1D Telecommunications term that specifies a single D (delta) channel used to convey control and signaling information in an ISDN.

3-tier Application architecture composed of separate client, application services, and data services layers.

10Base2 “Thinnet” IEEE 802.3a Ethernet standard that defines communication at 10 Mbps using thin coaxial cable.

10Base5 “Thicknet” IEEE 802.3 Ethernet standard that defines communication at 10 Mbps using thick coaxial cable.

10Base-T IEEE 802.3i Ethernet standard that defines communication at 10 Mbps using unshielded twisted-pair cable.

10GBase-T (10 GigE) IEEE 802.3an Ethernet standard that defines communication at 10,000 Mbps using twisted-pair cable.

25GBase-T (25 GigE) IEEE 802.3bq Ethernet standard that defines communications at 25 Gbps using twisted-pair cable.

40GBase-T (25 GigE) IEEE 802.3bq Ethernet standard that defines communications at 40 Gbps using twisted-pair cable.

100Base-TX IEEE 802.3u Ethernet standard that defines communication at 100 Mbps using unshielded twisted-pair cable.

1000Base-T (GigE) IEEE 802.3ab Ethernet standard that defines communication at 1,000 Mbps using unshielded twisted-pair cable.

568A Telecommunications standard that defines pin configuration for the RJ-45 cable terminator.

568B Telecommunications standard that defines pin configuration for the RJ-45 cable terminator.

3270 terminal emulation Software that is used for PCs and workstations to mimic an IBM SNA mainframe terminal device.

AAA server A server that provides authentication, authorization, and accounting for a network.

Acceptable Use Policy (AUP) Written policy that defines uses that are acceptable for computers and networking equipment and uses that are unacceptable.

Access control list List of identities and permissions specifically granted or denied each identity.

Access point A networking device that enables wireless devices to connect to a local area network (LAN).

Active Directory (AD) Directory service developed by Microsoft for its Windows operating system.

Active fault detection A fault detection technique that involves taking action to determine if everything is working properly.

Active virtual forwarder (AVF) Devices in a GLBP group that maintain virtual MAC addresses to help direct traffic in a virtual group.

Active virtual gateway (AVG) Networking device nominated by participants in GLBP to act as the IP default gateway router for the group.

Address resolution The process of finding an IP address for a host name.

Address Resolution Protocol (ARP) A communications protocol that network devices use to find a Link Layer address (MAC address) from a Network Layer address (IP address).

Advanced Encryption Standard (AES) A symmetric block cipher that can be used to encrypt and decrypt data, developed to satisfy the Federal Information Processing Standard required by U.S. government agencies. AES is capable of processing 128-, 192-, and 256-bit keys to encrypt data blocks up to 128 bits in length.

Advanced persistent threat (APT) An attacker agent that compromises a network and remains undetected for an extended period of time.

AES-256 Advanced Encryption Standard (AES) symmetric key encryption algorithm that uses a 256-bit encryption key.

Alarm A response to an event to indicate something noteworthy has occurred.

Alert A response to an event that notes an event has occurred.

All broadcast address Network address that indicates a frame should be sent to all known addresses in a subnet.

Alternating current Electrical current that cyclically changes direction.

American National Standards Institute (ANSI) A private non-profit organization that oversees the creation of U.S. business consensus standards, and provides accreditation to organizations in conformance with these standards.

Amplitude A metric that expresses the change of a value over a period of time.

Analog Transmission method that uses a continuously variable signal, as opposed to digital transmission that uses two distinct signal values.

Analog telephone adapter (ATA) A device that converts an analog voice signal from the analog telephone into a digital signal for the IP network.

Ant+ An interoperability extension to the proprietary ANT wireless networking protocol developed by Garmin. Specifies definitions, or ‘device profiles,’ for sending sensor data sent over an ANT network in a consistent way.

ARPANET (Advanced Research Projects Agency Network) Predecessor of the Internet, this DoD-sponsored research network was the first to implement a decentralized, fault-tolerant, large-scale network that used the TCP/IP network protocol suite.

ASCII (American Standard Code for Information Interchange) Character coding standard for electronic communication.

Asymmetric encryption system A system that uses a public key to encode data and a private key to decrypt data.

Asynchronous Transfer Mode (ATM) Prebroadband high-speed transport service that supported voice, video, and data.

Attack surface A collection of all of the vulnerable points of a system.

Attenuation Loss or degradation of electrical signal.

Audio conference The ability for two or more persons to share a common voice communication, usually implemented via an intermediate phone or a shared conference bridge.

Audit A formal comparison of system performance to standard metrics to assess how well, or poorly, an environment matches desired performance.

Authorization, authentication, and accounting (AAA) A computer security term referring to a framework for controlling and recording access to computer resources and applications.

Automated teller machine (ATM) A computerized telecommunications device that allows bank customers access to financial transactions.

Autonomous system (AS) A grouping of connected IP networks that are managed, maintained, and controlled by a common administrator.

Availability Ensuring that authorized agents can access data and services on demand.

Available Bit Rate (ABR) An ATM network service category which specifies an increase or decrease to traffic bit rates, according to currently available bandwidth, so long as time synchronization between endpoints is not required. One of the five defined ATM service categories.

Backbone A topology used to connect several smaller networks to create a larger, segregated network.

Bandwidth The rate of data transfer or throughput; a theoretical maximum capability of a specific physical medium.

Baseline definition A reference point representing the normal operating performance of a resource, against which future performance can be compared in order to identify anomalous patterns and behavior.

Baselines Collections of performance measurements at a particular point in time.

Basic Rate Interface (BRI) ISDN configurations primarily used for voice-grade telephone service.

Basic Service Set (BSS) A WLAN network that includes an access point.

Benchmark Set of configuration settings or metrics that represent a known state.

Bind Task used to authenticate Windows clients and the users to a directory service.

Bit error rate (BER) The ratio of the total number of bits transmitted to the bits that were modified in transmission.

Blockchain A decentralized digital ledger in which transaction records (or blocks) are cryptographically linked together in a single list (or chain) that is maintained across computers in a peer-to-peer network.

Bluetooth A short-range wireless technology that exchanges data between devices via ultra high frequency (UHF) radio waves in the 2.4 to 2.485 GHz range.

Border Gateway Protocol (BGP) An exterior hybrid routing protocol that routes messages between networks and AS.

Botnet Workstations that have been infected with remote-controlled malware and are part of a collection of other remotely controlled infected workstations.

Bridge A layer 2 networking device that connects (or bridges) multiple networks into a single aggregate network or broadcast domain.

Bring your own device (BYOD) The practice of using personal devices to connect to enterprise network services and resources.

Broadband Telecommunications signal of greater bandwidth than normal signals.

Broadcast address Address used to transmit to all nodes on the network; the last address in a network.

Broadcast domain The collection of all nodes that are connected to the same set of repeaters, hubs, switches, and bridges.

Broadcast storm A situation in which broadcast messages get forwarded and replicated to a point that the network cannot handle all of the traffic.

Broadcasting Sending a packet to a complete range of IP addresses.

Brouter A network device that combines the functionality of a switch/bridge and a router. The device uses MAC addresses for local devices and IP addresses for remote devices.

Building backbone High-speed network bus architecture that spans an entire building.

Bus topology A network layout that starts with a central high-speed cable. The main cable runs throughout the organization’s physical space and provides accessible connections anywhere along its length.

Business continuity planning (BCP) Planning primarily for the people response to a disaster. The elements that would be included in BCP are policy related to the continuation of business during and immediately following a disaster.

Business impact analysis (BIA) Process that results in a list of activities necessary for an organization to conduct business operations.

Business process management (BPM) A process of aligning business processes and mapping each one to software applications and IT solutions.

Business to business (B2B) E-commerce model that describes activities that involve doing business with other businesses.

Business to consumer (B2C) E-commerce model that describes business activities that involve providing products or services directly to end consumers.

Business to government (B2G) E-commerce model that describes activities that support business activities between commercial organizations and government agencies, also called public sector organizations (PSO).

Cable tester Hardware device to test the continuity and functionality of a segment of networking cable.

Campus backbone A backbone that connects other backbones to create a larger network.

Cannibalization The practice of removing components from one device or computer to replace a defective component in another computer or device.

Capacity The number of nodes and the amount of shared bandwidth available to each node and coverage.

Capacity planning Assessment of current and future bandwidth needs of a network to determine the level of investment required to meet performance goals.

Carrier sense multiple access/collision detection (CSMA/CD) Ethernet media access control method.

Cellular Refers to a network of distributed transceivers which provide wireless access to the network within limited land areas, known as cells.

Central office Telephone service office that houses many switches to route local voice calls to their destination.

Certificate See Digital certificate

Certificate Authority (CA) Trusted entity that issues digital certificates.

Change control board (CCB) Committee that must review and approve any changes before each change is allowed to occur.

Channel bandwidth The difference between the upper and lower frequencies in a defined channel. Higher bandwidth equates to faster network speed.

Channel bonding The practice of joining multiple channels together to increase the effective bandwidth in a network.

Checksum A mathematical calculation that verifies the length and integrity of the transmitted Ethernet frame to a destination.

Cipher key The string of characters used in a cryptographical algorithm that specifies the output of an encryption or decryption operation.

Circuit-switched A network that sets up a circuit for each conversation. All messages during the conversation follow the same path from source to destination.

Class of Service (CoS) Labels in Layer 2 frames used by MPLS to prioritize some frames over others.

Classful network The original addressing architecture used for the Internet.

Classless Inter-Domain Routing (CIDR) A strategy that allows IANA to segment any IPv4 address space to define larger or smaller networks as needed.

Client-based Application architecture in which user interface, business logic, and data access functionality are all handled by the client, while a server handles data storage.

Client/server Application architecture in which user interface and business logic functionality are handled by the client, while a server handles data storage and data access.

Client/server internetworking The ability for nodes in a network to communicate in a client/server fashion through use of the appropriate application-layer protocols.

Clipping level Configuration settings for biometrics authentication devices used to balance Type I and Type II errors.

Cloud computing The use of rented processing capability on a service provider’s infrastructure, often provided through the use of virtualization.

Cloud service provider (CSP) A third-party company providing on-demand access to computing resources without requiring the user to directly manage such resources.

Coaxial cable A type of electrical cable with an inner conducting core surrounded by a layer of insulation, then surrounded with a conducting shield.

Code division multiple access (CDMA) A method whereby several network nodes can transmit data simultaneously over a single communications channel.

Codec A software program or hardware device that converts an analog signal to digital and a digital signal to analog.

Collaboration An application that allows multiple users to communicate online as a group.

Collaborative conference A communication between two or more persons, often in different geographic locations, using tools such as shared whiteboards, applications, and computer desktops.

Collapsed backbone A network topology that minimizes traffic flowing between departmental LANs by replacing a bus with one or more central switches.

Collision Any time two or more network nodes transmit messages at the same time. A collision results in a garbled message.

Collision domain The collection of nodes that exchange unfiltered traffic with other nodes.

Committee of Sponsoring Organizations (COSO) of the Treadway Commission Initiative headed by private sector organizations to develop frameworks on enterprise risk management and internal control.

Common Management Information Protocol (CMIP) A protocol that defines an implementation for communicating between management applications and their agents.

Common Vulnerabilities and Exposures (CVE) Publicly available searchable database of known security vulnerabilities and exploits.

Compensating security control An alternate security control that may be used when a primary control is not feasible.

Complementary code keying (CCK) A modulation scheme defined in the IEEE 802.11b standard.

Computer Security Incident Response Plan (CSIRP) A formal plan that documents how to respond to security incidents.

Computer Security Incident Response Team (CSIRT) An organized team with the primary responsibility of responding to computer security incidents.

Conferencing Engaging in conversation with medium and large groups of people.

Confidentiality The security requirement that only authorized users be allowed to access sensitive information.

Configuration management The process of ensuring that changes to network and device configurations are properly evaluated, authorized, implemented, and documented.

Connection medium Physical method to link network devices together.

Connection-oriented protocol A communication protocol that sets up a connection with the remote node before exchanging messages with it. Both participants in the conversation use the same connection for the duration of the conversation.

Connectionless protocol A communication protocol that doesn’t require a predefined connection and treats each packet as a separate entity.

Constant Bit Rate (CBR) An ATM network service category which specifies a constant bit rate for traffic across an established end-to-end path. Used when strict time synchronization between endpoints is required. One of the five defined ATM service categories.

Continuity of operations planning (COOP) The U.S. federal government process for business continuity planning, providing continuity of operations planning that includes comprehensive procedures and provisions for alternate facilities, personnel, resources, interoperable communications, and vital data.

Control Objectives for Information and Related Technology (COBIT) A technology management and IT governance framework developed by ISACA.

Convergence The amount of time it takes for a network to find and initiate a backup or redundant link in the event of failure of a primary link.

Cost A relative metric value used to set the condition of comparison.

Coverage The attempt to provide the same level of signal strength to all network nodes.

Crossover A cable configuration where the pin connections are crossed-over: the input on one end is connected to the output on the other end. Used to support communication between devices of the same type without requiring an intermediary device (such as a switch). Contrast with straight-through cabling.

Cryptolocker Ransomware malware that targets Windows computers.

CSMA/CD (carrier sense multiple access with collision detection) The media access control mechanism for how network-attached devices listen to the network before transmitting with collision detection.

Cyclical redundancy check (CRC) Error-detecting code used to detect changes in transmitted network traffic during transmission.

Dashboard Collection of visual representations of key performance metrics, organized into an easy-to-use graphical interface to help management assess status and make decisions.

Data access Application software layer responsible for fetching and storing data, such as a database management system.

Data circuit-terminating equipment (DCE) A device located between a DTE device and a data transmission circuit. The DCE device converts a DTE signal into a transmission format for the attached circuit. A modem is a common DCE device.

Data leakage The unauthorized disclosure or movement of sensitive data.

Data Link header An informational segment of an Ethernet frame that specifies its source address, destination address, and three additional control fields: kind, seq, and ack. Also referred to as Frame Header.

Data loss prevention (DLP) Techniques, often implemented in software, to detect and prevent potential data breaches.

Data storage Low-level software, such as file systems, that is stored on storage devices (and retrieves data on demand.)

Data terminal equipment (DTE) A device that converts user input to signals and converts received signals into user output. DTE devices normally allow users to interact with computer systems.

Database management system (DBMS) Data access software that defines structured data repositories and provides create/read/update/delete capability to application software.

Datagrams Layer 3 protocol units of data sent to a destination node; also called network packets.

Deauthentication The process whereby an access point instructs a client to disconnect from it; especially in the context of a Wi-Fi denial-of-service attack, in which an attacker forces deauthentication of a client in order to capture login information during the subsequent reauthentication phase.

Decode To convert a digital signal to an analog signal.

Default route Packet forwarding rule that is used when a device cannot determine a specific (i.e., better) route.

Defense in depth (DiD) Multiple countermeasures that an attacker must compromise to reach any protected resource. It’s often described as a series of concentric rings around protected resources.

Delay A metric that essentially measures a link’s throughput or transit time: The duration time for a packet to completely navigate a link end-to-end. A routing protocol using a delay metric favors the link with the least delay.

Denial of Service (DoS) Malicious attack that overwhelms a network, device, or service to interrupt normal network operation.

Deny-all principle Approach to access control that starts by denying all permissions, and only provides overrides for explicitly granted permissions.

Demilitarized zone (DMZ) A separate network that allows connections from external networks and internal LANs; in most cases, it’s separated from each network by a firewall.

Designated ports (DPs) The ports to network segments with the lowest root path costs.

Dial-up Legacy network connection method of using a modem (device) to establish a connection by initiating a voice-grade telephone call with a remote computer.

Differentiated Services (DiffServ) A networking architecture that classifies and manages IP traffic at a network boundary in order to provide Quality of Service. Each packet is marked as belonging to one of several limited traffic classes and assigned that class’s corresponding DiffServ Code Point (DSCP) in the packet header. The DSCP is inspected when the packet traverses the network boundary in order to ascertain its class, and then the packet is prioritized based on conditions set for that class.

DiffServ Code Point (DSCP) A value entered in the Differentiated Services (DS) field of a packet header to indicate the Differentiated Service (DiffServ) class it belongs to. Used for classful traffic prioritization in a DiffServ networking architecture.

Dig A command-line tool used to obtain DNS records by querying domain name servers. Installed by default on MacOS and most Linux operating systems.

Digital Transmission method that uses two distinct signal values, high and low, or 0 and 1, as opposed to analog transmission that uses a continuously variable signal.

Digital certificate Electronic document used to prove a public key’s owner.

Digital signature Application used to verify that the sender of a document, image, or message is a trusted source.

Direct current Electrical current that always travels in a single direction.

Direct sequence spread spectrum (DSSS) A modulation technique included in the IEEE 802.11x standards.

Disaster recovery planning (DRP) Planning primarily for the technical response to a disaster.

Discard A situation in which a network device drops one or more packets.

Distance-vector routing protocols Types of routing protocols that maintain a routing table containing route metrics provided by neighboring routers on which routing decisions are made.

Distributed Denial of Service (DDoS) A DoS attack that uses a network of compromised computers to initiate the attack from multiple sources.

Distributed switches Switches participating in a distributed switching architecture, especially those other than the central switch.

Distributed switching Architecture that uses multiple switches, as opposed to concentrating traffic through a central switch. Distributed switches are often arranged hierarchically.

Docker A platform-as-a-Service (PaaS) product that provides OS-level virtualization via isolated software packages called containers. In contrast to traditional virtual machines, which virtualize both the underlying computer and OS, Docker containers virtualize only the OS. Furthermore, containers share the host computer’s OS kernel and many of its resources, requiring less reproduction of OS code and resulting in a much “lighter” image than that of a traditional VM.

Domain controller (DC) A server that manages user authentication services and granting access to domain resources.

Domain Name System (DNS) A hierarchical naming system that allows organizations to associate host names with IP address name spaces.

Dot notation Standard notation for IPv4 addresses.

Downtime Amount of time a resource is not operating due to maintenance, fault, or malicious activity, often expressed as an annual metric.

DS0/DS1/DS3 Leased line communications protocols used in legacy switches.

Dual IP stack A network software implementation in which the operating system supports both IPv4 and IPv6 using two separate network stacks for the Internet Protocol.

Dual stack Describes a network in which all nodes are configured to handle both IPv4 and IPv6 network traffic.

Dual touch multi-frequency (DTMF) Technology in which telephones transmit digits using different voltages.

Dumb terminals Terminal devices that do little more than send and receive sequences of characters to and from a host computer.

Dynamic Host Configuration Protocol (DHCP) An automatic configuration protocol used to assign device attributes to devices on IP networks.

Dynamic provisioning On-demand deployment of computing resources, typically through a central administration console. Provides a flexible and scalable environment to meet fluctuating needs.

Dynamic rate shifting (DRS) Adapts the nominal bit rate of a wireless node to better use a communication channel.

Dynamic route A responsive or adaptive route that can provide alternative pathing for traffic based on the current conditions of the network. Constrast with static route.

Dynamic routing Using links determined by a routing protocol through information from other routers.

E-commerce The practice of doing business with remote customers over the Internet.

E1/E2/E3 Specifications for the E-carrier telecommunications system and standards, used predominantly in Europe. The numeral suffix indicates the circuit being used. The primary distinction between each circuit is the number of channels employed and the bit rate assigned to each of those channels.

E.164 International telecommunications number routing plan.

EAP encapsulation over LAN (EAPoL) Defines encapsulation of EAP over the IEEEE 802 network standards, enabling Port-Based Network Access Control (PNAC); also known as IEEE 802.1X.

EAP-Flexible Authentication via Secure Tunneling (EAP-FAST) An EAP protocol developed by Cisco that transmits credentials within a secure TLS tunnel, and maintains proof of authentication via Protected Access Credentials. Created to address the security vulnerabilities in Cisco’s earlier LEAP protocol, and as a lightweight alternative to PEAP due to its lack of requirement for server-side certificates.

EAP-Transport Layer Security (EAP-TLS) An EAP protocol that provides a method for authenticating via Transport Layer Security, requiring both a server-side and client-side certificate (in most implementations).

EAP-Tunneled Transport Layer Security (EAP-TTLS) An extension of the EAP-TLS protocol that provides a method for authentication via a TLS tunnel. Unlike EAP-TLS, only a server-side certificate is required, and the client is then authenticated through the established TLS tunnel.

EBCDIC Character encoding technique primarily used on legacy IBM mainframe and midrange computers.

Edge network A network at the last 100 meters or 300 feet from a wiring closet, where desktops physically connect to the network.

Electronic Industries Association (EIA) An alliance of standards and trade organizations for electronics manufacturers in the United States. EIA changed its name to the Electronic Industries Alliance in 1997. EIA ceased operations as a unified organization as of February 11, 2011, but its member organizations still operate independently.

Encapsulation The process of adding the IP header data to a network packet.

Encode To convert an analog signal to a digital signal.

Endpoint A device that participates in communications over a network.

Enhanced Interior Gateway Routing Protocol (EIGRP) A hybrid interior routing protocol that combines the shortest-path considerations of a link-state routing protocol with the metrics of IGRP.

Enterprise business An organization with more than 500 employees.

Escalation procedure Definition of criteria that requires an incident’s priority to increase, often accompanied with additional notification and increase action.

Ethernet A family of networking technologies that define how computers and devices communicate on a LAN.

Ethernet tagging Same as IEEE 802.1Q, where Ethernet frames are labeled with a tag number to designate a specific VLAN.

Event Any action that occurs in network operation.

Evil twin An wireless access point that masquerades as an existing, legitimate access point in order to eavesdrop on wireless clients.

Explicit Congestion Notification (ECN) An extension to the Internet Protocol and the Transmission Control Protocol that facilitates explicit notification of network congestion to attached endpoints, as an alternative to implicit signals through the dropping of packets. Provides a way to inform endpoints of impending packet drops before they occur.

Extended Service Set (ESS) A WLAN that links together two BSS networks with a common linking device.

Extensible Authentication Protocol (EAP) An authentication method that is used in WLANs and point-to-point connections.

Exterior routing protocols Protocols that route messages outside an AS or between two networks.

Extranet A remotely accessible network that an organization makes accessible to its business partners and suppliers through the public Internet. An extranet is a secure network that requires proper access controls and authentication before granting access.

False negative Error that incorrectly classifies a positive result as a negative result.

False positive Error that incorrectly classifies a negative result as a positive result.

Family Educational Rights and Privacy Act (FERPA) Federal act that protects student data privacy.

Fault Any malfunction of a network hardware or software component.

Fault management The collection of procedures, devices, software programs, and actions that enable network administrators to detect and respond to faults.

Fault tolerance The ability to encounter a fault, or error, of some type and still support critical operations.

FCAPS A model that focuses on five primary areas of network management: fault, configuration, access control/accounting, performance, and security management.

Federal Information Security Modernization Act (FISMA) Federal act that defines information security policies and requirements for federal agency information systems.

Fiber distributed data interface (FDDI) A set of standards for transmission of data over fiber optic cable in a local area network (LAN).

Fiber optic Cabling technology that transmits signals using light instead of electricity.

Fiber Channel A high-speed serial data transmission protocol that supports several higher-level protocols in addition to its own Fiber Channel Protocol (FCP). Most often used in storage area networks to connect data storage devices and servers.

File Transfer Protocol (FTP) Networking protocol used to transfer digital files between network nodes.

Filtering Allowing or denying traffic based upon a set of rules.

Firewall A program or dedicated hardware device that inspects network traffic passing through it. It then denies or permits that traffic based on a set of rules determined from a stored configuration.

Flat backbone Network architecture in which department LANs each connect to a common backbone.

Flat topology A network layout that uses Layer 2 switching only and has no addressing hierarchy.

Flush timer A timer that removes (flushes) a suspect route from the routing table 60 seconds after it has completed a hold-down period.

Forwarding Sending traffic towards its destination, when that destination is a device other than the one on which the traffic was received.

Forwarding information base (FIB) A list of the next hop router for each known destination prefix (or network number).

Fragmentation Process in which IP software chops packets into smaller packets, allowing computers to send large packets across a network that can only handle smaller packets.

Frame A term used to describe a Data Link Layer frame format such as Ethernet v2.0 or IEEE 802.3 CSMA/CD, etc.

Frame format The informational structure of an Ethernet frame. Defines the field lengths within each frame, and the meaning of the values within each field.

Frame relay Wide area network technology that uses packet switching.

Frequency The rate of a signal used to send and receive network traffic, measured in hertz (cycles per second.)

Full duplex A mode of operation in which both ends of a connection between computers can communicate simultaneously.

Fully connected mesh A network topology in which all nodes are directly connected to every other node.

Gap remediation The process of resolving security deficiencies discovered during a gap analysis in order to achieve regulatory compliance.

Gateway A network device that connects two networks that use different protocols.

Gateway Load Balancing Protocol A proprietary Cisco protocol that provides load sharing and fault tolerance in an IP network. All routers are placed in a single virtual router group, and assigned the same virtual IP but each a unique virtual MAC address (unlike VRRP or HSRP, wherein the MAC addresses are identical). One router is elected Active Virtual Gateway, while the remaining routers are elected Active Virtual Forwarders. The Active Virtual Forwards share the load by participating in packet forwarding, and are prepared to take over the AVG role in the event of a failure.

General Data Protection Regulation (GDPR) European Union (EU) privacy regulation that restricts how any organization can collect and use EU citizen private data.

Geofencing Defining a virtual perimeter, that corresponds to a geographical area, for the purpose of performing a pre-programmed action when a location-aware device crosses that perimeter.

GIF (Graphics Interchange Format) Bitmap image file format.

GNS3 A graphical network simulator used to emulate simple and complex networks for training and proofing purposes. Allows a combination of both real and virtualized network devices.

Gramm–Leach–Bliley Act (GLBA) Also called the Financial Services Modernization Act, GLBA requires financial services organizations to disclose and explain how they share customer data.

Graph A mathematical representation of a set of objects.

H.254 A video compression standard.

H.323 A VoIP packet-based standard that supports audio, video, and data communications across IP networks.

Half duplex A mode of operation in which both ends of a connection between computers can communicate, but only one at a time.

Health Insurance Portability and Accountability Act (HIPAA) Act that protects health-related information and restricts how that information is collected, stored, shared, and used.

Hertz Unit of frequency that describes cycles per second.

Hierarchical structure Network, application, or other structure in which components all have a common ancestor, or root, followed by the root’s immediate children, and those children’s children. The visualization of a hierarchical structure is often called a tree diagram.

Hold-down A router state in which route updates received for a currently unreachable network are discarded. The hold-down state ends once the hold-down timer has finished counting down.

Hold-down timer A timer that counts down a period of time during which a particular path is suspended.

Honeynet A collection of honeypots, intended to simulate a production network.

Honeypot A computer system intended to attract malicious actors. A honeypot is usually running services and hosting data that appears legitimate in order to bait the attacker into wasting their time and resources. Honeypots are typically used to improve an organizations security posture (through the aforementioned time and resource wasting), and/or as a means of gathering information on the attack methods being employed.

Hop count The number of routers (hops) a packet must pass through to reach the network of its destination address.

Host intrusion detection system (HIDS) Software that monitors network traffic for a specific host and triggers an alert when any suspected malicious traffic is detected.

Host-based A computer system that consists of a central powerful computer with many users that connect directly to it.

Hosting/hosted service provider (HSP) A company that usually provides services such as UC, VoIP, or other applications.

Hosting infrastructure An organizational chart of all computing resources and services that reside in your datacenter environment(s).

Hot Standby Routing Protocol (HSRP) Cisco protocol that aggregates multiple physical routers and presents them as a single virtual router to the network.

Hub A simple network device with multiple ports that echoes every message it receives to all ports.

Hybrid cloud An environment composed of at least one private and one public cloud infrastructure.

Hybrid topology A network layout that contains several different topologies.

Hyperconnectivity The state of being in close proximity to multiple devices that are perpetually connected to the Internet.

Hyperlink Standard reference to a remote reference that a user can follow by clicking, which results in a browser application translating the reference into an HTTP request.

Hypertext Markup Language (HTML) Markup language for displaying documents in a web browser application.

Hypertext Transport Protocol (HTTP) Networking protocol used for communication between web browsers and web servers.

Hypervisor A computer software that creates, runs, and manages virtual machines. Falls into one of two categories: 1) Type 1, or “bare metal,” in which the hypervisor is an operating system itself that runs directly on the host hardware, and 2) type 2, or “hosted,” in which the hypervisor operates in the software layer of an existing OS.

Identification The process of making an identity claim. Often followed by authentication (verifying the identity claim).

Identity access management (IAM) A framework for identifying, authenticating, and authorizing individuals or groups through association of user rights and restrictions with established profiles or identities.

IEEE 802.1Q Standard for VLAN tagging.

IEEE 802.1X Standard that provides centralized authentication of wired or wireless users or stations and has the capability to work simultaneously with multiple authentication algorithms.

IEEE 802.3 A collection of standards that define the Data Link Layer protocol for accessing wired Ethernet.

IEEE 802.3 CSMA/CD Standard for the Ethernet LAN specification.

IEEE 802.3af–2003 Power over Ethernet standard and specification up to 15.4 watts of electrical power.

IEEE 802.3at–2009 Power over Ethernet standard and specification up to 25.5 watts of electrical power.

IEEE 802.5 token ring Standard for 4 Mbps/16 Mbps token ring LANs.

Incident Any event that violates, or potentially could violate, the organization’s security policy.

Incident response plan (IRP) Formal plan to identify and respond to computer security incidents.

Incident response team (IRT) A special team formed to handle security incidents when they occur.

Independent Basic Service Set (IBSS) A peer-to-peer WLAN designation for each node in an ad hoc mode network.

Industrial, scientific, and medical (ISM) bands The 2.4 GHz bandwidth allocated to unlicensed use and used for 802.11b/g/n.

Information Technology Infrastructure Library (ITIL) Collection of best practices for managing IT services, focusing on aligning IT services with organizational goals.

Infrared Electromagnetic radiation (EMR) with a wavelength range from slightly greater than the red (or long) wavelength of the visible light range, to the microwave range. Cannot be seen with the human eye but can be felt as heat.

Instant message (IM chat) A real-time communication application supported by SIP; it offers text messaging between users.

Institute of Electrical and Electronics Engineers (IEEE) A global association that defines and publishes standards for many aspects of electronic components and communication.

Integrated Services Digital Network (ISDN) Set of communications protocols for transmitting digital signals for voice and data over traditional telephone lines.

Integrity The security requirement that only authorized users be allowed to modify sensitive information.

Intellectual property (IP) Intangible expressions of human creativity, such as art, music, brands, or written work.

Interior Gateway Routing Protocol (IGRP) An interior distance-vector routing protocol that exchanges routing information with other routers within its AS.

Interior routing protocols Protocols that perform routing functions among the routers owned by a single entity or under the control of a single network administrator.

Intermediate distribution frame A physical location where a building’s backbone terminates to provide connectivity to local devices.

International Telecommunications Union (ITU) The agency within the United Nations responsible for global standardization of telecommunications practices and procedures.

Internet A global network made up of interconnected networks that all use the standard Internet Protocol Suite (TCP/IP).

Internet Assigned Numbers Authority (IANA) The organization responsible for coordinating IP addresses and resources around the world.

Internet Control Message Protocol (ICMP) A protocol that defines how control messages are exchanged between nodes in a network.

Internet Engineering Task Force (IETF) A global volunteer organization that develops and promotes Internet standards.

Internet Message Access Protocol (IMAP) Networking protocol used to access email messages.

Internet of Things (IoT) A collection of computing devices of all types and sizes connected to one another via the Internet.

Internet Protocol (IP) The primary protocol, or set of communication rules, used to transmit messages across the Internet and similar networks.

Internet Protocol (IP) address See IP address.

Internet Protocol suite See TCP/IP suite.

Internet service provider (ISP) An organization that provides access to the Internet.

Internet Small Computer System Interface (iSCSI) A storage area network protocol that provides block-level access to storage devices over a TCP/IP network. Allows servers to use remote storage as if it were directly attached.

Internetworking The interconnecting of two or more LANs or networks.

Intranet An internal network, generally only accessible from locations in an organization’s physical space.

Intrusion detection system (IDS) Software or network device that examines network traffic and issues alarms when suspected malicious activity is detected.

Intrusion prevention system (IPS) Software or network device that examines network traffic and stops suspected ongoing attacks (along with issuing alarms) when suspected malicious activity is detected.

Invalid timer With a routing table, a timer that marks a route invalid if the timer reaches zero before another update is received to refresh the route.

IP address A numeric label assigned to each computer or device connected to a network that uses the Internet Protocol.

IP Address Management (IPAM) Software tool that help manage how IP addresses are reserved and assigned.

IP default gateway router Network device that forwards network traffic that is addressed to hosts on other networks.

IP Multimedia Subsystem (IMS) A framework for delivering multimedia services over IP networks.

IP phone Device designed to use voice over IP (VoIP) methods for transmitting phone calls over an IP network. Contrasts with phone calls placed over the traditional public switched telephone network (PSTN).

IP reservation Reserving one or more IP addresses to be statically assigned to desired devices.

IP telephony All systems that implement digital telephony over IP networks.

Ipconfig/Ifconfig Utilities to display and manage network configuration settings for computers and devices.

Iptables A command-line firewall utility for the Linux operating system. Permits or denies traffic based on rule chains contained within tables. Tables specify the type of packet processing (such as NAT or filtering), while the rule chain(s) to traverse is determined by the origin and destination of the packet.

ISO/IEC 27000 ISO information security standard that provides best practices for implementing information security controls.

IT asset management (ITAM) Software tools to help manage IT assets and configuration settings.

Jitter The variable delay that causes gaps in a conversation due to uneven data flow.

JPEG A lossy compression method for storing images that are smaller but lower quality.

Just-in-time (JIT) A production strategy in which finished goods are completed and available to a subsequent process in the supply chain when they are needed, and not before.

Kerberos An authentication protocol that uses tickets to allow computers and users to access protected resources.

Laptop Portable battery-powered computer that is small and light enough to use while resting on the user’s lap.

Latency The amount of time required for a message to reach its destination, measured in milliseconds (mSec).

Layer 2 A term used to represent the OSI model Data Link Layer.

Layer 2 switch A networking device that operates on the data link layer of the OSI model, performing forwarding actions based only on the MAC addresses; examines Frame headers but not Packet headers. Contrasts with a layer 3 (Network) switch, which can also make forwarding decisions based on IP addresses (routing).

Layer 2 Tunneling Protocol (L2TP) A tunneling networking protocol that operates at Layer 2 and is used to create virtual private networks (VPNs).

Layer 3 The OSI model Network Layer.

Least privilege The security principle that users possess only the minimum access privileges they need to complete their assigned tasks.

Lightweight Directory Access Protocol (LDAP) An open-standard application protocol used to implement and manage vendor-neutral directory services in an IP network.

Lightweight Extensible Authentication Protocol (LEAP) Cisco Systems’ version of EAP. It supports dynamic key encryption and mutual authentication.

Line of sight A requirement of some wireless communication technologies where each transceiver must be in view of the other, with no other obstacles between them.

Link aggregation A method to combine multiple physical links into a single logical link.

Link Aggregation Control Protocol (LACP) The protocol that defines how dynamic link aggregation operates, which allows grouping multiple physical connections to act as one logical connection.

Link-state routing protocol A type of routing protocol that calculates the status (state) of a link and its connection type, speed, and delay.

Load The amount of bandwidth in use on a particular link.

Load balancer A device that distributes a workload among several computing resources in order to prevent any one resource from being overworked. Enables a more efficient use of available resources.

Load balancing Routing protocols that divide message traffic over two or more links.

Local area network (LAN) A computer network that spans a relatively small physical area, such as a small building.

Local authentication Authentication controls that operate locally, as opposed to centralized authentication using directory services.

Logical Link Control (LLC) One of the two sublayers within the data link layer (layer 2) of the OSI reference model (the other being the MAC sublayer), as defined in IEEE 802.2. Performs multiplexing of multiple higher-layer protocols (encapsulating several protocols for transmission over a single medium), frame sequencing to ensure data is sent in the correct order, as well as error-checking, and regulation of traffic flow.

Logical topology A picture of how networks transfer data between nodes.

Loopback address Address on a computer that refers to itself. Requests sent to the loopback address will always be “looped back” to computer on which they originated, allowing the computer to behave as both a local and remote device without being attached to a network. Common use cases include performing tests of a computer’s communications infrastructure, and making use of a client/server architecture (such as a web application) in which the host is both the client and the server.

MAC address table Internal memory table a MAC layer bridge builds as it learns what devices are connected to the LAN.

MAC layer bridge A network device that creates the MAC address table by learning where all the MAC layer addresses are of other devices.

Main distribution frame The location or room where all cables coming from both inside and outside the facility are terminated. As the central junction for all incoming and outgoing wires, it serves as the main distribution point for all signals and, as such, enables any networking reconfigurations to be performed from a single location.

Mainframe Large, centralized server computers that historically handle all processing functions. Users interact with mainframe computers through the use of dumb terminals.

Malicious software Software designed with the intention and function of disrupting a system, usually as a means to some other nefarious end (e.g., unauthorized encryption of a critical drive in order to extort money from a target).

Malware Any software that operates in a manner that is inconsistent with its designer’s goals and intentions.

Malware scanner Software that examines installed software for signatures of known malicious software.

Man-in-the-middle attack A cyber attack in which an attacker intercepts traffic as a connection is being set up between two parties across a network. Each party believes they are communicating with a legitimate user, but the attacker is impersonating each valid party to the other.

Managed service provider (MSP) Provides a broad, rich set of applications, such as web hosting, database management, VoIP, and UC, and network management, such as management of routers and firewalls, usually using access provided by the ISP.

Management information base (MIB) A small database of characteristics for a specific type of device.

Maximum transmission unit (MTU) The length in bytes of the longest message unit that can be transmitted on available links that connect a source address to a destination address.

Mean time between failures (MTBF) A measurement or calculated number for the mean amount of time between equipment failures. MTBF was measured in years, or even decades, in the traditional telco network, whereas it may be measured in weeks, days, or even hours in modern IP networks.

Mean time to install (MTTI) A measurement or estimate of the time required to install a specific piece of equipment or an entire service.

Mean time to repair (MTTR) A measurement or calculated number for the mean amount of time required to repair a specific piece of failed equipment. MTBF and MTTR are important parts of network reliability calculations.

Media Access Control (MAC) layer address The unique address of a specific device’s NIC on the network.

Media converter A network device used to convert an incoming signal to an outgoing signal on a different cabling type.

Media Gateway Control Protocol (MGCP) A protocol for controlling media gateways on networks that include both IP networks and PSTN.

Mesh topology A network layout in which all nodes are directly connected to most, or all, other nodes.

Message integrity check (MIC) Prevents an attacker from intercepting, modifying, and retransmitting message packets by checking the integrity of a packet using the ICV.

Metcalfe’s law The number of connections required in a fully connected network is proportional to the square of the number of devices. The formula to calculate the number of wires you need to connect all devices in a network with n devices is: n(n − 1)/2.

Metric A standard of measurement.

Metro Ethernet Describes a network connected via Ethernet technologies that spans the size of a metropolitan area. Especially an interconnection of two or more local area networks (LANs) over Ethernet to create a single network of that size.

Metropolitan area network (MAN) A network that spans the size of many city blocks; larger than a campus area network (CAN).

MIB module All MIB variables that describe a single device.

MIB variable An individual setting in a MIB that stores the value of a single device characteristic.

MIDI A standard that defines a networking protocol, along with interface and connectors to support digital music and audio interfaces.

Modem A modulator/demodulator is a legacy network device that translates analog telephone service signals into digital signals a computer can use (and vice versa).

Monitoring Capturing data for analysis, usually in order to measure indications of performance or behavior.

Moving Picture Experts Group (MPEG) A working group that sets standards for audio and video file transmission across networks and file compression.

Multicast A simultaneous transmission of data to a group of interested members (also known as a one-to-many transmission). In IP multicast, groups are established by the Internet Group Management Protocol (IGMP), each of which is represented by a multicast address. This permits a single transmission to the multicast address in order to provide the same data to all registered members of that group.

Multifactor authentication The practice of using multiple types of authentication, such as PIN and a token, to increase authentication accuracy and security.

Multihomed A device with connections to multiple links.

Multilayer hierarchical backbone A LAN backbone that routes traffic through multiple layers of devices connected in a tree architecture (creating multiple subnets).

Multilayer switch One of a collection of Layer 2 or Layer 3 switches used to reduce overall network traffic by isolating subnets in a hierarchical manner.

Multipath The propagation that results in RF signals reaching the receiving antenna at different times and by two or more different paths.

Multiple-input and multiple-output (MIMO) An antenna technology that uses multiple antennas (to receive and transmit) at both ends of a transmission.

Multiple spanning tree (MST) A spanning tree that maps to one or more VLANs.

Multiple spanning tree instance (MSTI) Each group of VLANs that are assigned to an instance of a multiple spanning tree.

Multiple Spanning Tree Protocol (MSTP) A protocol that defines several data structures to create and maintain spanning trees.

Multiprotocol Label Switching (MPLS) A Layer 2 packet-switching technology.

Multiuser multiple-input multiple-output (MU-MIMO) An extension of MIMO technology that supports multiple simultaneous wireless transmit streams from multiple users.

N-tier Application architecture that separates functionality into user interface on one tier, potentially multiple application servers on several tiers, and data access on a separate tier.

National Vulnerability Database (NVD) NIST-maintained database of vulnerability management data.

Near-field communication A short-range, low-speed, and low-power communications technology that allows devices to communicate wirelessly using weak radio signals. Typically used in conjunction with NFC tags that contain small amounts of data, which can be read by NFC readers (such as an NFC-enabled cellphone) in order to perform pre-programmed actions (such as making a payment).

Neighbor activity Dialogue that neighbor routers and their interconnected interfaces perform, including keep-alives, neighbor discovery, and the MAC layer address information of neighbor interfaces.

Neighbor Discovery Protocol (NDP) Protocol used by IPv6 networks to provide a similar service as ARP.

Neighbor solicitation IPv6 analogue to IPv4’s ARP, which associates IP addresses with device MAC addresses.

Netstat A command-line utility that displays various networking statistics, such as current network connections and routing table data.

Network access control (NAC) A set of controls that manages and limits access to network resources.

Network adapter See network interface controller (NIC).

Network Address Translation (NAT) The process of replacing a private IP address with a public IP address, or vice versa.

Network attached storage (NAS) Storage servers that provide access to devices over a network, as opposed to direct-attached storage (DAS). NAS provides file-level access over several common file sharing protocols such as NFS (Network File System) and SMB (Server Message Block). NAS contrasts with storage area networks (SAN) in that the latter provides block-level access to stored data (behaving as though it is a DAS), leaving all file system abstraction up to the client.

Network Availability The average percentage of time in a given period that a network is available to end-users in its intended capacity; a network’s average uptime.

Network Basic Input/Output System (NetBIOS) An obsolete Windows program allowing legacy applications on different computers to communicate over a local area network (LAN) and share files.

Network choke point A saturated network link that results in dropped packets and congestion.

Network connectivity and testing tools A link integrity and Network Layer discovery function that allows you to verify Physical Layer, Data Link Layer, and Network Layer connectivity

Network File System (NFS) A distributed file system that allows multiple computers to share files and directories with remote computers and users

Network interface card See network interface controller (NIC).

Network interface controller (NIC) A hardware device that connects a computer or other device to network media.

Network layer address The arrangement of subnetwork associations. The most common type of network address is the IP address.

Network Management Station (NMS) A computer with specific network management applications used to monitor and/or control devices on a network.

Network management system (NMS) A system used to configure, manage, and monitor components in a network.

Network-to-network interface (NNI) A physical interface that connects two ATM, SS7, or IP networks, and defines the signaling and management functions between said networks.

Network operations center (NOC) One or more central locations used to monitor and control networks.

Network readiness assessment (NRA) A study of how traffic moves through a network.

Network scanning and discovery tools Software tools that search and identify devices on a network, predominately using scans such as ARP scan, ping sweep, or other host discovery functions.

Network tap A device that allows a network connection on a LAN segment for performing monitoring, protocol capture, and analysis.

Network Time Protocol (NTP) A networking protocol that allows computers and devices to synchronize time across an environment.

Network topology A map of the network that shows how devices connect to one another and how they use connection media to communicate.

Network traffic tools Tools that generate different kinds of network traffic used to performance test, stress test, and capacity plan WAN, MAN, or LAN connections and links.

Network utilization The amount of bandwidth used over a specific period of time.

Next hop address The address of the next router to which a packet will be sent in order to advance it towards its ultimate destination.

NIST Cybersecurity Framework (CSF) A framework that focuses on critical infrastructure components but is applicable to many general systems. The roadmap provides a structured method to securing systems that can help auditors align business drivers and security requirements.

Nondisclosure agreement (NDA) An agreement that prohibits accessors of intellectual property from divulging its contents to any other entity.

Notebook A small, battery-powered computer that folds to a size that is easily carried in a briefcase or small bag.

Nslookup Command-line utility used to obtain DNS records by querying domain name servers. Installed by default on Windows operating systems.

Object ID (OID) A unique identifier that refers to a specific MIB module.

Omnidirectional Antennas that transmit and receive in all directions equally.

Open Shortest Path First (OSPF) A link-state routing protocol and an IGRP as it distributes routing information to other routers within the same AS. It has enhanced features such as support for VLSM, route summarization, and the use of authentication for routing updates.

Open System Authentication (OSA) A process through which a node gains access to a wireless network running WEP and accesses files that aren’t encrypted.

Open Systems Interconnection (OSI) Reference Model An internationally accepted framework of standards that governs how separate computer systems communicate using networks.

Optical fiber A physical medium used in communications for transmitting data over modulated bursts of infrared light. Optical fiber enables data transmission over longer distances and with higher bandwidth than copper wires, and, unlike the latter, do not suffer from electromagnetic interference (EMI).

Optical time division reflectometer (OTDR) Diagnostic tool to detect cuts in optical fiber segments.

Optimistic transmission When the transmitting node assumes its transmissions will all be successful.

Orthogonal frequency division multiplexing (OFDM) A frequency division multiplexing (FDM) scheme that applies a digital multicarrier modulation method.

Packet A small, easily managed chunk of a network message. Networks often chop up messages and transmit each chunk separately.

Packet filtering Allowing or denying network-layer (IP) traffic, based upon a set of rules.

Packet forwarding Sending network-layer (IP) traffic towards its destination, when that destination is a device other than the one on which the traffic was received.

Packet jitter A measure of how much network latency changes over time. This measure is often expressed as an average of the deviation from the mean latency of a network.

Packet loss The percentage of packets sent that don’t reach the intended destination.

Packet-switched Refers to a network that chops up network messages into smaller chunks and sends each chunk, or packet, separately. Each packet can take a different path from source to destination.

Partially connected mesh A network layout in which network nodes connect to only some of the other nodes.

Passive fault detection A technique that involves waiting for some indication that a fault has occurred.

Path length The number of steps a message takes to get from the sender to the receiver.

Pathping Command-line network utility on the Windows operating system. Used to gauge packet loss and packet latency between hops in a network path. Combines the functions of the ping and the traceroute utilities.

Payment Card Industry Data Security Standard (PCI DSS) An industry-developed security standard for any organization that handles payment cards.

Peer-to-peer (P2P) A network architecture in which every node has equal authority to all other nodes. There is no central entity with elevated authority.

Permanent virtual circuit (PVC) A dedicated circuit reserved for two or more endpoints to communicate, supported in X.25.

Personal area network (PAN) A short-distance network encompassing all devices centered on an individual’s workspace that are concerned with transmitting data within the vicinity of that individual. Such devices may include PCs, cellphones, and peripheral devices. These devices are typically connected wirelessly, forming a wireless personal area network (WPAN).

Personally identifiable information (PII) Data that can uniquely identify a specific person.

Phishing A cyber attack in which malicious links are embedded in emails with enticements for unsuspecting users to follow the links that lead to the attacker’s resources.

Physical layer tools Physical devices used to test copper and fiber optic cabling, RJ-45 connectors, and RJ-45 crimp tools for making patch cables and installing connectors.

Physical topology A picture of the actual network devices and the medium the devices use to connect to the network.

Plain old telephone service (POTS) Voice-grade telephone service network. POTS generally refers to the analog predecessor of today’s telecommunication networks.

Point of presence (POP) A facility operated by an ISP where all its common routing equipment, and very often servers, are located.

Point-to-point Refers to a network layout in which computers or devices are directly connected to one another.

Point-to-Point Protocol (PPP) A medium-independent data link layer (layer 2) protocol that directly connects two endpoints, allowing a point-to-point connection regardless of any logical networking discordance between them (such as being on a different IP network). PPP provides authentication, encryption, and compression, and is able to encapsulate multiple IP protocols for transmission over a single link.

Poisoned reverse Prevents information from a particular interface from being repeated to that interface.

Port A communications endpoint, commonly expressed as an integer value.

Port Address Translation An extension of network address translation (NAT), PAT is the process of mapping multiple hosts on a local area network (LAN) to a single public IP address. Unlike NAT, which maps one private IP address to one public IP address, PAT specifies a port number for each privately addressed host, thereby enabling multiple hosts to be mapped to the same public IP address.

Port density A measure of interfaces and features delivered per server.

Port forwarding The practice of receiving traffic on one port and automatically retransmitting the same traffic on another destination port.

Port mirroring The practice of a switch sending a copy of all traffic received on one port to a monitoring device connected to another port.

Port security The practice of using MAC addresses to limit which devices can access a given switch port.

Power over Ethernet (PoE) An IEEE standard for providing electrical power to a network-connected device, such as an IP phone, from an Ethernet switch in the wiring closet.

Presence/availability Technology that allows the geographic location of a human or nonhuman resource (such as a conference room) to be determined.

Pretty Good Privacy (PGP) Encryption program that provides cryptographic confidentiality and authentication for data communication.

Private Branch Exchange (PBX) Traditional telephone systems used by private companies, often composed of proprietary hardware and software, that connect to the telephone provider or central office.

Private cloud Computing services accessible only to the owning organization, or to those whom the owner grants access.

Private IP address An IP address in the reserved ranges (10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, or 192.168.0.0 to 192.168.255.255) used for devices in a private network. Private IP addresses aren’t visible to external Internet devices.

Problem identification The process of identifying the root cause of network faults or performance issues.

Problem resolution Identifying and implementing actions necessary to resolve identified network faults or performance issues.

Process of elimination An iterative process of eliminating potential causes of issues that prove to not be contributing factors.

Processing logic Also commonly referred to as business logic, this is the software that carries out most of the computations on your application data.

Promiscuous mode A network interface controller (NIC) mode of operation in which all traffic is examined, as opposed to normal operation in which the node only receives traffic addressed to that node.

Protected Extensible Authentication Protocol (PEAP) A protocol that has the capability to transport authentication data securely between wireless devices. PEAP, which supports a variety of authentication protocols, creates a virtual tunnel between a PEAP node and the authentication server. PEAP authenticates WLAN stations using server-side certificates, which can simplify the implementation and administration of a WLAN.

Protected health information (PHI) Health information about an individual, including past, present, and possible future physical or mental health status; an individual’s health care provisions; and payment information.

Protocol A set of rules that define a particular aspect of communication.

Protocol analyzer A tool that can examine, decode, and organize the signals, frames, packets, and protocol dialogue between a source and destination host.

Protocol data unit A single unit of data transmitted between computers or network devices.

Proxy server A hardware device or software configured to redirect network traffic to an alternate address and/or port.

Public cloud Computing services accessible by any subscribed user over the public Internet.

Public Switched Telephone Network (PSTN) Voice-grade telephone service network. POTS generally refers to the analog predecessor of today’s telecommunication networks.

Punch cards Stiff paper-based cards used to enter commands and data to a computer via holes punched in specific locations on each card.

Quadrature amplitude modulation (QAM) A technique that can modulate both analog and digital transmissions.

Qualitative risk analysis A method that ranks risks relative to one another.

Quality of experience (QoE) Users’ perceptions or measurements and calculations approximating users’ perceptions of the quality of a real-time voice or video communication.

Quality of service (QoS) A measure of how successful a network is at meeting packet delivery timing and error rate goals.

Quantitative risk analysis A method that associates a dollar value, or cost, with each risk.

Radio frequency Wireless communication using the frequency range between 20 kHz and 300 GHz.

Radio frequency identification (RFID) A technology that exchanges data through a wireless connection between a reader and a tag attached to a product to track the movement of the product.

Ransomware Malware that makes files unavailable, generally through the use of encryption, until the victim pays the attacker a ransom amount (almost always using cryptocurrency).

Rapid Spanning Tree Protocol (RSTP) A Layer 2 resiliency standard that provides a faster convergence time than STP.

Real-time applications Network applications that rely on immediate traffic delivery, such as streaming audio or video.

Real-time communication A communication method in which messages are sent directly to the recipient immediately (in real time).

Real-Time Control Protocol (RTCP) The protocol used by Real-Time Protocol to provide feedback from the recipient of RTP-transported information to the sender regarding traffic management metrics, such as number of packets received, delay, delay variation, and Mean Opinion Scores (MOSs).

Real-time monitoring The practice of monitoring network traffic and server performance as events occur, as opposed to reviewing log files at a later point in time.

Real-Time Transport Protocol (RTP) A standard that defines how to deliver audio and video over IP networks. Also known as Real-Time Protocol.

Redundancy Introducing and configuring devices and computers with overlapping responsibilities to provide resiliency if one device or computer fails.

Redundant Indicates a system is or has another node to which it can shift all of its operations to in the event of a failure.

Reliability A measurement of the amount of downtime on a particular link that indicates the reliability of the link. An indicator of how likely a link is to fail during transmission.

Reliable communication A communication process in which senders have verification that recipients received all sent messages.

Remote Authentication Dial-In User Service (RADIUS server) A server that manages remote connection authentication.

Remote Procedure Call (RPC) Interprocess communications technique that allows a local process to transparently invoke functionality on a remote resource.

Representational State Transfer (REST) An approach to defining web service architecture using HTTP.

Request for proposal (RFP) A formal document requesting that interested vendors submit proposals to meet a specific organizational requirement.

Reserved address A non-routable IP address within the private address spaces defined in RFC1918 (IPv4) and RFC4193 (IPv6). For use only on private (internal) networks.

Resilience Another term for redundancy or failover; specifically, a condition in which a network can “bounce back” from failures because its Physical Layer media, Layer 2 network access functions, and Layer 3 forwarding and addressing functions have hot-swap redundancy.

Resiliency The ability of a system or network to endure or recover from operational failures without any unacceptable drop in its level of service.

Resilient Ethernet Protocol (REP) Networking protocol designed to find alternate routes for LAN communications in the case of LAN segment failure.

Retransmission The amount of time required to retransmit a packet.

Rich media conference A conference that uses such tools as audio, video, and shared whiteboards and desktops to accomplish its goals.

Ring topology A network layout in which each computer connects to two other computers. The computers connect to one another in a virtual ring.

Risk The likelihood that an attack will successfully exploit a vulnerability.

Risk acceptance Accepting a risk without taking any measures to mitigate it.

Risk avoidance Measures taken that eliminate the possibility of a risk, such as decommissioning a device that posed a risk to the network.

Risk management The process of identifying and addressing all risks.

Risk mitigation Implementing controls to reduce or eliminate one or more risks.

Risk transfer Assigning the liability of a realized risk to another party, such as in the case of insurance.

RJ-45 connector Standard terminators for 4-pair unshielded Ethernet networking cable.

Root bridge The first node in a spanning tree.

Root path cost The accumulated cost of all the links in a path leading to the root bridge.

Root port (RP) The port on any switch that leads to the root bridge and also has the lowest root path cost.

Rootkit Malware that replaces critical operating system functionality to become virtually undetectable.

Rotary dial Legacy signaling method for analog telephone service that uses pulses to transmit numeric digits.

Round trip time (RTT) The amount of time it takes to send a packet to another node and have that node return the packet to the sender.

Route A command-line utility for Linux and Windows operating systems that is used to view and modify the system routing table.

Routed protocols Protocols that define the formatting and structure of data being routed.

Router A device that operates at OSI Layer 3 (Network Layer) to determine the destination address for network messages.

Router advertisement In IPv6, routers (if configured) periodically send messages in response to requests. Host devices use this information to learn the prefixes and parameters for the local network.

Routing Information Base (RIB) Routing table that is built by a routing protocol such as RIP, OSPF, etc. A RIB entry points to the destination network number and associate router interface.

Routing Information Protocol (RIP) An interior distance-vector routing protocol that uses hop count as its routing metric.

Routing protocols Communicates with other routers to maintain routing information with which path determination can be made.

Routing tables Maintained by a routing protocol to store metrics about the addresses available through each interface port of a router.

RS-232 A set of EIA standards for serial binary data and control signals that connect DTE and DCE devices. RS-232 is a common standard used for computer serial ports.

Safeguard Controls or other mitigation techniques designed to reduce probability of an attack successfully compromising a protected resource.

Satellite communications Transmission of via a man-made satellite that relays and amplifies radio signals from a transmitter to a receiver.

Secure Shell (SSH) Networking protocol that uses encryption to support secure operations over unsecure network segments.

Secure Sockets Layer (SSL) Technology used to establish an encrypted connection between a web browser and web server. SSL has been replaced by the more secure TLS.

Secure/Multipurpose Internet Mail Extension (S/MIME) Secures email by using X.509 certificates for authentication.

Security breach Any event that results in a violation of any of the C-I-A security properties (confidentiality, integrity, and availability).

Security control A countermeasure that protects resources from attack.

Security gap analysis An analysis that identifies known vulnerabilities for which there are no security controls in place.

Security Information and Event Management (SIEM) system A set of products and services that allows a complete view of information security into the monitored environment.

Security triad The three basic properties of information security: confidentiality, integrity, and availability.

Serial communications A communication method in which a device sends individual characters, one at a time.

Server Message Block (SMB) A networking protocol that allows remote and shared access to files, printers, and serial ports across a network.

Service/feature gateways Gateways allowing services or features on a non-SIP network to be delivered on a SIP network, and vice versa. One example is the 411 information service.

Service Level Agreement (SLA) A legal contract between a service provider (SP) and a customer that lays out what the SP will provide, at what performance level, and steps that will be taken in the event of an outage.

Service provider (SP) An organization that provides computing services to one or more customers.

Service set identifier (SSID) The wireless network’s (WLAN) name as broadcast by the wireless access point.

Session Description Protocol (SDP) A protocol that defines streaming media attributes and parameters.

Session Initiation Protocol (SIP) A signaling protocol commonly used to control multimedia communication sessions.

Shared Key Authentication (SKA) A process through which a node gains access to a WLAN running the WEP protocol.

Shielded twisted-pair Networking cabling that consists of multiple pairs of wires twisted with one another and separated from other pairs by shielding material.

Signaling gateways Gateways that provide a means of connecting two different systems that use different types of signaling, such as a SIP to ISDN gateway or SIP to SS7/CCS7 gateway.

Simple Mail Transport Protocol (SMTP) The protocol that uses the store and forward method of electronic mail.

Simple Network Management Protocol (SNMP) A protocol used to collect and process information about network devices.

Simplex A mode of operation for communication between computers in which only the source can send data to the destination, and the destination cannot respond.

Sine wave A continuously oscillating wave pattern, used to represent AC electrical current.

Single point of failure (SPOF) A single piece of hardware or software that must operate for the larger system or network to operate.

Single sign-on (SSO) An authentication structure wherein the user only has to sign in at one location (to an identity provider) to be granted access to a number of separate services (service providers).

SIP trunk A direct virtual line between an organization’s private branch exchange (PBX) system and a VoIP service provider that enables the making and receiving of phone calls or unified communications over an IP network.

Small- and medium-sized business (SMB) The sector made up of organizations with fewer than 500 employees.

Small office/home office (SOHO) An office or location with fewer than 10 employees.

Snapshot With virtual machines, a file representing the state of a machine at a certain point in time. Contains information on all changes made to the machine (the delta) since the last saved state (either the last snapshot, or the machine itself). Often used to restore a machine to its last known-good state in the event of a failure or misconfiguration.

SNMP trap Notification received from a monitored device, using SNMP.

Social engineering Coercing a human into divulging sensitive information or carrying out an action to aid an attacker.

Social media A general term encompassing the variety of interactive technologies that enable users to communicate and share content with one another through virtual communities and networks.

Socket An instance of a service listening for traffic on a specific port.

SOCKS A protocol that serves as a proxy server, sending and receiving network traffic using a well-known port (generally 1080), and then redirecting traffic to another port.

Software asset management A strategy for tracking software asset licensing within an environment with the aim of reducing costs and maintaining licensing compliance.

Software defined networking A network management approach where all routing specifications (such as routing tables) are configured and managed at a single location instead of at each individual node in the network. Accomplished by separating the process into two planes: 1) data plane, where the actual forwarding of packets (data) is done, which the actual network devices themselves maintain responsibility for, and the 2) control plane, where all routing information is described and adjusted, which is the responsibility of the SDN management device/application. This model permits dynamic and programmable changes to the network as a whole, removing many of the traffic flow and control barriers inherent in the more traditional static networks that require direct device configuration changes.

Software-defined WAN (SD-WAN) A network that is defined in software, separated from the underlying hardware used to implement the network.

Software vulnerability Any feature in software that allows a potential threat to be realized.

Spanning trees Paths that start at one node and visit all of the other nodes exactly once.

Spanning Tree Protocol (STP) A network protocol that identifies infinite loops in switched networks and helps devices direct packets around loops.

Split horizon A feature or distance-vector routing protocol that prevents reverse routes between two routers and helps to prevent the possibility of a routing loop.

Spoofing Changing the identifier (such as the IP or MAC address) of a device in order to disguise its origin, often by replacing that identifier with a known or trusted one.

Spyware Any software that collects private information.

Square wave An oscillating wave pattern that exhibits distinct positive and negative values.

Star-wired topology A network layout in which a central network device connects to all other network devices.

Static route A route that is configured manually. Contrast with dynamic route.

Static routing Using fixed links configured manually.

Storage area network (SAN) A special version of a local area network in which all devices connected to the SAN are storage devices or servers required to manage storage devices.

Store-and-forward communication A communication method in which the sender sends a message to an agent that stores the message until the recipient retrieves it from the agent.

Straight-through A cable configuration where the pins on one end are connected to the same pins on the other end (e.g., pin 1 to pin 1). Used to connect devices of a different type. Contrasts with crossover cabling.

Structured wiring system Collection of standard components that connect with one another to provide a complete cabling solution.

Subnet mask A binary number that contains all 1s in the leftmost prefix length positions, and all other bits are 0s.

Switch A network device that receives a message, examines the destination address, and sends the message directly to the destination (or directly to the next device nearest to the destination).

Switching loop Switches linked together in a loop or ring topology.

Symmetric cryptography The practice of using a single cryptographical key to both encrypt and decrypt information.

Symmetric encryption system A system of encryption that applies the same exact key to encrypt and decrypt data.

Synchronous Optical Network (SONET) A standard developed by ANSI which provides synchronized data transmissions over optical fiber lines using time division multiplexing (TDM) and atomic clocks.

Syslog A standard for logging messages from programs and devices.

System integrity monitoring Monitoring file systems for any unauthorized changes to file contents, including configuration changes.

T0/T1/T3 Specifications for the T-carrier telecommunications system and standards. The numeral suffix indicates the circuit being used. The primary distinction between each circuit is the number of channels employed and the bit rate assigned to each of those channels.

Tag link Two switches connected by a cable running between two tag ports that can create VLANs spread across the two switches.

Tag port A port on a switch that allows VLAN traffic to pass through it.

Tagged Image File Format (TIFF) File format used to store raster graphics images.

Tcpdump A command-line packet analyzer developed for Unix-like operating systems. Can read the contents of packets passing over a network interface card in real-time, or from a file containing previously captured packets.

Telecommunications Management Network (TMN) A protocol model for managing open systems in a communication network.

Telepresence A real-time video and audio conferencing capability using large-screen and high-definition video such that conference participants appear to be full-size.

Telnet Insecure protocol used to establish remote connections to servers; it transmits all traffic in the clear (unencrypted).

Temporal Key Integrity Protocol (TKIP) A security protocol used in the IEEE 802.11x wireless standard.

Terminal Access Controller Access Control System (TACACS+) A security protocol that supports authentication, authorization, and accounting management for users who want to gain access to the network.

Terminals Devices that have a keyboard and a monitor that connect to a computer system and interact with it.

Threat Any action that could damage an asset.

Throughput A measure of the amount of traffic a network can handle.

TIA/EIA 568 A family of telecommunications standards published by the TIA, which include distributions systems and specifications for outdoor cabling and installation, building cabling and installation, and use of copper and fiber optic cabling. The most well-known specifications are those for eight-pin twisted-pair cabling, detailed by T568A and T568B.

Time division multiplexing (TDM) A method for transmitting multiple independent signals across a single path. Accomplished by assigning time slots to each device, during which they are permitted to use the full bandwidth for their transmission, effectively creating subchannels for each connection.

Time-sensitive protocols Network communication protocols that guarantee delivery within a specified amount of time.

TLS handshake A phase in setting up a TLS connection in which the two parties in the connection generate connection-specific keys and negotiate to create a random key.

Token A special message that authorizes a device to transmit.

Topology The logical layout of a network.

Total cost of ownership (TCO) An estimate of the total direct and indirect financial costs associated with a product or service.

Traceroute Network utility that uses IP header information to document the route an IP packet travels from its source to destination.

Traffic shaping The practice of enabling prioritization with CoS at Layer 2 to control traffic flow.

Transmission Control Protocol (TCP) A network protocol that guarantees the delivery of a reliable stream of data between two computer programs. TCP operates at OSI Layer 4.

Transmission Control Protocol/Internet Protocol (TCP/IP) Reference Model A descriptive framework for computer network protocols, created by the U.S. Department of Defense in the 1970s. This model is often called the TCP/IP Model.

Transmission Control Protocol/Internet Protocol (TCP/IP) suite By far the most popular set of standards used today to communicate over networks, this suite of protocols takes its name from the most common two protocols at its core: Transmission Control Protocol (TCP) and Internet Protocol (IP). Also known as Internet Protocol suite.

Transport Layer Security (EAP-TLS) A protocol that supports both certificate-based authentication and mutual authentication, using client-side and server-side certificates for authentication.

Trend An pattern of how events occur over time based on historical event data. Used to better describe or explain outcomes in past data, and to predict future outcomes.

Trivial File Transfer Protocol (TFTP) A simplified version of FTP that uses UDP instead of TCP for communication.

Trojan See Trojan horse.

Trojan horse Malware that masquerades as a useful software program.

Trunking (IEEE 802.3ad) Aggregating multiple network connections to provide higher bandwidth.

Trunking gateways Types of gateways that translate between two types of telephony trunking.

Tunneled Transport Layer Security (EAP-TTLS) An extension of EAP-TLS that supports certificate-based mutual authentication of a WLAN station and a WLAN employing an encrypted tunnel. EAP-TTLS uses only server-side certificates.

Type of service (TOS) Usually refers to a specific set of bits in the header of IP packets that indicate what type of priority treatment the packet expects from intermediate relaying systems (routers). TOS can also refer to the desirable treatment, and not specifically to the bits themselves.

Unauthorized access Any access of a resource by an individual or process that lacks authorization for that resource.

Unbind Process to disconnect from a server.

Unicast addresses IPv6 addresses that specify a unique device.

Unidirectional Antennas designed to transmit and receive in only one or two directions.

Unified communications (UC) A process of combining multiple technologies to provide the most effective real-time and non-real-time communication with the correct target or destination.

Uniform resource identifier (URI) An identifier, formatted much like an email address, that identifies a user in the SIP realm.

Uniform resource locator (URL) A reference to a web resource that specifies the location of the resource on a host connected to an accessible network.

Unique local address (ULA) A private (nonroutable) IPv6 device address. IPv6 ULAs are in the range fc00:/7, or fc00:0:0:0:0:0:0:0 to fdff:ffff:ffff:ffff:ffff: ffff:ffff:ffff.

Universal threat management (UTM) device A network appliance that bundles layered security services into the same appliance for ease of implementation. It can embed antimalware monitoring, content filtering, firewall, intrusion detection, and spam protection into a single appliance.

Unlicensed National Information Infrastructure (UNII) The 5 GHz frequency band used by IEEE-802.11a devices.

Unshielded twisted-pair Networking cabling that consists of multiple pairs of wires twisted with one another.

Unspecified Bit Rate (UBR) An ATM network service category which specifies a best-effort path for variable bit rate traffic, without any guarantee of available bandwidth. Used for non-critical data that does not have any delay or bandwidth requirements. One of the five defined ATM service categories.

Update timer A timer that controls the time interval before the RIP sends its entire routing table to every enabled interface port running RIP.

Uptime Elapsed time since a computer or device was rebooted or powered on. In SLAs, required uptime is often expressed as a percentage of annual total time.

User interface Application software that users use to interact with servers and services.

Variable Bit Rate (VBR) Entails both real-time (rt) and non-real-time (nrt) ATM network service categories. Specifies a traffic bit rate that may spike or be throttled, and can be used when endpoints require time synchronization (rt) or when endpoints do not require time synchronization (nrt).

Variable Length Subnet Masking (VLSM) A strategy to allow IPv4 networks to be fragmented into any size subnetwork.

Very small aperture terminal (VSAT) Modems designed to communicate with satellites in geosynchronous orbits to relay data to other ground-based stations.

Video conference A communication between two or more persons where each may see the other and, optionally, all parties can see other things, such as prerecorded video content.

Virtual CISO (vCISO) Outsourced resource that provides information security and compliance assessment guidance.

Virtual local area network (VLAN) Group of network nodes that are logically grouped together to form a single broadcast domain.

Virtual machine A computing system whose hardware components have been emulated through software, such that it operates functionally the same as its non-virtualized (physical) counterpart.

Virtual private networks (VPNs) Networks built using public/shared network services, but which have the appearance to the users of a private network. VPN users, for instance, cannot reach the Internet directly from their VPN nor can Internet users reach the VPN without special client software. VPNs almost universally use some sort of cryptography to protect the integrity of VPN information.

Virtual Router Redundancy Protocol (VRRP) An IEEE standard redundancy protocol that clusters multiple routers into a single virtual router.

Virtual routing and forwarding (VRF) A technology that allows for multiple routing table instances to exist simultaneously on the same router. This enables the use of multiple routes for the same IP addresses, and thereby the ability for the device to present itself as several separate routers to other networking devices. A common implementation is to create several virtual routing tables on a provider edge router (PE) in order to appear as many routers to customer edge routers (CE), enabling the PE to forward packets even if customers are using identical addressing.

Virtualization The process of creating a virtual system whose hardware components have been emulated through software.

Virus Malware that infects other programs to carry out malicious activities.

Vishing Voice phishing—a social engineering attack in which the attacker uses a telephone to manipulate the victim into divulging private information or carrying out tasks.

Visibility The degree of awareness or available knowledge of all functional components and traffic flow within a network.

Visibility and control (V&C) Monitoring for real time status and performance assessment for the purposes of reacting to issues quickly and efficiently.

VLAN (IEEE 802.1q) A single broadcast domain where an Ethernet broadcast frame is allowed to traverse.

VLAN hopping An attack method where traffic on one VLAN is accessed from another VLAN, where such access should not be allowed. Commonly accomplished using multiple VLAN tags, or by spoofing a switch’s trunk (802.1Q) interface.

VLAN tagging A generic term used when supporting 802.1Q in a switch.

Voice over IP (VoIP) A collection of communication protocols and technologies to deliver voice communication and sessions over IP networks.

VoIP endpoint A device that people use to initiate and answer VoIP calls.

VoIP gateway A device that converts analog telephony signals to digital network packets for transmission over a network. Often used use to bridge a connection between a traditional telephony network (such as non-IP PBX, or the PSTN) and an IP network (such as an IP PBX, or the public Internet).

VoIP Private Branch Exchange (PBX) An on-premise or cloud-based phone system that provides VoIP services for unified communications within an organization, and for external communication via the public switched telephone network (PSTN) or the public Internet. If on-premise, a SIP trunk is required for external communications in order to route SIP traffic to the VoIP provider; if hosted, a third-party takes care of all the technology requirements, requiring the subscriber only have an Internet connection.

Voltage The difference in electrical potential between two points.

VPN concentrator A network device usually located on a public-facing DMZ/VLAN such that IPSec VPN connections can terminate onto the VPN concentrator where an encrypted tunnel provides secure data transmission.

Vulnerability Any weakness in a system that makes it possible for a threat to cause it harm.

Vulnerability assessment tool Used to perform automated scans of systems on a network to determine if any weaknesses exist. The discovery process may include searching for known-vulnerable software/software versions, and may complete with a categorization of the discovered threats, as well as recommended steps for remediation.

Wave Oscillations observed in electrical, radio frequency, and light transmission technologies.

Wavelength The distance required for an oscillating wave to repeat.

Wavelength division multiplexing (WDM) A method for simultaneous transmitting multiple independent signals across a single optical fiber. Accomplished by using different wavelengths which are joined together for transmission. This transmission is then split apart into its constituent wavelengths at the receiving end.

Web browser Application software that communicates with a web server using HTTP to access web-based resources.

Web content filter Software that blocks web content returned from a web server based on local content rules.

Web server Application software that listens for HTTP requests from a web browser and responds to requests by providing access to web-based resources.

Wide area network (WAN) A network that covers an area larger than a metropolitan area.

Wi-Fi This seems to already be covered by “Wireless fidelity” entry in the glossary.

Wi-Fi 6E Designation that certifies an 802.11ax (Wi-Fi 6) device is capable of operating within the 6GHz radio band.

Wi-Fi Analyzer A software application that captures and analyzes transmitted RF traffic, enumerating useful metrics such as frequencies and channels currently in use, signal strengths, and set identifiers such as SSIDs and BSSIDs.

Wi-Fi Protected Access (WPA) A security protocol for wireless networks that includes most of the IEEE 802.11i standard and specifically Temporal Key Integrity Protocol (TKIP).

Wi-Fi Protected Access 2 (WPA2) An update to WPA designed around the Robust Security Network (RSN) processes. RSN adds strong encryption, preauthentication for roaming devices, and the use of Counter Mode with Cipher-Block Chaining Message Authentication Code Protocol (CCMP) as an alternative to TKIP.

Wi-Fi Protected Access 3 (WPA3) An update to WPA2 that simplifies the IoT device connection process, and provides additional security features such as better simple password protection, and a remedy for the KRACK replay attack vulnerability discovered in its predecessor.

Windows event ID code A four-digit numerical code assigned to each event, task, function, or operation in a Windows LAN environment. This code can be used to assist in tracking and reporting on specific Windows events.

Wired Equivalent Privacy (WEP) WEP was designed to provide security and privacy on a wireless network equivalent to that of a wired network. WEP was introduced as an optional protocol, but when used, it offers slightly more security than no security at all.

Wireless access point (WAP) A networking device that connects wireless clients to a wired network.

Wireless fidelity (Wi-Fi) A standard developed by the Wi-Fi Alliance to certify protocols, software, and equipment standards.

Wireless LAN controller A device for configuring and managing several access points from a central location. Operates in conjunction with lightweight access points (LWAP) which send all received frames to the controller, which is ultimately responsible for the forwarding decision. Often used in an office environment to spread a single wireless local area network (WLAN) over a large area by distributing multiple LWAPs, all of which are controlled by the WLC.

Wireless sensor network (WSN) A network of distributed autonomous sensors that collect information about an environment (such as temperature or humidity) and report their findings to a central location.

Workgroup A group of people and the devices they use to perform related job functions.

Workstation outlet Physical connection used to attach a patch cable (often an RJ-45 terminated cable) to a computer.

World Wide Web A collection of hypertext documents that are interlinked and accessible via the Internet.

Worm A self-replicating malware program that spreads by inserting copies of itself into other executable codes, programs, or documents.

X.25 A legacy packet switching technology that utilized analog leased lines as the point of entry into the network infrastructure.

Z-wave A wireless protocol used for controlling home devices and appliances, as well as exchanging data between those devices/appliances with certified Z-wave interoperability via a mesh network.