PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 586 Glossary .NET: Microsoft’s approach to the Web services. 1G: See First-Generation. 1-Pair Voice-Grade UTP: The traditional telephone access lines to individual residences. 10/100 Ethernet: A collective name for the Ethernet physical layer 10 Mbps and 100 Mbps standards. NICs and switches marked 10/100 can work with either standard. 10/100/10000 Ethernet: A collective name for the Ethernet physical layer 10 Mbps, 100 Mbps, and 1 Gbps standards. NICs and switches marked 10/100 can work any of these standards. 10Base-F: See 802.3 10Base-F. 10Base-T: See 802.3 10Base-T. 100Base-FX: The Ethernet physical layer 100 Mbps standard used primarily to connect switches to other switches, now being phased out. 100Base-TX: The dominant Ethernet physical layer 100 Mbps standard brought to desktop computers today. 1000Base-LX: A fiber version of gigabit Ethernet for long wavelengths (transmitting at 1,300 nm). 1000Base-SX: A fiber version of gigabit Ethernet for short wavelengths (transmitting at 850 nm). 1000Base-T: A UTP version of gigabit Ethernet. 1000Base-x: The Ethernet physical layer technology of gigabit Ethernet, used today mainly to connect switches to switches or switches to routers; increasingly being used to connect servers and some desktop PCs to the switches that serve them. 2G: See Second-Generation. 2-Pair Data-Grade: The higher-quality UTP access lines used by telephone carriers for private lines. Two pairs run out to each customer. 2-Pair Data-Grade UTP: The traditional telephone access line for lower-speed leased 586 lines. (Higher-speed leased lines use optical fiber.) 2.5G: See Second-and-a-Half Generation. 232 Serial Port: The port on a PC that uses two voltage ranges to transmit information. 25-Pair UTP Cord: The cabling used by telephony for vertical wiring that runs within a building. 3DES: See Triple DES. 3G: See Third-Generation. 4-Pair Unshielded Twisted Pair (UTP): The type of wiring typically used in Ethernet networks. 4-pair UTP contains eight copper wires organized as four pairs. Each wire is covered with dielectric insulation, and an outer jacket encloses and protects the four pairs. 50-Pin Octopus Connector: The type of connector in which vertical cords typically terminate. 802 Committee: See 802 LAN/MAN Standards Committee. 802 LAN/MAN Standards Committee: The IEEE committee responsible for Ethernet standards. 802.1D Spanning Tree Protocol: The protocol that addresses both single points of failure and loops. 802.1AE: MAC-layer security standard for supervisory communication between Ethernet switches. 802.1p: The standard that permits up to eight priority levels. 802.1Q: The standard that extended the Ethernet MAC layer frame to include two optional tag fields. 802.1X: Security standard for both wired and wireless LANs. 802.2: The single standard for the logical link control layer in 802 LANs. 802.3 10Base-F: An Ethernet physical layer 10 Mbps fiber standard, now almost entirely extinct. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 587 Glossary 802.3 10Base-T: The slowest Ethernet physical layer technology in use today; uses 4-pair UTP wiring and operates at 10 Mbps. 802.3ad: Link aggregation protocol standard. 802.3af: Standard for delivering low wattage electricity from a switch to stations. 802.3 MAC Layer Frame: See Ethernet Frame. 802.3 MAC Layer Standard: The standard that defines Ethernet frame organization and NIC and switch operation. 802.3 Working Group: The 802 Committee’s working group that creates Ethernetspecific standards. 802.5 Working Group: The 802 Committee’s working group that created Token-Ring Network standards. 802.11 WLAN: Wireless LANs that follow the 802.11 standard. 802.11 Working Group: The IEEE working group that creates wireless LAN standards. 802.11a: Version of the 802.11 WLAN standard that has a rated speed of 54 Mbps and operates in the 5 GHz unlicensed radio band. 802.11b: Version of the 802.11 WLAN standard that has a rated speed of 11 Mbps and operates in the 2.4 GHz unlicensed radio band. 802.11g: Version of the 802.11 WLAN standard that has a rated speed of 54 Mbps and operates in the 2.4 GHz unlicensed radio band. 802.11e: A standard for quality of service in 802.11 WLANs. 802.11i: An advanced form of 802.11 wireless LAN security. 802.11n: Version of the 802.11 WLAN standard that uses MIMO to achieve a rated speed of 100 Mbps or more and longer range than earlier speed standards. 802.16: WiMAX. Broadband wireless access standard. 802.16d: WiMAX. Broadband wireless access standard for fixed stations. 802.16e: WiMAX. Broadband wireless access standard for mobile stations. 900 Number: A number that allows customers to call into a company; callers pay a fee that is much higher than that of a regular toll call. Access Control List (ACL): An ordered list of pass/deny rules for a firewall or other device. Access Control Plan: A plan for controlling access to a resource. Access Line: 1) In networks, a transmission line that connects a station to a switch. 2) In telephony, the line used by the customer to reach the PSTN’s central transport core. Access Line: The line used by the customer to reach the PSTN’s central transport core. Access Point: A bridge between a wireless station and a wired LAN. Access Router: A router to connect a SOHO network to the Internet. Typically includes a switch, DHCP server, NAT, and other functions beyond routing. Access System: In telephony, the system by which customers access the PSTN, including access lines and termination equipment in the end office at the edge of the transport core. Account: An identifiable entity that may own resources on a computer. ACE: See OPNET Application Characterization Environment. ACK Bit: The bit in a TCP segment that is set to indicate if the segment contains an acknowledgement. ACK: See Acknowledgement. Acknowledgement (ACK): 1) An acknowledgement message, sent by the receiver when a message is received correctly. 2) An acknowledgement frame, sent by the receiver whenever a frame is received; used in CSMA/CA+ACK in 802.11. Acknowledgement Bit: A bit in a TCP header. If the bit is set, then the TCP segment contains an acknowledgement Acknowledgement Number Field: In TCP, a header field that tells what TCP segment is being acknowledged in a segment. ACL: See Access Control List. ADC: See Analog-to-Digital Conversion. Address Resolution Protocol (ARP): Protocol for address resolution used in Ethernet networks. If a host or router knows a target host’s or router’s IP address, ARP finds the target’s data link layer address. 587 PANKMG01_0132214415.QXD 588 5/12/06 6:15 PM Page 588 Glossary Administrative IP Server: A server needed to support IP. Administrator: A super account on a Windows server that automatically has full permissions in every directory on the server. ADSL: See Asymmetric Digital Subscriber Line. Advanced Encryption Standard (AES): New symmetric encryption standard that offers 128-bit, 192-bit, or 256-bit encryption efficiently. AES: See Advanced Encryption Standard. AES-CCMP: AES/Counter Mode with Cipher Block Chaining. The version of AES used in the 802.11i security standard for wireless LANs. Anti-Adware: Program to stop malware that constantly presents advertisements to the user. Anti-Virus Program: Program to remove malware from arriving messages and from the computer’s disk drive. Agent: See Network Management Agent. Aggregate Throughput: Throughput shared by multiple users; individual users will get a fraction of this throughput. Alternative Route: In mesh topology, one of several possible routes from one end of the network to the other, made possible by the topology’s many connections among switches or routers. Always On: Being always available for service; used to describe access lines. Amplitude Modulation: A simple form of modulation in which a modem transmits one of two analog signals—a high-amplitude (loud) signal or a low-amplitude (soft) signal. Amplitude: The maximum (or minimum) intensity of a wave. In sound, this corresponds to volume (loudness). Analog Signal: A signal that rises and falls in intensity smoothly and that does not have a limited numbers of states. Analog-to-Digital Conversion (ADC): A device for the conversion of transmissions from the analog local loop to signals on the digital telephone network’s core. Antivirus Software: Software that scans computers to protect them against viruses, worms, and Trojan horses arriving in e-mail attachments and other propagation methods. API: See Application Program Interface. AppleTalk: Apple’s proprietary architecture for use on Macintosh computers. Applicant: In authentication, the user trying to prove his or her identity; sometimes called the supplicant. Application Architecture: The arrangement of how application layer functions are spread among computers to deliver service to users. Application Characterization Environment: See OPNET Application Characterization Environment. Application Firewall: A firewall that examines the application layer content of packets. Application Layer: The standards layer that governs how two applications communicate with each other; Layer 7 in OSI, Layer 5 in TCP/IP. Application Profile: A method, offered by Bluetooth, that allows devices to work with one another automatically at the application layer. Application Program Interface (API): A specification that allows application server programs to interact directly with database systems. Application Program: Program that does work for users; operating system is the other major type of program found on computers. Application Server: A server used by large e-commerce sites that accepts user data from a front-end webserver, assembles information from other servers, and creates a webpage to send back to the user. Architecture: A broad plan that specifies what is needed in general and the components that will be used to provide that functionality. Applied to standards, networks, and applications. ARP Cache: Section of memory that stores known pairs of IP addresses and singlenetwork standards. ASCII Code: A code for representing letters, numbers, and punctuation characters in 7-bit binary format. Asymmetric Digital Subscriber Line (ADSL): The type of DSL designed to go into residential homes, offers high downstream speeds but limited upstream speeds. Asynchronous Transfer Mode (ATM): The packet-switched network technology, PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 589 Glossary specifically designed to carry voice, used for transmission in the PSTN transport core. ATM offers quality of service guarantees for throughput, latency, and jitter. ATM: Asynchronous Transfer Mode. AT&T: U.S. telecommunications carrier. Attenuate: For a signal’s strength to weaken during propagation. Auditing: collecting data about events to assess actions after the fact. Authentication: The requirement that someone who requests to use a resource must prove his or her identity. Authentication Server: A server that stores data to help the verifier check the credentials of the applicant. Authorization: Permitting a person or program to take certain actions on a resource. Authorizations: Specific actions that a person or program can take on a resource. Autonomous System: Internet owned by an organization. Autosensing: The ability of a switch to detect the standard being used at the other end of the connection, and adjust its own speed to match. Availability: The ability of a network to serve its users. Backdoor: A way back into a compromised computer that an attacker leaves open; it may simply be a new account or a special program. Back-Office: Transaction processing applications for a business’s internal needs. Backup: Copying files stored on a computer to another medium for protection of the files. Backward-Compatible: Able to work with all earlier versions of a standard or technology. Bandpass Filter: A device that filters out all signals below 300 Hz and above about 3.4 kHz. Bandwidth: The range of frequencies over which a signal is spread. Bank Settlement Firm: An e-commerce service that handles credit card payments. Base 2: Notation for representing numbers; each position can only hold a 0 or 1. Base Price: The price of a system’s hardware, software, or both before necessary options are added. Baseband: Transmission in which the signal is simply injected into a wire. Baseband Signal: 1) The original signal in a radio transmission; 2) a signal that is injected directly into a wire for propagation. Baud Rate: The number of clock cycles a transmission system uses per second. Bell System: The conglomerate of local and long-distance telecommunications carriers that was broken up by antitrust action in the early 1980s. BER: See bit error rate. Best-Match Row: The row that provides the best forwarding option for a particular incoming packet. BGP: See Border Gateway Protocol. Binary Data: Data that has only two possible values (ones and zeros). Binary Numbers: The Base 2 counting system where ones and zeros used in combination can represent whole numbers (integers). Binary Signaling: Signaling that uses only two states. Biometrics: The use of bodily measurements to identify an applicant. Bit: A single 1 or 0. Bit Error Rate: The percentage of all transmitted bits that contain errors. Bit Rate: In digital data transmission, the rate at which information is transmitted; measured in bits per second. Bits per Second (bps): The measure of network transmission speed. In increasing factors of 1,000 are kilobits per second (kbps), megabits per second (Mbps), gigabits per second (Gbps), and terabits per second (Tbps). Black List: A list of banned websites. Blended Threat: An attack that propagates both as a virus and as a worm. Bluetooth: A wireless networking standard created for personal area networks. Bonding: See Link Aggregation. Border Firewall: A firewall that sits at the border between a firm and the outside world. Border Gateway Protocol (BGP): The most common exterior routing protocol on the Internet. Recall that gateway is an old term for router. Border Router: A router that sits at the edge of a site to connect the site to the outside 589 PANKMG01_0132214415.QXD 590 5/12/06 6:15 PM Page 590 Glossary world through leased lines, PSDNs, and VPNs. Bot: A type of malware that can be upgraded remotely by an attacker to fix errors or to give the malware additional functionality. Bps (bps): See Bits per Second. Breach: A successful attack. Bridge: An access point that connects two different types of LANs. Broadband Wireless Access (BWA): Highspeed local wireless transmission systems. Broadband: 1) Transmission where signals are sent in wide radio channels; 2) any highspeed transmission system. Broadband over Power Lines: Transmitting broadband data over electrical power lines. Broadcast: To send a message out to all other stations simultaneously. Broadcast Address: In Ethernet, FF-FF-FF-FFFF-FF (48 ones); tells switches that the frame should be broadcast. Brute-Force Attack: A password-cracking attack in which an attacker tries to break a password by trying all possible combinations of characters. Bursty: Having short, high-speed bursts separated by long silences. Characteristic of data transmission. Bus Topology: A topology in which one station transmits and has its signals broadcast to all stations. Business Case: An argument for a system in business terms. Business Continuity: A company’s ability to continue operations. Business Continuity Recovery: The reestablishment of a company’s ability to continue operations. BWA: See Broadband Wireless Access. C7: Telephone supervisory control signaling system used in Europe. CA: 1) See Certificate Authority. 2) See Collision Avoidance. Cable Modem: 1) Broadband data transmission service using cable television; 2) the modem used in this service. Cable Replacement: Getting rid of cables between devices by implementing wireless networking. Call Waiting: A service that allows the user to place an original caller on hold if someone else calls the user, shift briefly to the new caller, and then switch back to the original caller. Caller ID: Service wherein the telephone number of the party calling you is displayed on your phone’s small display screen before you pick up the handset; allows the user to screen calls. Carder: Someone who steals credit card numbers. Carrier Sense Multiple Access with Collision Avoidance and Acknowledgements (CSMA/CA+ACK): A mandatory mechanism used to reduce problems with multiple simultaneous transmissions, which occur in wireless transmission. CSMA/ CA+ACK is a media access control discipline, and it uses both collision avoidance and acknowledgement frames. Carrier Sense Multiple Access with Collision Detection (CSMA/CD): The process wherein if a station wants to transmit, it may do so if no station is already transmitting but must wait if another station is already sending. In addition, if there is a collision because two stations send at the same time, all stations stop, wait a random period of time, and then try again. Carrier: A transmission service company. Cat: A short form for “category” in UTP. Cat 5e: See Category 5e. Category: In UTP cabling, a system for measuring wiring quality. Category (Cat) 5e: Quality type of UTP wiring; required for 100Base-TX and gigabit Ethernet. Category 6: The newest quality type of UTP wiring being sold; not required for even gigabit Ethernet. Category 6A: Augmented Category 6 wiring that can sustain higher transmission speeds than Category 6 wiring. Category 7: A new twisted-pair wiring quality standard; will only support shielded twisted pair (STP) wiring. CDMA: See Code Division Multiple Access. CDMA IS-95: The form of CDMA used in 2G cellular technology in the United States. CDMA2000 1x: The initial 3G step for implementing CDMA2000, offering telephone modem speeds. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 591 Glossary CDMA2000 1xEV-DO: The second 3G step for implementing CDMA2000, which will offer speeds similar to those in DSL and cable modems. CDMA2000: A new 3G technology, developed by Qualcomm, offering a staged approach to increasing speed. Cell: 1) In ATM, a fixed-length frame. 2) In cellular telephony, a small geographical area served by a cellsite. Cellphone: A cellular telephone, also called a mobile phone or mobile. Cellsite: In cellular telephony, equipment at a site near the middle of each cell, containing a transceiver and supervising each cellphone’s operation. Cell-Switching: A technology that uses fixedlength frames. Cellular Telephone Service: Radio telephone service in which each subscriber in each section of a region is served by a separate cellsite. Cellular Modem: A modem that allows a computer to communicate through a cellular telephone. Certificate Authority (CA): Organization that provides public key–private key pairs and digital certificates. Certificate Revocation List (CRL): A certificate authority’s list of digital certificates it has revoked before their expiration date. Challenge Message: In challenge–response authentication protocols, the message initially sent from the verifier to the applicant. Challenge–Response Authentication Protocol (CHAP): A specific challenge–response authentication protocol. Challenge–Response Authentication: Initial authentication method in which the verifier sends the applicant a challenge message, and the applicant does a calculation to produce a response, which it sends back to the verifier. Channel Bandwidth: The range of frequencies in a channel; determined by subtracting the lowest frequency from the highest frequency. Channel Reuse: The ability to use each channel multiple times, in different cells in the network. Channel Service Unit (CSU): The part of a CSU/DSU device designed to protect the telephone network from improper voltages sent into a private line. Channel: A small frequency range that is a subdivision of a service band. CHAP: See Challenge–Response Authentication Protocol. Checkout: A core e-commerce function that allows a buyer who has finished shopping to pay for the selected goods. Chronic Lack of Capacity: A state in which the network lacks adequate capacity much of the time. CIDR: See Classless InterDomain Routing. Cipher: An encryption method. Ciphertext: The result of encrypting a plaintext message. Ciphertext can be transmitted with confidentiality. CIR: See Committed Information Rate. Circuit: A two-way connection with reserved capacity. Circuit Switching: Switching in which capacity for a voice conversation is reserved on every switch and trunk line end-to-end between the two subscribers. Cladding: A thick glass cylinder that surrounds the core in optical fiber. Class A IP Address: In classful addressing, an IP address block with more than sixteen million IP addresses; given only to the largest firms and ISPs. Class B IP Address: In classful addressing, an IP address block with about 65,000 IP addresses; given to large firms. Class C IP Address: In classful addressing, an IP address block with 254 possible IP addresses; given to small firms. Class D IP Address: In classful addressing, IP addresses used in multicasting. Class 5 Switch: See End Office Switch. Classful Addressing: Giving a firm one of four block sizes for IP addresses: a very large Class A address block, a medium-sized Class B address block, or a small Class C address block. Classless InterDomain Routing (CIDR): System for allocating IP addresses that does not use IP address classes. Clear Line of Sight: An obstructed radio path between the sender and the receiver. 591 PANKMG01_0132214415.QXD 592 5/12/06 6:15 PM Page 592 Glossary Clear to Send (CTS): In 802.11, a message broadcast by an access point, which allows only a station that has sent a Request to Send message to transmit. All other stations must wait. CLEC: See Competitive Local Exchange Carrier. CLI: See Command Line Interface. Client PC: A personal computer that acts as a client. Client Station: A station that receives service from a server station. Client/Server Application: Application in which a client program requests service from a server and in which the server program provides the service. Client/Server Processing: The form of client/ server computing in which the work is done by programs on two machines. Client/Server System: A system where some processing power is on the client computer. The two types of client/server systems are file server program access and full client/server processing. Clock Cycle: A period of time during which a transmission line’s state is held constant. Cloud: The symbol traditionally used to represent the PSDN transport core, reflecting the fact that although the PSDN has internal switches and trunk lines, the customer does not have to know how things work inside the cloud. Coating: In optical fiber, the substance that surrounds the cladding to keep out light and to strengthen the fiber. Coating includes strands of yellow Aramid (Kevlar) yarn to strengthen the fiber. Coaxial Cable: The IEEE working group that creates wireless LAN standards. Code Division Multiple Access (CDMA): A new form of cellular technology and a form of spread spectrum transmission that allows multiple stations to transmit at the same time in the same channel; also permits stations in adjacent cells to use the same channel without serious interference. Codec: The device in the end office switch that converts between the analog local loop voice signals and the digital signals of the end office switch. Collision: When two simultaneous signals use the same shared transmission medium, the signals will add together and become scrambled (unintelligible). Collision Avoidance (CA): In 802.11, used with CSMA to listen for transmissions, so if a wireless NIC detects a transmission, it must not transmit. This avoids collision. Collision Domain: In Ethernet CSMA/CD systems that use hubs or bus topologies, the collection of all stations that can hear one another; only one can transmit at a time. Command Line Interface (CLI): An interface used to work with switches and routers, in which the user types highly structured commands, ending each command with Enter. Command–Response Cycle: The exchange of messages through which SNMP communication between the manager and agents takes place. In it, the manager sends a command, and the agent sends back a response confirming that the command has been met, delivering requested data, or saying that an error has occurred and that the agent cannot comply with the command. Committed Information Rate (CIR): PVC speed that is guaranteed by the Frame Relay carrier. Communication Satellite: Satellite that provides radio communication service. Community Name: In SNMP Version 1, only devices using the same community name will communicate with each other; very weak security. Competitive Local Exchange Carrier (CLEC): A competitor to the ILEC. Comprehensive Security: Security in which all avenues of attack are closed off. Compromise: A successful attack. Computer Security Incident Response Team (CSIRT): A team convened to handle major security incidents, made up of the firm’s security staff, members of the IT staff, and members of functional departments, including the firm’s legal department. Conference Calling: A multiparty telephone call. Confidentiality: Assurance that interceptors cannot read transmissions. Connectionless: Type of conversation that does not use explicit openings and closings. Connection-Oriented: Type of conversation in which there is a formal opening of the interactions, a formal closing, and maintenance of the conversation in between. Connectorize: To add connectors to something. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 593 Glossary Constellation: In quadrature amplitude modulation, the collection of all possible amplitude/phase combinations. Continuity Testers: UTP tester that ensures that wires are inserted into RJ-45 connectors in the correct order and are making good contact. Convergence: The correction of routing tables after a change in an internet. Conversion: The process of browsers becoming buyers. Cookie: Small text file stored by a website on a client PC; can later be read from the website. Cord: A length of transmission medium— usually UTP or optical fiber but sometimes coaxial cable. Core Switch: A switch further up the hierarchy that carries traffic between pairs of switches. May also connect switches to routers. Core: 1) In optical fiber, the very thin tube into which a transmitter injects light. 2) In a switched network, the collection of all core switches. Corporate Network: A network that carries the internal traffic of a single corporation. Crack: To guess a password. Credentials: Proof of identity that an applicant can present during authentication. Credit Card Verification Service: An ecommerce service that checks the validity of the credit card number a user has typed. Criminal Attacker: An attacker who attacks with criminal motivation. Crimping Tool: Tool for crimping wires into an RJ-45 connector. CRL: See Certificate Revocation List. CRM: See Customer Relationship Management. Cross-Connect Device: The device within a wiring closet that vertical cords plug into. Cross-connect devices connect the wires from the riser space to 4-pair UTP cords that span out to the wall jacks on each floor. Crossover Cable: A UTP cord that allows a NIC in one computer to be connected directly to the NIC in another computer; switches Pins 1 and 2 with Pins 3 and 6. Crosstalk Interference: Mutual EMI among wire pairs in a UTP cord. Cryptographic System: A security system that automatically provides a mix of security protections, usually including confidentiality, authentication, message integrity, and replay protection. Cryptography: Mathematical methods for protecting communication. CSIRT: See Computer Security Incident Response Team. CSMA/CA+ACK: See Carrier Sense Multiple Access with Collision Avoidance and Acknowledgments. See definitions of the individual components. CSMA/CD: See Carrier Sense Multiple Access with Collision Detection. CSU/DSU: Device that connects an internal site system to a private line circuit. CSU: See Channel Service Unit. CTS: See Clear to Send. Customer Premises Equipment (CPE): Equipment owned by the customer, including PBXs, internal vertical and horizontal wiring, and telephone handsets. Customer Relationship Management (CRM): Software that examines customer data to understand the preference of a company’s customers. Cut-through: Switching wherein the Ethernet switch examines only some fields in a frame’s header before sending the bits of the frame back out. Cyberterror: A computer attack made by terrorists. Cyberwar: A computer attack made by a national government. DAC: See Digital-to-Analog Conversion. Data: Information carried over a network. Data Communications: The transmission of encoded information, as opposed to the type of information carried in telecommunications systems. Data Encryption Standard (DES): Popular symmetric key encryption method; with only 56-bit keys, considered to be too weak for business-to-business encryption. Data Field: The content delivered in a message. Data Link: The path that a frame takes across a single network (LAN or WAN). Data Link Control Identifier (DLCI): The virtual circuit number in Frame Relay, normally 10 bits long. Data Link Layer: The layer that governs transmission within a single network all the way from the source station to the destination 593 PANKMG01_0132214415.QXD 594 5/12/06 6:15 PM Page 594 Glossary station across zero or more switches; Layer 2 in OSI. Data Service Unit (DSU): The part of a CSU/DSU circuit that formats the data in the way the private line requires. dB: See Decibel. DDoS: See distributed denial of service attack. Dead Spot: See Shadow Zone. Decapsulation: The removing of a message from the data field of another message. Decibel (dB): The unit in which attenuation is measured. Decrypt: Conversion of encrypted ciphertext into the original plaintext so an authorized receiver can read an encrypted message. Dedicated Server: A server that is not used simultaneously as a user PC. Deep Packet Inspection: The examination of headers and messages at multiple layers in a packet. Default Printer: The printer to which a user’s print jobs will be sent unless the user specifies a different printer. Default Router: The next-hop router that a router will forward a packet to if the routing table does not have a row that governs the packet’s IP address except for the default row. Default Row: The row of a routing table that will be selected automatically if no other row matches; its value is 0.0.0.0. Defense in Depth: The use of successive lines of defense. Demilitarized Zone (DMZ): A subnet in which webservers and other public servers are placed. Demodulate: To convert digital transmission signals to analog signals. Denial-of-Service (DoS): The type of attack whose goal is to make a computer or a network unavailable to its users. Distributed Denial-of-Service (DDoS): DOS attack in which the victim is attacked by many computers. Deregulation: Taking away monopoly protections from carriers to encourage competition. DES: See Data Encryption Standard. Designated Router: In OSPF, a router that sends change information to other routers in its area. Destination: In a routing table, the column that shows the destination network’s network part or subnet’s network part plus subnet part, followed by zeroes. This row represents a route to this network or subnet. Device Driver: Software that allows an operating system to communicate with a peripheral, such as a NIC. DHCP: See Dynamic Host Configuration Protocol. Dial-Up Circuit: A circuit that only exists for the duration of a telephone call. Dictionary Attack: A password-cracking attack in which an attacker tries to break a password by trying all words in a standard or customized dictionary. Dictionary Word: A common word, dangerous to use for a password because easily cracked. Dielectric Insulation: The non-conducting insulation that covers each wire in 4-pair UTP, preventing short circuits between the electrical signals traveling on different wires. Diff-Serv: The field in an IP packet that can be used to label IP packets for priority and other service parameters. Digital Certificate: A document that gives the name of a true party, that true party’s public key, and other information; used in authentication. Digital Certificate Authentication: Authentication in which each user has a public key and a private key. Authentication depends on the applicant knowing the true party’s private key; requires a digital certificate to give the true party’s public key. Digital Signaling: Signaling that uses a few states. Binary (two-state) transmission is a special case of digital transmission. Digital Signature: A calculation added to a plaintext message to authenticate it. Digital Subscriber Line (DSL): A technology that provides digital data signaling over the residential customer’s existing singlepair UTP voice-grade copper access line. Digital-to-Analog Conversion (DAC): The conversion of transmissions from the digital telephone network’s core to signals on the analog local loop. Direct Distance Dialing: Long distance calls made at the standard long-distance rate. Direct Sequence Spread Spectrum (DSSS): Spread spectrum transmission that spreads PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 595 Glossary the signal over the entire bandwidth of a channel. Disaster Recovery: The reestablishment of information technology operations. Disaster: An incident that can stop the continuity of business operations, at least temporarily. Discovering: The first phase of network mapping, in which the program finds out if hosts and subnets exist. Disgruntled Employee: Employee who is upset with the firm or an employee and who may take revenge through a computer attack. Disgruntled Ex-Employee: Former employee who is upset with the firm or an employee and who may take revenge through a computer attack. Dish Antenna: An antenna that points in a particular direction, allowing it to send stronger outgoing signals in that direction for the same power and to receive weaker incoming signals from that direction. Distance Vector Routing Protocol: Routing protocol based on the number of hops to a destination out a particular port. Distort: To change in shape during propagation. DLCI: See Data Link Control Identifier. DMZ: See Demilitarized Zone. DNS: See Domain Name System. Domain: 1) In DNS, a group of resources (routers, single networks, and hosts) under the control of an organization. 2) In Microsoft Windows, a grouping of resources used in an organization, made up of clients and servers. Domain Controller: In Microsoft Windows, a computer that manages the computers in a domain. Domain Name System (DNS): A server that provides IP addresses for users who know only a target host’s host name. DNS servers also provide a hierarchical system for naming domains. Domestic: Telephone service within a country. DoS: See Denial-of-Service. Dotted Decimal Notation: The notation used to ease human comprehension and memory in reading IP addresses. Downlink: Downward transmission path for a communications satellite. Downtime: A period of network unavailability. Drive-By Hacker: A hacker who parks outside a firm’s premises and eavesdrops on its data transmissions; mounts denial-of-service attacks; inserts viruses, worms, and spam into a network; or does other mischief. DSL Access Multiplexer (DSLAM): A device at the end office of the telephone company that sends voice signals over the ordinary PSTN and sends data over a data network such as an ATM network. DSL: See Digital Subscriber Line. DSLAM: See DSL Access Multiplexer. DSSS: See Direct Sequence Spread Spectrum. DSU: See Data Service Unit. Dumb Access Point: Access point that cannot be managed remotely without the use of a wireless LAN switch. Dumb Terminal: A desktop machine with a keyboard and display but little processing capability; processing is done on a host computer. DWDM: See Dense Wavelength Division Multiplexing. Dynamic Host Configuration Protocol (DHCP): The protocol used by DHCP servers, which provide each user PC with a temporary IP address to use each time he or she connects to the Internet. EAP: See Extensible Authentication Protocol. E-Commerce: Electronic commerce; buying and selling over the Internet. E-Commerce Software: Software that automates the creation of catalog pages and other e-commerce functionality. Economy of Scale: In managed services, the condition of being cheaper to manage the traffic of many firms than of one firm. Egress Filtering: The filtering of traffic from inside a site going out. EIGRP: See Enhanced Interior Gateway Routing Protocol. E-LAN: Multipoint service in metropolitan area Ethernet. Electromagnetic Interference (EMI): Unwanted electrical energy coming from external devices, such as electrical motors, fluorescent lights, and even nearby data transmission wires. Electromagnetic Signal: A signal generated by oscillating electrons. 595 PANKMG01_0132214415.QXD 596 5/12/06 6:15 PM Page 596 Glossary Electronic Signature: A bit string added to a message to provide message-by-message authentication and message integrity. Electronic Catalog: An e-commerce site’s display that shows the goods the site has for sale. Electronic Commerce (E-Commerce): The buying and selling of goods and services over the Internet. E-Line: Point-to-point service in metropolitan area Ethernet. Elliptic Curve Cryptosystem (ECC): Public key encryption method; more efficient than RSA. EMI: See Electromagnetic Interference. Encapsulation: The placing of a message in the data field of another message. Encrypt: To mathematically process a message so that an interceptor cannot read the message. Encryption method: A method for encrypting plaintext messages. End Office: Telephone company switch that connects to the customer premises via the local loop. End Office Switch: The nearest switch of the telephone company to the customer premises. End-to-End: A layer where communication is governed directly between the transport process on the source host and the transport process on the destination host. Enhanced Interior Gateway Routing Protocol (EIGRP): Interior routing protocol used by Cisco routers. Enterprise Mode: In WPA and 802.11i, operating mode that uses 802.1X. Ephemeral Port Number: The temporary number a client selects whenever it connects to an application program on a server. According to IETF rules, ephemeral port numbers should be between 49153 and 65535. Equipment Room: The room, usually in a building’s basement, where wiring connects to external carriers and internal wiring. Error Advisement: In ICMP, the process wherein if an error is found, there is no transmission, but the router or host that found the error usually sends an ICMP error message to the source device to inform it that an error has occurred. It is then up to the device to decide what to do. (This is not the same as error correction because there is no mechanism for the retransmission of lost or damaged packets.) Error Rate: In biometrics, the normal rate of misidentification when the subject is cooperating. Ethernet 10Base2: Obsolete 10 Mbps Ethernet standard that uses coaxial cable in a bus topology. Less expensive than 10Base5 but cannot carry signals as far. Ethernet 10Base5: Obsolete 10 Mbps Ethernet standard that uses coaxial cable in a bus topology. Ethernet Address: The 48-bit address the stations have on an Ethernet network; often written in hexadecimal notation for human reading. Ethernet Frame: A message at the data link layer in an Ethernet network. Ethernet Switch: Switch following the Ethernet standard. Notable for speed and low cost per frame sent. Dominates LAN switching. EtherPeek: A commercial traffic summarization program. Evil Twin Access Point: Attacker access point outside a building that attracts clients inside the building to associate with it. Excess Burst Speed: One of Frame Relay’s twopart PVC speeds; beyond the CIR. Exhaustive Search: Cracking a key or password by trying all possible keys or passwords. Exploit: A break-in program; a program that exploits known vulnerabilities. Exploitation Software: Software that is planted on a computer; it continues to exploit the computer. Extended ASCII: Extended 8-bit version of the ASCII code used on PCs. Extended Star Topology: The type of topology wherein there are multiple layers of switches organized in a hierarchy, in which each node has only one parent node; used in Ethernet; more commonly called a hierarchical topology. Extensible Authentication Protocol (EAP): A protocol that authenticates users with authentication data (such as a password or a response to a challenge based on PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 597 Glossary a station’s digital certificate) and authentication servers. Exterior Routing Protocol: Routing protocol used between autonomous systems. Extranet: A network that uses TCP/IP Internet standards to link several firms together but that is not accessible to people outside these firms. Even within the firms of the extranet, only some of each firm’s computers have access to the network. Face Recognition: The scanning of passersby to identify terrorists or wanted criminals by the characteristics of their faces. Facilitating Server: A server that solves certain problems in P2P interactions but that allows clients to engage in P2P communication for most of the work. False Alarm: An apparent incident that proves not to be an attack. False Positive: A false alarm. Fast Ethernet: 100 Mbps Ethernet. FCC: See Federal Communications Commission. EIGRP: See Enhanced Interior Gateway Routing Protocol. FDDI: See Fiber Distributed Data Interface. FDM See Frame Division Multiplexing. FHSS: See Frequency Hopping Spread Spectrum. Fiber Distributed Data Interface: Obsolete 100 Mbps token-ring network. Fiber to the Home (FTTH): Optical fiber brought by carriers to individual homes and businesses. Field: A subdivision of a message header or trailer. File Server: A server that allows users to store and share files. File Server Program Access: The form of client/server computing in which the server’s only role is to store programs and data files, while the client PC does the actual processing of programs and data files. File Sharing: The ability of computer users to share files that reside on their own disk drives or on a dedicated file server. Filtering: Examining the content of arriving packets to decide what to do with them. Fin Bit: One-bit field in a TCP header; indicates that the sender wishes to open a TCP connection. Fingerprint Scanning: A form of biometric authentication that uses the applicant’s fingerprints. Fingerprinting: The second phase of network mapping, in which the program determines the characteristics of hosts to determine if they are clients, servers, or routers. Firewall: A security system that examines each incoming packet. If the firewall identifies the packet as an attack packet, the firewall discards the packet and copies information about the discarded packet into a log file. First-Generation (1G): The initial generation of cellular telephony, introduced in the 1980s. 1G systems were analog, were only given about 50 MHz of spectrum, had large and few cells, and had very limited speeds for data transmission. Fixed Wireless Service: Local terrestrial wireless service in which the user is at a fixed location. Flag Field: A one-bit field. Flat Rate: Local telephone service in which there is a fixed monthly service charge but no separate fee for individual local calls. Flow Control: The ability of one side in a conversation to tell the other side to slow or stop its transmission rate. Footprint: Area of coverage of a communication satellite’s signal. Forensics: The collection of data in a form suitable for presentation in a legal proceeding. Four-Way Close: A normal TCP connection close; requires four messages. Fractional T1: A type of private line that offers intermediate speeds at intermediate prices; usually operates at one of the following speeds: 128 kbps, 256 kbps, 384 kbps, 512 kbps, or 768 kbps. FRAD: See Frame Relay Access Device. Fragment Offset Field: In IPv4, a flag field that tells a fragment’s position in a stream of fragments from an initial packet. Fragment (Fragmentation): To break a message into multiple smaller messages. TCP fragments application layer messages, while IP packets may be fragmented by routers along the packet’s route. Frame: 1) A message at the data link layer. 2) In time division multiplexing, a brief time period, which is further subdivided into slots. 597 PANKMG01_0132214415.QXD 598 5/12/06 6:15 PM Page 598 Glossary Frame Check Sequence Field: A four-octet field used in error checking in Ethernet. If an error is found, the frame is discarded. Frame Relay Access Device (FRAD): Device that connects an internal site network to a Frame Relay network. Frequency: The number of complete cycles a radio wave goes through per second. In sound, frequency corresponds to pitch. Frequency Division Multiplexing (FDM): A technology used in microwave transmission in which the microwave bandwidth is subdivided into channels, each carrying a single circuit. Frequency Hopping Spread Spectrum (FHSS): Spread spectrum transmission that uses only the bandwidth required by the signal but hops frequently within the spread spectrum channel. Frequency Modulation: Modulation in which one frequency is chosen to represent a 1 and another frequency is chosen to represent a 0. Frequency Spectrum: The range of all possible frequencies from zero hertz to infinity. FTTH: See Fiber to the Home. Full-Duplex: A type of communication that supports simultaneous two-way transmission. Almost all communication systems today are full-duplex systems. Full-Mesh Topology: Topology in which each node is connected to each other node. Fully Configured: A system with all necessary options. Functional Department: General name for departments in a firm other than the IT department; marketing, accounting, and so forth. Gateway: An obsolete term for “router;” still in use by Microsoft. Gateway Controller: In IP telephony, a device that controls the operation of signaling gateways and media gateways. Gbps: Gigabit per second. General Packet Radio Service (GPRS): The technology to which many GSM systems are now being upgraded. GPRS can combine two or more GSM time slots within a channel and so can offer data throughput near that of a telephone modem. Often called a 2.5G technology. GEO: See Geosynchronous Earth Orbit Satellite. Geosynchronous Earth Orbit Satellite (GEO): The type of satellite most commonly used in fixed wireless access today; orbits the earth at about 36,000 km (22,300 miles). Get: An SNMP command sent by the manager that tells the agent to retrieve certain information and return this information to the manager. GHz: See Gigahertz. Gigabit Ethernet: 1 Gbps versions of Ethernet. Gigabit per second: One billion bits per second. Gigahertz (GHz): One billion hertz. GIGO: Garbage in, garbage out. If bad information is put into a system, only bad information can come out. Global System for Mobile communication (GSM): The cellular telephone technology on which nearly the entire world standardized for 2G service. GSM uses 200 kHz channels and implements TDM. Gnutella: A pure P2P file-sharing application that addresses the problems of transient presence and transient IP addresses without resorting to the use of any server. Golden Zone: The portion of the frequency spectrum from the high megahertz range to the low gigahertz range, wherein commercial mobile services operate. GPO: See Group Policy Object. GPRS: See General Packet Radio Service. Graded-Index Multimode Fiber: Multimode fiber in which the index of refraction varies from the center of the core to the cladding boundary. Grid Computing: Computing in which all devices, whether clients or servers, share their processing resources. Group Policy Object (GPO): A policy that governs a specific type of resource on a domain. GSM: See Global System for Mobile communication. H.323: In IP telephony, one of the protocols used by signalling gateways. Hacking: The intentional use of a computer resource without authorization or in excess of authorization. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 599 Glossary Half-Duplex: The mode of operation wherein two communicating NICs must take turns transmitting. Handoff: a) In wireless LANs, a change in access points when a user moves to another location. b) In cellular telephony, transfer from one cellsite to another, which occurs when a subscriber moves from one cell to another within a system. Hardened: Set up to protect itself, as a server or client. Hash: The output from hashing. Hashing: A mathematical process that, when applied to a bit string of any length, produces a value of a fixed length, called the hash. HDSL: See High-Rate Digital Subscriber Line. HDSL2: A newer version of HDSL, that transmits in both directions at 1.544 Mbps. Header: The part of a message that comes before the data field. Header Checksum: The UDP datagram field that allows the receiver to check for errors. Headquarters: The First Bank of Paradise’s downtown office building that houses the administrative site. Hertz (Hz): One cycle per second, a measure of frequency. Hex Notation: See Hexadecimal Notation. Hexadecimal (Hex) Notation: The Base 16 notation that humans use to represent address 48-bit MAC source and destination addresses. Hierarchical Topology: A network topology in which all switches are arranged in a hierarchy, in which each switch has only one parent switch above it (the root switch, however, has no parent); used in Ethernet. Hierarchy: 1) The type of topology wherein there are multiple layers of switches organized in a hierarchy, in which each node has only one parent node; used in Ethernet. 2) In IP addresses, three multiple parts that represent successively more specific locations for a host. High-Rate Digital Subscriber Line (HDSL): The most popular business DSL, which offers symmetric transmission at 768 kbps in both directions. See also HDSL2. Hop-by-Hop: A layer in which communication is governed by each individual switch or router along the path of a message. Host: Any computer attached to the Internet (can be either personal client or server). Host Computer: 1) In terminal–host computing, the host that provides the processing power; 2) on an internet, any host. Host Name: An unofficial designation for a host computer. Host Part: The part of an IP address that identifies a particular host on a subnet. Hot Spot: A public location where anyone can connect to an access point for Internet access. HTML: See Hypertext Markup Language. HTML Body: Body part in a Hypertext Markup Language message. HTTP: See Hypertext Transfer Protocol. HTTP Request Message: In HTTP, a message in which a client requests a file or another service from a server. HTTP Request–Response Cycle: An HTTP client request followed by an HTTP server response. HTTP Response Message: In HTTP, a message in which a server responds to a client request; either contains a requested file or an error message explaining why the requested file could not be supplied. Hub: An early device used by Ethernet LANs to move frames in a system. Hubs broadcast each arriving bit out all ports except for the port that receives the signal. Hub-and-Spoke Topology: A topology in which all communication goes through one site. Hybrid Mode: In password cracking, a mode that tries variations on common word passwords. Hybrid TCP/IP-OSI Standards Architecture: The architecture that uses OSI standards at the physical and data link layers and TCP/IP standards at the internet, transport, and application layers; dominant in corporations today. Hypertext Markup Language (HTML): The language used to create webpages. Hypertext Transfer Protocol (HTTP): The protocol that governs interactions between the browser and webserver application program. Hz: See Hertz. ICC: See International Common Carrier. ICF: See Internet Connection Firewall. 599 PANKMG01_0132214415.QXD 600 5/12/06 6:15 PM Page 600 Glossary ICMP Echo: A message sent by a host or router to another host or router. If the target device’s internet process is able to do so, it will send back an echo response message. ICMP Error Message: A message sent in error advisement to inform a source device that an error has occurred. ICMP: See Internet Control Message Protocol. ICS: See Internet Connection Sharing. IDC: See Insulation Displacement Connection. Identification Field: In IPv4, header field used to reassemble fragmented packets. Each transmitted packet is given a unique identification field value. If the packet is fragmented en route, all fragments are given the initial packet’s identification field value. Identity Theft: Stealing enough information about a person to impersonate him or her in complex financial transactions. IDS: See Intrusion Detection System. IEEE: See Institute for Electrical and Electronics Engineers. IETF: See Internet Engineering Task Force. ILEC: See Incumbent Local Exchange Carrier. IM: See Instant Messaging. Image: An exact copy. IMAP: See Internet Message Access Protocol. Impostor: Someone who claims to be someone else. Incident: A successful attack. Incident Severity: The degree of destruction inflicted by an attack. Incumbent Local Exchange Carrier (ILEC): The traditional monopoly telephone company within each LATA. Index Server: A server used by Napster. Stations connected to Napster would first upload a list of their files available for sharing to index servers. Later, when they searched, their searches went to the index servers and were returned from there. Individual Throughput: The actual speed a single user receives (usually much lower than aggregate throughput in a system with shared transmission speed). Ingress Filtering: The filtering of traffic coming into a site from the outside. Inherit: When permissions are assigned to a user in a directory, user automatically receives the same permissions in sub- directories unless this automatic inheritance is blocked. Initial Installation: The initial phase of a product’s life cycle. Ongoing costs may be much higher. Initialization Vector: A bit string used in conjunction with a key for encryption. Initial Labor Costs: The labor costs of setting up a system for the first time. Initial Sequence Number (ISN): The sequence number placed in the first TCP segment a side transmits in a session; selected randomly. Instance: An actual example of a category. Instant Messaging (IM): A popular P2P application that allows two users to type messages back and forth in real time. Institute for Electrical and Electronics Engineers (IEEE): An international organization whose 802 LAN/MAN Standards Committee creates many LAN standards. Insulation: Nonconducting coating around each wire in a UTP cord. Insulation Displacement Connection (IDC): Connection method used in UTP. A connector bites through the insulation around a wire, making contact with the wire inside. Interexchange Carrier (IXC): A telephone carrier that transmits voice traffic between LATAs. Interface: 1) The router’s equivalent of a network interface card; a port on a router that must be designed for the network to which it connects. 2) In Web services, the outlet through which an object communicates with the outside world. Interference: See Electromagnetic Interference. Interior Routing Protocol: Routing protocol used within a firm’s internet. Internal Back-End System: In e-commerce, an internal e-commerce system that handles accounting, pricing, product availability, shipment, and other matters. Internal Router: A router that connects different LANs within a site. International Common Carrier (ICC): A telephone carrier that provides international service. International Organization for Standardization (ISO): A strong standards agency PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 601 Glossary for manufacturing, including computer manufacturing. International Telecommunications UnionTelecommunications Standards Sector (ITU-T): A standards agency that is part of the United Nations and that oversees international telecommunications. Internet: 1) A group of networks connected by routers so that any application on any host on any network can communicate with any application on any other host on any other network. 2) A general term for any internetwork (spelled with a lowercase i); 3) the worldwide Internet (spelled with a capital I). Internet Backbone: The collection of all Internet Service Providers that provide Internet transmission service. Internet Connection Firewall (ICF): The built-in stateful firewall that comes with Windows XP. Internet Connection Sharing (ICS): Microsoft Windows service that allows a PC to connect to the Internet through another PC. Internet Control Message Protocol (ICMP): The protocol created by the IETF to oversee supervisory messages at the internet layer. Internet Engineering Task Force (IETF): TCP/IP’s standards agency. Internet Layer: The layer that governs the transmission of a packet across an entire internet. Internet Message Access Protocol (IMAP): One of the two protocols used to download received e-mail from an e-mail server; offers more features but is less popular than POP. Internet Network: A network on the Internet owned by a single organization, such as a corporation, university, or ISP. Internet Options: In Microsoft Windows, way of setting security and other settings for Browser communication. Internet Protocol (IP): The TCP/IP protocol that governs operations at the internet layer. Governs packet delivery from host to host across a series of routers. Internet Service Provider: Carrier that provides Internet access and transmission. Internetwork Operating System (IOS): The operating system that Cisco Systems uses on all of its routers and most of its switches. Intranet: An internet for internal transmission within firms; uses the TCP/IP transmission standards that govern transmission over the Internet. Intrusion Detection System (IDS): A security system that examines messages traveling through a network. IDSs look at traffic broadly, identifying messages that are suspicious. Instead of discarding these packets, IDSs will sound an alarm. Intrusion Protection System (IPS): Firewall system that uses sophisticated packet filtering methods to stop attacks. Inverse square law: Radio signal strength declines with the square of transmission distance. IOS: See Internetwork Operating System. IP: See Internet Protocol. IP Address: An Internet Protocol address; the address that every computer needs when it connects to the Internet; IP addresses are 32 bits long. Ipconfig/all: Windows command line command in newer versions of Windows that shows configuration parameters for the PC. IP Security (IPsec): A set of standards that operate at the internet layer and provide security to all upper layer protocols transparently. IP Telephone: A telephone that has the electronics to encode voice for digital transmission and to send and receive packets over an IP internet. IP Telephony: The transmission of telephone signals over IP internets instead of over circuit-switched networks. IP Version 4 (IPv4): The standard that governs most routers on the Internet and private internets. IP Version 6 (IPv6): A new version of the Internet Protocol. Ipconfig (ipconfig): A command used to find information about one’s own computer, used in newer versions of Windows (the command is typed as ipconfig/all[Enter] at the command line). IPS: See intrusion prevention system. IPsec Gateway: Border device at a site that converts between internal data traffic into 601 PANKMG01_0132214415.QXD 602 5/12/06 6:15 PM Page 602 Glossary protected data traffic that travels over an untrusted system such as the Internet. IPsec: See IP Security. IPv4: See IP Version 4. IPv6: See IP Version 6. IPX/SPX Architecture: Non-TCP/IP standards architecture found at upper layers in LANs; required on all older Novell NetWare file servers. Iris: The colored part of the eye, used in biometric authentication. ISN: See Initial Sequence Number. ISO: See International Organization for Standardization. ISO/IEC 11801: European standard for wire and optical fiber media. ISP: See Internet Service Provider. IT Disaster Recovery: Recovering from a disaster that damages computer equipment or data. IT Guru. See OPNET IT Guru. ITU-T: See International Telecommunications Union-Telecommunications Standards Sector. IXC: See Interexchange Carrier. Jacket: The outer plastic covering, made of PVC, that encloses and protects the four pairs of wires in UTP or the core and cladding in optical fiber. Java Applet: Small Java program that is downloaded as part of a webpage. Jitter: Variability in latency. JPEG: Popular graphics file format. kbps: Kilobits per second. Key: A bit string used with an encryption method to encrypt and decrypt a message. Different keys used with a single encryption method will give different ciphertexts from the same plaintext. Key Exchange: The secure transfer of a symmetric session key between two communicating parties. Key-Hashed Message Authentication Code (HMAC): Electronic signature technology that is efficient and inexpensive but lacks nonrepudiation. Key Management: The management of key creation, distribution, and other operations. Label Header: In MPLS, the header added to packets before the IP header; contains information that aids and speeds routers in choosing which interface to send the packet back out. Label Number: In MPLS, number in the label header that aids label-switching routers in packet sending. Label Switching Router: Router that implements MPLS label switching. Label Switching Table: In MPLS, the table used by label-switching routers to decide which interface to use to forward a packet. LAN: See Local Area Network. Language Independence: In SOAP, the fact that Web service objects do not have to be written in any particular language. LATA: See Local Access and Transport Area. Latency: Delay, usually measured in milliseconds. Latency-Intolerant: An application whose performance is harmed by even slight latency. Layer 3: See Internet Layer. Layer 3 Switch: A router that does processing in hardware, that is much faster and less expensive than traditional software-based routers. Layer 3 switches are usually dominant in the Ethernet core above workgroup switches. Layer 4: See Transport Layer. Layer 4 Switch: A switch that examines the port number fields of each arriving packet’s encapsulated TCP segment, allowing it to switch packets based on the application they contain. Layer 4 switches can give priority or even deny forwarding to IP packets from certain applications. Layer 5: See Application Layer. Leased Line Circuit: A high-speed pointto-point circuit. Legacy Network: A network that uses obsolete technology; may have to be lived with for some time because upgrading all legacy networks at one time is too expensive. Legal Retention: Rules that require IM messages to be captured and stored in order to comply with legal requirements. Length Field: 1) The field in an Ethernet MAC frame that gives the length of the data field in octets. 2) The field in a UDP datagram that enables the receiving transport process to process the datagram properly. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 603 Glossary LEO: See Low Earth Orbit Satellite. Lightweight Directory Access Protocol: Simple protocol for accessing directory servers. Line of Sight: An unobstructed path between the sender and receiver, necessary for radio transmission at higher frequencies. Link: Connection between a pair of routers. Link Aggregation: The use of two or more trunk links between a pair of switches; also known as trunking or bonding. Link State Protocol: Routing protocol in which each router knows the state of each link between routers. Linux: A freeware version of Unix that runs on standard PCs. Linux Distribution: A package purchased from a vendor that contains the Linux kernel plus a collection of many other programs, usually taken from the GNU project. List Folder Contents: A Microsoft Windows Server permission that allows the account owner to see the contents of a folder (directory). LLC: See Logical Link Control. LLC Header: See Logical Link Control Layer Header. Load-Balancing Router: Router used on a server farm that sends client requests to the first available server. Local: The value placed in the next-hop routing field of a routing table to specify that the destination host is on the selected network or subnet. Local Access and Transport Area (LATA): One of the roughly 200 site regions the United States has been divided into for telephone service. Local Area Network (LAN): A network within a site. Local Calling: Telephone calls placed to a nearby caller; less expensive than longdistance calls. Local Loop: In telephony, the line used by the customer to reach the PSTN’s central transport core. Log File: A file that contains data on events. Logical Link Control Layer: The layer of functionality for the upper part of the data link layer, now largely ignored. Logical Link Control Layer Header: The header at the start of the data field that describes the type of packet contained in the data field. Logical Link Control Layer Subheader: Group of fields at the beginning of the Ethernet data field. Long Distance: A telephone call placed to a distance party; more expensive than a local call. Longest Match: The matching row that matches a packet’s destination IP address to the greatest number of bits; chosen by a router when there are multiple matches. Loopback Address: The IP address 127.0.0.1. When a user pings this IP address, this will test their own computer’s connection to the Internet. Loopback Interface: A testing interface on a device. Messages sent to this interface are sent back to the sending device. Low Earth Orbit Satellite (LEO): A type of satellite used in mobile wireless transmission; orbits a few hundred miles or a few hundred kilometers above the earth. MAC: See Media Access Control. MAC Address: See Media Access Control. Mainframe Computer: The largest type of dedicated server; extremely reliable. Malware: Software that seeks to cause damage. Malware-Scanning Program: A program that searches a user’s PC looking for installed malware. MAN: See Metropolitan Area Network. Manageable Switch: A switch that has sufficient intelligence to be managed from a central computer (the Manager). Managed Device: A device that needs to be administered, such as printers, hubs, switches, routers, application programs, user PCs, and other pieces of hardware and software. Managed Frame Relay: A type of Frame Relay service that takes on most of the management that customers ordinarily would have to do. Managed Frame Relay provides traffic reports and actively manages day-to-day traffic to look for problems and get them fixed. Management Information Base (MIB): A specification that defines what objects can exist on each type of managed device and also the specific characteristics of each object; 603 PANKMG01_0132214415.QXD 604 5/12/06 6:15 PM Page 604 Glossary the actual database stored on a manager in SNMP. There are separate MIBs for different types of managed devices; both a schema and a database. Management Program: A program that helps network administrators manage their networks. Manager: The central PC or more powerful computer that uses SNMP to collect information from many managed devices. Mask: A 32-bit string beginning with a series of ones and ending a series of zeroes; used by routing tables to Interpret IP address part sizes. The ones designate either the network part or the network plus software part. Mask Operations: Applying a mask of ones and zeros to a bit stream. Where the mask is 1, the original bit stream’s bit results. Otherwise, the result is zero. Mature: Technology that has been under development long enough to have its rough edges smoothed off. Maximum Segment Size (MSS): The maximum size of TCP data fields that a receiver will accept. Maximum Transmission Unit (MTU): The maximum packet size that can be carried by a particular LAN or WAN. Mbps: Megabits per second. MD5: A popular hashing method. Mean Time to Repair (MTTR): The average time it takes a staff to get a network back up after it has been down. Media Access Control (MAC): The process of controlling when stations transmit; also, the lowest part of the data link layer, defining functionality specific to a particular LAN technology. Media Gateway: A device that connects IP telephone networks to the ordinary public switched telephone network. Media gateways also convert between the signalling formats of the IP telephone system and the PSTN. Medium Earth Orbit Satellite (MEO): A type of satellite used in mobile wireless transmission; orbits a few thousand miles or a few thousand kilometers above the earth. Megabits per second: Millions of bits per second. Megahertz (MHz): One million hertz. MEO: See Medium Earth Orbit Satellite. Mesh Networking: A type of networking in which wireless devices route frames without the aid of wired LANs. Mesh Topology: 1) A topology where there are many connections among switches or routers, so there are many alternative routes for messages to get from one end of the network to the other. 2) In network design, a topology that provides direct connections between every pair of sites. Message: A discrete communication between hardware or software processes. Message Digest: The result of hashing a plaintext message. The message digest is signed with the sender’s private key to produce the digital signature. Message Integrity: The assurance that a message has not been changed en route; or if a message has been changed, the receiver can tell that it has. Message Timing: Controlling when hardware or software processes may transmit. Message Unit: Local telephone service in which a user is charged based on distance and duration. Method: In Web services, a well-defined action that a SOAP message can request. Metric: A number describing the desirability of a route represented by a certain row in a routing table. Metro Ethernet: See metropolitan area Ethernet. Metropolitan Area Ethernet: Ethernet operating at the scale of a metropolitan area network. Metropolitan Area Network (MAN): A WAN that spans a single urban area. MHz: See Megahertz. MHz-km: Measure of modal bandwidth, a measure of multimode fiber quality. MIB: See Management Information Base. Microsoft Windows Server: Microsoft’s network operating system for servers, which comes in three versions: NT, 2000, and 2003. Microsoft Windows XP Home: The dominant operating system today for residential PCs. Microsoft Windows XP Professional: A version of Windows XP designed to be run in organization; integrates with Windows Server services. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 605 Glossary Microwave: Traditional point-to-point radio transmission system. Microwave Repeater: Transmitter/receiver that extends the distance a microwave link can travel. Millisecond (ms): The unit in which latency is measured. MIME: See Multipurpose Internet Mail Extensions. MIMO: See Multiple Input/Multiple Output. Ministry of Telecommunications: A governmentcreated regulatory body that oversees PTTs. Mobile IP: A system for handling IP addresses for mobile devices. Mobile Telephone Switching Office (MTSO): A control center that connects cellular customers to one another and to wired telephone users, as well as overseeing all cellular calls (determining what to do when people move from one cell to another, including which cellsite should handle a caller when the caller wishes to place a call). Mobile Wireless Access: Local wireless service in which the user may move to different locations. Modal Bandwidth: The measure of multimode fiber quality; the fiber’s bandwidth–distance product. A modal bandwidth of 200 MHz-km means that if your bandwidth is 100 MHz, then you can transmit 2 km. Modal Dispersion: The main propagation problem for optical fiber; dispersion in which the difference in the arrival times of various modes (permitted light rays) is too large, causing the light rays of adjacent pulses to overlap in their arrival times and rendering the signal unreadable. Mode: An angle light rays are permitted to enter an optical fiber core. Modify: A Microsoft Windows Server permission that gives an account owner additional permissions to act upon files, for example, the permission to delete a file, which is not included in Write. Modulate: To convert digital signals to analog signals. Momentary Traffic Peak: A surplus of traffic that briefly exceeds the network’s capacity, happening only occasionally. Monochrome Text: Text of one color against a contrasting background. More Fragments Flag Field: In IPv4, a flag field that indicates whether there are more fragments (set) or not (not set). MPLS: See Multiprotocol Label Switching. Ms: See Millisecond. MS-CHAP: Microsoft version of the Challenge– Response Authentication Protocol. MSS: See Maximum Segment Size. MTSO: See Mobile Telephone Switching Office. MTTR: See Mean Time to Repair. MTU: See Maximum Transmission Unit. Multicasting: Simultaneously sending messages to multiple stations but not to all stations. Multilayer Security: Applying security at more than one layer to provide defense in depth. Multimode Fiber: The most common type of fiber in LANs, wherein light rays in a pulse can enter a fairly thick core at multiple angles. Multipath Interference: Interference caused when a receiver receives two or more signals—a direct signal and one or more reflected signals. The multiple signals may interfere with one another. Multiple Input/Multiple Output (MIMO): A radio transmission method that sends several signals simultaneously in a single radio channel. Multiplexing: 1) Having the packets of many conversations share trunk lines; reduces trunk line cost. 2) The ability of a protocol to carry messages from multiple nexthigher-layer protocols in a single communication session. Multiprocessing Computer: A computer with multiple microprocessors. This allows it to run multiple programs at the same time. Multiprotocol Label Switching (MPLS): A traffic management tool used by many ISPs. Multiprotocol Router: A router that can handle not only TCP/IP internetworking protocols, but also internetworking protocols for IPX/SPX, SNA, and other standards architectures. Multiprotocol: Characterized by implementing many different protocols and products following different architectures. 605 PANKMG01_0132214415.QXD 606 5/12/06 6:15 PM Page 606 Glossary Multipurpose Internet Mail Extensions (MIME): A standard for specifying the contents of files. Mutual Authentication: Authentication by both parties. Name Server: Server in the Domain Name System. Nanometer (nm): The measure used for wavelengths; one billionth of a meter (109 meters). NAP: See Network Access Point. Narrowband: 1) A channel with a small bandwidth and, therefore, a low maximum speed; 2) low-speed transmission. NAS: See Network Attached Storage. NAT: See Network Address Translation. Netstat: A popular route analysis tool, which gives data on current connections between a computer and other computers. Network: In IP addressing, an organizational concept—a group of hosts, single networks, and routers owned by a single organization. Network Access Point (NAP): A site where ISPs interconnect and exchange traffic. Network Address Translation (NAT): Converting an IP address into another IP address, usually at a border firewall; disguises a host’s true IP address from sniffers. Allows more internal addresses to be used than an ISP supplies a firm with external addresses. Network Architecture: 1) A broad plan that specifies everything that must be done for two application programs on different networks on an internet to be able to work together effectively. 2) A broad plan for how the firm will connect all of its computers within buildings (LANs), between sites (WANs), and to the Internet; also includes security devices and services. Network Attached Storage (NAS): Storage device that connects directly to the network instead of to a computer. Network Interface Card (NIC): Printed circuit expansion board for a PC; handles communication with a network; sometimes built into the motherboard. Network Layer: In OSI, Layer 3; governs internetworking. OSI network layer standards are rarely used. Network Management Agent (Agent): A piece of software on the managed device that communicates with the manager on behalf of the managed device. Network Management Program (Manager): A program run by the network administrator on a central computer. Network Management Utility: A program used in network management. Network Mapping: The act of mapping the layout of a network, including what hosts and routers are active and how various devices are connected. Its two phases are discovering and fingerprinting. Network Mask: A mask that has 1s in the network part of an IP address and 0s in all other parts. Network Operating System (NOS): A PC server operating system. Network Part: The part of an IP address that identifies the host’s network on the Internet. Network Security: The protection of a network from attackers. Network Simulation: The building of a model of a network that is used to project how the network will operate after a change. Network Topology: The order in which a network’s nodes are physically connected by transmission lines. Networked Application: An application that provides service over a network. Next Header Field: In IPv6, a header field that describes the header following the current header. Next-Hop Router: A router to which another router forwards a packet in order to get the packet a step closer to reaching its destination host. NIC: See Network Interface Card. Nm (nm): See Nanometer. Nmap: A network mapping tool that finds active IP addresses and then fingerprints them to determine their operating system and perhaps their operating system version. Node: A client, server, switch, router, or other type of device in a network. Noise: Random electromagnetic energy within wires; combines with the data signal to make the data signal difficult to read. Noise Floor: The mean of the noise energy. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 607 Glossary Noise Spike: An occasional burst of noise that is much higher or lower than the noise floor; may cause the signal to become unrecognisable. Nonblocking: A nonblocking switch has enough aggregate throughput to handle even the highest possible input load (maximum input on all ports). Nonoverlapping Channel: Channels whose frequencies do not overlap. Normal Attack: An incident that does a small amount of damage and can be handled by the on-duty staff. North Shore: The First Bank of Paradise’s backup facility; able to take over within minutes if Operations fails. NOS: See Network Operating System. Not Set: When a flags field is given the value 0. Nslookup (nslookup): A command that allows a PC user to send DNS lookup messages to a DNS server. Object: A specific Web service. Object: In SNMP, an aspect of a managed device about which data is kept. OC: See Optical Carrier. Octet: A collection of eight bits; same as a byte. OFDM: See Orthogonal Frequency Division Multiplexing. Official Internet Protocol Standards: Standards deemed official by the IETF. Official Standards Organization: An internationally recognized organization that produces standards. Omnidirectional Antenna: An antenna that transmits signals in all directions and receives incoming signals equally well from all directions. On/Off Signaling: Signaling wherein the signal is on for a clock cycle to represent a one, and off for a zero. (On/off signaling is binary.) One-Pair Voice-Grade UTP: The traditional telephone access lines to individual residences. Ongoing Costs: Costs beyond initial installation costs; often exceed installation costs. Open Shortest Path First (OSPF): Complex but highly scalable interior routing protocol. Operations: The First Bank of Paradise’s building in an industrial area that houses the bank’s mainframe operations and other back-office technical functions; also has most of the bank’s IT staff, including its networking staff. OPNET ACE: See OPNET Application Characterization Environment. OPNET Application Characterization Environment (ACE): A network simulation program; focuses on application layer performance. OPNET IT Guru: A popular network simulation program; focuses primarily on data link layer and internet layer performance. Optical Carrier (OC): A number that indicates SONET speeds. Optical Fiber: Cabling that sends signals as light pulses. Optical Fiber Cord: A length of optical fiber. Option: One of several possibilities that a user or technologist can select. Orthogonal Frequency Division Multiplexing (OFDM): A form of spread spectrum transmission that divides each broadband channel into subcarriers and then transmits parts of each frame in each subcarrier. Organizational Unit: In directory servers, a subunit of the Organization node. OSI: The Reference Model of Open Systems Interconnection; the 7-layer network standards architecture created by ISO and ITU-T; dominant at the physical and data link layers, which govern transmission within single networks (LANs or WANs). OSI Application Layer (Layer 7): The layer that governs application-specific matters not covered by the OSI Presentation Layer or the OSI Session Layer. OSI Layer 5: See OSI Session Layer. OSI Layer 6: See OSI Presentation Layer. OSI Layer 7: See OSI Application Layer. OSI Presentation Layer (Layer 6): The layer designed to handle data formatting differences between two communicating computers. OSI Session Layer (Layer 5): The layer that initiates and maintains a connection between application programs on different computers. OSPF: See Open Shortest Path First. Out of Phase: In multipath interference, the condition of not being in sync, as occurs 607 PANKMG01_0132214415.QXD 608 5/12/06 6:15 PM Page 608 Glossary with signals that have been reflected and thus traveled different distances and not arrived at the receiver at the same time. Outsourcing: Paying other firms to handle some, most, or all IT chores. Overprovision: To install much more capacity in switches and trunk links than will be needed most of the time, so that momentary traffic peaks will not cause problems. Oversubscription: In Frame Relay, the state of having port speeds less than the sum of PVC speeds. P2P: See Peer-to-Peer Architecture. Packet: A message at the internet layer. Packet Capture and Display Program: A program that captures selected packets or all of the packets arriving at or going out of a NIC. Afterward, the user can display key header information for each packet in greater or lesser detail. Packet Filter Firewall: A firewall that examines fields in the internet and transport headers of individual arriving packets. The firewall makes pass/deny decisions based upon the contents of IP, TCP, UDP, and ICMP fields. Packet Switching: The breaking of conversations into short messages (typically a few hundred bits long); allows multiplexing on trunk lines to reduce trunk line costs. PAD Field: A field that the sender adds to an Ethernet frame if the data field is less than 46 octets long (the total length of the PAD plus data field must be exactly 46 octets long). PAN: See Personal Area Network. Parallel Transmission: A form of transmission that uses multiple wire pairs or other transmission media simultaneously to send a signal; increases transmission speed. Pass Phrase: A series of words that is used to generate a key. Password: A secret keyboard string only the account holder should know; authenticates user access to an account. Password Length: The number of characters in a password. Password Reset: The act of changing a password to some value known only to the systems administrator and the account owner. Patch: An addition to a program that will close a security vulnerability in that program. Patch Cord: A cord that comes precut in a variety of lengths, with a connector attached; usually either UTP or optical fiber. Payload: 1) A piece of code that can be executed by a virus or worm after it has spread to multiple machines. 2) ATM’s name for a data field. Payment Mechanism: In e-commerce, ways for purchasers to pay for their ordered goods or services. PBX: See Private Branch Exchange. PC Server: A server that is a personal computer. PCM: Pulse Code Modulation. PEAP: See Protected Extensible Authentication Protocol. Peer-to-Peer Architecture (P2P): The application architecture in which most or all of the work is done by cooperating user computers, such as desktop PCs. If servers are present at all, they serve only facilitating roles and do not control the processing. Peer-to-Peer Service: Service wherein client PCs provide services to one another. Perfect Internal Reflection: When light in optical fiber cabling begins to spread, it hits the cladding and is reflected back into the core so that no light escapes. Permanent IP Address: An IP address given to a server that the server keeps and uses every single time it connects to the Internet. (This is in contrast to client PCs, which receive a new IP address every time they connect to the Internet.) Permanent Virtual Circuit (PVC): A PSDN connection between corporate sites that is set up once and kept in place for weeks, months, or years at a time. Permission: A rule that determines what an account owner can do to a particular resource (file or directory). Personal Area Network (PAN): A small wireless network used by a single person. Personal Mode: Pre-shared Key Mode in WPA or 802.11i. Phase Modulation: Modulation in which one wave serves as a reference wave or a carrier wave. Another wave varies its phase to represent one or more bits. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 609 Glossary Phishing: Social engineering attack that uses an official-looking e-mail message or website. Physical Address: Data link layer address—Not a physical layer address. Given this name because it is the address of the NIC, which is a physical device that implements both the physical and data link layers. Physical Layer: The standards layer that governs physical transmission between adjacent devices; OSI Layer 1. Physical Link: A connection linking adjacent devices on a network. Piggybacking: The act of an attacker being allowed physical entrance to a building by following a legitimate user through a locked door that the victim has opened. Ping: Sending a message to another host and listening for a response to see if it is active. Pixel: A dot on a computer screen. PKI: See Public Key Infrastructure. Plaintext: The original message the sender wishes to send to the receiver; not limited to text messages. Plan–Protect–Respond Cycle: The basic management cycle in which the three named stages are executed repeatedly. Planning: Developing a broad security strategy that will be appropriate for a firm’s security threats. Plenum: The type of cabling that must be used when cables run through airways to prevent toxic fumes in case of fire. Point of Presence (POP): 1) In cellular telephony, a site at which various carriers that provide telephone service are interconnected. 2) In PSDNs, a point of connection for user sites. There must be a private line between the site and the POP. Point-to-Point Topology: A topology wherein two nodes are connected directly. Point-to-Point Tunneling Protocol (PPTP): A remote access VPN security standard offering moderate security. PPTP works at the data link layer, and it protects all messages above the data link layer, providing protection transparently. POP: See 1) Point of Presence. 2) See Post Office Protocol. Pop-Up Blocker: A program that blocks annoying pop-up advertisements. Port: In TCP and UDP messages, a header field that designates the application layer process on the server side and a specific connection on the client side. Port Number: The field in TCP and UDP that tells the transport process what application process sent the data in the data field or should receive the data in the data field. Portfolio: A planned collection of projects. Post Office Protocol (POP): The most popular protocol used to download e-mail from an e-mail server to an e-mail client. PPTP: See Point-to-Point Tunneling Protocol. Preamble Field: The initial field in an Ethernet MAC frame; synchronizes the receiver’s clock to the sender’s clock. Prefix Notation: A way of representing masks. Gives the number of initial 1s in the mask. Premises: The land and buildings owned by a customer. Presence Server: A server used in many P2P systems; knows the IP addresses of each user and also whether the user is currently on line and perhaps whether or not the user is willing to chat. Pre-Shared Key: A mode of operation in WPA and 802.11i in which all stations and an access point share the same initial key. Presentation Layer: See OSI Presentation Layer. Print Server: An electronic device that receives print jobs and feeds them to the printer attached to the print server. Printer Sharing: Allowing multiple PCs to share a single printer. Priority: Preference given to latency-sensitive traffic, such as voice and video traffic, so that latency-sensitive traffic will go first if there is congestion. Priority Level: The three-bit field used to give a frame one of eight priority levels from 000 (zero) to 111 (eight). Private Branch Exchange (PBX): An internal telephone switch. Private IP Address: An IP address that may be used only within a firm. Private IP addresses have three designated ranges: 10.x.x.x, 192.168.x.x, and 172.16.x.x through 172.31.x.x. Private Key: A key that only the true party should know. Part of a public key–private key pair. Probable Annual Loss: The likely annual loss from a particular threat. The cost of 609 PANKMG01_0132214415.QXD 610 5/12/06 6:15 PM Page 610 Glossary a successful attack times the probability of a successful attack in a one-year period. Probe Packet: A packet sent into a firm’s network during scanning; responses to the probe packet tend to reveal information about a firm’s general network design and about its individual computers—including their operating systems. Problem Update: An update that causes disruptions, such as slowing computer operation. Propagate: To travel. Propagation Effects: Changes in the signal during propagation. Property: A characteristic of an object. Protected Extensible Authentication Protocol (PEAP): A version of EAP preferred by Microsoft Windows computers. Protecting: Implementing a strategic security plan; the most time-consuming stage in the plan–protect–respond management cycle. Protocol: 1) A standard that governs interactions between hardware and software processes at the same layer but on different hosts. 2) In IP, the header field that describes the content of the data field. Protocol Fidelity: The assurance that an application using a particular port is the application it claims to be. Protocol Field: In IP, a field that designates the protocol of the message in the IP packet’s data field. Provable Attack Packet: A packet that is provably an attack packet. PSDN: See Public Switched Data Network. PSTN: See Public Switched Telephone Network. PTT: See Public Telephone and Telegraphy Authority. Public IP Address: An IP address that must be unique on the Internet. Public Key: A key that is not kept secret. Part of a public key–private key pair. Public Key Authentication: Authentication in which each user has a public key and a private key. Authentication depends on the applicant knowing the true party’s private key; requires a digital certificate to give the true party’s public key. Public Key Encryption: Encryption in which each side has a public key and a private key, so there are four keys in total for bidirectional communication. The sender encrypts messages with the receiver’s public key. The receiver, in turn, decrypts incoming messages with the receiver’s own private key. Public Key Infrastructure (PKI): A total system (infrastructure) for public key encryption. Public Switched Data Network (PSDN): A carrier WAN that provides data transmission service. The customer only needs to connect to the PSDN by running one private line from each site to the PSDN carrier’s nearest POP. Public Switched Telephone Network (PSTN): The worldwide telephone network. Public Telephone and Telegraphy authority (PTT): The traditional title for the traditional monopoly telephone carrier in most countries. Public Utilities Commission (PUC): In the United States, telecommunications regulatory agency at the state level. PUC: See Public Utilities Commission. Pulse Code Modulation (PCM): An analogto-digital conversion technique in which the ADC samples the bandpass-filtered signal 8,000 times per second, each time measuring the intensity of the signal and representing the intensity by a number between 0 and 255. PVC: See Permanent Virtual Circuit. QAM: See Quadrature Amplitude Modulation. QoS: See Quality of Service. QPSK: See Quadrature Phase Shift Keying. Quadrature Amplitude Modulation (QAM): Modulation technique that uses two carrier waves—a sine carrier wave and a cosine carrier wave. Each can vary in amplitude. Quadrature Phase Shift Keying (QPSK): Modulation with four possible phases. Each of the four states represents two bits (00, 01, 10, and 11). Quality of Service (QoS): Numerical service targets that must be met by networking staff. Quality-of-Service (QoS) Parameters: In IPv4, service quality parameters applied to all packets with the same TOS field value. Radio Frequency ID (RFID): A tag that can be read at a distance by a radio transmitter/ receiver. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 611 Glossary Radio Wave: An electromagnetic wave in the radio range. Rapid Spanning Tree Protocol: A version of the Spanning Tree Protocol that has faster convergence. RAS: See Remote Access Server. Raster Graphics: Form of graphics in which an image is painted on the screen as a series of dots. Rated Speed: The official speed of a technology. RBOC: See Regional Bell Operating Company. Read: A Microsoft Windows Server permission that allows an account owner to read files in a directory. This is read-only access; without further permissions, the account owner cannot change the files. Read and Execute: A set of Microsoft Windows Server permissions needed to run executable programs. Real Time Protocol (RTP): The protocol that adds headers that contain sequence numbers to ensure that the UDP datagrams are placed in proper sequence and that they contain time stamps so that jitter can be eliminated. Reassembly: Putting a fragmented packet back together. Redundancy: Duplication of a hardware device in order to enhance reliability. Regenerate: In a switch or router, to clean up a signal before sending it back out. Regional Bell Operating Company (RBOC): One of the companies that was created to provide local service when the Bell System (AT&T) was broken up in the early 1980s. Relay Server: A server used in some IM systems, which every message flows through. Relay servers permit the addition of special services, such as scanning for viruses when files are transmitted in an IM system. Reliabile: A protocol in which errors are corrected by resending lost or damaged messages. Remote Access Server (RAS): A server to which remote users connect in order to have their identities authenticated so they can get access to a site’s internal resources. Remote Monitoring (RMON) Probe: A specialized type of agent that collects data on network traffic passing through its location instead of information about the RMON probe itself. Repeat Purchasing: In e-commerce, a consumer returning to a site where he or she had made a purchase previously and making another purchase; essential to profitability. Request for Comment (RFC): A document produced by the IETF that may become designated as an Official Internet Protocol Standard. Request to Send: A message sent to an access point when a station wishes to send and is able to send because of CSMA/CA. The station may send when it receives a clearto-send message. Request to Send/Clear to Send: A system that uses request-to-send and clear-to-send messages to control transmissions and avoid collisions in wireless transmission. Resegment: Dividing a collision domain into several smaller collision domains to reduce congestion and latency. Responding: In security, the act of stopping and repairing an attack. Response Message: In Challenge–Response Authentication Protocols, the message that the applicant returns to the verifier. Response Time: The difference between the time a user types a request to the time the user receives a response. Retention: Rules that require IM messages to be captured and stored in order to comply with legal requirements. RFC: See Request for Comment. RFC 822: The original name for RFC 2822. RFC 2822: The standard for e-mail bodies that are plaintext messages. RFID: See Radio Frequency ID. Ring Topology: A topology in which stations are connected in a loop and messages pass in only one direction around the loop. Ring Wrapping: In a network with a dual-ring topology, responding to a break between switches by turning the surviving parts of a dual ring into a long single ring. Right of Way: Permission to lay wires in public areas; given by government regulators to transmission carriers. RIP: See Routing Information Protocol. Risk Analysis: The process of balancing threats and protection costs. 611 PANKMG01_0132214415.QXD 612 5/12/06 6:15 PM Page 612 Glossary RJ-45 Connector: The connector at the end of a UTP cord, which plugs into an RJ-45 jack. RJ-45 Jack: The type of jack into which UTP cords’ RJ-45 connectors may plug. RMON Probe: See Remote Monitoring Probe. Roaming: The situation when a subscriber leaves a metropolitan cellular system and goes to another city or country. Roaming requires the destination cellular system to be technologically compatible with the subscriber’s cellphone. It also requires administration permission from the destination cellular system. Robust Security Network (RSN): A wireless network in which all stations and access points communicate with 802.11i security. Rogue Access Point: An access point set up by a department or individual and not sanctioned by the firm. Root: 1) The level at the top of a DNS hierarchy, consisting of all domain names. 2) A super account on a Unix server that automatically has full permissions in every directory on the server. Root Server: One of 13 top-level servers in the Domain Name System (DNS). Route: The path that a packet takes across an internet. Route Analysis: Determining the route a packet takes between your host and another host and analyzing performance along this route. Router: A device that forwards packets within an internet. Routers connect two or more single networks (subnets). Routing: 1). The forwarding of IP packets; 2) the exchange of routing protocol information through routing protocols. Routing Information Protocol (RIP): A simple but limited interior routing protocol. Routing Protocol: A protocol that allows routers to transmit routing table information to one another. RSA: Popular public key encryption method. RST Bit: In a TCP segment, if the RST (reset) bit is set, this tells the other side to end the connection immediately. RSTP: See Rapid Spanning Tree Protocol. RTP: See Real Time Protocol. RTS: See Request to Send. RTS/CTS: See Request to Send/Clear to Send. Sample: To read the intensity of a signal. SC Connector: A square optical fiber connector, recommended in the TIA/EIA-568 standard for use in new installations. Scalability: The ability of a technology to handle growth. Scanning: To try to determine a network’s design through the use of probe packets. Schema: The design of a database, telling the specific types of information the database contains. Scope: A parameter on a DHCP server that determines how many subnets the DHCP server may serve. Script Kiddie: An attacker who possesses only modest skills but uses attack scripts created by experienced hackers; dangerous because there are so many. SDH: See Synchronous Digital Hierarchy. Second-and-a-Half Generation (2.5G): A nickname for GPRS systems, which offer a substantial improvement over plain 2G GSM but which is not a full third-generation service. Second-Generation (2G): The second generation of cellular telephony, introduced in the early 1990s. Offers the improvements of digital service, 150 MHz of bandwidth, a higher frequency range of operation, and slightly higher data transmission speeds. Second-Level Domain: The third level of a DNS hierarchy, which usually specifies an organization (e.g., microsoft.com, hawaii.edu). Secure Hash Algorithm (SHA): A hashing algorithm that can produce hashes of different lengths. Secure Shell (SSH): A program that provides Telnet-like remote management capabilities; and FTP-like service; strongly encrypts both usernames and passwords. Secure Sockets Layer (SSL): The simplest VPN security standard to implement; later renamed Transport Layer Security. Provides a secure connection at the transport layer, protecting any applications above it that are SSL/TLS-aware. Semantics: In message exchange, the meaning of each message. Sequence Number Field: In TCP, a header field that tells a TCP segment’s order PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 613 Glossary among the multiple TCP segments sent by one side. Serial Transmission: Ethernet transmission over a single pair in each direction. Server: A host that provides services to residential or corporate users. Server Farm: Large groups of servers that work together to handle applications. Server Station: A station that provides service to client stations. Service Band: A subdivision of the frequency spectrum, dedicated to a specific service such as FM radio or cellular telephone service. Service Control Point: A database of customer information, used in Signaling System 7. Service Level Agreement (SLA): A qualityof-service guarantee for throughput, availability, latency, error rate, and other matters. Service Pack: For Microsoft Windows, large cumulative updates that combine a number of individual updates. Service Pack 2: In Microsoft Windows XP, a security-focused update. Session Initiation Protocol (SIP): Relatively simple signaling protocol for voice over IP. Session Key: Symmetric key that is used only during a single communication session between two parties. Session Layer: See OSI Session Layer. Set: 1) When a flags field is given the value 1. 2) An SNMP command sent by the manager that tells the agent to change a parameter on the managed device. SETI@home: A project from the Search for Extraterrestrial Intelligence (SETI), in which volunteers download SETI@home screen savers that are really programs. These programs do work for the SETI@ home server when the volunteer computer is idle. Processing ends when the user begins to do work. Setup Fee: The cost of initial vendor installation for a system. Severity Rating: A rating for the severity of a risk. SFF: See Small Form Factor. SHA: See Secure Hash Algorithm. Shadow Zone (Dead Spot): A location where a receiver cannot receive radio transmission, due to an obstruction blocking the direct path between sender and receiver. Shannon Equation: An equation by Claude Shannon (1938) that shows that the maximum possible transmission speed (C ) when sending data through a channel is directly proportional to its bandwidth (B), and depends to a lesser extent on its signalto-noise ratio (S/N): C = B Log2 (1 + S/N). Share: Microsoft’s name for something that is shared, usually a directory or a printer. Shared Documents Folder (SharedDocs): In Windows XP, a directory that is automatically shared. To share a file with other users on the computer or on an attached network, the user can copy a file from another directory to the Shared Document Folder. Shared Static Key: A key that is used by all users in a system (shared) that is not changed (static). SharedDocs: See Shared Documents Folder. SHDSL: See Super-High-Rate DSL. Shielded Twisted Pair (STP): A type of twistedpair wiring that puts a metal foil sheath around each pair and another metal mesh around all pairs. Shopping Cart: A core e-commerce function that holds goods for the buyer while he or she is shopping. Signal: An information-carrying disturbance that propagates through a transmission medium. Signal Bandwidth: The range of frequencies in a signal, determined by subtracting the lowest frequency from the highest frequency. Signaling: In telephony, the controlling of calling, including setting up a path for a conversation through the transport core, maintaining and terminating the conversation path, collecting billing information, and handling other supervisory functions. Signaling Gateway: The device that sets up conversations between parties, maintains these conversations, ends them, provides billing information, and does other work. Signaling System 7: Telephone signaling system in the United States. Signal-to-Noise Ratio (SNR): The ratio of the signal strength to average noise strength; should be high in order for the signal to be effectively received. Signing: Encrypting something with the sender’s private key. 613 PANKMG01_0132214415.QXD 614 5/12/06 6:15 PM Page 614 Glossary Simple File Sharing: In Windows XP, extremely weak security used on files in Shared Documents folders. Simple File Sharing does not even use a password; the only security is that people must know the workgroup names to read and change files. Simple Mail Transfer Protocol (SMTP): The protocol used to send a message to a user’s outgoing mail host and from one mail host to another; requires a complex series of interactions between the sender and receiver before and after mail delivery. Simple Network Management Protocol (SNMP): The protocol that allows a general way to collect rich data from various managed devices in a network. Simple Object Access Protocol (SOAP): A standardized way for a Web service to expose its methods on an interface to the outside world. Single Point of Failure: When the failure in a single component of a system can cause a system to fail or be seriously degraded. Single Sign-On (SSO): Authentication in which a user can authenticate himself or herself only once and then have access to all authorized resources on all authorized systems. Single-Mode Fiber: Optical fiber whose core is so thin (usually 8.3 microns in diameter) that only a single mode can propagate— the one traveling straight along the axis. SIP: See Session Initiation Protocol. Site Survey: In wireless LANs, a radio survey to help determine where to place access points. Situation Analysis: The examination of a firm’s current situation, which includes anticipation of how things will change in the future. SLA: See Service Level Agreement. Sliding Window Protocol: Flow control protocol that tells a receiver how many more bytes it may transmit before receiving another acknowledgement, which will give a longer transmission window. Slot: A very brief time period used in Time Division Multiplexing; a subdivision of a frame. Carries one sample for one circuit. Small Form Factor (SFF): A variety of optical fiber connectors; smaller than SC or ST connectors but unfortunately not standardized. Small Office or Home Office (SOHO): A smallscale network for a small office or home office. Smart Access Point: An access point that can be managed remotely. SMTP: See Simple Mail Transfer Protocol. SNA: See Systems Network Architecture. Sneakernet: A joking reference to the practice of walking files around physically, instead of using a network for file sharing. SNMP: See Simple Network Management Protocol. SNR: See Signal-to-Noise Ratio. SOAP: See Simple Object Access Protocol. Social Engineering: Tricking people into doing something to get around security protections. Socket: The combination of an IP address and a port number, designating a specific connection to a specific application on a specific host. It is written as an IP address, a colon, and a port number, for instance 126.96.36.199:80. SOHO: See Small Office or Home Office. Solid-Wire UTP: Type of UTP in which each of the eight wires really is a single solid wire. SONET: See Synchronous Optical Network. Spam: Unsolicited commercial e-mail. Spam Blocking: Software that recognizes and deletes spam. Spanning Tree Protocol (STP): See 802.1D Spanning Tree Protocol. Speech Codec: See codec. Spread Spectrum Transmission: A type of radio transmission that takes the original signal and spreads the signal energy over a much broader channel than would be used in normal radio transmission; used in order to reduce propagation problems, not for security. Spyware: Software that sits on a victim’s machine and gathers information about the victim. SS7: See Signaling System 7. SSH: See Secure Shell. SSL: See Secure Sockets Layer. SSL/TLS: See Secure Sockets Layer and Transport Layer Security. SSL/TLS-Aware: Modified to work with SSL/ TLS. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 615 Glossary SSO: See Single Sign-On. ST Connector: A cylindrical optical fiber connector, sometimes called a bayonet connector because of the manner in which it pushes into an ST port and then twists to be locked in place. Standard: A rule of operation that allows two hardware or software processes to work together. Standards normally govern the exchange of messages between two entities. Standards Agency: An organization that creates and maintains standards. Standards Architecture: A family of related standards that collectively allows an application program on one machine on an internet to communicate with another application program on another machine on the internet. Star Topology: A form of topology in which all wires in a network connect to a single switch. Start of Frame Delimiter Field: The second field of an Ethernet MAC frame, which synchronizes the receiver’s clock to the sender’s clock and then signals that the synchronization has ended. State: In digital physical layer signaling, one of the few line conditions that represent information. Stateful Firewall: A firewall whose default behavior is to allow all connections initiated by internal hosts but to block all connections initiated by external hosts. Only passes packets that are part of approved connections. Station: A computer that communicates over a network. STM: See Synchronous Transfer Mode. Store-and-Forward: Switching wherein the Ethernet switch waits until it has received the entire frame before sending the frame back out. Static IP Address: An IP address that never changes. STP: See 802.1D Spanning Tree Protocol or Shielded Twisted Pair. Strain Relief: Crimping the back of an RJ-45 connector into an RJ-45 cord so that if the cord is pulled, it will not come out of the connector. Strand: In optical fiber, a core surrounded by a cladding. For two-way transmission, two optical fiber strands are needed. Stranded-Wire UTP: Type of UTP in which in which each of the eight “wires” really is a collection of wire strands. Stripping Tool: Tool for stripping the sheath off the end of a UTP cord. Strong Keys: Keys that are too long to be cracked by exhaustive key search. Subcarrier: A channel that is itself a subdivision of a broadband channel, used to transmit frames in OFDM. Subnet: A small network that is a subdivision of a large organization’s network. Subnet Mask: A mask with 1s in the network and subnet parts and zeros in the host part. Subnet Part: The part of an IP address that specifies a particular subnet within a network. Super Client: “Serverish” client in Gnutella that is always on, that has a fixed IP address, that has many files to share, and that is connected to several other super clients. Super-High-Rate DSL (SHDSL): The next step in business DSL, which can operate symmetrically over a single voice-grade twisted pair and over a speed range of 384 kbps to 2.3 Mbps. It can also operate over somewhat longer distances than HDSL2. Surreptitiously: Done without someone’s knowledge, such as surreptitious face recognition scanning. SVC: See Switched Virtual Circuit. Switch: A device that forwards frames within a single network. Switched Virtual Circuit (SVC): A circuit between sites that is set up just before a call and that lasts only for the duration of the call. Switching Matrix: A switch component that connects input ports to output ports. Symmetric Key Encryption: Family of encryption methods in which the two sides use the same key to encrypt messages to each other and to decrypt incoming messages. In bidirectional communication, only a single key is used. SYN Bit: In TCP, the flags field that is set to indicate if the message is a synchronization message. 615 PANKMG01_0132214415.QXD 616 5/12/06 6:15 PM Page 616 Glossary Synchronous Digital Hierarchy (SDH): The European version of the technology upon which the world is nearly standardized. Synchronous Optical Network (SONET): The North American version of the technology upon which the world is nearly standardized. Synchronous Transfer Mode (STM): A number that indicates SDH speeds. Syntax: In message exchange, how messages are organized. Systems Administration: The management of a server. Systems Network Architecture (SNA): The standards architecture traditionally used by IBM mainframe computers. T568B: Wire color scheme for RJ-45 connectors; used most commonly in the United States. Tag: An indicator on an HTML file to show where the browser should render graphics files, when it should play audio files, and so forth. Tag Control Information: The second tag field, which contains a 12-bit VLAN ID that it sets to zero if VLANs are not being implemented. If VLANs are being used, each VLAN will be assigned a different VLAN ID. Tag Field: One of the two fields added to an Ethernet MAC layer frame by the 802.1Q standard. Tag Protocol ID: The first tag field used in the Ethernet MAC layer frame. The Tag Protocol ID has the two-octet hexadecimal value 81-00, which indicates that the frame is tagged. Tbps: Terabits per second. TCO: See Total Cost of Ownership. TCP: See Transmission Control Protocol. TCP Segment: A TCP message. TCP/IP: The Internet Engineering Tasks Force’s standards architecture; dominant above the data link layer. TCPDUMP: The most popular freeware packet analysis program; the Unix version. TDM: See Time Division Multiplexing. TDR: See Time Domain Reflectometry. Telecommunications Closet: The location on each floor of a building where cords coming up from the basement are connected to cords that span out horizontally to telephones and computers on that floor. Telephone Modem: A device used in telephony that converts digital data into an analog signal that can transfer over the local loop. Telnet: The simplest remote configuration tool; lacks encryption for confidentiality. Temporal Dispersion: Another name for modal dispersion. Temporal Key Integrity Protocol (TKIP): A security process used by 802.11i, where each station has its own nonshared key after authentication and where this key is changed frequently. Terabits per second: Trillions of bits per second. Terminal Crosstalk Interference: Crosstalk interference at the ends of a UTP cord, where wires are untwisted to fit into the connector. To control terminal crosstalk interference, wires should not be untwisted more than a half inch to fit into connectors. Termination Equipment: Equipment that connects a site’s internal telephone system to the local exchange carrier. Terrestrial: Earth-based. Test Signals: Signal sent by a high-quality UTP tester through a UTP cord to check signal quality parameters. Texting: In cellular telephony, the transmission of text messages. TFTP: See Trivial File Transfer Protocol. Third-Generation (3G): The newest generation of cellular telephony, able to carry data at much higher speeds than 2G systems. Threat Enviornment: The threats that face the company. Three-Party Call: A call in which three people can take part in a conversation. Three-Tier Architecture: An architecture where processing is done in three places: on the client, on the application server, and on other servers. Three-Way Handshake: A three-message exchange that opens a connection in TCP. Throughput: The transmission speed that users actually get. Usually lower than a transmission system’s rated speed. TIA/EIA/ANSI-568: The standard that governs transmission media in the United States. Time Division Multiplexing (TDM): A technology used by telephone carriers to provide PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 617 Glossary reserved capacity on trunk lines between switches. In TDM, time is first divided into frames, each of which are divided into slots; a circuit is given the same slot in every frame. Time Domain Reflectometry (TDR): Sending a signal in a UTP cord and recording reflections; can give the length of the cord or the location of a propagation problem in the cord. Time to Live (TTL): The field added to a packet and given a value by a source host, usually between 64 and 128. Each router along the way decrements the TTL field by one. A router decrementing the TTL to zero will discard the packet; this prevents misaddressed packets from circulated endlessly among packet switches in search of their nonexistent destinations. TKIP: See Temporal Key Integrity Protocol. TLS: See Transport Layer Security. Token Passing: In token-ring networks, a token frame is transmitted and used to determine when a station may transmit. Token-Ring Network: A network that uses a physical ring topology and token passing at the media access control layer. Toll Call: Long-distance call pricing in which the price depends on distance and duration. Toll-Free Number Service: Service in which anyone can call into a company, usually without being charged. Area codes are 800, 888, 877, 866, and 855. Top-Level Domain: The second level of a DNS hierarchy, which categorizes the domain by organization type (e.g., .com, .net, .edu, .biz, .info) or by country (e.g., .uk, .ca, .ie, .au, .jp, .ch). Topology: The way in which nodes are linked together by transmission lines. TOS: See Type of Service. Total Cost of Ownership (TCO): The total cost of an entire system over its expected lifespan. Total Purchase Cost of Network Products: The initial purchase price of a fully configured system. Tracert (tracert): A Windows program that shows latencies to every router along a route and to the destination host. Traffic Engineering: Designing and managing traffic on a network. Traffic Shaping: Limiting access to a network based on type of traffic. Trailer: The part of a message that comes after the data field. Transmission Line: A physical line that is used to carry transmitted information. Transmission Speed: The rate at which information is transmitted in bits per second. Transaction Processing: Processing involving simple, highly structured, and highvolume interactions. Transceiver: A transmitter/receiver. Transfer Syntax: In the OSI Presentation layer, the syntax used by two presentation layer processes to communicate, which may or may not be quite different than either of their internal methods of formatting information. Transmission Control Protocol (TCP): The most common TCP/IP protocol at the transport layer. Connection-oriented and reliable. Transparently: Without having a need to implement modifications. Transport: In telephony, transmission; taking voice signals from one subscriber’s access line and delivering them to another customer’s access line. Transport Core: The switches and transmission lines that carry voice signals from one subscriber’s access line and delivering them to another customer’s access line. Transport Layer Security (TLS): The simplest VPN security standard to implement; originally named Secure Sockets Layer. Provides a secure connection at the transport layer, protecting any applications above it that are SSL/TLS-aware. Transport Layer: The layer that governs communication between two hosts; Layer 4 in both OSI and TCP/IP. Transport Mode: One of IPsec’s two modes of operation, in which the two computers that are communicating implement IPsec. Transport mode gives strong end-to-end security between the computers, but it requires IPsec configuration and a digital certificate on all machines. 617 PANKMG01_0132214415.QXD 618 5/12/06 6:15 PM Page 618 Glossary Traps: The type of message that an agent sends if it detects a condition that it thinks the manager should know about. Triple DES (3DES): Symmetric key encryption method in which a message is encrypted three times with DES. If done with two or three different keys, offers strong security. However, it is processing intensive. Trivial File Transfer Protocol (TFTP): A protocol used on switches and routers to download configuration information; has no security. Trojan Horse: A program that looks like an ordinary system file, but continues to exploit the user indefinitely. Trunk Line: A type of transmission line that links switches to each other, routers to each other, or a router to a switch. Trunking: See Link Aggregation. TTL: See Time to Live. Tunnel Mode: One of IPsec’s two modes of operation, in which the IPsec connection extends only between IPsec gateways at the two sites. Tunnel mode provides no protection within sites, but it offers transparent security. Twisted-Pair Wiring: Wiring in which each pair’s wires are twisted around each other several times per inch, reducing EMI. Type of Service (TOS): IPv4 header field that designates the type of service a certain packet should receive. U: The standard unit for measuring the height of switches. One U is 1.75 inches (4.4 cm) in height. Most switches, although not all, are multiples of U. UDDI: See Universal Description, Discovery, and Integration. UDDI Green Pages: The UDDI search option that allows companies to understand how to interact with specific Web services. Green pages specify the interfaces on which a Web service will respond, the methods it will accept, and the properties that can be changed or returned. UDDI White Pages: The UDDI search option that allows users to search for Web services by name, much like telephone white pages. UDDI Yellow Pages: The UDDI search option that allows users to search for Web services by function, such as accounting, much like telephone yellow pages. UDP: See User Datagram Protocol. Ultrawideband (UWB): Spread spectrum transmission system that has extremely wide channels. UNICODE: The standard that allows characters of all languages to be represented. Universal Description, Discovery, and Integration (UDDI): A protocol that is a distributed database that helps users find appropriate Web services. Unix: A network operating system used by all workstation servers. Linux is a Unix version used on PCs. Unlicensed Radio Band: A radio band that does not require each station using it to have a license. Unreliable: (Of a protocol) not doing error correction. Unshielded Twisted Pair (UTP): Network cord that contains four twisted pairs of wire within a sheath. Each wire is covered with insulation. Update: To download and apply patches to fix a system. Uplink: In satellites, transmission from the Earth to a communication satellite. Uplink Port: Port on an Ethernet switch that can be directly connected to a port in a higher-level switch with a standard UTP cord. Usage Policy: A company policy for who may use various tools and how they may use them. User Datagram Protocol (UDP): Unreliable transport-layer protocol in TCP/IP. Username: An alias that signifies the account that the account holder will be using. UTP: See Unshielded Twisted Pair. UWB: See Ultrawideband. Validate: To test the accuracy of a network simulation model by comparing its performance with that of the real network. If the predicted results match the actual results, the model is validated. Variable-Length Subnet Mask (VLSM): A mask that allows subnets to be of different sizes. Very Small Aperature Terminal (VSAT): Communication satellite earthstation that has a small-diameter antenna. PANKMG01_0132214415.QXD 5/12/06 6:15 PM Page 619 Glossary VCI: See Virtual Channel Identifier. Verifier: The party requiring the applicant to prove his or her identity. Vertical Riser: Space between the floors of a building that telephone and data cabling go through to get to the building’s upper floor. Viral Networking: Networking in which the user’s PC connects to one or a few other user PCs, which each connect to several other user PCs. When the user’s PC first connects, it sends an initiation message to introduce itself via viral networking. Subsequent search queries sent by the user also are passed virally to all computers reachable within a few hops; used in Gnutella. Virtual Channel: In ATM, an individual connection within a virtual path. Virtual Channel Identifier (VCI): One of the two parts of ATM virtual circuit numbers. Virtual Circuit: A transmission path between two sites or devices; selected before transmission begins. Virtual LAN (VLAN): A closed collection of servers and the clients they serve. Broadcast signals go only to computers in the same VLAN. Virtual Path Identifier (VPI): One of the two parts of ATM virtual circuit numbers. Virtual Path: In ATM, a group of connections going between two sites. Virtual Private Network (VPN): A network that uses the Internet with added security for data transmission. Virus: A piece of executable code that attaches itself to programs or data files. When the program is executed or the data file opened, the virus spreads to other programs or data files. Virus Definitions Database: A database used by antivirus programs to identify viruses. As new viruses are found, the virus definitions database must be updated. Virus Writer: Someone who creates viruses. VLAN: See Virtual LAN. VLSM: See Variable-Length Subnet Mask. Voice Mail: A service that allows people to leave a message if the user does not answer his or her phone. Voice-Grade: Wire of a quality useful for transmitting voice signals in the PSTN. Voice over IP (VoIP): The transmission of voice signals over an IP network. VoIP: See Voice over IP. VPI: See Virtual Path Identifier. VPN: See Virtual Private Network. VSAT: See Very Small Aperture Terminal. Vulnerability: A security weakness found in software. Vulnerability Testing: Testing after protections have been configured, in which a company or a consultant attacks protections in the way a determined attacker would and notes which attacks that should have been stopped actually succeeded. WAN: See Wide Area Network. War Driver: Someone who travels around looking for unprotected wireless access points. WATS: See Wide Area Telephone Service. Wavelength: The physical distance between comparable points (e.g., from peak to peak) in successive cycles of a wave. Wavelength Division Multiplexing: Using signaling equipment to transmit several light sources at slightly different wavelengths, thus adding signal capacity at the cost of using slightly more expensive signaling equipment but without incurring the high cost of laying new fiber. WDM: See Wavelength Division Multiplexing. Weak Keys: Keys that are shot enough to be cracked by an exhaustive key search. Webify: In SSL/TLS VPNs, the SSL/TLS gateway can translate output from some applications into a webpage. Web Service: A way to send processing requests to program (object) on another machine. The object has an interface to the outside world and methods that it is willing to undertake. Messages are sent in SOAP format. Web-Enabled: Client/server processing applications that use ordinary browsers as client programs. Webmail: Web-enabled e-mail. User needs only a browser to send and read e-mail. Well-Known Port Number: Standard port number of a major application that is usually (but not always) used. For example, the wellknown TCP port number for HTTP is 80. WEP: See Wired Equivalent Privacy. 619 PANKMG01_0132214415.QXD 620 5/12/06 6:15 PM Page 620 Glossary Wide Area Network (WAN): A network that links different sites together. Wide Area Telephone Service (WATS): Service that allows a company to place outgoing long-distance calls at per-minute prices lower than those of directly dialed calls. Wi-Fi Alliance: Trade group created to create interoperability tests of 802.11 LANs; actually produced the WPA standard. WiMAX: Broadband wireless access method. Standardized as 802.16. Window Size Field: TCP header field that is used for flow control. It tells the station that receives the segment how many more octets that station may transmit before getting another acknowledgement message that will allow it to send more octets. Windows XP: client Microsoft operating system. Windows Internet Name Service (WINS): The system required by Windows clients and servers before Windows 2000 server to provide IP address for host names. WinDUMP: The most popular freeware packet analysis program; the Windows version. Winipcfg (winipcfg): A command used to find information about one’s own computer; used in older versions of windows. WINS: See Windows Internet Name Service. Wired Equivalent Privacy (WEP): A weak security mechanism for 802.11. Wireless Ethernet: Sometimes used as another name for 802.11. Wireless Access Point: Devices that controls wireless clients and that bridges wireless clients to servers and routers on the firm’s main wired LAN. Wireless LAN (WLAN): A local area network that uses radio (or rarely, infrared) transmission instead of cabling to connect devices. Wireless LAN Switch: An Ethernet switch to which multiple wireless access points connect; manages the access points. Wireless Networking: Networking that uses radio transmission instead of wires to connect devices. Wireless NIC: 802.11 network interface card. Wireless Protected Access (WPA): 802.11 security method created as a stopgap between WEP and 802.11i. Wireless Protected Access 2 (WPA2): Another name for 802.11 security. WLAN: See Wireless LAN. Work-Around: A process of making manual changes to eliminate a vulnerability instead of just installing a software patch. Workgroup: A logical network. On a physical network, only PCs in the same workgroup can communicate. Workgroup Name: To create a workgroup, all PCs in the workgroup are assigned the same workgroup name. They will find each other automatically. Workgroup Switch: A switch to which stations connect directly. Working Group: A specific subgroup of the 802 Committee, in charge of developing a specific group of standards. For instance, the 802.3 Working Group creates Ethernet standards. Workstation Server: The most popular type of large dedicated server; runs the Unix operating system. It uses custom-designed microprocessors and runs the Unix operating system. Worm: An attack program that propagates on its own by seeking out other computers, jumping to them, and installing itself. WPA: See Wireless Protected Access. WPA2: See Wireless Protected Access 2. Write: A Microsoft Windows Server permission that allows an account owner to change the contents of files in the directory. X.509: The main standard for digital certificates. Zero-Day Exploit: An exploit that takes advantage of vulnerabilities that have not previously been discovered or for which updates have not been created. ZigBee: Low-speed, low-power protocol for connecting sensors and other very small devices wirelessly.