GLOSSARY
3G Third-generation wireless data standard for cell phones and other mobile devices. 3G matured over time until Evolved High-Speed Packet Access (HSPA+) became the final wireless 3G data standard. It transferred at theoretical maximum speeds up to 168 megabits per second (Mbps), although real-world implementations rarely passed 10 Mbps.
4G Most popularly implemented as Long Term Evolution (LTE), a wireless data standard with theoretical download speeds of 300 Mbps and upload speeds of 75 Mbps.
4to6 Internet connectivity technology that encapsulates IPv4 traffic into an IPv6 tunnel to get to an IPv6-capable router.
6in4 An IPv6 tunneling standard that can go through IPv4 Network Address Translation (NAT).
6to4 An IPv6 tunneling protocol that doesn’t require a tunnel broker. It is generally used to directly connect two routers because it normally requires a public IPv4 address.
8 position 8 contact (8P8C) Four-pair connector used on the end of network cable. Erroneously referred to as an RJ-45 connector.
10 Gigabit Ethernet (10 GbE) A very fast Ethernet designation, with a number of fiber-optic and copper standards.
10Base2 The last true bus-standard network where nodes connected to a common, shared length of coaxial cable.
10BaseFL Fiber-optic implementation of Ethernet that runs at 10 Mbps using baseband signaling. Maximum segment length is 2 km.
10BaseT An Ethernet LAN designed to run on UTP cabling. Runs at 10 Mbps and uses baseband signaling. Maximum length for the cabling between the NIC and the hub (or the switch, the repeater, and so forth) is 100 m.
10GBaseER/10GBaseEW A 10 GbE standard using 1550-nm single-mode fiber. Maximum cable length up to 40 km.
10GBaseLR/10GBaseLW A 10 GbE standard using 1310-nm single-mode fiber. Maximum cable length up to 10 km.
10GBaseSR/10GBaseSW A 10 GbE standard using 850-nm multimode fiber. Maximum cable length up to 300 m.
10GBaseT A 10 GbE standard designed to run on Cat 6a UTP cabling. Maximum cable length of 100 m.
66 block Patch panel used in telephone networks; displaced by 110 blocks in networking.
100BaseFX An Ethernet LAN designed to run on fiber-optic cabling. Runs at 100 Mbps and uses baseband signaling. Maximum cable length is 400 m for half-duplex and 2 km for full-duplex.
100BaseT An Ethernet LAN designed to run on UTP cabling. Runs at 100 Mbps, uses baseband signaling, and uses two pairs of wires on Cat 5 or better cabling.
100BaseT4 An Ethernet LAN designed to run on UTP cabling. Runs at 100 Mbps and uses four-pair Cat 3 or better cabling. Made obsolete by 100BaseT.
100BaseTX The technically accurate but little-used name for 100BaseT.
110 block Also known as a 110-punchdown block, a connection gridwork used to link UTP and STP cables behind an RJ-45 patch panel.
110-punchdown block The most common connection used on the back of an RJ-45 jack and patch panels.
110-punchdown tool See punchdown tool.
802 committee The IEEE committee responsible for all Ethernet standards.
802.1X A port-authentication network access control mechanism for networks.
802.3 (Ethernet) See Ethernet.
802.3ab The IEEE standard for 1000BaseT.
802.3z The umbrella IEEE standard for all versions of Gigabit Ethernet other than 1000BaseT.
802.11 See IEEE 802.11.
802.11a A wireless standard that operates in the frequency range of 5 GHz and offers throughput of up to 54 Mbps.
802.11ac A wireless standard that operates in the frequency range of 5 GHz and offers throughput of up to 1 Gbps.
802.11a-ht Along with the corresponding 802.11g-ht standard, technical terms for mixed mode 802.11a/802.11g operation. In mixed mode, both technologies are simultaneously supported.
802.11b The first popular wireless standard, operates in the frequency range of 2.4 GHz and offers throughput of up to 11 Mbps.
802.11g Older wireless standard that operates on the 2.4-GHz band with a maximum throughput of 54 Mbps. Superseded by 802.11n.
802.11g-ht Along with the corresponding 802.11a-ht standard, technical terms for mixed mode 802.11a/802.11g operation. In mixed mode, both technologies are simultaneously supported.
802.11i A wireless standard that added security features.
802.11n An 802.11 standard that increases transfer speeds and adds support for multiple in/multiple out (MIMO) by using multiple antennas. 802.11n can operate on either the 2.4- or 5-GHz frequency band and has a maximum throughput of 400 Mbps. Superseded by 802.11ac.
802.16 See IEEE 802.16.
1000BaseCX A Gigabit Ethernet standard using unique copper cabling, with a 25-m maximum cable distance.
1000BaseLX A Gigabit Ethernet standard using single-mode fiber cabling, with a 5-km maximum cable distance.
1000BaseSX A Gigabit Ethernet standard using multimode fiber cabling, with a 220- to 500-m maximum cable distance.
1000BaseT A Gigabit Ethernet standard using Cat 5e/6 UTP cabling, with a 100-m maximum cable distance.
1000BaseTX Short-lived gigabit-over-UTP standard from TIA/EIA. Considered a competitor to 1000BaseT, it was simpler to implement but required the use of Cat 6 cable.
1000BaseX An umbrella Gigabit Ethernet standard. Also known as 802.3z. Comprises all Gigabit standards with the exception of 1000BaseT, which is under the 802.3ab standard.
A records DNS records that map host names to their IPv4 addresses.
AAA (Authentication, Authorization, and Accounting) See Authentication, Authorization, and Accounting (AAA).
AAAA records DNS records that map host names to their IPv6 addresses.
absorption Quality of some building materials (such as brick, sheetrock, and wood) to reduce or eliminate a Wi-Fi signal.
acceptable use policy A document that defines what a person may and may not do on an organization’s computers and networks.
access control All-encompassing term that defines the degree of permission granted to use a particular resource. That resource may be anything from a switch port to a particular file to a physical door within a building.
access control list (ACL) A clearly defined list of permissions that specifies what actions an authenticated user may perform on a shared resource.
Access Control Server (ACS) Cisco program/process/server that makes the decision to admit or deny a node based on posture assessment. From there, the ACS directs the edge access device to allow a connection or to implement a denial or redirect.
access port Regular port in a switch that has been configured as part of a VLAN. Access ports are ports that hosts connect to. They are the opposite of a trunk port, which is only connected to a trunk port on another switch.
Active Directory A form of directory service used in networks with Windows servers. Creates an organization of related computers that share one or more Windows domains.
activity light An LED on a NIC, hub, or switch that blinks rapidly to show data transfers over the network.
ad hoc mode A wireless networking mode where each node is in direct contact with every other node in a decentralized free-for-all. Ad hoc mode is similar to the mesh topology.
Adaptive Network Technology (ANT+) A low-speed, low-power networking technology; used in place of Bluetooth for connecting devices, such as smart phones and exercise machines.
Address Resolution Protocol (ARP) A protocol in the TCP/IP suite used with the command-line utility of the same name to determine the MAC address that corresponds to a particular IP address.
administrative accounts Specialized user accounts that have been granted sufficient access rights and authority to manage specified administrative tasks. Some administrative accounts exist as a default of the system and have all authority throughout the system. Others must be explicitly assigned the necessary powers to administer given resources.
ADSL (asymmetric digital subscriber line) See asymmetric digital subscriber line (ADSL).
Advanced Encryption Standard (AES) A block cipher created in the late 1990s that uses a 128-bit block size and a 128-, 192-, or 256-bit key size. Practically uncrackable.
adware A program that monitors the types of Web sites you frequent and uses that information to generate targeted advertisements, usually pop-up windows.
agent In terms of posture assessment, refers to software that runs within a client and reports the client’s security characteristics to an access control server to be approved or denied entry to a system.
agent-less In terms of posture assessment, refers to a client that has its posture checked and presented by non-permanent software, such as a Web app program, that executes as part of the connection process. Agent-less software does not run directly within the client but is run on behalf of the client.
aggregation A router hierarchy in which every router underneath a higher router always uses a subnet of that router’s existing routes.
air gap The act of physically separating a network from every other network.
Aircrack-ng An open source tool for penetration testing many aspects of wireless networks.
alert Proactive message sent from an SNMP manager as a result of a trap issued by an agent. Alerts may be sent as e-mail, SMS message, voicemail, or other avenue.
algorithm A set of rules for solving a problem in a given number of steps.
allow Permission for data or communication to pass through or to access a resource. Specific allowances through a firewall are called exceptions.
American Registry for Internet Numbers (ARIN) A Regional Internet Registry (RIR) that parcels out IP addresses to large ISPs and major corporations in North America.
amplification The aspect of a DoS attack that makes a server do a lot of processing and responding.
amplified DoS attack The type of DoS attack that sends a small amount of traffic to a server, which produces a much larger response from the server that is sent to a spoofed IP address, overwhelming a victim machine.
Angled Physical Contact (APC) Fiber-optic connector that makes physical contact between two fiber-optic cables. It specifies an 8-degree angle to the curved end, lowering signal loss. APC connectors have less connection degradation from multiple insertions compared to other connectors.
anti-malware program Software that attempts to block several types of threats to a client including viruses, Trojan horses, worms, and other unapproved software installation and execution.
antivirus Software that attempts to prevent viruses from installing or executing on a client. Some antivirus software may also attempt to remove the virus or eradicate the effects of a virus after an infection.
anycast A method of addressing groups of computers as though they were a single computer. Anycasting starts by giving a number of computers (or clusters of computers) the same IP address. Advanced routers then send incoming packets to the closest of the computers.
Apache HTTP Server An open source HTTP server program that runs on a wide variety of operating systems.
Application layer See Open Systems Interconnection (OSI) seven-layer model.
application log Tracks application events, such as when an application opens or closes. Different types of application logs record different events.
Application Programming Interface (API) Shared functions, subroutines, and libraries that allow programs on a machine to communicate with the OS and other programs.
application/context aware Advanced feature of some stateful firewalls where the content of the data is inspected to ensure it comes from, or is destined for, an appropriate application. Context-aware firewalls look both deeply and more broadly to ensure that the data content and other aspects of the packet are appropriate to the data transfer being conducted. Packets that fall outside these awareness criteria are denied by the firewall.
approval process One or more decision makers consider a proposed change and the impact of the change, including funding. If the change, the impact, and the funding are acceptable, the change is permitted.
archive The creation and storage of retrievable copies of electronic data for legal and functional purposes.
archive bit An attribute of a file that shows whether the file has been backed up since the last change. Each time a file is opened, changed, or saved, the archive bit is turned on. Some types of backups turn off the archive bit to indicate that a good backup of the file exists on tape.
Area ID Address assigned to routers in an OSPF network to prevent flooding beyond the routers in that particular network. See also Open Shortest Path First (OSPF).
areas Groups of logically associated OSPF routers designed to maximize routing efficiency while keeping the amount of broadcast traffic well managed. Areas are assigned a 32-bit value that manifests as an integer between 0 and 4294967295 or can take a form similar to an IP address, for example, “0.0.0.0.”
ARP See Address Resolution Protocol (ARP).
ARP cache poisoning A man-in-the-middle attack, where the attacker associates his MAC address with someone else’s IP address (almost always the router), so all traffic will be sent to him first. The attacker sends out unsolicited ARPs, which can either be requests or replies.
arping A command used to discover hosts on a network, similar to ping, but that relies on ARP rather than ICMP. The arping command won’t cross any routers, so it will only work within a broadcast domain. See also Address Resolution Protocol (ARP) and ping.
asset disposal Reusing, repurposing, or recycling computing devices that follows system life cycle policies in many organizations.
asset management Managing each aspect of a network, from documentation to performance to hardware.
asymmetric digital subscriber line (ADSL) A fully digital, dedicated connection to the telephone system that provides download speeds of up to 9 Mbps and upload speeds of up to 1 Mbps.
asymmetric-key algorithm An encryption method in which the key used to encrypt a message and the key used to decrypt it are different, or asymmetrical.
Asynchronous Transfer Mode (ATM) A network technology that runs at speeds between 25 and 622 Mbps using fiber-optic cabling or Cat 5 or better UTP.
attenuation The degradation of signal over distance for a networking cable.
authentication A process that proves good data traffic truly came from where it says it originated by verifying the sending and receiving users and computers.
Authentication, Authorization, and Accounting (AAA) A security philosophy wherein a computer trying to connect to a network must first present some form of credential in order to be authenticated and then must have limitable permissions within the network. The authenticating server should also record session information about the client.
Authentication Server (AS) In Kerberos, a system that hands out Ticket-Granting Tickets to clients after comparing the client hash to its own. See also Ticket-Granting Ticket (TGT).
authoritative DNS servers DNS servers that hold the IP addresses and names of systems for a particular domain or domains in special storage areas called forward lookup zones. They also have reverse lookup zones.
authoritative name servers Another name for authoritative DNS servers. See authoritative DNS servers.
authorization A step in the AAA philosophy during which a client’s permissions are decided upon. See also Authentication, Authorization, and Accounting (AAA).
Automatic Private IP Addressing (APIPA) A networking feature in operating systems that enables DHCP clients to self-configure an IP address and subnet mask automatically when a DHCP server isn’t available.
Autonomous System (AS) One or more networks that are governed by a single protocol, which provides routing for the Internet backbone.
back up To save important data in a secondary location as a safety precaution against the loss of the primary data.
backup Archive of important data that the disaster recovery team can retrieve in case of some disaster.
backup designated router (BDR) A second router set to take over if the designated router fails. See also designated router (DR).
backup generator An onsite generator that provides electricity if the power utility fails.
badge A card-shaped device used for authentication; something you have, a possession factor.
bandwidth A piece of the spectrum occupied by some form of signal, whether it is television, voice, fax data, and so forth. Signals require a certain size and location of bandwidth to be transmitted. The higher the bandwidth, the faster the signal transmission, thus allowing for a more complex signal such as audio or video. Because bandwidth is a limited space, when one user is occupying it, others must wait their turn. Bandwidth is also the capacity of a network to transmit a given amount of data during a given period.
bandwidth saturation When the frequency of a band is filled to capacity due to the large number of devices using the same bandwidth.
bandwidth speed tester Web sites for measuring an Internet connection throughput, both download and upload speeds.
banner grabbing When a malicious user gains access to an open port and uses it to probe a host to gain information and access, as well as learn details about running services.
baseband Digital signaling that has only one signal (a single signal) on the cable at a time. The signals must be in one of three states: one, zero, or idle.
baseline Static image of a system’s (or network’s) performance when all elements are known to be working properly.
basic NAT A simple form of NAT that translates a computer’s private or internal IP address to a global IP address on a one-to-one basis.
Basic Rate Interface (BRI) The basic ISDN configuration, which consists of two B channels (which can carry voice or data at a rate of 64 Kbps) and one D channel (which carries setup and configuration information, as well as data, at 16 Kbps).
Basic Service Set (BSS) In wireless networking, a single access point servicing a given area.
Basic Service Set Identifier (BSSID) Naming scheme in wireless networks.
baud One analog cycle on a telephone line.
baud rate The number of bauds per second. In the early days of telephone data transmission, the baud rate was often analogous to bits per second. Due to advanced modulation of baud cycles as well as data compression, this is no longer true.
Bearer channel (B channel) A type of ISDN channel that carries data and voice information using standard DS0 channels at 64 Kbps.
bidirectional (BiDi) transceiver Full-duplex fiber-optic connector that relies on wave division multiplexing (WDM) to differentiate wave signals on a single fiber, creating single-strand fiber transmission.
biometric Human physical characteristic that can be measured and saved to be compared as authentication in granting the user access to a network or resource. Common biometrics include fingerprints, facial scans, retinal scans, voice pattern recognition, and others.
biometric devices Devices that scan fingerprints, retinas, or even the sound of the user’s voice to provide a foolproof replacement for both passwords and smart devices.
Bit Error Rate Test (BERT) An end-to-end test that verifies a T-carrier connection.
block Access that is denied to or from a resource. A block may be implemented in a firewall, access control server, or other secure gateway. See also allow.
block cipher An encryption algorithm in which data is encrypted in “chunks” of a certain length at a time. Popular in wired networks.
blocks Contiguous ranges of IP addresses that are assigned to organizations and end users by IANA. Also called network blocks.
Bluejacking The process of sending unsolicited messages to another Bluetooth device.
Bluesnarfing Use of weaknesses in the Bluetooth standard to steal information from other Bluetooth devices.
BNC connector A connector used for 10Base2 coaxial cable. All BNC connectors have to be locked into place by turning the locking ring 90 degrees.
BNC coupler Passive connector used to join two segments of coaxial cables that are terminated with BNC connectors.
bonding Two or more NICs in a system working together to act as a single NIC to increase performance.
Bootstrap Protocol (BOOTP) A component of TCP/IP that allows computers to discover and receive an IP address from a DHCP server prior to booting the OS. Other items that may be discovered during the BOOTP process are the IP address of the default gateway for the subnet and the IP addresses of any name servers.
Border Gateway Protocol (BGP-4) An exterior gateway routing protocol that enables groups of routers to share routing information so that efficient, loop-free routes can be established.
botnet A group of computers under the control of one operator, used for malicious purposes. See also zombie.
bottleneck A spot on a network where traffic slows precipitously.
bounce A signal sent by one device taking many different paths to get to the receiving systems.
bps (bits per second) A measurement of how fast data is moved across a transmission medium. A Gigabit Ethernet connection moves 1,000,000,000 bps.
bridge A device that connects two networks and passes traffic between them based only on the node address, so that traffic between nodes on one network does not appear on the other network. For example, an Ethernet bridge only looks at the MAC address. Bridges filter and forward frames based on MAC addresses and operate at Layer 2 (Data Link layer) of the OSI seven-layer model.
bridge loop A negative situation in which bridging devices (usually switches) are installed in a loop configuration, causing frames to loop continuously. Switches using Spanning Tree Protocol (STP) prevent bridge loops by automatically turning off looping ports.
bridged connection An early type of DSL connection that made the DSL line function the same as if you snapped an Ethernet cable into your NIC.
bridging loop A physical wiring of a circuitous path between two or more switches, causing frames to loop continuously. Implementing Spanning Tree Protocol (STP) in these devices will discover and block looped paths.
bring your own device (BYOD) A trend wherein users bring their own network-enabled devices to the work environment. These cell phones, tablets, notebooks, and other mobile devices must be easily and securely integrated and released from corporate network environments using on-boarding and off-boarding technologies.
broadband Analog signaling that sends multiple signals over the cable at the same time. The best example of broadband signaling is cable television. The zero, one, and idle states exist on multiple channels on the same cable. See also baseband.
broadcast A frame or packet addressed to all machines, almost always limited to a broadcast domain.
broadcast address The address a NIC attaches to a frame when it wants every other NIC on the network to read it. In TCP/IP, the general broadcast address is 255.255.255.255. In Ethernet, the broadcast MAC address is FF-FF-FF-FF-FF-FF.
broadcast domain A network of computers that will hear each other’s broadcasts. The older term collision domain is the same but rarely used today.
broadcast storm The result of one or more devices sending a nonstop flurry of broadcast frames on the network.
browser A software program specifically designed to retrieve, interpret, and display Web pages.
brute force A type of attack wherein every permutation of some form of data is tried in an attempt to discover protected information. Most commonly used on password cracking.
buffer A component of a fiber-optic cable that adds strength to the cable.
building entrance Location where all the cables from the outside world (telephone lines, cables from other buildings, and so on) come into a building.
bus topology A network topology that uses a single bus cable that connects all of the computers in a line. Bus topology networks must be terminated to prevent signal reflection.
business continuity planning (BCP) The process of defining the steps to be taken in the event of a physical corporate crisis to continue operations. Includes the creation of documents to specify facilities, equipment, resources, personnel, and their roles.
butt set Device that can tap into a 66- or 110-punchdown block to see if a particular line is working.
byte Eight contiguous bits, the fundamental data unit of personal computers. Storing the equivalent of one character, the byte is also the basic unit of measurement for computer storage. Bytes are counted in powers of two.
CAB files Short for “cabinet files.” These files are compressed and most commonly used during Microsoft operating system installation to store many smaller files, such as device drivers.
cable certifier A very powerful cable testing device used by professional installers to test the electrical characteristics of a cable and then generate a certification report, proving that cable runs pass TIA/EIA standards.
cable drop Location where the cable comes out of the wall at the workstation location.
cable modem A bridge device that interconnects the cable company’s DOCSIS service to the user’s Ethernet network. In most locations, the cable modem is the demarc.
cable stripper Device that enables the creation of UTP cables.
cable tester A generic name for a device that tests cables. Some common tests are continuity, electrical shorts, crossed wires, or other electrical characteristics.
cable tray A device for organizing cable runs in a drop ceiling.
cache A special area of RAM that stores frequently accessed data. In a network there are a number of applications that take advantage of cache in some way.
cached lookup The list kept by a DNS server of IP addresses it has already resolved, so it won’t have to re-resolve an FQDN it has already checked.
cache-only DNS servers (caching-only DNS servers) DNS servers that do not have any forward lookup zones. They resolve names of systems on the Internet for the network, but are not responsible for telling other DNS servers the names of any clients.
caching engine A server dedicated to storing cache information on your network. These servers can reduce overall network traffic dramatically.
Cacti Popular network graphing program.
campus area network (CAN) A network installed in a medium-sized space spanning multiple buildings.
canonical name (CNAME) Less common type of DNS record that acts as a computer’s alias.
captive portal A Wi-Fi network implementation used in some public facilities that directs attempts to connect to the network to an internal Web page for that facility; generally used to force terms of service on users.
capture file A file in which the collected packets from a packet sniffer program are stored.
card Generic term for anything that you can snap into an expansion slot.
carrier sense multiple access with collision avoidance (CSMA/CA) See CSMA/CA (Carrier Sense Multiple access with Collision avoidance).
carrier sense multiple access with collision detection (CSMA/CD) See CSMA/CD (carrier sense multiple access with collision detection).
Cat 3 Category 3 wire, a TIA/EIA standard for UTP wiring that can operate at up to 16 Mbps.
Cat 5 Category 5 wire, a TIA/EIA standard for UTP wiring that can operate at up to 100 Mbps.
Cat 5e Category 5e wire, a TIA/EIA standard for UTP wiring with improved support for 100 Mbps using two pairs and support for 1000 Mbps using four pairs.
Cat 6 Category 6 wire, a TIA/EIA standard for UTP wiring with improved support for 1000 Mbps; supports 10 Gbps up to 55 meters.
Cat 6a Category 6a wire, a TIA/EIA standard for UTP wiring with support for 10 Gbps up to 100 meters.
Cat 7 Category 7 wire, a standard (unrecognized by TIA) for UTP wiring with support for 10+ Gbps at 600 MHz max. frequency.
category (Cat) rating A grade assigned to cable to help network installers get the right cable for the right network technology. Cat ratings are officially rated in megahertz (MHz), indicating the highest-frequency bandwidth the cable can handle.
CCITT (Comité Consutatif Internationale Téléphonique et Télégraphique) European standards body that established the V standards for modems.
CCMP-AES A 128-bit block cipher used in the IEEE 802.11i standard.
central office Building that houses local exchanges and a location where individual voice circuits come together.
certificate A public encryption key signed with the digital signature from a trusted third party called a certificate authority (CA). This key serves to validate the identity of its holder when that person or company sends data to other parties.
certifier A device that tests a cable to ensure that it can handle its rated amount of capacity.
chain of custody A document used to track the collection, handling, and transfer of evidence.
Challenge Handshake Authentication Protocol (CHAP) A remote access authentication protocol. It has the serving system challenge the remote client, which must provide an encrypted password.
Challenge-Response Authentication Mechanism-Message Digest 5 (CRAM-MD5) A tool for server authentication in SMTP servers.
change management The process of initiating, approving, funding, implementing, and documenting significant changes to the network.
change management documentation A set of documents that defines procedures for changes to the network.
change management team Personnel who collect change requests, evaluate the change, work with decision makers for approval, plan and implement approved changes, and document the changes.
change request A formal or informal document suggesting a modification to some aspect of the network or computing environment.
channel A portion of the wireless spectrum on which a particular wireless network operates. Setting wireless networks to different channels enables separation of the networks.
channel bonding Wireless technology that enables wireless access points (WAPs) to use two channels for transmission.
channel overlap Drawback of 2.4-GHz wireless networks where channels shared some bandwidth with other channels. This is why only three 2.4-GHz channels can be used in the United States (1, 6, and 11).
Channel Service Unit/Digital Service Unit (CSU/DSU) See CSU/DSU (Channel Service Unit/Data Service Unit).
chat A multiparty, real-time text conversation. The Internet’s most popular version is known as Internet Relay Chat (IRC), which many groups use to converse in real time with each other.
checksum A simple error-detection method that adds a numerical value to each data packet, based on the number of data bits in the packet. The receiving node applies the same formula to the data and verifies that the numerical value is the same; if not, the data has been corrupted and must be re-sent.
choose your own device (CYOD) Deployment model where corporate employees select among a catalog of approved mobile devices.
cipher A series of complex and hard-to-reverse mathematics run on a string of ones and zeroes in order to make a new set of seemingly meaningless ones and zeroes.
cipher lock A door unlocking system that uses a door handle, a latch, and a sequence of mechanical push buttons.
ciphertext The output when cleartext is run through a cipher algorithm using a key.
circuit switching The process for connecting two phones together on one circuit.
Cisco IOS Cisco’s proprietary operating system.
cladding The part of a fiber-optic cable that makes the light reflect down the fiber.
class license Contiguous chunk of IP addresses passed out by the Internet Assigned Numbers Authority (IANA).
class of service (CoS) A prioritization value used to apply to services, ports, or whatever a quality of service (QoS) device might use.
classful Obsolete IPv4 addressing scheme that relied on the original class blocks, such as Class A, Class B, and Class C.
classless IPv4 addressing scheme that does not rely on the original class blocks, such as Class A, Class B, and Class C.
Classless Inter-Domain Routing (CIDR) The basis of allocating and routing classless addresses, not restricting subnet masks to /8, /16, or /24, which classful addressing did. See also subnetting.
classless subnet A subnet that does not fall into the common categories such as Class A, Class B, and Class C.
cleartext See plaintext.
cleartext credentials Any login process conducted over a network where account names, passwords, or other authentication elements are sent from the client or server in an unencrypted fashion.
client A computer program that uses the services of another computer program; software that extracts information from a server. Your autodial phone is a client, and the phone company is its server. Also, a machine that accesses shared resources on a server.
client/server A relationship in which client software obtains services from a server on behalf of a user.
client/server application An application that performs some or all of its processing on an application server rather than on the client. The client usually only receives the result of the processing.
client/server network A network that has dedicated server machines and client machines.
client-to-site A type of VPN connection where a single computer logs into a remote network and becomes, for all intents and purposes, a member of that network.
closed-circuit television (CCTV) A self-contained, closed system in which video cameras feed their signal to specific, dedicated monitors and storage devices.
cloud computing Using the Internet to store files and run applications. For example, Google Docs is a cloud computing application that enables you to run productivity applications over the Internet from your Web browser.
cloud/server based Remote storage and access of software, especially anti-malware software, where it can be singularly updated. This central storage allows users to access and run current versions of software easily, with the disadvantage of it not running automatically on the local client. The client must initiate access to and launching of the software.
cloud/server-based anti-malware Remote storage and access of software designed to protect against malicious software where it can be singularly updated.
clustering Multiple pieces of equipment, such as servers, connected, which appear to the user and the network as one logical device, providing data and services to the organization for both redundancy and fault tolerance.
coarse wavelength division multiplexing (CWDM) An optical multiplexing technology in which a few signals of different optical wavelength could be combined to travel a fairly short distance.
coaxial cable A type of cable that contains a central conductor wire surrounded by an insulating material, which in turn is surrounded by a braided metal shield. It is called coaxial because the center wire and the braided metal shield share a common axis or centerline.
code-division multiple access (CDMA) Early cellular telephone technology that used spread-spectrum transmission. Obsolete.
cold site A location that consists of a building, facilities, desks, toilets, parking, and everything that a business needs except computers.
collision The result of two nodes transmitting at the same time on a multiple access network such as Ethernet. Both frames may be lost or partial frames may result.
collision domain See broadcast domain.
collision light A light on some older NICs that flickers when a network collision is detected.
command A request, typed from a terminal or embedded in a file, to perform an operation or to execute a particular program.
Common Internet File System (CIFS) The protocol that NetBIOS used to share folders and printers. Still very common, even on UNIX/Linux systems.
community cloud A private cloud paid for and used by more than one organization.
compatibility issue When different pieces of hardware or software don’t work together correctly.
compatibility requirements With respect to network installations and upgrades, requirements that deal with how well the new technology integrates with older or existing technologies.
complete algorithm A cipher and the methods used to implement that cipher.
computer forensics The science of gathering, preserving, and presenting evidence stored on a computer or any form of digital media that is presentable in a court of law.
concentrator A device that brings together at a common center connections to a particular kind of network (such as Ethernet) and implements that network internally.
configuration management A set of documents, policies, and procedures designed to help you maintain and update your network in a logical, orderly fashion.
configuration management documentation Documents that define the configuration of a network. These would include wiring diagrams, network diagrams, baselines, and policy/procedure/configuration documentation.
configurations The settings stored in devices that define how they are to operate.
connection A term used to refer to communication between two computers.
connectionless A type of communication characterized by sending packets that are not acknowledged by the destination host. UDP is the quintessential connectionless protocol in the TCP/IP suite.
connectionless communication A protocol that does not establish and verify a connection between the hosts before sending data; it just sends the data and hopes for the best. This is faster than connection-oriented protocols. UDP is an example of a connectionless protocol.
connection-oriented Network communication between two hosts that includes negotiation between the hosts to establish a communication session. Data segments are then transferred between hosts, with each segment being acknowledged before a subsequent segment can be sent. Orderly closure of the communication is conducted at the end of the data transfer or in the event of a communication failure. TCP is the only connection-oriented protocol in the TCP/IP suite.
connection-oriented communication A protocol that establishes a connection between two hosts before transmitting data and verifies receipt before closing the connection between the hosts. TCP is an example of a connection-oriented protocol.
console port Connection jack in a switch used exclusively to connect a computer that will manage the switch.
content filter An advanced networking device that implements content filtering, enabling administrators to filter traffic based on specific signatures or keywords (such as profane language).
content switch Advanced networking device that works at least at Layer 7 (Application layer) and hides servers behind a single IP.
contingency plan Documents that set out how to limit damage and recover quickly from an incident.
contingency planning The process of creating documents that set out how to limit damage and recover quickly from an incident.
continuity The physical connection of wires in a network.
continuity tester Inexpensive network tester that can only test for continuity on a line.
convergence Point at which the routing tables for all routers in a network are updated.
copy backup A type of backup similar to normal or full, in that all selected files on a system are backed up. This type of backup does not change the archive bit of the files being backed up.
core The central glass of the fiber-optic cable that carries the light signal.
corporate-owned business only (COBO) Deployment model where the corporation owns all the mobile devices issued to employees. Employees have a whitelist of preapproved applications they can install.
cost An arbitrary metric value assigned to a network route with OSFP-capable routers.
counter A predefined event that is recorded to a log file.
CRC (cyclic redundancy check) A mathematical method used to check for errors in long streams of transmitted data with high accuracy.
crimper Also called a crimping tool, the tool used to secure a crimp (or an RJ-45 connector) onto the end of a cable.
crossover cable A specially terminated UTP cable used to interconnect routers or switches, or to connect network cards without a switch. Crossover cables reverse the sending and receiving wire pairs from one end to the other.
cross-platform support Standards created to enable terminals (and now operating systems) from different companies to interact with one another.
crosstalk Electrical signal interference between two cables that are in close proximity to each other.
crypto-malware Malicious software that uses some form of encryption to lock a user out of a system. See also ransomware.
CSMA/CA (carrier sense multiple access with collision avoidance) Access method used only on wireless networks. Before hosts send out data, they first listen for traffic. If the network is free, they send out a signal that reserves a certain amount of time to make sure the network is free of other signals. If data is detected in the air, the hosts wait a random time period before trying again. If there are no other wireless signals, the data is sent out.
CSMA/CD (carrier sense multiple access with collision detection) Obsolete access method that older Ethernet systems used in wired LAN technologies, enabling frames of data to flow through the network and ultimately reach address locations. Hosts on CSMA/CD networks first listened to hear if there is any data on the wire. If there was none, they sent out data. If a collision occurred, then both hosts waited a random time period before retransmitting the data. Full-duplex Ethernet completely eliminated CSMA/CD.
CSU/DSU (Channel Service Unit/Data Service Unit) A piece of equipment that connects a T-carrier leased line from the telephone company to a customer’s equipment (such as a router). It performs line encoding and conditioning functions, and it often has a loopback function for testing.
customer-premises equipment (CPE) The primary distribution box and customer-owned/managed equipment that exists on the customer side of the demarc.
cyclic redundancy check (CRC) See CRC (cyclic redundancy check).
daily backup Also called a daily copy backup, makes a copy of all files that have been changed on that day without changing the archive bits of those files.
daisy-chain A method of connecting together several devices along a bus and managing the signals for each device.
data backup The process of creating extra copies of data to be used in case the primary data source fails.
Data Encryption Standard (DES) A symmetric-key algorithm developed by the U.S. government in the 1970s and formerly in use in a variety of TCP/IP applications. DES used a 64-bit block and a 56-bit key. Over time, the 56-bit key made DES susceptible to brute-force attacks.
Data Link layer See Open Systems Interconnection (OSI) seven-layer model.
Data Over Cable Service Interface Specification (DOCSIS) The unique protocol used by cable modem networks.
datagram A connectionless transfer unit created with User Datagram Protocol designed for quick transfers over a packet-switched network.
datagram TLS (DTLS) VPN A virtual private network solution that optimizes connections for delay-sensitive applications, such as voice and video.
DB-9 A 9-pin, D-shaped subminiature connector, often used in serial port connections.
DB-25 A 25-pin, D-shaped subminiature connector, typically use in parallel and older serial port connections.
dead spot A place that should be covered by the network signal but where devices get no signal.
deauthentication (deauth) attack A form of DoS attack that targets 802.11 Wi-Fi networks specifically by sending out a frame that kicks a wireless client off its current WAP connection. A rogue WAP nearby presents a stronger signal, which the client will prefer. The rogue WAP connects the client to the Internet and then proceeds to intercept communications to and from that client.
decibel (dB) A measurement of the quality of a signal.
dedicated circuit A circuit that runs from a breaker box to specific outlets.
dedicated line A telephone line that is an always open, or connected, circuit. Dedicated telephone lines usually do not have telephone numbers.
dedicated server A machine that does not use any client functions, only server functions.
de-encapsulation The process of stripping all the extra header information from a packet as the data moves up a protocol stack.
default A software function or operation that occurs automatically unless the user specifies something else.
default gateway In a TCP/IP network, the IP address of the router that interconnects the LAN to a wider network, usually the Internet. This router’s IP address is part of the necessary TCP/IP configuration for communicating with multiple networks using IP.
Delta channel (D channel) A type of ISDN line that transfers data at 16 Kbps.
demarc A device that marks the dividing line of responsibility for the functioning of a network between internal users and upstream service providers. Also, demarcation point.
demarc extension Any cabling that runs from the network interface to whatever box is used by the customer as a demarc.
demilitarized zone (DMZ) A lightly protected or unprotected subnet network positioned between an outer firewall and an organization’s highly protected internal network. DMZs are used mainly to host public address servers (such as Web servers).
demultiplexer Device that can extract and distribute individual streams of data that have been combined together to travel along a single shared network cable.
denial of service (DoS) An effort to prevent users from gaining normal use of a resource. See also denial of service (DoS) attack.
denial of service (DoS) attack An attack that floods a networked server with so many requests that it becomes overwhelmed and ceases functioning.
dense wavelength division multiplexing (DWDM) An optical multiplexing technology in which a large number of optical signals of different optical wavelength could be combined to travel over relatively long fiber cables.
designated router (DR) The main router in an OSPF network that relays information to all other routers in the area.
destination port A fixed, predetermined number that defines the function or session type in a TCP/IP network.
device driver A subprogram to control communications between the computer and some peripheral hardware.
device ID The last six digits of a MAC address, identifying the manufacturer’s unique serial number for that NIC.
device types/requirements With respect to installing and upgrading networks, these determine what equipment is needed to build the network and how the network should be organized.
DHCP four-way handshake (DORA) DHCP process in which a client gets a lease for an IPv4 address—Discover, Offer, Request, and Ack.
DHCP lease Created by the DHCP server to allow a system requesting DHCP IP information to use that information for a certain amount of time.
DHCP relay A router process that, when enabled, passes DHCP requests and responses across router interfaces. In common terms, DHCP communications can cross from one network to another within a router that has DHCP relay enabled and configured.
DHCP scope The pool of IP addresses that a DHCP server may allocate to clients requesting IP addresses or other IP information like DNS server addresses.
DHCP snooping Switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources. Typically used to block attacks that use a rogue DHCP server.
dial-up lines Telephone lines with telephone numbers; they must dial to make a connection, as opposed to a dedicated line.
differential backup Similar to an incremental backup in that it backs up the files that have been changed since the last backup. This type of backup does not change the state of the archive bit.
differentiated services (DiffServ) The underlying architecture that makes quality of service (QoS) work.
dig (domain information groper) See domain information groper (dig).
digital signal 1 (DS1) The signaling method used by T1 lines, which uses a relatively simple frame consisting of 25 pieces: a framing bit and 24 channels. Each DS1 channel holds a single 8-bit DS0 data sample. The framing bit and data channels combine to make 193 bits per DS1 frame. These frames are transmitted 8000 times/sec, making a total throughput of 1.544 Mbps.
digital signal processor (DSP) See DSP (digital signal processor).
digital signature An encrypted hash of a private encryption key that verifies a sender’s identity to those who receive encrypted data or messages.
digital subscriber line (DSL) A high-speed Internet connection technology that uses a regular telephone line for connectivity. DSL comes in several varieties, including asymmetric (ADSL) and symmetric (SDSL), and many speeds. Typical home-user DSL connections are ADSL with a download speed of up to 9 Mbps and an upload speed of up to 1 Kbps.
dipole antenna The standard straight-wire antenna that provides most omnidirectional function.
direct current (DC) A type of electric circuit where the flow of electrons is in a complete circle.
directional antenna An antenna that focuses its signal more toward a specific direction; as compared to an omnidirectional antenna that radiates its signal in all directions equally.
direct-sequence spread-spectrum (DSSS) A spread-spectrum broadcasting method defined in the 802.11 standard that sends data out on different frequencies at the same time.
disaster recovery The means and methods to recover primary infrastructure from a disaster. Disaster recovery starts with a plan and includes data backups.
discretionary access control (DAC) Authorization method based on the idea that there is an owner of a resource who may at his or her discretion assign access to that resource. DAC is considered much more flexible than mandatory access control (MAC).
disk mirroring Process by which data is written simultaneously to two or more disk drives. Read and write speed is decreased but redundancy, in case of catastrophe, is increased. Also known as RAID level 1. See also duplexing.
disk striping Process by which data is spread among multiple (at least two) drives. It increases speed for both reads and writes of data, but provides no fault tolerance. Also known as RAID level 0.
disk striping with parity Process by which data is spread among multiple (at least three) drives, with parity information as well to provide fault tolerance. The most commonly implemented type is RAID 5, where the data and parity information is spread across three or more drives.
dispersion Diffusion over distance of light propagating down fiber cable.
distance vector Set of routing protocols that calculates the total cost to get to a particular network ID and compares that cost to the total cost of all the other routes to get to that same network ID.
distributed control system (DCS) A small controller added directly to a machine used to distribute the computing load.
Distributed Coordination Function (DCF) One of two methods of collision avoidance defined by the 802.11 standard and the only one currently implemented. DCF specifies strict rules for sending data onto the network media. See also Point Coordination Function (PCF).
distributed denial of service (DDoS) Multicomputer assault on a network resource that attempts, with sheer overwhelming quantity of requests, to prevent regular users from receiving services from the resource. Can also be used to crash systems.
distributed switching The centralized installation, configuration, and handling of every switch in a virtualized network.
DLL (dynamic link library) A file of executable functions or data that can be used by a Windows application. Typically, a DLL provides one or more particular functions, and a program accesses the functions by creating links to the DLL.
DNS cache poisoning An attack that adds or changes information in a DNS server to point host names to incorrect IP addresses, under the attacker’s control. When a client requests an IP address from this DNS server for a Web site, the poisoned server hands out an IP address of an attacker, not the legitimate site. When the client subsequently visits the attacker site, malware is installed.
DNS domain A specific branch of the DNS name space. Top-level DNS domains include .com, .gov, and .edu.
DNS forwarding DNS server configuration that sends (forwards) DNS requests to another DNS server.
DNS resolver cache A cache used by Windows DNS clients to keep track of DNS information.
DNS root servers The highest in the hierarchy of DNS servers running the Internet.
DNS server A system that runs a special DNS server program.
DNS tree A hierarchy of DNS domains and individual computer names organized into a tree-like structure, the top of which is the root.
document A medium and the data recorded on it for human use; for example, a report sheet or book. By extension, any record that has permanence and that can be read by a human or a machine.
documentation A collection of organized documents or the information recorded in documents. Also, instructional material specifying the inputs, operations, and outputs of a computer program or system.
domain A term used to describe a grouping of users, computers, and/or networks. In Microsoft networking, a domain is a group of computers and users that shares a common account database and a common security policy. For the Internet, a domain is a group of computers that shares a common element in their DNS hierarchical name.
domain controller A Microsoft Windows Server system specifically configured to store user and server account information for its domain. Often abbreviated as “DC.” Windows domain controllers store all account and security information in the Active Directory domain service.
domain information groper (dig) Command-line tool in non-Windows systems used to diagnose DNS problems.
Domain Name System (DNS) A TCP/IP name resolution system that resolves host names to IP addresses, IP addresses to host names, and other bindings, like DNS servers and mail servers for a domain.
domain users and groups Users and groups that are defined across an entire network domain.
door access controls Methodology to grant permission or to deny passage through a doorway. The method may be computer-controlled, human-controlled, token-oriented, or many other means.
dotted decimal notation Shorthand method for discussing and configuring binary IP addresses.
download The transfer of information from a remote computer system to the user’s system. Opposite of upload.
drive duplexing See duplexing.
drive mirroring The process of writing identical data to two hard drives on the same controller at the same time to provide data redundancy.
DS0 The digital signal rate created by converting analog sound into 8-bit chunks 8000 times a second, with a data stream of 64 Kbps. This is the simplest data stream (and the slowest rate) of the digital part of the phone system.
DS1 The signaling method used by T1 lines, which uses a relatively simple frame consisting of 25 pieces: a framing bit and 24 channels. Each DS1 channel holds a single 8-bit DS0 data sample. The framing bit and data channels combine to make 193 bits per DS1 frame. These frames are transmitted 8000 times/sec, making a total throughput of 1.544 Mbps.
DSL Access Multiplexer (DSLAM) A device located in a telephone company’s central office that connects multiple customers to the Internet.
DSL modem A device that enables customers to connect to the Internet using a DSL connection. A DSL modem isn’t really a modem—it’s more like an ISDN terminal adapter—but the term stuck, and even the manufacturers of the devices now call them DSL modems.
DSP (digital signal processor) A specialized microprocessor-like device that processes digital signals at the expense of other capabilities, much as the floating-point unit (FPU) is optimized for math functions. DSPs are used in such specialized hardware as high-speed modems, multimedia sound cards, MIDI equipment, and real-time video capture and compression.
dual stack Networking device, such as a router or PC, that runs both IPv4 and IPv6.
duplexing Also called disk duplexing or drive duplexing, similar to mirroring in that data is written to and read from two physical drives for fault tolerance. In addition, separate controllers are used for each drive, for both additional fault tolerance and additional speed. Considered RAID level 1. See also disk mirroring.
dynamic addressing A way for a computer to receive IP information automatically from a server program. See also Dynamic Host Configuration Protocol (DHCP).
Dynamic ARP Inspection (DAI) Cisco process that updates a database of trusted systems. DAI then watches for false or suspicious ARPs and ignores them to prevent ARP cache poisoning and other malevolent efforts.
Dynamic DNS (DDNS) A protocol that enables DNS servers to get automatic updates of IP addresses of computers in their forward lookup zones, mainly by talking to the local DHCP server.
Dynamic Host Configuration Protocol (DHCP) A protocol that enables a DHCP server to set TCP/IP settings automatically for a DHCP client.
dynamic link library (DLL) See DLL (dynamic link library).
dynamic multipoint VPN (DMVPN) A virtual private network solution optimized for connections between multiple locations directly.
dynamic NAT (DNAT) Type of Network Address Translation (NAT) in which many computers can share a pool of routable IP addresses that number fewer than the computers.
dynamic port numbers Port numbers 49152–65535, recommended by the IANA to be used as ephemeral port numbers.
dynamic routing Process by which routers in an internetwork automatically exchange information with other routers. Requires a dynamic routing protocol, such as OSPF or RIP.
dynamic routing protocol A protocol that supports the building of automatic routing tables, such as OSPF or RIP.
E1 The European counterpart of a T1 connection that carries 32 channels at 64 Kbps for a total of 2.048 Mbps—making it slightly faster than a T1.
E3 The European counterpart of a T3 line that carries 16 E1 lines (512 channels), for a total bandwidth of 34.368 Mbps—making it a little bit slower than an American T3.
EAP-TLS (Extensible Authentication Protocol with Transport Layer Security) A protocol that defines the use of a RADIUS server as well as mutual authentication, requiring certificates on both the server and every client.
EAP-TTLS (Extensible Authentication Protocol with Tunneled Transport Layer Security) A protocol similar to EAP-TLS but only uses a single server-side certificate.
edge device A hardware device that has been optimized to perform a task in coordination with other edge devices and controllers.
edge router Router that connects one Autonomous System (AS) to another.
effective permissions The permissions of all groups combined in any network operating system.
electromagnetic interference (EMI) Interference from one device to another, resulting in poor performance in the device’s capabilities. This is similar to having static on your TV while running a hair dryer, or placing two monitors too close together and getting a “shaky” screen.
electronic discovery The process of requesting and providing electronic and stored data and evidence in a legal way.
electrostatic discharge (ESD) See ESD (electrostatic discharge).
e-mail (electronic mail) Messages, usually text, sent from one person to another via computer. E-mail can also be sent automatically to a large number of addresses, known as a mailing list.
e-mail alert Notification sent by e-mail as a result of an event. A typical use is a notification sent from an SNMP manager as a result of an out-of-tolerance condition in an SNMP managed device.
e-mail client Program that runs on a computer and enables a user to send, receive, and organize e-mail.
e-mail server Also known as a mail server, a server that accepts incoming e-mail, sorts the e-mail for recipients into mailboxes, and sends e-mail to other servers using SMTP.
emulator Software or hardware that converts the commands to and from the host machine to an entirely different platform. For example, a program that enables you to run Nintendo games on your PC.
encapsulation The process of putting the packets from one protocol inside the packets of another protocol. An example of this is TCP/IP encapsulation in Ethernet, which places TCP/IP packets inside Ethernet frames.
encryption A method of securing messages by scrambling and encoding each packet as it is sent across an unsecured medium, such as the Internet. Each encryption level provides multiple standards and options.
endpoint In the TCP/IP world, the session information stored in RAM. See also socket.
endpoints Correct term to use when discussing the data each computer stores about the connection between two computers’ TCP/IP applications. See also socket pairs.
end-to-end principle Early network concept that originally meant that applications and work should happen only at the endpoints in a network, such as in a single client and a single server.
Enhanced Data rates for GSM Evolution (EDGE) Early cellular telephone technology that used a SIM card; obsolete.
Enhanced Interior Gateway Routing Protocol (EIGRP) Cisco’s proprietary hybrid protocol that has elements of both distance vector and link state routing.
enhanced small form-factor pluggable (SFP+) Fiber-optic connector used in 10 GbE networks.
environment limitations With respect to building and upgrading networks, refers to the degree of access to facilities and physical access to physical infrastructure. The type of building or buildings must be considered. Access to the walls and ceilings will factor in the construction of the network.
environmental monitor Device used in telecommunications rooms that keeps track of humidity, temperature, and more.
ephemeral port In TCP/IP communication, an arbitrary number generated by a sending computer that the receiving computer uses as a destination address when sending a return packet.
ephemeral port number See ephemeral port.
equipment limitations With respect to installing and upgrading networks, the degree of usage of any existing equipment, applications, or cabling.
equipment rack A metal structure used in equipment rooms to secure network hardware devices and patch panels. Most racks are 19" wide. Devices designed to fit in such a rack use a height measurement called units, or simply U.
ESD (electrostatic discharge) The movement of electrons from one body to another. ESD is a real menace to PCs because it can cause permanent damage to semiconductors.
Ethernet Name coined by Xerox for the first standard of network cabling and protocols. Ethernet is based on a bus topology. The IEEE 802.3 subcommittee defines the current Ethernet specifications.
Ethernet over Power (EoP) The IEEE 1901 standard, also known as HomePlug HD-PLC, provides high-speed home networking through the building’s existing power infrastructure.
evil twin An attack that lures people into logging into a rogue access point that looks similar to a legitimate access point.
Evolved High-Speed Packet Access (HSPA+) The final wireless 3G data standard, transferring theoretical maximum speeds up to 168 Mbps, although real-world implementations rarely passed 10 Mbps.
executable viruses Viruses that are literally extensions of executables and that are unable to exist by themselves. Once an infected executable file is run, the virus loads into memory, adding copies of itself to other EXEs that are subsequently run.
Exim E-mail server for every major platform; fast and efficient.
exit plan Documents and diagrams that identify the best way out of a building in the event of an emergency. It may also define other procedures to follow.
Extended Service Set (ESS) A single wireless access point servicing a given area that has been extended by adding more access points.
Extended Service Set Identifier (ESSID) An SSID applied to an Extended Service Set as a network naming convention.
Extended Unique Identifier, 48-bit (EUI-48) The IEEE term for the 48-bit MAC address assigned to a network interface. The first 24 bits of the EUI-48 are assigned by the IEEE as the organizationally unique identifier (OUI).
Extended Unique Identifier, 64-bit (EUI-64) The last 64 bits of the IPv6 address, which are determined based on a calculation based on a device’s 48-bit MAC address.
Extensible Authentication Protocol (EAP) Authentication wrapper that EAP-compliant applications can use to accept one of many types of authentication. While EAP is a general-purpose authentication wrapper, its only substantial use is in wireless networks.
external connections A network’s connections to the wider Internet. Also a major concern when setting up a SOHO network.
external data bus (EDB) The primary data highway of all computers. Everything in your computer is tied either directly or indirectly to the EDB.
external firewall The firewall that sits between the perimeter network and the Internet and is responsible for bearing the brunt of the attacks from the Internet.
external network address A number added to the MAC address of every computer on an IPX/SPX network that defines every computer on the network; this is often referred to as a network number.
external threats Threats to your network through external means; examples include virus attacks and the exploitation of users, security holes in the OS, or weaknesses of the network hardware itself.
fail close Defines the condition of doors and locks in the event of an emergency, indicating that the doors should close and lock.
fail open Defines the condition of doors and locks in the event of an emergency, indicating that the doors should be open and unlocked.
FAQ (frequently asked questions) Common abbreviation coined by BBS users and spread to Usenet and the Internet. This is a list of questions and answers that pertains to a particular topic, maintained so that users new to the group don’t all bombard the group with similar questions. Examples are “What is the name of the actor who plays X on this show, and was he in anything else?” or “Can anyone list all of the books by this author in the order that they were published so that I can read them in that order?” The common answer to this type of question is “Read the FAQ!”
far-end crosstalk (FEXT) Crosstalk on the opposite end of a cable from the signal’s source.
Fast Ethernet Nickname for the 100-Mbps Ethernet standards. Originally applied to 100BaseT.
fault tolerance The capability of any system to continue functioning after some part of the system has failed. RAID is an example of a hardware device that provides fault tolerance for hard drives.
F-connector A screw-on connector used to terminate small-diameter coaxial cable such as RG-6 and RG-59 cables.
FDDI (Fiber Distributed Data Interface) See Fiber Distributed Data Interface (FDDI).
Federal Communications Commission (FCC) In the United States, regulates public airwaves and rates PCs and other equipment according to the amount of radiation emitted.
Fiber Distributed Data Interface (FDDI) Older technology fiber-optic network used in campus-sized installations. It transfers data at 100 Mbps and uses a token bus network protocol over a ring topology.
fiber-optic cable A high-speed physical medium for transmitting data that uses light rather than electricity to transmit data and is made of high-purity glass fibers sealed within a flexible opaque tube. Much faster than conventional copper wire.
Fibre Channel (FC) A self-contained, high-speed storage environment with its own storage arrays, cables, protocols, cables, and switches. Fibre Channel is a critical part of storage area networks (SANs).
file hashing When the download provider hashes the contents of a file and publishes the resulting message digest.
file server A computer designated to store software, courseware, administrative tools, and other data on a local or wide area network (WAN). It “serves” this information to other computers via the network when users enter their personal access codes.
File Transfer Protocol (FTP) A set of rules that allows two computers to talk to one another as a file transfer is carried out. This is the protocol used when you transfer a file from one computer to another across the Internet.
fire ratings Ratings developed by Underwriters Laboratories (UL) and the National Electrical Code (NEC) to define the risk of network cables burning and creating noxious fumes and smoke.
firewall A device that restricts traffic between a local network and the Internet.
FireWire An IEEE 1394 standard to send wide-band signals over a thin connector system that plugs into TVs, VCRs, TV cameras, PCs, and so forth. This serial bus developed by Apple and Texas Instruments enables connection of 60 devices at speeds ranging from 100 to 800 Mbps.
first responder The person or robot whose job is to react to the notification of a possible computer crime by determining the severity of the situation, collecting information, documenting findings and actions, and providing the information to the proper authorities.
flat name space A naming convention that gives each device only one name that must be unique. NetBIOS uses a flat name space. TCP/IP’s DNS uses a hierarchical name space.
flat-surface connector Early fiber-optic connector that resulted in a small gap between fiber-optic junctions due to the flat grind faces of the fibers. It was replaced by Angled Physical Contact (APC) connectors.
flood guard Technology in modern switches that can detect and block excessive traffic.
flow A stream of packets from one specific place to another.
flow cache Stores sets of flows for interpretation and analysis. See also flow.
forensics report A document that describes the details of gathering, securing, transporting, and investigating evidence.
forward lookup zone The storage area in a DNS server to store the IP addresses and names of systems for a particular domain or domains.
forward proxy server Server that acts as middleman between clients and servers, making requests to network servers on behalf of clients. Results are sent to the proxy server, which then passes them to the original client. The network servers are isolated from the clients by the forward proxy server.
FQDN (fully qualified domain name) See fully qualified domain name (FQDN).
fractional T1 access A service provided by many telephone companies wherein customers can purchase a number of individual channels in a T1 line in order to save money.
frame A defined series of binary data that is the basic container for a discrete amount of data moving across a network. Frames are created at Layer 2 of the OSI model.
frame check sequence (FCS) A sequence of bits placed in a frame that is used to check the primary data for errors.
Frame Relay An extremely efficient data transmission technique used to send digital information such as voice, data, LAN, and WAN traffic quickly and cost-efficiently to many destinations from one port.
FreeRADIUS Free RADIUS server software for UNIX/Linux systems.
freeware Software that is distributed for free with no license fee.
frequency division multiplexing (FDM) A process of keeping individual phone calls separate by adding a different frequency multiplier to each phone call, making it possible to separate phone calls by their unique frequency range.
frequency mismatch Problem in older wireless networks with manual settings where the WAP transmitted on one channel and a wireless client was set to access on a different channel.
frequency-hopping spread-spectrum (FHSS) A spread-spectrum broadcasting method defined in the 802.11 standard that sends data on one frequency at a time, constantly shifting (or hopping) frequencies.
frequently asked questions (FAQ) See FAQ (frequently asked questions).
FUBAR Fouled Up Beyond All Recognition.
full backup Archive created where every file selected is backed up, and the archive bit is turned off for every file backed up.
full-duplex Any device that can send and receive data simultaneously.
fully meshed topology A mesh network where every node is directly connected to every other node.
fully qualified domain name (FQDN) The complete DNS name of a system, from its host name to the top-level domain name. Textual nomenclature to a domain-organized resource. It is written left to right, with the host name on the left, followed by any hierarchical subdomains within the top-level domain on the right. Each level is separated from any preceding or following layer by a dot (.).
gain The strengthening and focusing of radio frequency output from a wireless access point (WAP).
gateway router A router that acts as a default gateway in a TCP/IP network.
general logs Logs that record updates to applications.
geofencing The process of using a mobile device’s built-in GPS capabilities and mobile networking capabilities to set geographical constraints on where the mobile device can be used.
Get (SNMP) A query from an SNMP manager sent to the agent of a managed device for the status of a management information base (MIB) object.
giga The prefix that generally refers to the quantity 1,073,741,824. One gigabyte is 1,073,741,824 bytes. With frequencies, in contrast, giga- often refers to one billion. One gigahertz is 1,000,000,000 hertz.
Gigabit Ethernet See 1000BaseT.
gigabit interface converter (GBIC) Modular port that supports a standardized, wide variety of gigabit interface modules.
gigabyte 1024 megabytes.
global routing prefix The first 48 bits of an IPv6 unicast address, used to get a packet to its destination. See also network ID.
Global System for Mobile (GSM) Early cellular telephone networking standard; obsolete.
global unicast address A second IPv6 address that every system needs in order to get on the Internet.
grandfather, father, son (GFS) A tape rotation strategy used in data backups.
graphing Type of software that creates visual representations and graphs of data collected by SNMP managers.
greenfield mode One of three modes used with 802.11n wireless networks wherein everything is running at higher speed.
ground loop A voltage differential that exists between two different grounding points.
Group Policy A feature of Windows Active Directory that allows an administrator to apply policy settings to network users en masse.
Group Policy Object (GPO) Enables network administrators to define multiple rights and permissions to entire sets of users all at one time.
groups Collections of network users who share similar tasks and need similar permissions; defined to make administration tasks easier.
guest In terms of virtualization, an operating system running as a virtual machine inside a hypervisor.
guest network A network that can contain or allow access to any resource that management deems acceptable to be used by insecure hosts that attach to the guest network.
H.320 A standard that uses multiple ISDN channels to transport video teleconferencing (VTC) over a network.
H.323 A VoIP standard that handles the initiation, setup, and delivery of VoIP sessions.
hackers People who break into computer systems. Those with malicious intent are sometimes considered black hat hackers and those who do so with a positive intent (such as vulnerability testing) are regularly referred to as white hat hackers. Of course, there are middle-ground hackers: gray hats.
half-duplex Any device that can only send or receive data at any given moment.
hardening Applying security hardware, software, and processes to your network to prevent bad things from happening.
hardware appliance Physical network device, typically a “box” that implements and runs software or firmware to perform one or a multitude of tasks. Could be a firewall, a switch, a router, a print server, or one of many other devices.
hardware tools Tools such as cable testers, TDRs, OTDRs, certifiers, voltage event recorders, protocol analyzers, cable strippers, multimeters, tone probes/generators, butt sets, and punchdown tools used to configure and troubleshoot a network.
hash A mathematical function used in cryptography that is run on a string of binary digits of any length that results in a value of some fixed length.
HDMI Ethernet Channel (HEC) Ethernet-enabled HDMI ports that combine video, audio, and data on a single cable.
header First section of a frame, packet, segment, or datagram.
heating, ventilation, and air conditioning (HVAC) All of the equipment involved in heating and cooling the environments within a facility. These items include boilers, furnaces, air conditioners and ducts, plenums, and air passages.
hex (hexadecimal) Hex symbols based on a numbering system of 16 (computer shorthand for binary numbers), using 10 digits and 6 letters to condense zeroes and ones to binary numbers. Hex is represented by digits 0 through 9 and alpha A through F, so that 09h has a value of 9, and 0Ah has a value of 10.
hierarchical name space A naming scheme where the full name of each object includes its position within the hierarchy. An example of a hierarchical name is www.totalseminars.com, which includes not only the host name, but also the domain name. DNS uses a hierarchical name space scheme for fully qualified domain names (FQDNs).
high availability (HA) A collection of technologies and procedures that work together to keep an application available at all times.
high-speed WAN Internet cards A type of router expansion card that enables connection to two different ISPs.
history logs Logs that track the history of how a user or users access network resources, or how network resources are accessed throughout the network.
home automation The process of remotely controlling household devices, such as lights, thermostats, cameras, and washer and dryer.
home page Either the Web page that your browser is set to use when it starts up or the main Web page for a business, organization, or person. Also, the main page in any collection of Web pages.
honeynet The network created by a honeypot in order to lure in hackers.
honeypot An area of a network that an administrator sets up for the express purpose of attracting a computer hacker. If a hacker takes the bait, the network’s important resources are unharmed and network personnel can analyze the attack to predict and protect against future attacks, making the network more secure.
hop The passage of a packet through a router.
hop count An older metric used by RIP routers. The number of routers that a packet must cross to get from a router to a given network. Hop counts were tracked and entered into the routing table within a router so the router could decide which interface was the best one to forward a packet.
horizontal cabling Cabling that connects the equipment room to the work areas.
host A single device (usually a computer) on a TCP/IP network that has an IP address; any device that can be the source or destination of a data packet. Also, a computer running multiple virtualized operating systems.
host ID The portion of an IP address that defines a specific machine in a subnet.
host name An individual computer name in the DNS naming convention.
host-based anti-malware Anti-malware software that is installed on individual systems, as opposed to the network at large.
host-based firewall A software firewall installed on a “host” that provides firewall services for just that machine, such as Windows Firewall.
hostname Command-line tool that returns the host name of the computer it is run on.
hosts file The predecessor to DNS, a static text file that resides on a computer and is used to resolve DNS host names to IP addresses. Automatically mapped to a host’s DNS resolver cache in modern systems. The hosts file has no extension.
host-to-host Type of VPN connection in which a single host establishes a link with a remote, single host.
host-to-site Type of VPN connection where a host logs into a remote network as if it were any other local resource of that network.
hot site A complete backup facility to continue business operations. It is considered “hot” because it has all resources in place, including computers, network infrastructure, and current backups, so that operations can commence within hours after occupation.
hotspot A wireless access point that is connected to a cellular data network, typically 4G. The device can route Wi-Fi to and from the Internet. Hotspots can be permanent installations or portable. Many cellular telephones have the capability to become a hotspot.
HTML (Hypertext Markup Language) An ASCII-based script-like language for creating hypertext documents like those on the World Wide Web.
HTTP over SSL (HTTPS) A secure form of HTTP in which hypertext is encrypted by Transport Layer Security (TLS) before being sent onto the network. It is commonly used for Internet business transactions or any time where a secure connection is required. The name reflects the predecessor technology to TLS called Secure Sockets Layer (SSL). See also Hypertext Transfer Protocol (HTTP) and Secure Sockets Layer (SSL).
hub An electronic device that sits at the center of a star topology network, providing a common point for the connection of network devices. In a 10BaseT Ethernet network, the hub contains the electronic equivalent of a properly terminated bus cable. Hubs are rare today and have been replaced by switches.
human machine interface (HMI) In a distributed control system (DCS), a computer or set of controls that exists between a controller and a human operator. The human operates the HMI, which in turn interacts with the controller.
hybrid cloud A conglomeration of public and private cloud resources, connected to achieve some target result. There is no clear line that defines how much of a hybrid cloud infrastructure is private and how much is public.
hybrid topology A mix or blend of two different topologies. A star-bus topology is a hybrid of the star and bus topologies.
hypertext A document that has been marked up to enable a user to select words or pictures within the document, click them, and connect to further information. The basis of the World Wide Web.
Hypertext Markup Language (HTML) See HTML (Hypertext Markup Language).
Hypertext Transfer Protocol (HTTP) Extremely fast protocol used for network file transfers on the World Wide Web.
Hypertext Transfer Protocol over SSL (HTTPS) Protocol to transfer hypertext from a Web server to a client in a secure and encrypted fashion. Uses Transport Layer Security (TLS) rather than Secure Sockets Layer (SSL) to establish a secure communication connection between hosts. It then encrypts the hypertext before sending it from the Web server and decrypts it when it enters the client. HTTPS uses port 443.
hypervisor In virtualization, a layer of programming that creates, supports, and manages a virtual machine. Also known as a virtual machine manager (VMM).
ICS (industrial control system) A centralized controller where the local controllers of a distributed control system (DCS) meet in order for global changes to be made.
ICS (Internet Connection Sharing) Also known simply as Internet sharing, the technique of enabling more than one computer to access the Internet simultaneously using a single Internet connection. When you use Internet sharing, you connect an entire LAN to the Internet using a single public IP address.
ICS server Unit in a distributed control system (DCS) that can be used to manage global changes to the controllers.
IEEE (Institute of Electrical and Electronics Engineers) The leading standards-setting group in the United States.
IEEE 802.2 IEEE subcommittee that defined the standards for Logical Link Control (LLC).
IEEE 802.3 IEEE subcommittee that defined the standards for CSMA/CD (a.k.a. Ethernet).
IEEE 802.11 IEEE subcommittee that defined the standards for wireless.
IEEE 802.14 IEEE subcommittee that defined the standards for cable modems.
IEEE 802.16 A wireless standard (also known as WiMAX) with a range of up to 30 miles.
IEEE 1284 The IEEE standard for the now obsolete parallel communication.
IEEE 1394 IEEE standard for FireWire communication.
IEEE 1905.1 Standard that integrates Ethernet, Wi-Fi, Ethernet over power lines, and Multimedia over Coax (MoCA).
IETF (Internet Engineering Task Force) The primary standards organization for the Internet.
ifconfig A command-line utility for Linux servers and workstations that displays the current TCP/IP configuration of the machine, similar to ipconfig for Windows systems. The newer command-line utility, ip, is replacing ifconfig on most systems.
IMAP (Internet Message Access Protocol) An alternative to POP3. Currently in its fourth revision, IMAP4 retrieves e-mail from an e-mail server like POP3, but has a number of features that make it a more popular e-mail tool. IMAP4 supports users creating folders on the e-mail server, for example, and allows multiple clients to access a single mailbox. IMAP uses TCP port 143.
impedance The amount of resistance to an electrical signal on a wire. It is used as a relative measure of the amount of data a cable can handle.
implicit deny The blocking of access to any entity that has not been specifically granted access. May also be known as implicit deny any. An example might be a whitelist ACL. Any station that is not in the whitelist is implicitly denied access.
in-band management Technology that enables managed devices such as a switch or router to be managed by any authorized host that is connected to that network.
inbound traffic Packets coming in from outside the network.
incident Any negative situation that takes place within an organization.
incident response Reaction to any negative situations that take place within an organization that can be stopped, contained, and remediated without outside resources.
incremental backup Backs up all files that have their archive bits turned on, meaning they have been changed since the last backup. This type of backup turns the archive bits off after the files have been backed up.
Independent Basic Service Set (IBSS) A basic unit of organization in wireless networks formed by two or more wireless nodes communicating in ad hoc mode.
Independent Computing Architecture (ICA) Citrix technology that defined communication between client and server in remote terminal programs.
industrial control system (ICS) See ICS (industrial control system).
infrared (IR) Line-of-sight networking technology that uses light pulses on the non-visible (to humans) spectrum.
Infrastructure as a Service (IaaS) Providing servers, switches, and routers to customers for a set rate. IaaS is commonly done by large-scale, global providers that use virtualization to minimize idle hardware, protect against data loss and downtime, and respond to spikes in demand. See also cloud computing.
infrastructure mode Mode in which wireless networks use one or more wireless access points to connect the wireless network nodes centrally. This configuration is similar to the star topology of a wired network.
inheritance A method of assigning user permissions, in which folder permissions flow downward into subfolders.
insider threats Potential for attacks on a system by people who work in the organization.
Institute of Electrical and Electronics Engineers (IEEE) See IEEE (Institute of Electrical and Electronics Engineers).
insulating jacket The external plastic covering of a fiber-optic cable.
Integrated Services Digital Network (ISDN) See ISDN (Integrated Services Digital Network).
integrity Network process that ensures data sent to a recipient is unchanged when it is received at the destination host.
interface identifier (interface ID) The second half (64 bits) of an IPv6 address, unique to a host.
interface monitor A program that tracks the bandwidth and utilization of one or more interfaces on one or more devices in order to monitor traffic on a network.
interframe gap (IFG) A short, predefined silence originally defined for CSMA/CD; also used in CSMA/CA. Also known as an interframe space (IFS).
interframe space (IFS) See interframe gap (IFG).
intermediate distribution frame (IDF) The room where all the horizontal runs from all the work areas on a given floor in a building come together.
Intermediate System to Intermediate System (IS-IS) Protocol similar to, but not as popular as, OSPF, but with support for IPv6 since inception.
internal connections The connections between computers in a network.
internal firewall The firewall that sits between the perimeter network and the trusted network that houses all the organization’s private servers and workstations.
internal network A private LAN, with a unique network ID, that resides behind a router.
internal threats All the things that a network’s own users do to create problems on the network. Examples include accidental deletion of files, accidental damage to hardware devices or cabling, and abuse of rights and permissions.
Internet Assigned Numbers Authority (IANA) The organization originally responsible for assigning public IP addresses. IANA no longer directly assigns IP addresses, having delegated this to the five Regional Internet Registries. See also Regional Internet Registries (RIRs).
Internet Authentication Service (IAS) Popular RADIUS server for Microsoft environments.
Internet Connection Sharing (ICS) See ICS (Internet Connection Sharing).
Internet Control Message Protocol (ICMP) A TCP/IP protocol used to handle many low-level functions such as error reporting. ICMP messages are usually request and response pairs such as echo requests and responses, router solicitations and responses, and traceroute requests and responses. There are also unsolicited “responses” (advertisements) which consist of single packets. ICMP messages are connectionless.
Internet Corporation for Assigned Names and Numbers (ICANN) Entity that sits at the very top of the Internet hierarchy, with the authority to create new top-level domains (TLDs) for use on the Internet.
Internet Engineering Task Force (IETF) See IETF (Internet Engineering Task Force).
Internet Group Management Protocol (IGMP) Protocol that routers use to communicate with hosts to determine a “group” membership in order to determine which computers want to receive a multicast. Once a multicast has started, IGMP is responsible for maintaining the multicast as well as terminating at completion.
Internet Information Services (IIS) Microsoft’s Web server program for managing Web servers.
Internet layer In the TCP/IP model, the layer that deals with the Internet Protocol, including IP addressing and routers.
Internet Message Access Protocol Version 4 (IMAP4) See IMAP (Internet Message Access Protocol).
Internet of Things (IoT) The billions of everyday objects that can communicating with each other, specifically over the Internet. These include smart home appliances, automobiles, video surveillance systems, and more.
Internet Protocol (IP) The Internet standard protocol that handles the logical naming for the TCP/IP protocol using IP addresses.
Internet Protocol Security (IPsec) Network layer encryption protocol.
Internet Protocol version 4 (IPv4) Protocol in which addresses consist of four sets of numbers, each number being a value between 0 and 255, using a period to separate the numbers (often called dotted decimal format). No IPv4 address may be all 0s or all 255s. Examples include 192.168.0.1 and 64.176.19.164.
Internet Protocol version 6 (IPv6) Protocol in which addresses consist of eight sets of four hexadecimal numbers, each number being a value between 0000 and ffff, using a colon to separate the numbers. No IP address may be all 0s or all ffffs. An example is fe80:ba98:7654:3210:0800:200c:00cf:1234.
Internet Small Computer System Interface (iSCSI) A protocol that enables the SCSI command set to be transported over a TCP/IP network from a client to an iSCSI-based storage system. iSCSI is popular with storage area network (SAN) systems.
interVLAN routing A feature on some switches to provide routing between VLANs.
intranet A private TCP/IP network inside a company or organization.
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) An IPv6 tunneling protocol that adds the IPv4 address to an IPv6 prefix.
intrusion detection system (IDS)/intrusion prevention system (IPS) An application (often running on a dedicated IDS box) that inspects incoming packets, looking for active intrusions. The difference between an IDS and an IPS is that an IPS can react to an attack.
ip Linux terminal command that displays the current TCP/IP configuration of the machine; similar to Windows’ ipconfig and macOS’s ifconfig.
IP See Internet Protocol (IP).
IP address The numeric address of a computer connected to a TCP/IP network, such as the Internet. IPv4 addresses are 32 bits long, written as four octets of 8-bit binary. IPv6 addresses are 128 bits long, written as eight sets of four hexadecimal characters. IP addresses must be matched with a valid subnet mask, which identifies the part of the IP address that is the network ID and the part that is the host ID.
IP Address Management (IPAM) Software that includes at a minimum a DHCP server and a DNS server that are specially designed to work together to administer IP addresses for a network.
IP addressing The processes of assigning IP addresses to networks and hosts.
IP camera Still-frame or video camera with a network interface and TCP/IP transport protocols to send output to a network resource or destination.
IP filtering A method of blocking packets based on IP addresses.
IP helper Command used in Cisco switches and routers to enable, disable, and manage internetwork forwarding of certain protocols such as DHCP, TFTP, Time Service, TACACS, DNS, NetBIOS, and others. The command is technically ip helper-address.
ipconfig A command-line utility for Windows that displays the current TCP/IP configuration of the machine; similar to macOS’s ifconfig and UNIX/Linux’s ip.
IPsec VPN A virtual private networking technology that uses IPsec tunneling for security.
IRC (Internet Relay Chat) An online group discussion. Also called chat.
ISDN (Integrated Services Digital Network) The CCITT (Comité Consutatif Internationale Téléphonique et Télégraphique) standard that defines a digital method for telephone communications. Originally designed to replace the current analog telephone systems. ISDN lines have telephone numbers and support up to 128-Kbps transfer rates. ISDN also allows data and voice to share a common phone line. Never very popular, ISDN is now relegated to specialized niches.
ISP (Internet service provider) An institution that provides access to the Internet in some form, usually for a fee.
IT (information technology) The business of computers, electronic communications, and electronic commerce.
Java A network-oriented programming language invented by Sun Microsystems (acquired by Oracle) and specifically designed for writing programs that can be safely downloaded to your computer through the Internet and immediately run without fear of viruses or other harm to your computer or files. Using small Java programs (called applets), Web pages can include functions such as animations, calculators, and other fancy tricks.
jitter A delay in completing a transmission of all the frames in a message; caused by excessive machines on a network.
jumbo frames Usually 9000 bytes long, though technically anything over 1500 bytes qualifies, these frames make large data transfer easier and more efficient than using the standard frame size.
just a bunch of disks (JBOD) An array of hard drives that are simply connected with no RAID implementations.
K- Most commonly used as the suffix for the binary quantity 1024. For instance, 640K means 640 × 1024 or 655,360. Just to add some extra confusion to the IT industry, K is often misspoken as “kilo,” the metric value for 1000. For example, 10KB, spoken as “10 kilobytes,” means 10,240 bytes rather than 10,000 bytes. Finally, when discussing frequencies, K means 1000. So, 1 KHz = 1000 kilohertz.
kbps (kilobits per second) Data transfer rate.
Kerberos An authentication standard designed to allow different operating systems and applications to authenticate each other.
Key Distribution Center (KDC) System for granting authentication in Kerberos.
key fob Small device that can be easily carried in a pocket or purse or attached to a key ring. This device is used to identify the person possessing it for the purpose of granting or denying access to resources such as electronic doors.
key pair Name for the two keys generated in asymmetric-key algorithm systems.
keypad The device in which an alphanumeric code or password that is assigned to a specific individual for a particular asset can be entered.
kilohertz (KHz) A unit of measure that equals a frequency of 1000 cycles per second.
LAN (local area network) A group of PCs connected together via cabling, radio, or infrared that use this connectivity to share resources such as printers and mass storage.
last mile The connection between a central office and individual users in a telephone system.
latency A measure of a signal’s delay.
layer A grouping of related tasks involving the transfer of information. Also, a particular level of the OSI seven-layer model, for example, Physical layer, Data Link layer, and so forth.
Layer 2 switch Any device that filters and forwards frames based on the MAC addresses of the sending and receiving machines. What is normally called a “switch” is actually a “Layer 2 switch.”
Layer 2 Tunneling Protocol (L2TP) A VPN protocol developed by Cisco that can be run on almost any connection imaginable. LT2P has no authentication or encryption but uses IPsec for all its security needs.
Layer 3 switch Also known as a router, filters and forwards data packets based on the IP addresses of the sending and receiving machines.
LC (local connector) A duplex type of small form factor (SFF) fiber connector, designed to accept two fiber cables. See also local connector (LC).
LED (light emitting diode) Solid-state device that vibrates at luminous frequencies when current is applied.
leeching Using another person’s wireless connection to the Internet without that person’s permission.
legacy mode One of three modes used with 802.11n wireless networks where the wireless access point (WAP) sends out separate packets just for legacy devices.
legal hold The process of an organization preserving and organizing data in anticipation of or in reaction to a pending legal issue.
light leakage The type of interference caused by bending a piece of fiber-optic cable past its maximum bend radius. Light bleeds through the cladding, causing signal distortion and loss.
light meter An optical power meter used by technicians to measure the amount of light lost through light leakage in a fiber cable.
lights-out management Special “computer within a computer” features built into better servers, designed to give you access to a server even when the server itself is shut off.
Lightweight Access Point Protocol (LWAPP) Protocol used in wireless networks that enables interoperability between thin and thick clients and WAPs.
Lightweight Directory Access Protocol (LDAP) A protocol used to query and change a database used by the network. LDAP uses TCP port 389 by default.
Lightweight Extensible Authentication Protocol (LEAP) A proprietary EAP authentication used almost exclusively by Cisco wireless products. LEAP is an interesting combination of MS-CHAP authentication between a wireless client and a RADIUS server.
line tester A device used by technicians to check the integrity of telephone wiring. Can be used on a twisted-pair line to see if it is good, dead, or reverse wired, or if there is AC voltage on the line.
link aggregation Connecting multiple NICs in tandem to increase bandwidth in smaller increments. See also NIC teaming.
Link Aggregation Control Protocol (LACP) IEEE specification of certain features and options to automate the negotiation, management, load balancing, and failure modes of aggregated ports.
Link layer In the TCP/IP model, any part of the network that deals with complete frames.
link light An LED on NICs, hubs, and switches that lights up to show good connection between the devices. Called the network connection LED status indicator on the CompTIA Network+ exam.
link segments Segments that link other segments together but are unpopulated or have no computers directly attached to them.
link state Type of dynamic routing protocol that announces only changes to routing tables, as opposed to entire routing tables. Compare to distance vector routing protocols. See also distance vector.
link status A network analyzer report on how good the connection is between two systems.
link-local address The address that a computer running IPv6 gives itself after first booting. The first 64 bits of a link-local address are always FE80::/64.
Linux The popular open source operating system, derived from UNIX.
list of requirements A list of all the things you’ll need to do to set up your SOHO network, as well as the desired capabilities of the network.
listening port A socket that is prepared to respond to any IP packets destined for that socket’s port number.
LMHOSTS file A static text file that resides on a computer and is used to resolve NetBIOS names to IP addresses. The LMHOSTS file is checked before the machine sends a name resolution request to a WINS name server. The LMHOSTS file has no extension.
load balancing The process of taking several servers and making them look like a single server, spreading processing and supporting bandwidth needs.
local Refers to the computer(s), server(s), and/or LAN that a user is physically using or that is in the same room or building.
local area network (LAN) See LAN (local area network).
local authentication A login screen prompting a user to enter a user name and password to log into a Windows, macOS, or Linux computer.
local connector (LC) One popular type of small form factor (SFF) connector, considered by many to be the predominant fiber connector. While there are several labels ascribed to the “LC” term, it is most commonly referred to as a local connector. See also LC (local connector).
Local Exchange Carrier (LEC) A company that provides local telephone service to individual customers.
local user accounts The accounts unique to a single Windows system. Stored in the local system’s registry.
localhost The hosts file alias for the loopback address of 127.0.0.1, referring to the current machine.
lock In this context, a physical device that prevents access to essential assets of an organization, such as servers, without a key.
log Information about the performance of some particular aspect of a system that is stored for future reference. Logs are also called counters in Performance Monitor or facilities in syslog.
log management The process of providing proper security and maintenance for log files to ensure the files are organized and safe.
logic bomb Code written to execute when certain conditions are met, usually with malicious intent.
logical address A programmable network address, unlike a physical address that is burned into ROM.
logical addressing As opposed to physical addressing, the process of assigning organized blocks of logically associated network addresses to create smaller manageable networks called subnets. IP addresses are one example of logical addressing.
Logical Link Control (LLC) The aspect of the NIC that talks to the operating system, places outbound data coming “down” from the upper layers of software into frames, and creates the FCS on each frame. The LLC also deals with incoming frames by processing those addressed to the NIC and erasing ones addressed to other machines on the network.
logical network diagram A document that shows the broadcast domains and individual IP addresses for all devices on the network. Only critical switches and routers are shown.
logical topology A network topology defined by signal paths as opposed to the physical layout of the cables. See also physical topology.
Long Term Evolution (LTE) Better known as 4G, a wireless data standard with theoretical download speeds of 300 Mbps and upload speeds of 75 Mbps.
looking glass site Web site that enables a technician to run various diagnostic tools from outside their network.
loopback adapter See loopback plug.
loopback address Sometimes called the localhost, a reserved IP address used for internal testing: 127.0.0.1.
loopback plug Network connector that connects back into itself, used to connect loopback tests.
loopback test A special test often included in diagnostic software that sends data out of the NIC and checks to see if it comes back.
MAC (media access control) address Unique 48-bit address assigned to each network card. IEEE assigns blocks of possible addresses to various NIC manufacturers to help ensure that each address is unique. The Data Link layer of the OSI seven-layer model uses MAC addresses for locating machines.
MAC address filtering A method of limiting access to a wireless network based on the physical addresses of wireless NICs.
MAC filtering See MAC address filtering.
MAC reservation IP address assigned to a specific MAC address in a DHCP server.
MAC-48 The unique 48-bit address assigned to a network interface card. This is also known as the MAC address or the EUI-48.
macro A specially written application macro (collection of commands) that performs the same functions as a virus. These macros normally autostart when the application is run and then make copies of themselves, often propagating across networks.
mailbox Special holding area on an e-mail server that separates out e-mail for each user.
main distribution frame (MDF) The room in a building that stores the demarc, telephone cross-connects, and LAN cross-connects.
maintenance window The time it takes to implement and thoroughly test a network change.
malicious user A user who consciously attempts to access, steal, or damage resources.
malware Any program or code (macro, script, and so on) that’s designed to do something on a system or network that you don’t want to have happen.
man in the middle A hacking attack where a person inserts him- or herself into a conversation between two others, covertly intercepting traffic thought to be only between those other people.
managed device Networking devices, such as routers and advanced switches, that must be configured to use.
managed network Network that is monitored by the SNMP protocol consisting of SNMP managed devices, management information base (MIB) items, and SNMP manager(s).
managed switch See managed device.
management information base (MIB) SNMP’s version of a server. See Simple Network Management Protocol (SNMP).
mandatory access control (MAC) A security model in which every resource is assigned a label that defines its security level. If the user lacks that security level, they do not get access.
mantrap An entryway with two successive locked doors and a small space between them providing one-way entry or exit. This is a security measure taken to prevent tailgating.
manual tunnel A simple point-to-point connection between two IPv6 networks. As a tunnel, it uses IPsec encryption.
material safety data sheet (MSDS) Document that describes the safe handling procedures for any potentially hazardous, toxic, or unsafe material.
maximum transmission unit (MTU) Specifies the largest size of a data unit in a communications protocol, such as Ethernet.
MB (megabyte) 1,048,576 bytes.
MD5 (Message-Digest Algorithm Version 5) A popular hashing function.
mean time between failures (MTBF) A factor typically applied to a hardware component that represents the manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component.
mean time to recovery (MTTR) The estimated amount of time it takes to recover from a hardware component failure.
Mechanical Transfer Registered Jack (MT-RJ) The first type of small form factor (SFF) fiber connector, still in common use.
Media Access Control (MAC) The part of a NIC that remembers the NIC’s own MAC address and attaches that address to outgoing frames.
media converter A device that lets you interconnect different types of Ethernet cable.
Media Gateway Control Protocol (MGCP) A protocol that is designed to be a complete VoIP or video presentation connection and session controller. MGCP uses TCP ports 2427 and 2727.
medianet A network of far-flung routers and servers that provides sufficient bandwidth for video teleconferencing (VTC) via quality of service (QoS) and other tools.
mega- A prefix that usually stands for the binary quantity 1,048,576. One megabyte is 1,048,576 bytes. One megahertz, however, is 1,000,000 hertz. Sometimes shortened to meg, as in “a 286 has an address space of 16 megs.”
memorandum of understanding (MOU) A document that defines an agreement between two parties in situations where a legal contract is not appropriate.
mesh topology Topology in which each computer has a direct or indirect connection to every other computer in a network. Any node on the network can forward traffic to other nodes. Popular in cellular and many wireless networks.
Metasploit A unique tool that enables a penetration tester to use a massive library of attacks as well as tweak those attacks for unique penetrations.
metric Relative value that defines the “cost” of using a particular route.
metro Ethernet A metropolitan area network (MAN) based on the Ethernet standard.
metropolitan area network (MAN) Multiple computers connected via cabling, radio, leased phone lines, or infrared that are within the same city. A perfect example of a MAN is the Tennessee city Chattanooga’s gigabit network available to all citizens, the Chattanooga Gig.
MHz (megahertz) A unit of measure that equals a frequency of 1 million cycles per second.
Microsoft Baseline Security Analyzer (MBSA) Microsoft-designed tool to test individual Windows-based PCs for vulnerabilities.
MIME (Multipurpose Internet Mail Extensions) A standard for attaching binary files, such as executables and images, to the Internet’s text-based mail (24-Kbps packet size).
Miredo An open source implementation of Teredo for Linux and some other UNIX-based systems. It is a NAT-traversal IPv6 tunneling protocol.
mirroring Also called drive mirroring, reading and writing data at the same time to two drives for fault-tolerance purposes. Considered RAID level 1.
mixed mode Also called high-throughput, or 802.11a-ht/802.11g-ht, one of three modes used with 802.11n wireless networks wherein the wireless access point (WAP) sends special packets that support older standards yet can also improve the speed of those standards via 802.
modal distortion A light distortion problem unique to multimode fiber-optic cable.
model A simplified representation of a real object or process. In the case of networking, models represent logical tasks and subtasks that are required to perform network communication.
modem (modulator-demodulator) A device that converts both digital bit streams into analog signals (modulation) and incoming analog signals back into digital signals (demodulation). Most commonly used to interconnect telephone lines to computers.
modulation techniques The various multiplexing and demultiplexing technologies and protocols, both analog and digital.
modulator-demodulator (modem) See modem (modulator-demodulator).
monlist A query that asks an NTP server about the traffic between itself and peers.
motion detection system A feature of some video surveillance systems that starts and stops recordings based on actions caught by the camera(s).
mounting bracket Bracket that acts as a holder for a faceplate in cable installations.
MS-CHAP Microsoft’s dominant variation of the CHAP protocol, uses a slightly more advanced encryption protocol.
MTU (maximum transmission unit) See maximum transmission unit (MTU).
MTU black hole When a router’s firewall features block ICMP requests, making MTU worthless.
MTU mismatch The situation when your network’s packets are so large that they must be fragmented to fit into your ISP’s packets.
multicast Method of sending a packet in which the sending computer sends it to a group of interested computers.
multicast addresses A set of reserved addresses designed to go from one system to any system using one of the reserved addresses.
multifactor authentication A form of authentication where a user must use two or more factors to prove his or her identity; for example, some sort of physical token that, when inserted, prompts for a password.
multilayer switch A switch that has functions that operate at multiple layers of the OSI seven-layer model.
multilink PPP A communications protocol that logically joins multiple PPP connections, such as a modem connection, to aggregate the throughput of the links.
multimeter A tool for testing voltage (AC and DC), resistance, and continuity.
multimode Type of fiber-optic cable with a large-diameter core that supports multiple modes of propagation. The large diameter simplifies connections, but has drawbacks related to distance.
multimode fiber (MMF) Type of fiber-optic cable that uses LEDs.
multiple in/multiple out (MIMO) A feature in 802.11 WAPs that enables them to make multiple simultaneous connections.
multiplexer A device that merges information from multiple input channels to a single output channel.
Multiprotocol Label Switching (MPLS) A router feature that labels certain data to use a desired connection. It works with any type of packet switching (even Ethernet) to force certain types of data to use a certain path.
multisource agreement (MSA) A document that details the interoperability of network hardware from a variety of manufacturers.
multiuser MIMO (MU-MIMO) Feature of 802.11ac networking that enables a WAP to broadcast to multiple users simultaneously.
MX records Records within DNS servers that are used by SMTP servers to determine where to send mail.
My Traceroute (mtr) Terminal command in Linux that dynamically displays the route a packet is taking. Similar to traceroute.
name resolution A method that enables one computer on the network to locate another to establish a session. All network protocols perform name resolution in one of two ways: either via broadcast or by providing some form of name server.