Semester 2 Unit 7 computer networking
L2TP (Layer 2 Tunneling Protocol)
A VPN tunneling protocol that encapsulates PPP data for use on VPNs.
subscription model
A service model in which software is provided by subscription
GRE (Generic Routing Encapsulation)
A tunneling protocol developed by Cisco that is used to transmit PPP data frames through a VPN tunnel.
IKE (Internet Key Exchange)
One of two services in the key management phase of creating a secure IPsec connection. IKE negotiates the exchange of keys, including authentication of the keys.
PPPoE (PPP over Ethernet)
PPP running over an Ethernet network.
PPPoE
Which remote access protocol is used over an Ethernet network?
SFTP
Which remote file access protocol is an extension of SSH?
-compromise performance -increased complexity -increased licensing costs -single point of failure
Disadvantages of visualization
key management
The method whereby two nodes using key encryption agree on common parameters for the keys they will use to encrypt data.
platform
The operating system, the runtime libraries or modules the OS provides to applications, and the hardware on which the OS runs
control plane
The process of decision making, such as routing, blocking, and forwarding, that is performed by protocols
port forwarding
The process of redirecting traffic from its normally assigned port to a different port, either on the client or server.
PKI (Public-key Infrastructure)
The use of certificate authorities to associate public keys with certain users.
DirectAccess
What service in Windows Server 2016 authenticates remote users and computers to the Windows domain and its corporate network resources?
Hypervisor
What software allows you to define VMs and manage resource allocation and sharing among them on a host computer?
Virtual switch
What virtual, logically defined device operates at the Data Link layer to pass frames between nodes?
PaaS
Which cloud computing services model gives software developers access to multiple operating systems for testing?
Integrity
Which encryption benchmark ensures data is not modified after it's transmitted and before it's received?
IPsec
Which encryption protocol does GRE use to increase the security of its transmissions?
IKEv2
Which tunneling protocol is a component of the IPsec protocol suite?
NAT mode
With which network connection type does the VM obtain IP addressing information from its host?
-efficient use of resources -cost and energy savings -fault and threat isolation -simple backups, recovery, and replication
Advantages of visualization
DNS spoofing
An attack in which an outsider forges name server records to falsify his host's identity.
virtual firewall
An installation of a firewall's operating system in a VM.
virtual router
An installation of a router's operating system in a VM.
OpenVPN
An open-source VPN software that is available for multiple platforms.
CA (certificate authority)
An organization that issues and maintains digital certificates as part of the PKI (public-key infrastructure).
ISAKMP (Internet Security Association and Key Management Protocol)
One of two services in the key management phase of creating a secure IPsec connection. ISAKMP works within the IKE process to establish policies for managing the keys.
VNC (Virtual Network Computing or Virtual Network Connection)
Software that uses the cross-platform protocol RFB (remote frame buffer) to remotely control a workstation or server.
VNC (Virtual Network Computing)
Software that uses the cross-platform protocol RFB (remote frame buffer) to remotely control a workstation or server.
data plane
The actual contact made between physical devices and data transmissions as messages traverse a network.
IKEv2
The current version of IKE that offers fast throughput and good stability when moving between wireless hotspots.
hypervisor
The element of virtualization software that manages multiple guest machines and their connections to the host (and by association, to a physical network).
Virtualization
The emulation of all or part of a computer or network.
virtualization
The emulation of all or part of a computer or network.
cloud computing
The flexible provision of data storage, applications, or services to clients over the Internet.
PPP (Point-to-Point Protocol)
A Layer 2 communications protocol that enables a workstation to connect to a server using a serial connection such as dial-up or DSL.
PPTP (Point-to-Point Tunneling Protocol)
A Layer 2 protocol developed by Microsoft that encapsulates PPP data frames for transmission over VPN connections.
IPsec (Internet Protocol Security)
A Layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. IPsec is an enhancement to IPv4 and is native to IPv6.
VPN (virtual private network)
A virtual connection between a client and a remote network, two remote networks, or two remote hosts over the Internet or other types of networks, to remotely provide network resources.
SDN (software-defined networking)
A centralized approach to networking that removes most of the decision-making power from network devices and instead handles that responsibility at a software level.
PoP (Points of Presence)
A data center facility at which a provider rents space to allow for dedicated connection services
PoP (Point of Presence)
A data center facility at which a provider rents space to allow for dedicated connection services.
colocation facility
A data center facility that is shared by a variety of providers. Also called a carrier hotel
Out-of-band management
A dedicated connection (either wired or wireless) from the network administrator's computer used to manage each critical network device, such as routers, firewalls, servers, power supplies, applications, and security cameras.
out-of-band management
A dedicated connection (either wired or wireless) from the network administrator's computer used to manage each critical network device, such as routers, firewalls, servers, power supplies, applications, and security cameras.
community cloud
A deployment model in which flexible data storage, applications, or services are shared between multiple organizations, but not available publicly
Hybrid Cloud
A deployment model in which shared and flexible data storage, applications, or services are made available through a combination of other service models into a single deployment, or a collection of services connected within the cloud.
hybrid cloud
A deployment model in which shared and flexible data storage, applications, or services are made available through a combination of other service models into a single deployment, or a collection of services connected within the cloud.
public cloud
A deployment model in which shared and flexible data storage, applications, or services are managed centrally by service providers and delivered over public transmission lines, such as the Internet
private cloud
A deployment model in which shared and flexible data storage, applications, or services are managed on and delivered via an organization's own network, or established virtually for a single organization's private use.
HVDs (hosted virtual desktops
A desktop operating environment hosted virtually on a different physical computer from the one the user interacts with
HVD (hosted virtual desktop)
A desktop operating environment hosted virtually on a different physical computer from the one the user interacts with.
console router
A device that provides centralized management of all linked devices.
console server
A device that provides centralized management of all linked devices.
public key encryption
A form of key encryption in which data is encrypted using two keys: One is a key known only to a user (that is, a private key), and the other is a key associated with the user and that can be obtained from a public source, such as a public key server. Public key encryption is also known as asymmetric encryption.
Type 2 hypervisor
A hypervisor that installs in a host OS as an application and is called a hosted hypervisor.
type 2 hypervisor
A hypervisor that installs in a host OS as an application and is called a hosted hypervisor.
Type 1 hypervisor
A hypervisor that installs on a computer before any OS and is therefore called a bare-metal hypervisor.
type 1 hypervisor
A hypervisor that installs on a computer before any OS and is therefore called a bare-metal hypervisor.
vSwitch (virtual switch)
A logically defined device that operates at the Data Link layer to pass frames between nodes.
vNIC (virtual NIC)
A logically defined network interface associated with a virtual machine.
remote access
A method for connecting and logging on to a server, LAN, or WAN from a workstation that is in a different geographical location.
symmetric encryption
A method of encryption that requires the same key to encode the data as is used to decode the cipher text.
NFV (Network Functions Virtualization)
A network architecture that merges physical and virtual network devices.
DMVPN (Dynamic Multipoint VPN)
A particular type of enterprise VPN using Cisco devices that dynamically creates VPN tunnels between branch locations as needed rather than requiring constant, static tunnels for site-to-site connections.
SDN controller
A product that integrates configuration and management control of all network devices, both physical and virtual, into one cohesive system that is overseen by the network administrator through a single dashboard
handshake protocol
A protocol within SSL that allows the client and server to authenticate (or introduce) each other and establishes terms for how they securely exchange data during an SSL session
key
A series of characters that is combined with a block of data during that data's encryption.
RAS (remote access server)
A server that runs communications services enabling remote users to log on to a network and grant privileges to the network's resources.
SaaS (Software as a Service)\\
A service model in which applications are provided through an online user interface and are compatible with a multitude of devices and operating systems
SaaS (Software as a Service)
A service model in which applications are provided through an online user interface and are compatible with a multitude of devices and operating systems.
IaaS (Infrastructure as a Service
A service model in which hardware services are provided virtually, including network infrastructure devices such as virtual servers
IaaS (Infrastructure as a Service)
A service model in which hardware services are provided virtually, including network infrastructure devices such as virtual servers.
PaaS (Platform as a Service)
A service model in which various platforms are provided virtually, enabling developers to build and test applications within virtual, online environments tailored to the specific needs of a project
digital certificate
A small file containing verified identification information about the user and the user's public key.
VPN concentrator
A specialized device that authenticates VPN clients, establishes tunnels for VPN connections, and manages encryption for VPN transmissions.
in-band management
A switch management option, such as Telnet, that uses the existing network and its protocols to interface with a switch.
CIA (confidentiality, integrity, and availability) triad
A three-tenet, standard security model describing the primary ways that encryption protects data. Confidentiality ensures that data can only be viewed by its intended recipient or at its intended destination. Integrity ensures that data was not modified after the sender transmitted it and before the receiver picked it up. Availability ensures that data is available to and accessible by the intended recipient when needed.
site-to-site VPN
A type of VPN in which VPN gateways at multiple sites encrypt and encapsulate data to exchange over tunnels with other VPN gateways. Meanwhile, clients, servers, and other hosts on a siteto- site VPN communicate with the VPN gateway.
client-to-site VPN
A type of VPN in which clients, servers, and other hosts establish tunnels with a private network using a VPN gateway at the edge of the private network.
XaaS (Anything as a Service or Everything as a Service)
A type of cloud computing in which the cloud can provide any combination of functions depending on a client's exact needs, or assumes functions beyond networking including, for example, monitoring, storage, applications, and virtual desktops
asymmetric encryption
A type of encryption (such as public key encryption) that uses a different key for encoding data than is used for decoding the cipher text.
private key encryption
A type of key encryption in which the sender and receiver use a key to which only they have access. Also known as symmetric encryption.
host-only mode
A type of network connection in which VMs on a host can exchange data with each other and with their host, but they cannot communicate with any nodes beyond the host. In host-only mode, VMs use the DHCP service in the host's virtualization software to obtain IP address assignments.
bridged mode
A type of network connection in which a vNIC accesses a physical network using the host machine's NIC. The bridged vNIC obtains its own IP address, default gateway, and subnet mask information from the physical LAN's DHCP server.
NAT mode
A type of network connection in which a vNIC relies on the host machine to act as a NAT device. The virtualization software acts as a DHCP server.
DTLS (Datagram Transport Layer Security)
A variant of TLS designed specifically for streaming communications.
FTPS (FTP Security or FTP Secure)
A version of FTP that incorporates the TLS and SSL protocols for added security.
management URL
A web-based user interface where the user can make changes directly to a device.
ESP (Encapsulating Security Payload)
In the context of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques and encrypts the entire IP packet for added security.
AH (authentication header)
In the context of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques.
client_hello
In the context of SSL encryption, a message issued from the client to the server that contains information about what level of security the client's browser is capable of accepting and what type of encryption the client's browser can decipher.
server_hello
In the context of SSL encryption, a message issued from the server to the client that confirms the information the server received in the client_hello message. It also agrees to certain terms of encryption based on the options the client supplied.
guest
In the context of virtualization, a virtual machine operated and managed by a virtualization program.
