for hard drives.
port mirroring
The capability of many advanced switches to mirror data from any or all physical ports on a switch to a single physical port. Useful for any type of situation where an administrator needs to inspect packets coming to or from certain computers.
remote access
The capability to access a computer from outside a building in which it is housed. Remote access requires communications hardware, software, and actual physical links.
scalability
The capability to support network growth.
Root Bridge
The center of the STP universe that is used as a reference point for all other switches to maintain a loop-free topology
Video Teleconferencing
The classic, multicast-based presentation where one presenter pushes out a stream of video to any number of properly configured and properly authorized multicast clients.
Data aggregation
The collection and storing of data from various sources for the purpose of data processing
TCP/IP suite
The collection of all the protocols and processes that make TCP over IP communication over a network possible.
ipconfig /registerdns
The command used to force a DNS server to update its records
Fully Qualified Domain Name
The complete DNS name of system, from its host name to the top-level domain name. Textual nomenclature to a domain-organized resource. It is written left to right, with the host name on the left, followed by any hierarchical subdomains within the top-level domain on the right. Each level is separated from any preceding or following layer by a dot (.).
last mile
The connection between a central office and individual users in a telephone system.
insulating jacket
The external plastic covering of a fiber-optic cable.
TKIP-RC4
The extra layer of security that Wi-Fi Protected Access (WPA) adds on top of Wired Equivalent Privacy (WEP); uses RC4 for cipher initialization.
Fiber distribution panel
The fiber equivalent of a 110 punchdown block. Used as an intermediary between fiber horizontal runs and a fiber switch. Typically found in an MDF or IDF
Evolved High-Speed Packet Access
The final wireless 3G data standard, transferring theoretical maximum speeds up to 168 Mbps, although real-world implementations rarely passed 10 Mbps.
Windows Firewall/Windows Defender Firewall
The firewall that has been included in Windows operating systems since Windows XP; originally named Internet Connection Firewall (ICF) but renamed in XP Service Pack 2.
external firewall
The firewall that sits between the perimeter network and the Internet and is responsible for bearing the brunt of the attacks from the Internet.
internal firewall
The firewall that sits between the perimeter network and the trusted network that houses all the organization's private servers and workstations.
Organizationally Unique Identifier
The first 24 bits of a MAC address, assigned to the NIC manufacturer by the IEEE.
global routing prefix
The first 48 bits of an IPv6 unicast address, used to get a packet to its destination
network prefix
The first 64 bits of an IPv6 address that identifies the network
T-carrier
The first digital trunk carriers used by the telephone industry
X.25
The first generation of packet-switching technology, enables remote devices to communicate with each other across high-speed digital links without the expense of individual leased lines.
802.11b
The first popular wireless standard, operates in the frequency range of 2.4GHz, offers throughput of up to 11 Mbps and uses DSSS.
Mechanical Transfer Registered Jack
The first type of small form factor (SFF) fiber connector, still in common use.
Routing Information Protocol
The first version had several shortcomings, such as a maximum hop count of 15 and a routing table update interval of 30 seconds, which was a problem because every router on a network would send out its table at the same time
SHA-1
The first version of Secure Hash Algorithm.
read-only memory
The generic term for nonvolatile memory that can be read from but not written to. This means that code and data stored here cannot be corrupted by accidental erasure. Additionally, this retains its data when power is removed, which makes it the perfect medium for storing BIOS data or information such as scientific constants.
DNS root servers
The highest in the hierarchy of DNS servers running the Internet.
Session Hijacking
The interception of a valid computer session to get authentication information.
Extended Unique Identifier, 64-bit
The last 64 bits of the IPv6 address, which are determined based on a calculation based on a device's 48-bit MAC address
device ID
The last six digits of a MAC address, identifying the manufacturer's unique serial number for that NIC.
10Base2
The last true bus-standard network where nodes connected to a common, shared length of coaxial cable. 10 Mbps, baseband, with up to 200 meter segments. Can handle up to 30 devices per segment. Always used T connectors.
Very High Bit-Rate Digital Subscriber Line
The latest form of DSL with download and upload speeds of up to 100 Mbps. This was designed to run on copper phone lines, but many suppliers use fiber-optic cabling to increase effective distances.
Institute of Electrical and Electronics Engineers
The leading standards-setting group in the United States.
Personal area network
The network created among Bluetooth devices such as smartphones, tablets, printers, keyboards, mice, etc.
When a NIC has auto-sensing capabilities, what does that mean?
The link duplex and the link speed will be determined once you connect a cable to your auto-sensing NIC.
cached lookup
The list kept by a DNS server of IP addresses it has already resolved, so it won't have to re-resolve an FQDN it has already checked.
port bonding
The logical joining of multiple redundant ports and links between two network devices such as a switch and storage array usually to increase bandwidth. This is also known as port aggregation
Simple Mail Transfer Protocol
The main protocol used to send electronic mail on the Internet. Unencrypted
Designated Router
The main router in an OSPF network that relays information to all other routers in the area.
Security controls
The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Generated from security policies
physical topology
The manner in which the physical components of a network are arranged.
Reddit hug of death
The massive influx of traffic on a small or lesser-known Web site when it is suddenly made popular by a reference from the media.
Slashdotting
The massive influx of traffic on a small or lesser-known Web site when it is suddenly made popular by a reference from the media.
bandwidth
The maximum amount of data that can pass from one point to another in a unit of time (through a cable, via radio wave, etc.)
disaster recovery
The means and methods to recover primary infrastructure from a disaster. Disaster recovery starts with a plan and includes data backups.
110-Punchdown Block
The most common connection used on the back of an RJ-45 jack and patch panels.
terminal adapter
The most common interface used to connect a computer to an ISDN line.
Port Address Translation
The most commonly used form of Network Address Translation, where the router uses the outgoing IP addresses and port numbers (collectively known as a socket) to map traffic back to specific machines in the network.
twisted pair
The most overwhelmingly common type of cabling used in networks. The two types of this are UTP and STP. The twists serve to reduce interference, called crosstalk; the more twists, the less crosstalk.
role-based access control
The most popular authentication model used in file sharing, defines a user's access to a resource based on the roles the user plays in the network environment. This leads to the idea of creating groups. A group in most networks is nothing more than a name that has clearly defined accesses to different resources. User accounts are placed into various groups.
Wi-Fi
The most widely adopted wireless networking type in use today. Technically, only wireless devices that conform to the extended versions of of the 802.11 standard - 802.11a, b, g, n, and ac - are certified as this type of network.
newgroup
The name for a discussion group on Usenet
primary (master) DNS server
The name server where records are added, deleted, and modified. The primary DNS server sends copies of this zone file to secondary (slave) DNS servers in a process known as a zone transfer.
Internet Assigned Numbers Authority
The organization originally responsible for assigning public IP addresses. This no longer directly assigns IP addresses, having delegated this to the five Regional Internet Registries.
ciphertext
The output when cleartext is run through a cipher algorithm using a key.
Media Access Control
The part of a NIC that remembers the NIC's own MAC address and attaches that address to outgoing frames
Cladding
The part of a fiber-optic cable that makes the light reflect down the fiber.
hop
The passage of a packet through a router.
topology
The pattern of interconnections in a communications system among devices, nodes, and associated input and output stations. Also describes how computers connect to each other without regard to how they actually communicate.
effective permissions
The permissions of all groups combined in any network operating system.
DHCP scope
The pool of IP addresses that a DHCP server may allocate to clients requesting IP addresses or other IP information like DNS server addresses.
Linux
The popular open source operating system, derived from UNIX
switch port
The port on a switch. This can best be described as a collision domain
trailer
The portion of an Ethernet frame that is the frame check sequence (FCS).
hosts file
The predecessor to DNS, a static text file that resides on a computer and is used to resolve DNS host names to IP addresses. Automatically mapped to a host's DNS resolver cache in modern systems. This has no extension.
giga
The prefix that generally refers to the quantity 1,073,741,824. One gigabyte is 1,073,741,824 bytes. With frequencies, in contrast, this often refers to one billion. One gigahertz is 1,000,000,000 hertz
voltage
The pressure of the electrons passing through a wire.
payload
The primary data that is sent from a source network device to a destination network device.
customer premises equipment
The primary distribution box and customer-owned/managed equipment that exists on the customer side of the demarc.
Internet Engineering Task Force
The primary standards organization for the Internet.
NetFlow
The primary tool used to monitor packet flow on a network.
circuit switching
The process for connecting two phones together on one circuit.
legal hold
The process of an organization preserving and organizing data in anticipation of or in reaction to a pending legal issue.
off-boarding
The process of confirming that mobile devices leaving the control of the organization do not store any proprietary applications or data.
Business Continuity Plan
The process of defining the steps to be taken in the event of a physical corporate crisis to continue operations. Includes the creation of documents to specify facilities, equipment, resources, personnel, and their roles.
rollback
The process of downgrading - undoing - a recently applied patch or update.
network design
The process of gathering together and planning the layout for the equipment needed to create a network.
Time Division Multiplexing
The process of having frames that carry a bit of every channel in every frame sent at a regular interval in a T1 connection.
risk management
The process of how organizations evaluate, protect against, and recover from threats and attacks that take place on their networks.
succession planning
The process of identifying people who can take over certain positions (usually on a temporary basis) in case the people holding those critical positions are incapacitated or lost in an incident.
Change Management
The process of initiating, approving, funding, implementing, and documenting significant changes to the network.
proxy ARP
The process of making remotely connected computers act as though they are on the same LAN as local computers.
Encapsulation
The process of preparing data to go onto a network.
log management
The process of providing proper security and maintenance for log files to ensure the files are organized and safe. Storage for legal conformance, managing size, and controlling access to appropriate users
ecapsulation
The process of putting the packets from one protocol inside the packets of another protocol, An example of this is TCP/IP in Ethernet, which places TCP/IP packets inside Ethernet frames.
port scanning
The process of querying individual nodes, looking for open or vulnerable ports and creating a report
patch management
The process of regularly updating operating systems and applications to avoid security threats.
home automation
The process of remotely controlling household devices, such as lights, thermostats, cameras, and washers and dryers.
electronic discovery
The process of requesting and providing electronic and stored data and evidence in a legal way.
de-encapsulation
The process of stripping all the extra header information from a packet as the data moves up a protocol stack.
load balancing
The process of taking several servers and making them look like a single server, spreading processing and supporting bandwidth needs.
on-boarding
The process of verifying that new mobile devices appearing in the organization's infrastructure are secure and safe to use within the organization.
drive mirroring
The process of writing identical data to two hard drives on the same controller at the same time to provide data redundancy.
IP addressing
The processes of assigning IP addresses to networks and hosts.
real-time processing
The processing of transactions as they occur, rather than batching them. Pertaining to an application, processing in which response to input is fast enough to affect subsequent inputs and guide the process, and in which records are updated immediately. The lag from input time to output time must be sufficiently small for acceptable timeliness. Timeliness is a function of the total system: missile guidance requires output within a few milliseconds of input, whereas scheduling of steamships requires a response time in days. Real-time systems are those with a response time of milliseconds; interactive systems respond in seconds; and batch systems may respond in hours or days.
Common Internet File System
The protocol that NetBIOS used to share folders and printers. Still very common, even on UNIX/Linux systems.
Backoff
The random amount of time a node in a CSMA/CD network waits after a collision has occurred; this is typically a period of a few milliseconds long.
RS-232
The recommended standard (RS) upon which all serial communication takes place on a PC.
Signal-to-noise ratio (SNR)
The relative gauge of signal strength for a radio/WIFI receiver. The stronger the signal the more negative it registers
request timed out
The response generated when no echo reply comes back before the default time when using ping. This can be caused by a slow network, excess traffic, a downed router, etc.
Destination Host Unreachable
The response generated when the local system has no route to the address listed using ping, May also come from a router upstream if that router can't go forward
unreachable default gateway
The response generated when you ping the default gateway and get a destination host unreadable response. A CompTIA term for an ICMP-related issue
Broadcast storm
The result of one or more devices sending a nonstop flurry of broadcast frames on the network.
collision
The result of two nodes transmitting at the same time on a multiple access network such as Ethernet. Both frames may be lost or partial frames may result.
Main Distribution Frame
The room in a building that stores the demarc, telephone cross-connects, and LAN cross-connects
Intermediate distribution frame
The room where all the horizontal runs from all the work areas on a given floor in a building come together.
telephony
The science of converting sound into electrical signals, moving those signals from one location to another, and then converting those signals back into sounds. This includes modems, telephone lines, the telephone system, and any products used to create a remote access link between a remote access client and server.
computer forensics
The science of gathering, preserving, and presenting evidence stored on a computer or any form of digital media that is presentable in a court of law.
interface identifier (interface ID)
The second half (64 bits) of an IPv6 address, unique to a host.
RIPv2
The second version of this protocol. It fixed many problems of the original version, but the maximum hop count of 15 still applies.
Order of Restoration
The sequence in which different systems are brought back online after a disaster.
Operating system
The set of programming that enables a program to interact with the computer and provides an interface between the PC and the user.
configurations
The settings stored in devices that define how they are to operate.
Application Layer
The seventh layer of the OSI model.
Digital Signal 1
The signaling method used by T1 lines, which uses a relatively simple frame consisting of 25 pieces: a framing bit and 24 channels. Each DS1 channel holds a single 8-bit DS0 data sample. The framing bit and data channels combine to make 193 bits per DS1 frame. These frames are transmitted 8000 times/sec, making a total throughput of 1.544 Mbps
Digital signal 1
The signaling method used by T1 lines, which uses a relatively simple frame consisting of 25 pieces: a framing bit and 24 channels. Each of these holds a single 8-bit DS0 data sample. The framing bit and data channels combine to make 193 bits per frame. These frames are transmitted 8000 times/sec, making a total throughput of 1.544 Mbps.
MTU mismatch
The situation when your network's packets are so large that they must be fragmented to fit into your ISP's packets.
iSCSI Initiator
The software and hardware components that can be used to transfer files to and from an iSCSI target.
Network Management System
The software installed on an SNMP manager workstation that allows for communication to SNMP agents.
T1 line
The specific, shielded, two-pair cabling that connects the two ends of a T1 connection.
native VLAN
The specified VLAN designation that will be assigned to all untagged frames entering a trunk port in a switch.
Dipole Antenna
The standard straight-wire antenna that provides signal out in a torus (the shape of a bagel).
Telecommunications Industry Association/Electronics Industries Association
The standards body that defines most of the standards for computer network cabling. Many of these standards are defined under the TIA/EIA 568 standard.
Recovery point objective
The state of the backup when the data is recovered. It is an evaluation of how much data s lost from the time of the last backup to the point that a recovery was required.
Forward lookup zone
The storage area in a DNS server to store the IP addresses and names of systems for a particular domain or domains.
Public Key Infrastructure
The system for creating and distributing digital certificates using sites like Comodo, Symantec, or GoDaddy
100BaseTX
The technically accurate but little-used name for 100BaseT. 100 Mbps up to 100 meters, 1024 nodes per hub, cat 5e cable only using two pairs of wires, full duplex
network technology
The techniques, components, and practices involved in creating and operating computer-to-computer links. A practical application of a topology and other critical technologies that provides a method to get data from one computer to another on a network.
resistance
The tendency for a physical medium to impede electron flow. It is classically measured in a unit called ohms.
offsite
The term for a virtual computer accessed and stored remotely.
onsite
The term for a virtual computer stored at your location.
subnet mask
The value used in TCP/IP settings to divide the IP address of a host into its component parts: network ID and host ID. One of the main purposes of this is to determine if the recipient address in a packet is local or remote. Once determined, the host can then decide if the packet should remain local, or should be forwarded to a remote network.
Modulation Techniques
The various multiplexing and demultiplexing technologies and protocols, both analog and digital.
DHCPv6
The version of DHCP used with IPv6.
ICMPv6
The version of ICMP used with IPv6 networks. This performs the functions that ICMP, IGMP, and ARP perform in IPv4. It detects and reports data transmission errors, discovers other nodes on a network, and manages multicasting.
Authoritative DNS Servers
These hold the IP addresses and names of systems for a particular domain or domains in special storage areas called forward lookup zones. They also have reverse lookup zones.
3G
Third generation wireless data standard for cell phones and other mobile devices. 3G matured over time until Evolved High-Speed Packet Access (HSPA+) became the final wireless 3G data standard. It transferred at theoretical maximum speeds up to 168 Mbps although real-world implementations rarely passed 10 Mbps.
Bandwidth-Efficient Encoding Schemes
This allows more bits to be squeezed into the same signal as long as a cable can handle it.
differential backup
This backs up the files that have been changed since the last full backup. This type of backup does not change the state of the archive bit.
show ip route
This command can be used on a Cisco router to view the routing table
nbtstat -R
This command clears the NetBIOS name cache table
nbtstat -n
This command displays NetBIOS names that have been registered as belonging to the local system.
ipconfig /displaydns
This command displays all cached DNS entries in a windows system
nbtstat -r
This command displays names resolved by broadcast and via WINS.
nbtstat -c
This command displays the NetBIOS name cache of the local computer
nbtstat -a
This command lists the remote machine's registered name table
Nbstat
This command provides information about the NetBIOS naming service that runs in some Windows-based computers.
sudo ifconfig eth0 down
This command releases any IP configurations received from DHCP server in MacOS/Linux
ipconfig /release
This command releases any IP configurations received from DHCP server in Windows
nbtstat -RR
This command takes all registered information and rebroadcasts it
ipconfig /flushdns
This command will clear your DNS resolver cache.
Corrective Controls
This control is used to correct a condition when there is either no control at all, or the existing control is ineffective. Normally, this control is temporary until a more permanent solution is put into place.
Port filtering
This enables an administrator to allow only certain ports to be used, and block all other ports.
Physical documentation
This includes a wiring diagram of the network, drop locations, and enumeration of equipment.
Non-Disclosure Agreement
This is a contract between an employer and an employee that states that the employee will not reveal the employer's trade secrets to future employers.
Critical node
This is a specific type of critical asset that is unique to the IT environment. Examples include components such as servers, routers, mission-critical workstations, printers, etc.
Server-side load balancing
This uses a sophisticated hardware device that is located with your servers to provide load balancing. This load balancer can query servers to determine usage, reroute traffic if a server goes down, and even act as a reverse proxy server.
external threats
Threats to your network through external means; examples include virus attacks and the exploitation of users, security holes in the OS, or the network hardware itself.
TGT
Ticket Granting Ticket
no-default routers
Tier 1 routers that connect to the other Tier 1 routers and can't have any default route
TDMA
Time Division Multiple Access
TDM
Time Division Multiplexing
TDR
Time Domain Reflectometer
Back up
To save important data in a secondary location as a safety precaution against the loss of the primary data.
traffic analysis
Tools that chart a network's traffic usage.
Network management software
Tools that enable you to describe, visualize, and configure an entire network
TCN
Topology Change Notification
Mesh Topology
Topology in which each computer has a direct or indirect connection to every other computer in a network. Any node on the network can forward traffic to other nodes. Popular in cellular and many wireless networks.
Point-to-Multipoint Topology
Topology in which one device communicates with more than one other device on a network.
Application log
Tracks application events, such as when an application opens or closes. Different types of application logs record different events.
voltage quality recorder
Tracks voltage over time by plugging into a power outlet.
Thinnet
Trade name for 10Base2 Ethernet technology. This is characterized by the use of RG-58 coaxial cable segments and BNC T connectors to attach stations to the segments.
Network Interface Card
Traditionally, an expansion card that enables a PC to link physically to a network. Modern computers now use built-in versions, no longer requiring physical cards, but the term is still very common
TLS
Transport Layer Security
TFTP
Trivial File Transfer Protocol
bonding
Two or more NICs in a system working together to act as a single NIC to increase performance.
stripe set
Two or more drives in a group that are used for a striped volume.
duplex fiber-optic cabling
Two-pair cabling which connects two fibers together to provide for sending and receiving
Symmetric DSL
Type of DSL connection that provides equal upload and download speed and, in theory, provides speeds up to 15 Mbps , although the vast majority of ISPs provide packages ranging from 192 Kbps to 9 Mbps.
dynamic NAT
Type of NAT in which many computers can share a pool of routable IP addresses that number fewer than the computers.
host-to-host
Type of VPN connection in which a single host establishes a link with a remote, single host.
host-to-site
Type of VPN connection where a host logs into a remote network as if it were any other local resource of that network.
copy backup
Type of backup similar to Normal or Full, in that all selected files on a system are backed up. This type of backup does not change the archive bit of the files being backed up.
Change request steps
Type of change, configuration procedures, rollback process, potential impact, notification, perform the change, documentation
Registered Jack
Type of connector used on the end of telephone and networking cables
RJ-45
Type of connector with eight-wire UTP connections; usually found in network connections and used for 10/100/1000BaseT networking.
RJ-11
Type of connector with four-wire UTP connections; usually found in telephone connections.
link state
Type of dynamic routing protocol that announces only changes to routing tables, as opposed to entire routing tables.
Multimode Fiber
Type of fiber-optic cable that uses LEDs. Almost always orange.
multimode
Type of fiber-optic cable with a large-diameter core that supports multiple modes of propagation. The large diameter simplifies connections, but has drawbacks related to distance.
PVC-rated cable
Type of network cable that offers no special fire protection; burning produces excessive smoke and noxious fumes. Also known as non-plenum rated
smart jack
Type of network interface unit (NIU) that enables ISPs or telephone companies to test for faults in a network, such as disconnections and loopbacks.
graphing
Type of software that creates visual representations and graphs of data collected by SNMP managers.
NTP port
UDP 123
SNTP port
UDP 123
NetBIOS ports
UDP 137/138 and TCP 137/139
Radius ports
UDP 1812-1813 or UDP 1645-1646
Real-time transport protocol ports
UDP 5004 and 5005
LLMNR port
UDP 53 and 55
DHCP ports
UDP 67 (for servers) and UDP 68 (for clients)
TFTP port
UDP 69
DNS port
UDP/TCP 53 (for servers)
straight-through cable
UTP or STP cable segment that has the wire and pin assignments at one end of the cable match the wire and same pin assignments at the other end. These are used to connect hosts to switches and are the connective opposite of crossover cables.
UPC
Ultra Physical Contact
noise
Undesirable signals bearing no desired information and frequently capable of introducing errors into the communication process
UTM
Unified Threat Management
URL
Uniform Resource Locator
UPS
Uninterruptible Power Supply
MAC (media access control) address
Unique 48-bit address assigned to each network card. IEEE assigns blocks of possible addresses to various NIC manufacturers to help ensure that the address is always unique. The Data Link layer of the OSI model uses this address to locate machines.
ICS server
Unit in a distributed control system (DCS) that can be used to manage global changes to the controllers.
Volt
Unit of measure for voltage
UNC
Universal Naming Convention
unencrypted channel
Unsecure communication between tow hosts that pass data using cleartext. For example, a Telnet connection.
UTP
Unshielded Twisted Pair
traffic spike
Unusual and usually dramatic increase in the amount of network traffic. Traffic spikes may be the result of normal operations within the organization or may be an indication of something more sinister.
reflection
Used in DDoS attacks, requests are sent to normal servers as if they had come from the target server. The response from the normal servers are reflected to the target server, overwhelming it without identifying the true initiator
VLAN pooling
Used in wireless networking, a setup where multiple VLANs share a common domain. The multiple VLANs are used to keep broadcast traffic to manageable levels. Wireless clients are randomly assigned to different VLANs. Their common domain enables them all to be centrally managed.
UDP
User Datagram Protocol
Root guard
Uses STP to decide which switch is the root bridge (aka root switch). This then protects against a rogue switch being installed and taking over the root switch role.
RAID 2
Uses bit-level striping
RAID 5
Uses block-level and parity data striping.
RAID 0
Uses byte-level striping and provides no fault tolerance.
RAID 4
Uses error-correcting information (such as parity) on a separate disk and block-level striping on the remaining drives
RAID 3
Uses error-correcting information (such as parity) on a separate disk and data striping on the remaining drives
RAID 1
Uses mirroring or duplexing for increased data redundancy.
Voice over IP
Using an IP network to conduct voice calls.
leeching
Using another person's wireless connection to the Internet without that person's permission.
War chalking
Using symbols to mark off a sidewalk or wall to indicate that there is an open wireless network which may be offering Internet access.
Cloud computing
Using the Internet to store files and run applications. For example, Google Docs is a cloud computing application that enables you to run productivity applications over the Internet from your Web browser.
Dynamic VLAN
VLANs assigned based on MAC addresses. Never used today
variable
Value of an SNMP management information base (MIB) object. That value can be read with a Get PDU or changed with a Set PDU.
VLSM
Variable Length Subnet Mask
Switch port protection
Various methods to help modern switches deal with malicious software and other threats. Includes technologies such as flood guards.
VDSL
Very High Bit Rate Digital Subscriber Line
EAP-MD5
Very simple version of EAP which uses only hashes for transfer and authentication credentials.
VTC
Video Teleconferencing
VPC
Virtual Private Cloud
VPN
Virtual Private Network
VRRP
Virtual Router Redundancy Protocol
SIP trunks
Virtual connections that connect PBX systems from multiple locations over the Internet
executable viruses
Viruses that are literally extensions of executables and that are unable to exist by themselves. Once an infected executable file is run, the virus loads into memory, adding copies of itself to other EXEs that are subsequently run.
WDM
Wave Division Multiplexing
looking glass site
Web site that enables a technician to run various diagnostic tools from outside their network.
Bandwidth speed tester
Web sites for measuring an Internet connection throughput, both download and upload speeds.
High device density environments
Wi-FI networks with lots of clients
WPA
Wi-Fi Protected Access
WPA2
Wi-Fi Protected Access 2
WPS
Wi-Fi Protected Setup
WAN
Wide Area Network
route print
Windows command to view current known routes in a system's routing table. Same command as Netstat -r
Exception
Windows terminology for something a firewall allows in an ACL
WEP
Wired Equivalent Privacy
WAP
Wireless Access Point
WLAN
Wireless Local Area Network
Z-wave
Wireless home automation control standard. Works at 900 MHz, has a 30 meter range, and transfer speeds of 9600 bps
Channel bonding
Wireless technology that enables wireless access points (WAPs) to use two channels for transmission.
Environment limitations
With respect to building and upgrading networks, refers to the degree of access to facilities and physical access to physical infrastructure. The type of building or buildings must be considered. Access to the walls and ceilings will factor in the construction of the network.
equipment limitations
With respect to installing and upgrading networks, the degree of usage of any existing equipment, applications, or cabling.
Device Types/Requirements
With respect to installing and upgrading networks, these determine what equipment is needed to build the network and how the network should be organized.
compatibility requirements
With respect to network installations and upgrades, requirements that deal with how well the new technology integrates with older or existing technologies.
www
World Wide Web
WORM
Write Once Read Many. Take care of your logs with optical media or hard drives
safety policy
Written policy that is designed to promote safety to IT members. What protective equipment to wear, ESD rules, lifting rules, how to handle spills, etc.
zeroconf
Zero-Configuration networking
Digital certificate
a data file that contains a public key, personal digital signature, and the digital signature of a third party guaranteeing the integrity of the personal digital signature
frame
a defined series of binary data that is the basic container for a discrete amount of data moving across a network. These are created at Layer 2 of the OSI model. Ethernet versions of these have a maximum size of 1500 bytes
chain of custody
a document used to track the collection, handling, and transfer of evidence
FC Connector
a fiber-optic connector that is threaded to ensure a tight connection
registered jack
connectors used for UTP cable on both telephone and network connections
VLAN assignment
assigning ports to VLANS
BSS
basic service set
refraction
bending of radio waves when transmitted through glass
BPS
bits per second
groups
collections of network users who share similar tasks and need similar permissions; defined to make administration tasks easier
dB
decibel
DOS
denial of service
DiffServ
differentiated services
Dispersion
diffusion over distance of light propagating down fiber cable.
DSP
digital signal processor
DC
direct current
dig
domain information groper
termination
endpoint in a network segment
Enhanced small form-factor pluggable
fiber-optic connector used in 10 GbE networks
header
first section of a frame, packet, segment, or datagram
JBOD
just a bunch of disks
LOM
lights-out management
MIME
multipurpose internet mail extensions
MSAU
multistation access unit
OS
operating system
P2P
peer-to-peer
Hackers
people who break into computer systems. Those with malicious intent are sometimes considered black hat hackers and those who do so with a positive intent (such as vulnerability testing) are regularly referred to as white hackers. Of course, there are middle-ground hackers: gray hat hackers.
RIS
remote installation services
Asset disposal
reusing, repurposing, or recycling computing devices that follows system life cycle policies in many organizaions.
SOHO
small office/home office
Bluesnarfing
use of weaknesses in the Bluetooth standard to steal information from other Bluetooth devices
continuity
the physical connection of wires in a network
Bluejacking
the process of sending unsolicited messages to another Bluetooth device
reassembly
the process where a receiving system verifies and puts together packets into coherent data
Gain
the strengthening and focusing of radio frequency output from a wireless access point (WAP).
download
the transfer of information from a remote computer system to the user's system. Opposite of upload
TLD
top-level domain
UC
unified communication
VTP
virtual trunking protocol
VoIP
voice over IP
V
volt
WINS
windows internet name service