PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 586
Glossary
.NET: Microsoft’s approach to the Web services.
1G: See First-Generation.
1-Pair Voice-Grade UTP: The traditional
telephone access lines to individual
residences.
10/100 Ethernet: A collective name for the
Ethernet physical layer 10 Mbps and 100
Mbps standards. NICs and switches marked
10/100 can work with either standard.
10/100/10000 Ethernet: A collective name for
the Ethernet physical layer 10 Mbps, 100
Mbps, and 1 Gbps standards. NICs and
switches marked 10/100 can work any of
these standards.
10Base-F: See 802.3 10Base-F.
10Base-T: See 802.3 10Base-T.
100Base-FX: The Ethernet physical layer 100
Mbps standard used primarily to connect
switches to other switches, now being
phased out.
100Base-TX: The dominant Ethernet physical
layer 100 Mbps standard brought to desktop computers today.
1000Base-LX: A fiber version of gigabit
Ethernet for long wavelengths (transmitting at 1,300 nm).
1000Base-SX: A fiber version of gigabit
Ethernet for short wavelengths (transmitting at 850 nm).
1000Base-T: A UTP version of gigabit Ethernet.
1000Base-x: The Ethernet physical layer technology of gigabit Ethernet, used today
mainly to connect switches to switches or
switches to routers; increasingly being
used to connect servers and some desktop
PCs to the switches that serve them.
2G: See Second-Generation.
2-Pair Data-Grade: The higher-quality UTP
access lines used by telephone carriers for
private lines. Two pairs run out to each
customer.
2-Pair Data-Grade UTP: The traditional telephone access line for lower-speed leased
586
lines. (Higher-speed leased lines use optical fiber.)
2.5G: See Second-and-a-Half Generation.
232 Serial Port: The port on a PC that uses two
voltage ranges to transmit information.
25-Pair UTP Cord: The cabling used by telephony for vertical wiring that runs within a
building.
3DES: See Triple DES.
3G: See Third-Generation.
4-Pair Unshielded Twisted Pair (UTP): The
type of wiring typically used in Ethernet
networks. 4-pair UTP contains eight copper wires organized as four pairs. Each
wire is covered with dielectric insulation,
and an outer jacket encloses and protects
the four pairs.
50-Pin Octopus Connector: The type of
connector in which vertical cords typically
terminate.
802 Committee: See 802 LAN/MAN Standards
Committee.
802 LAN/MAN Standards Committee: The
IEEE committee responsible for Ethernet
standards.
802.1D Spanning Tree Protocol: The protocol
that addresses both single points of failure
and loops.
802.1AE: MAC-layer security standard for supervisory communication between Ethernet
switches.
802.1p: The standard that permits up to eight
priority levels.
802.1Q: The standard that extended the Ethernet
MAC layer frame to include two optional tag
fields.
802.1X: Security standard for both wired and
wireless LANs.
802.2: The single standard for the logical link
control layer in 802 LANs.
802.3 10Base-F: An Ethernet physical layer
10 Mbps fiber standard, now almost entirely extinct.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 587
Glossary
802.3 10Base-T: The slowest Ethernet physical
layer technology in use today; uses 4-pair
UTP wiring and operates at 10 Mbps.
802.3ad: Link aggregation protocol standard.
802.3af: Standard for delivering low wattage
electricity from a switch to stations.
802.3 MAC Layer Frame: See Ethernet Frame.
802.3 MAC Layer Standard: The standard that
defines Ethernet frame organization and
NIC and switch operation.
802.3 Working Group: The 802 Committee’s
working group that creates Ethernetspecific standards.
802.5 Working Group: The 802 Committee’s
working group that created Token-Ring
Network standards.
802.11 WLAN: Wireless LANs that follow the
802.11 standard.
802.11 Working Group: The IEEE working group that creates wireless LAN
standards.
802.11a: Version of the 802.11 WLAN standard
that has a rated speed of 54 Mbps and
operates in the 5 GHz unlicensed radio
band.
802.11b: Version of the 802.11 WLAN standard
that has a rated speed of 11 Mbps and
operates in the 2.4 GHz unlicensed radio
band.
802.11g: Version of the 802.11 WLAN standard
that has a rated speed of 54 Mbps and
operates in the 2.4 GHz unlicensed radio
band.
802.11e: A standard for quality of service in
802.11 WLANs.
802.11i: An advanced form of 802.11 wireless
LAN security.
802.11n: Version of the 802.11 WLAN standard
that uses MIMO to achieve a rated speed
of 100 Mbps or more and longer range
than earlier speed standards.
802.16: WiMAX. Broadband wireless access
standard.
802.16d: WiMAX. Broadband wireless access
standard for fixed stations.
802.16e: WiMAX. Broadband wireless access
standard for mobile stations.
900 Number: A number that allows customers
to call into a company; callers pay a fee
that is much higher than that of a regular
toll call.
Access Control List (ACL): An ordered list of
pass/deny rules for a firewall or other
device.
Access Control Plan: A plan for controlling
access to a resource.
Access Line: 1) In networks, a transmission
line that connects a station to a switch.
2) In telephony, the line used by the
customer to reach the PSTN’s central
transport core.
Access Line: The line used by the customer
to reach the PSTN’s central transport
core.
Access Point: A bridge between a wireless station and a wired LAN.
Access Router: A router to connect a SOHO
network to the Internet. Typically includes
a switch, DHCP server, NAT, and other
functions beyond routing.
Access System: In telephony, the system by
which customers access the PSTN, including access lines and termination equipment in the end office at the edge of the
transport core.
Account: An identifiable entity that may own
resources on a computer.
ACE: See OPNET Application Characterization
Environment.
ACK Bit: The bit in a TCP segment that is set
to indicate if the segment contains an
acknowledgement.
ACK: See Acknowledgement.
Acknowledgement (ACK): 1) An acknowledgement message, sent by the receiver
when a message is received correctly. 2) An
acknowledgement frame, sent by the
receiver whenever a frame is received;
used in CSMA/CA+ACK in 802.11.
Acknowledgement Bit: A bit in a TCP header.
If the bit is set, then the TCP segment contains an acknowledgement
Acknowledgement Number Field: In TCP, a
header field that tells what TCP segment is
being acknowledged in a segment.
ACL: See Access Control List.
ADC: See Analog-to-Digital Conversion.
Address Resolution Protocol (ARP): Protocol
for address resolution used in Ethernet
networks. If a host or router knows a target
host’s or router’s IP address, ARP finds the
target’s data link layer address.
587
PANKMG01_0132214415.QXD
588
5/12/06
6:15 PM
Page 588
Glossary
Administrative IP Server: A server needed to
support IP.
Administrator: A super account on a Windows
server that automatically has full permissions in every directory on the server.
ADSL: See Asymmetric Digital Subscriber Line.
Advanced Encryption Standard (AES): New
symmetric encryption standard that offers
128-bit, 192-bit, or 256-bit encryption
efficiently.
AES: See Advanced Encryption Standard.
AES-CCMP: AES/Counter Mode with Cipher
Block Chaining. The version of AES used
in the 802.11i security standard for wireless LANs.
Anti-Adware: Program to stop malware that constantly presents advertisements to the user.
Anti-Virus Program: Program to remove malware from arriving messages and from the
computer’s disk drive.
Agent: See Network Management Agent.
Aggregate Throughput: Throughput shared by
multiple users; individual users will get a
fraction of this throughput.
Alternative Route: In mesh topology, one of
several possible routes from one end of
the network to the other, made possible by
the topology’s many connections among
switches or routers.
Always On: Being always available for service;
used to describe access lines.
Amplitude Modulation: A simple form of modulation in which a modem transmits one
of two analog signals—a high-amplitude
(loud) signal or a low-amplitude (soft)
signal.
Amplitude: The maximum (or minimum)
intensity of a wave. In sound, this corresponds to volume (loudness).
Analog Signal: A signal that rises and falls in
intensity smoothly and that does not have
a limited numbers of states.
Analog-to-Digital Conversion (ADC): A device
for the conversion of transmissions from
the analog local loop to signals on the digital telephone network’s core.
Antivirus Software: Software that scans computers to protect them against viruses, worms,
and Trojan horses arriving in e-mail attachments and other propagation methods.
API: See Application Program Interface.
AppleTalk: Apple’s proprietary architecture for
use on Macintosh computers.
Applicant: In authentication, the user trying to
prove his or her identity; sometimes called
the supplicant.
Application Architecture: The arrangement of
how application layer functions are spread
among computers to deliver service to
users.
Application Characterization Environment:
See OPNET Application Characterization
Environment.
Application Firewall: A firewall that examines
the application layer content of packets.
Application Layer: The standards layer that
governs how two applications communicate with each other; Layer 7 in OSI, Layer
5 in TCP/IP.
Application Profile: A method, offered by
Bluetooth, that allows devices to work with
one another automatically at the application layer.
Application Program Interface (API): A specification that allows application server
programs to interact directly with database
systems.
Application Program: Program that does work
for users; operating system is the other major
type of program found on computers.
Application Server: A server used by large
e-commerce sites that accepts user data
from a front-end webserver, assembles
information from other servers, and creates a webpage to send back to the user.
Architecture: A broad plan that specifies what
is needed in general and the components
that will be used to provide that functionality. Applied to standards, networks, and
applications.
ARP Cache: Section of memory that stores
known pairs of IP addresses and singlenetwork standards.
ASCII Code: A code for representing letters,
numbers, and punctuation characters in
7-bit binary format.
Asymmetric Digital Subscriber Line (ADSL):
The type of DSL designed to go into residential homes, offers high downstream
speeds but limited upstream speeds.
Asynchronous Transfer Mode (ATM): The
packet-switched network technology,
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 589
Glossary
specifically designed to carry voice, used
for transmission in the PSTN transport
core. ATM offers quality of service guarantees for throughput, latency, and jitter.
ATM: Asynchronous Transfer Mode.
AT&T: U.S. telecommunications carrier.
Attenuate: For a signal’s strength to weaken
during propagation.
Auditing: collecting data about events to assess
actions after the fact.
Authentication: The requirement that someone who requests to use a resource must
prove his or her identity.
Authentication Server: A server that stores
data to help the verifier check the credentials of the applicant.
Authorization: Permitting a person or program to take certain actions on a resource.
Authorizations: Specific actions that a person
or program can take on a resource.
Autonomous System: Internet owned by an
organization.
Autosensing: The ability of a switch to detect
the standard being used at the other end
of the connection, and adjust its own
speed to match.
Availability: The ability of a network to serve its
users.
Backdoor: A way back into a compromised
computer that an attacker leaves open; it
may simply be a new account or a special
program.
Back-Office: Transaction processing applications for a business’s internal needs.
Backup: Copying files stored on a computer to
another medium for protection of the files.
Backward-Compatible: Able to work with all
earlier versions of a standard or technology.
Bandpass Filter: A device that filters out all
signals below 300 Hz and above about
3.4 kHz.
Bandwidth: The range of frequencies over
which a signal is spread.
Bank Settlement Firm: An e-commerce service that handles credit card payments.
Base 2: Notation for representing numbers;
each position can only hold a 0 or 1.
Base Price: The price of a system’s hardware,
software, or both before necessary options
are added.
Baseband: Transmission in which the signal is
simply injected into a wire.
Baseband Signal: 1) The original signal in a
radio transmission; 2) a signal that is
injected directly into a wire for propagation.
Baud Rate: The number of clock cycles a transmission system uses per second.
Bell System: The conglomerate of local and
long-distance telecommunications carriers
that was broken up by antitrust action in
the early 1980s.
BER: See bit error rate.
Best-Match Row: The row that provides the
best forwarding option for a particular
incoming packet.
BGP: See Border Gateway Protocol.
Binary Data: Data that has only two possible
values (ones and zeros).
Binary Numbers: The Base 2 counting system
where ones and zeros used in combination
can represent whole numbers (integers).
Binary Signaling: Signaling that uses only two
states.
Biometrics: The use of bodily measurements to
identify an applicant.
Bit: A single 1 or 0.
Bit Error Rate: The percentage of all transmitted bits that contain errors.
Bit Rate: In digital data transmission, the rate at
which information is transmitted; measured in bits per second.
Bits per Second (bps): The measure of network transmission speed. In increasing factors of 1,000 are kilobits per second
(kbps), megabits per second (Mbps), gigabits per second (Gbps), and terabits per
second (Tbps).
Black List: A list of banned websites.
Blended Threat: An attack that propagates
both as a virus and as a worm.
Bluetooth: A wireless networking standard created for personal area networks.
Bonding: See Link Aggregation.
Border Firewall: A firewall that sits at the border between a firm and the outside world.
Border Gateway Protocol (BGP): The most
common exterior routing protocol on the
Internet. Recall that gateway is an old term
for router.
Border Router: A router that sits at the edge of
a site to connect the site to the outside
589
PANKMG01_0132214415.QXD
590
5/12/06
6:15 PM
Page 590
Glossary
world through leased lines, PSDNs, and
VPNs.
Bot: A type of malware that can be upgraded
remotely by an attacker to fix errors or
to give the malware additional functionality.
Bps (bps): See Bits per Second.
Breach: A successful attack.
Bridge: An access point that connects two different types of LANs.
Broadband Wireless Access (BWA): Highspeed local wireless transmission systems.
Broadband: 1) Transmission where signals are
sent in wide radio channels; 2) any highspeed transmission system.
Broadband over Power Lines: Transmitting
broadband data over electrical power
lines.
Broadcast: To send a message out to all other
stations simultaneously.
Broadcast Address: In Ethernet, FF-FF-FF-FFFF-FF (48 ones); tells switches that the
frame should be broadcast.
Brute-Force Attack: A password-cracking attack
in which an attacker tries to break a password by trying all possible combinations of
characters.
Bursty: Having short, high-speed bursts separated by long silences. Characteristic of
data transmission.
Bus Topology: A topology in which one station
transmits and has its signals broadcast to
all stations.
Business Case: An argument for a system in
business terms.
Business Continuity: A company’s ability to
continue operations.
Business Continuity Recovery: The reestablishment of a company’s ability to continue operations.
BWA: See Broadband Wireless Access.
C7: Telephone supervisory control signaling system used in Europe.
CA: 1) See Certificate Authority. 2) See Collision
Avoidance.
Cable Modem: 1) Broadband data transmission
service using cable television; 2) the
modem used in this service.
Cable Replacement: Getting rid of cables
between devices by implementing wireless
networking.
Call Waiting: A service that allows the user to place
an original caller on hold if someone else
calls the user, shift briefly to the new caller,
and then switch back to the original caller.
Caller ID: Service wherein the telephone number of the party calling you is displayed on
your phone’s small display screen before
you pick up the handset; allows the user to
screen calls.
Carder: Someone who steals credit card numbers.
Carrier Sense Multiple Access with Collision
Avoidance and Acknowledgements
(CSMA/CA+ACK): A mandatory mechanism used to reduce problems with multiple simultaneous transmissions, which
occur in wireless transmission. CSMA/
CA+ACK is a media access control discipline, and it uses both collision avoidance
and acknowledgement frames.
Carrier Sense Multiple Access with Collision
Detection (CSMA/CD): The process
wherein if a station wants to transmit, it
may do so if no station is already transmitting but must wait if another station is
already sending. In addition, if there is a
collision because two stations send at the
same time, all stations stop, wait a random
period of time, and then try again.
Carrier: A transmission service company.
Cat: A short form for “category” in UTP.
Cat 5e: See Category 5e.
Category: In UTP cabling, a system for measuring wiring quality.
Category (Cat) 5e: Quality type of UTP wiring;
required for 100Base-TX and gigabit
Ethernet.
Category 6: The newest quality type of UTP
wiring being sold; not required for even
gigabit Ethernet.
Category 6A: Augmented Category 6 wiring
that can sustain higher transmission
speeds than Category 6 wiring.
Category 7: A new twisted-pair wiring quality
standard; will only support shielded
twisted pair (STP) wiring.
CDMA: See Code Division Multiple Access.
CDMA IS-95: The form of CDMA used in
2G cellular technology in the United States.
CDMA2000 1x: The initial 3G step for implementing CDMA2000, offering telephone
modem speeds.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 591
Glossary
CDMA2000 1xEV-DO: The second 3G step for
implementing CDMA2000, which will
offer speeds similar to those in DSL and
cable modems.
CDMA2000: A new 3G technology, developed
by Qualcomm, offering a staged approach
to increasing speed.
Cell: 1) In ATM, a fixed-length frame. 2) In cellular telephony, a small geographical area
served by a cellsite.
Cellphone: A cellular telephone, also called a
mobile phone or mobile.
Cellsite: In cellular telephony, equipment at a
site near the middle of each cell, containing a transceiver and supervising each cellphone’s operation.
Cell-Switching: A technology that uses fixedlength frames.
Cellular Telephone Service: Radio telephone
service in which each subscriber in each
section of a region is served by a separate
cellsite.
Cellular Modem: A modem that allows a computer to communicate through a cellular
telephone.
Certificate Authority (CA): Organization that
provides public key–private key pairs and
digital certificates.
Certificate Revocation List (CRL): A certificate authority’s list of digital certificates it
has revoked before their expiration date.
Challenge Message: In challenge–response
authentication protocols, the message
initially sent from the verifier to the
applicant.
Challenge–Response Authentication Protocol
(CHAP): A specific challenge–response
authentication protocol.
Challenge–Response Authentication: Initial
authentication method in which the verifier sends the applicant a challenge message, and the applicant does a calculation
to produce a response, which it sends back
to the verifier.
Channel Bandwidth: The range of frequencies
in a channel; determined by subtracting
the lowest frequency from the highest
frequency.
Channel Reuse: The ability to use each channel
multiple times, in different cells in the
network.
Channel Service Unit (CSU): The part of a
CSU/DSU device designed to protect the
telephone network from improper voltages sent into a private line.
Channel: A small frequency range that is a subdivision of a service band.
CHAP: See Challenge–Response Authentication
Protocol.
Checkout: A core e-commerce function that
allows a buyer who has finished shopping
to pay for the selected goods.
Chronic Lack of Capacity: A state in which the
network lacks adequate capacity much of
the time.
CIDR: See Classless InterDomain Routing.
Cipher: An encryption method.
Ciphertext: The result of encrypting a plaintext message. Ciphertext can be transmitted with confidentiality.
CIR: See Committed Information Rate.
Circuit: A two-way connection with reserved
capacity.
Circuit Switching: Switching in which capacity
for a voice conversation is reserved on
every switch and trunk line end-to-end
between the two subscribers.
Cladding: A thick glass cylinder that surrounds
the core in optical fiber.
Class A IP Address: In classful addressing, an
IP address block with more than sixteen
million IP addresses; given only to the
largest firms and ISPs.
Class B IP Address: In classful addressing, an
IP address block with about 65,000 IP
addresses; given to large firms.
Class C IP Address: In classful addressing, an
IP address block with 254 possible IP
addresses; given to small firms.
Class D IP Address: In classful addressing, IP
addresses used in multicasting.
Class 5 Switch: See End Office Switch.
Classful Addressing: Giving a firm one of four
block sizes for IP addresses: a very large
Class A address block, a medium-sized
Class B address block, or a small Class C
address block.
Classless InterDomain Routing (CIDR): System
for allocating IP addresses that does not use
IP address classes.
Clear Line of Sight: An obstructed radio path
between the sender and the receiver.
591
PANKMG01_0132214415.QXD
592
5/12/06
6:15 PM
Page 592
Glossary
Clear to Send (CTS): In 802.11, a message broadcast by an access point, which allows only a
station that has sent a Request to Send message to transmit. All other stations must wait.
CLEC: See Competitive Local Exchange Carrier.
CLI: See Command Line Interface.
Client PC: A personal computer that acts as a
client.
Client Station: A station that receives service
from a server station.
Client/Server Application: Application in
which a client program requests service
from a server and in which the server program provides the service.
Client/Server Processing: The form of client/
server computing in which the work is
done by programs on two machines.
Client/Server System: A system where some
processing power is on the client computer. The two types of client/server systems are file server program access and
full client/server processing.
Clock Cycle: A period of time during which a
transmission line’s state is held constant.
Cloud: The symbol traditionally used to represent the PSDN transport core, reflecting
the fact that although the PSDN has internal switches and trunk lines, the customer
does not have to know how things work
inside the cloud.
Coating: In optical fiber, the substance that surrounds the cladding to keep out light and
to strengthen the fiber. Coating includes
strands of yellow Aramid (Kevlar) yarn to
strengthen the fiber.
Coaxial Cable: The IEEE working group that
creates wireless LAN standards.
Code Division Multiple Access (CDMA): A new
form of cellular technology and a form of
spread spectrum transmission that allows
multiple stations to transmit at the same
time in the same channel; also permits stations in adjacent cells to use the same channel without serious interference.
Codec: The device in the end office switch that
converts between the analog local loop
voice signals and the digital signals of the
end office switch.
Collision: When two simultaneous signals use
the same shared transmission medium, the
signals will add together and become
scrambled (unintelligible).
Collision Avoidance (CA): In 802.11, used with
CSMA to listen for transmissions, so if a
wireless NIC detects a transmission, it must
not transmit. This avoids collision.
Collision Domain: In Ethernet CSMA/CD systems that use hubs or bus topologies, the
collection of all stations that can hear one
another; only one can transmit at a time.
Command Line Interface (CLI): An interface
used to work with switches and routers, in
which the user types highly structured
commands, ending each command with
Enter.
Command–Response Cycle: The exchange of
messages through which SNMP communication between the manager and agents
takes place. In it, the manager sends a command, and the agent sends back a response
confirming that the command has been
met, delivering requested data, or saying
that an error has occurred and that the
agent cannot comply with the command.
Committed Information Rate (CIR): PVC
speed that is guaranteed by the Frame
Relay carrier.
Communication Satellite: Satellite that provides radio communication service.
Community Name: In SNMP Version 1, only
devices using the same community name
will communicate with each other; very
weak security.
Competitive Local Exchange Carrier (CLEC):
A competitor to the ILEC.
Comprehensive Security: Security in which all
avenues of attack are closed off.
Compromise: A successful attack.
Computer Security Incident Response Team
(CSIRT): A team convened to handle
major security incidents, made up of the
firm’s security staff, members of the IT staff,
and members of functional departments,
including the firm’s legal department.
Conference Calling: A multiparty telephone call.
Confidentiality: Assurance that interceptors
cannot read transmissions.
Connectionless: Type of conversation that does
not use explicit openings and closings.
Connection-Oriented: Type of conversation in
which there is a formal opening of the
interactions, a formal closing, and maintenance of the conversation in between.
Connectorize: To add connectors to something.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 593
Glossary
Constellation: In quadrature amplitude modulation, the collection of all possible
amplitude/phase combinations.
Continuity Testers: UTP tester that ensures
that wires are inserted into RJ-45 connectors in the correct order and are making
good contact.
Convergence: The correction of routing tables
after a change in an internet.
Conversion: The process of browsers becoming
buyers.
Cookie: Small text file stored by a website on
a client PC; can later be read from the
website.
Cord: A length of transmission medium—
usually UTP or optical fiber but sometimes
coaxial cable.
Core Switch: A switch further up the hierarchy
that carries traffic between pairs of switches.
May also connect switches to routers.
Core: 1) In optical fiber, the very thin tube into
which a transmitter injects light. 2) In a
switched network, the collection of all core
switches.
Corporate Network: A network that carries
the internal traffic of a single corporation.
Crack: To guess a password.
Credentials: Proof of identity that an applicant
can present during authentication.
Credit Card Verification Service: An ecommerce service that checks the validity
of the credit card number a user has typed.
Criminal Attacker: An attacker who attacks
with criminal motivation.
Crimping Tool: Tool for crimping wires into an
RJ-45 connector.
CRL: See Certificate Revocation List.
CRM: See Customer Relationship Management.
Cross-Connect Device: The device within a
wiring closet that vertical cords plug into.
Cross-connect devices connect the wires
from the riser space to 4-pair UTP cords
that span out to the wall jacks on each floor.
Crossover Cable: A UTP cord that allows a NIC
in one computer to be connected directly
to the NIC in another computer; switches
Pins 1 and 2 with Pins 3 and 6.
Crosstalk Interference: Mutual EMI among
wire pairs in a UTP cord.
Cryptographic System: A security system that
automatically provides a mix of security protections, usually including confidentiality,
authentication, message integrity, and
replay protection.
Cryptography: Mathematical methods for protecting communication.
CSIRT: See Computer Security Incident Response Team.
CSMA/CA+ACK: See Carrier Sense Multiple
Access with Collision Avoidance and
Acknowledgments. See definitions of the
individual components.
CSMA/CD: See Carrier Sense Multiple Access
with Collision Detection.
CSU/DSU: Device that connects an internal site
system to a private line circuit.
CSU: See Channel Service Unit.
CTS: See Clear to Send.
Customer Premises Equipment (CPE):
Equipment owned by the customer,
including PBXs, internal vertical and horizontal wiring, and telephone handsets.
Customer Relationship Management (CRM):
Software that examines customer data to
understand the preference of a company’s
customers.
Cut-through: Switching wherein the Ethernet
switch examines only some fields in a
frame’s header before sending the bits of
the frame back out.
Cyberterror: A computer attack made by
terrorists.
Cyberwar: A computer attack made by a national
government.
DAC: See Digital-to-Analog Conversion.
Data: Information carried over a network.
Data Communications: The transmission of
encoded information, as opposed to the
type of information carried in telecommunications systems.
Data Encryption Standard (DES): Popular
symmetric key encryption method; with
only 56-bit keys, considered to be too weak
for business-to-business encryption.
Data Field: The content delivered in a message.
Data Link: The path that a frame takes across a
single network (LAN or WAN).
Data Link Control Identifier (DLCI): The virtual circuit number in Frame Relay, normally 10 bits long.
Data Link Layer: The layer that governs transmission within a single network all the way
from the source station to the destination
593
PANKMG01_0132214415.QXD
594
5/12/06
6:15 PM
Page 594
Glossary
station across zero or more switches; Layer
2 in OSI.
Data Service Unit (DSU): The part of a
CSU/DSU circuit that formats the data in
the way the private line requires.
dB: See Decibel.
DDoS: See distributed denial of service attack.
Dead Spot: See Shadow Zone.
Decapsulation: The removing of a message
from the data field of another message.
Decibel (dB): The unit in which attenuation is
measured.
Decrypt: Conversion of encrypted ciphertext
into the original plaintext so an authorized
receiver can read an encrypted message.
Dedicated Server: A server that is not used
simultaneously as a user PC.
Deep Packet Inspection: The examination of
headers and messages at multiple layers in
a packet.
Default Printer: The printer to which a user’s
print jobs will be sent unless the user specifies a different printer.
Default Router: The next-hop router that a router
will forward a packet to if the routing table
does not have a row that governs the packet’s
IP address except for the default row.
Default Row: The row of a routing table that
will be selected automatically if no other
row matches; its value is 0.0.0.0.
Defense in Depth: The use of successive lines
of defense.
Demilitarized Zone (DMZ): A subnet in which
webservers and other public servers are
placed.
Demodulate: To convert digital transmission
signals to analog signals.
Denial-of-Service (DoS): The type of attack
whose goal is to make a computer or a network unavailable to its users.
Distributed Denial-of-Service (DDoS): DOS
attack in which the victim is attacked by
many computers.
Deregulation: Taking away monopoly protections
from carriers to encourage competition.
DES: See Data Encryption Standard.
Designated Router: In OSPF, a router that
sends change information to other routers
in its area.
Destination: In a routing table, the column that
shows the destination network’s network
part or subnet’s network part plus subnet
part, followed by zeroes. This row represents a route to this network or subnet.
Device Driver: Software that allows an operating system to communicate with a peripheral, such as a NIC.
DHCP: See Dynamic Host Configuration
Protocol.
Dial-Up Circuit: A circuit that only exists for
the duration of a telephone call.
Dictionary Attack: A password-cracking attack
in which an attacker tries to break a password by trying all words in a standard or
customized dictionary.
Dictionary Word: A common word, dangerous
to use for a password because easily cracked.
Dielectric Insulation: The non-conducting
insulation that covers each wire in 4-pair
UTP, preventing short circuits between
the electrical signals traveling on different
wires.
Diff-Serv: The field in an IP packet that can be
used to label IP packets for priority and
other service parameters.
Digital Certificate: A document that gives the
name of a true party, that true party’s public key, and other information; used in
authentication.
Digital Certificate Authentication: Authentication in which each user has a public key
and a private key. Authentication depends
on the applicant knowing the true party’s
private key; requires a digital certificate to
give the true party’s public key.
Digital Signaling: Signaling that uses a few
states. Binary (two-state) transmission is a
special case of digital transmission.
Digital Signature: A calculation added to a
plaintext message to authenticate it.
Digital Subscriber Line (DSL): A technology
that provides digital data signaling over
the residential customer’s existing singlepair UTP voice-grade copper access line.
Digital-to-Analog Conversion (DAC): The
conversion of transmissions from the digital telephone network’s core to signals on
the analog local loop.
Direct Distance Dialing: Long distance calls
made at the standard long-distance rate.
Direct Sequence Spread Spectrum (DSSS):
Spread spectrum transmission that spreads
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 595
Glossary
the signal over the entire bandwidth of a
channel.
Disaster Recovery: The reestablishment of
information technology operations.
Disaster: An incident that can stop the continuity
of business operations, at least temporarily.
Discovering: The first phase of network mapping, in which the program finds out if
hosts and subnets exist.
Disgruntled Employee: Employee who is upset
with the firm or an employee and who
may take revenge through a computer
attack.
Disgruntled Ex-Employee: Former employee
who is upset with the firm or an employee
and who may take revenge through a computer attack.
Dish Antenna: An antenna that points in a particular direction, allowing it to send
stronger outgoing signals in that direction
for the same power and to receive weaker
incoming signals from that direction.
Distance Vector Routing Protocol: Routing
protocol based on the number of hops to a
destination out a particular port.
Distort: To change in shape during propagation.
DLCI: See Data Link Control Identifier.
DMZ: See Demilitarized Zone.
DNS: See Domain Name System.
Domain: 1) In DNS, a group of resources
(routers, single networks, and hosts)
under the control of an organization. 2) In
Microsoft Windows, a grouping of
resources used in an organization, made
up of clients and servers.
Domain Controller: In Microsoft Windows, a
computer that manages the computers in
a domain.
Domain Name System (DNS): A server that
provides IP addresses for users who know
only a target host’s host name. DNS servers
also provide a hierarchical system for naming domains.
Domestic: Telephone service within a country.
DoS: See Denial-of-Service.
Dotted Decimal Notation: The notation used
to ease human comprehension and memory in reading IP addresses.
Downlink: Downward transmission path for a
communications satellite.
Downtime: A period of network unavailability.
Drive-By Hacker: A hacker who parks outside
a firm’s premises and eavesdrops on its data
transmissions; mounts denial-of-service
attacks; inserts viruses, worms, and spam
into a network; or does other mischief.
DSL Access Multiplexer (DSLAM): A device at
the end office of the telephone company
that sends voice signals over the ordinary
PSTN and sends data over a data network
such as an ATM network.
DSL: See Digital Subscriber Line.
DSLAM: See DSL Access Multiplexer.
DSSS: See Direct Sequence Spread Spectrum.
DSU: See Data Service Unit.
Dumb Access Point: Access point that cannot
be managed remotely without the use of a
wireless LAN switch.
Dumb Terminal: A desktop machine with a keyboard and display but little processing
capability; processing is done on a host
computer.
DWDM: See Dense Wavelength Division
Multiplexing.
Dynamic Host Configuration Protocol
(DHCP): The protocol used by DHCP
servers, which provide each user PC with a
temporary IP address to use each time he
or she connects to the Internet.
EAP: See Extensible Authentication Protocol.
E-Commerce: Electronic commerce; buying
and selling over the Internet.
E-Commerce Software: Software that automates the creation of catalog pages and
other e-commerce functionality.
Economy of Scale: In managed services, the
condition of being cheaper to manage the
traffic of many firms than of one firm.
Egress Filtering: The filtering of traffic from
inside a site going out.
EIGRP: See Enhanced Interior Gateway Routing
Protocol.
E-LAN: Multipoint service in metropolitan area
Ethernet.
Electromagnetic Interference (EMI): Unwanted
electrical energy coming from external
devices, such as electrical motors, fluorescent lights, and even nearby data transmission wires.
Electromagnetic Signal: A signal generated by
oscillating electrons.
595
PANKMG01_0132214415.QXD
596
5/12/06
6:15 PM
Page 596
Glossary
Electronic Signature: A bit string added to a
message to provide message-by-message
authentication and message integrity.
Electronic Catalog: An e-commerce site’s
display that shows the goods the site has
for sale.
Electronic Commerce (E-Commerce): The
buying and selling of goods and services
over the Internet.
E-Line: Point-to-point service in metropolitan
area Ethernet.
Elliptic Curve Cryptosystem (ECC): Public
key encryption method; more efficient
than RSA.
EMI: See Electromagnetic Interference.
Encapsulation: The placing of a message in the
data field of another message.
Encrypt: To mathematically process a message
so that an interceptor cannot read the
message.
Encryption method: A method for encrypting
plaintext messages.
End Office: Telephone company switch that
connects to the customer premises via the
local loop.
End Office Switch: The nearest switch of the
telephone company to the customer
premises.
End-to-End: A layer where communication is
governed directly between the transport
process on the source host and the transport process on the destination host.
Enhanced Interior Gateway Routing Protocol
(EIGRP): Interior routing protocol used
by Cisco routers.
Enterprise Mode: In WPA and 802.11i, operating mode that uses 802.1X.
Ephemeral Port Number: The temporary
number a client selects whenever it connects to an application program on a
server. According to IETF rules, ephemeral
port numbers should be between 49153
and 65535.
Equipment Room: The room, usually in a building’s basement, where wiring connects to
external carriers and internal wiring.
Error Advisement: In ICMP, the process
wherein if an error is found, there is no
transmission, but the router or host that
found the error usually sends an ICMP
error message to the source device to
inform it that an error has occurred. It is
then up to the device to decide what to
do. (This is not the same as error correction because there is no mechanism for
the retransmission of lost or damaged
packets.)
Error Rate: In biometrics, the normal rate of
misidentification when the subject is
cooperating.
Ethernet 10Base2: Obsolete 10 Mbps Ethernet
standard that uses coaxial cable in a bus
topology. Less expensive than 10Base5 but
cannot carry signals as far.
Ethernet 10Base5: Obsolete 10 Mbps Ethernet
standard that uses coaxial cable in a bus
topology.
Ethernet Address: The 48-bit address the stations have on an Ethernet network; often
written in hexadecimal notation for
human reading.
Ethernet Frame: A message at the data link
layer in an Ethernet network.
Ethernet Switch: Switch following the Ethernet
standard. Notable for speed and low cost
per frame sent. Dominates LAN switching.
EtherPeek: A commercial traffic summarization program.
Evil Twin Access Point: Attacker access point
outside a building that attracts clients
inside the building to associate with it.
Excess Burst Speed: One of Frame Relay’s twopart PVC speeds; beyond the CIR.
Exhaustive Search: Cracking a key or password
by trying all possible keys or passwords.
Exploit: A break-in program; a program that
exploits known vulnerabilities.
Exploitation Software: Software that is planted
on a computer; it continues to exploit the
computer.
Extended ASCII: Extended 8-bit version of the
ASCII code used on PCs.
Extended Star Topology: The type of topology
wherein there are multiple layers of
switches organized in a hierarchy, in which
each node has only one parent node; used
in Ethernet; more commonly called a hierarchical topology.
Extensible Authentication Protocol (EAP): A
protocol that authenticates users with
authentication data (such as a password
or a response to a challenge based on
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 597
Glossary
a station’s digital certificate) and authentication servers.
Exterior Routing Protocol: Routing protocol
used between autonomous systems.
Extranet: A network that uses TCP/IP Internet
standards to link several firms together but
that is not accessible to people outside
these firms. Even within the firms of the
extranet, only some of each firm’s computers have access to the network.
Face Recognition: The scanning of passersby to
identify terrorists or wanted criminals by
the characteristics of their faces.
Facilitating Server: A server that solves certain
problems in P2P interactions but that
allows clients to engage in P2P communication for most of the work.
False Alarm: An apparent incident that proves
not to be an attack.
False Positive: A false alarm.
Fast Ethernet: 100 Mbps Ethernet.
FCC: See Federal Communications Commission.
EIGRP: See Enhanced Interior Gateway Routing
Protocol.
FDDI: See Fiber Distributed Data Interface.
FDM See Frame Division Multiplexing.
FHSS: See Frequency Hopping Spread Spectrum.
Fiber Distributed Data Interface: Obsolete
100 Mbps token-ring network.
Fiber to the Home (FTTH): Optical fiber
brought by carriers to individual homes
and businesses.
Field: A subdivision of a message header or
trailer.
File Server: A server that allows users to store
and share files.
File Server Program Access: The form of
client/server computing in which the
server’s only role is to store programs and
data files, while the client PC does the
actual processing of programs and data
files.
File Sharing: The ability of computer users to
share files that reside on their own disk
drives or on a dedicated file server.
Filtering: Examining the content of arriving
packets to decide what to do with them.
Fin Bit: One-bit field in a TCP header; indicates
that the sender wishes to open a TCP
connection.
Fingerprint Scanning: A form of biometric
authentication that uses the applicant’s
fingerprints.
Fingerprinting: The second phase of network
mapping, in which the program determines the characteristics of hosts to determine if they are clients, servers, or routers.
Firewall: A security system that examines each
incoming packet. If the firewall identifies
the packet as an attack packet, the firewall
discards the packet and copies information
about the discarded packet into a log file.
First-Generation (1G): The initial generation
of cellular telephony, introduced in the
1980s. 1G systems were analog, were only
given about 50 MHz of spectrum, had
large and few cells, and had very limited
speeds for data transmission.
Fixed Wireless Service: Local terrestrial wireless service in which the user is at a fixed
location.
Flag Field: A one-bit field.
Flat Rate: Local telephone service in which
there is a fixed monthly service charge but
no separate fee for individual local calls.
Flow Control: The ability of one side in a conversation to tell the other side to slow or
stop its transmission rate.
Footprint: Area of coverage of a communication satellite’s signal.
Forensics: The collection of data in a form suitable for presentation in a legal proceeding.
Four-Way Close: A normal TCP connection
close; requires four messages.
Fractional T1: A type of private line that offers
intermediate speeds at intermediate
prices; usually operates at one of the following speeds: 128 kbps, 256 kbps, 384
kbps, 512 kbps, or 768 kbps.
FRAD: See Frame Relay Access Device.
Fragment Offset Field: In IPv4, a flag field that
tells a fragment’s position in a stream of
fragments from an initial packet.
Fragment (Fragmentation): To break a message into multiple smaller messages. TCP
fragments application layer messages,
while IP packets may be fragmented by
routers along the packet’s route.
Frame: 1) A message at the data link layer. 2) In
time division multiplexing, a brief time
period, which is further subdivided into slots.
597
PANKMG01_0132214415.QXD
598
5/12/06
6:15 PM
Page 598
Glossary
Frame Check Sequence Field: A four-octet
field used in error checking in Ethernet.
If an error is found, the frame is discarded.
Frame Relay Access Device (FRAD): Device
that connects an internal site network to a
Frame Relay network.
Frequency: The number of complete cycles a
radio wave goes through per second. In
sound, frequency corresponds to pitch.
Frequency Division Multiplexing (FDM): A
technology used in microwave transmission in which the microwave bandwidth is
subdivided into channels, each carrying a
single circuit.
Frequency Hopping Spread Spectrum
(FHSS): Spread spectrum transmission
that uses only the bandwidth required by
the signal but hops frequently within the
spread spectrum channel.
Frequency Modulation: Modulation in which
one frequency is chosen to represent a 1
and another frequency is chosen to represent a 0.
Frequency Spectrum: The range of all possible
frequencies from zero hertz to infinity.
FTTH: See Fiber to the Home.
Full-Duplex: A type of communication that supports simultaneous two-way transmission.
Almost all communication systems today
are full-duplex systems.
Full-Mesh Topology: Topology in which each
node is connected to each other node.
Fully Configured: A system with all necessary
options.
Functional Department: General name for
departments in a firm other than the IT
department; marketing, accounting, and
so forth.
Gateway: An obsolete term for “router;” still in
use by Microsoft.
Gateway Controller: In IP telephony, a device
that controls the operation of signaling
gateways and media gateways.
Gbps: Gigabit per second.
General Packet Radio Service (GPRS): The
technology to which many GSM systems are
now being upgraded. GPRS can combine
two or more GSM time slots within a channel and so can offer data throughput near
that of a telephone modem. Often called a
2.5G technology.
GEO: See Geosynchronous Earth Orbit Satellite.
Geosynchronous Earth Orbit Satellite (GEO):
The type of satellite most commonly
used in fixed wireless access today; orbits the
earth at about 36,000 km (22,300 miles).
Get: An SNMP command sent by the manager
that tells the agent to retrieve certain
information and return this information
to the manager.
GHz: See Gigahertz.
Gigabit Ethernet: 1 Gbps versions of Ethernet.
Gigabit per second: One billion bits per
second.
Gigahertz (GHz): One billion hertz.
GIGO: Garbage in, garbage out. If bad information is put into a system, only bad information can come out.
Global System for Mobile communication
(GSM): The cellular telephone technology on which nearly the entire world standardized for 2G service. GSM uses 200 kHz
channels and implements TDM.
Gnutella: A pure P2P file-sharing application
that addresses the problems of transient
presence and transient IP addresses without resorting to the use of any server.
Golden Zone: The portion of the frequency
spectrum from the high megahertz range
to the low gigahertz range, wherein commercial mobile services operate.
GPO: See Group Policy Object.
GPRS: See General Packet Radio Service.
Graded-Index Multimode Fiber: Multimode
fiber in which the index of refraction
varies from the center of the core to the
cladding boundary.
Grid Computing: Computing in which all
devices, whether clients or servers, share
their processing resources.
Group Policy Object (GPO): A policy that governs a specific type of resource on a domain.
GSM: See Global System for Mobile
communication.
H.323: In IP telephony, one of the protocols
used by signalling gateways.
Hacking: The intentional use of a computer
resource without authorization or in
excess of authorization.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 599
Glossary
Half-Duplex: The mode of operation wherein
two communicating NICs must take turns
transmitting.
Handoff: a) In wireless LANs, a change in access
points when a user moves to another location. b) In cellular telephony, transfer
from one cellsite to another, which occurs
when a subscriber moves from one cell to
another within a system.
Hardened: Set up to protect itself, as a server
or client.
Hash: The output from hashing.
Hashing: A mathematical process that, when applied to a bit string of any length, produces a
value of a fixed length, called the hash.
HDSL: See High-Rate Digital Subscriber Line.
HDSL2: A newer version of HDSL, that transmits in both directions at 1.544 Mbps.
Header: The part of a message that comes
before the data field.
Header Checksum: The UDP datagram field
that allows the receiver to check for errors.
Headquarters: The First Bank of Paradise’s
downtown office building that houses the
administrative site.
Hertz (Hz): One cycle per second, a measure
of frequency.
Hex Notation: See Hexadecimal Notation.
Hexadecimal (Hex) Notation: The Base 16
notation that humans use to represent
address 48-bit MAC source and destination
addresses.
Hierarchical Topology: A network topology in
which all switches are arranged in a hierarchy, in which each switch has only one parent switch above it (the root switch, however, has no parent); used in Ethernet.
Hierarchy: 1) The type of topology wherein
there are multiple layers of switches organized in a hierarchy, in which each node
has only one parent node; used in
Ethernet. 2) In IP addresses, three multiple parts that represent successively more
specific locations for a host.
High-Rate Digital Subscriber Line (HDSL):
The most popular business DSL, which
offers symmetric transmission at 768 kbps
in both directions. See also HDSL2.
Hop-by-Hop: A layer in which communication
is governed by each individual switch or
router along the path of a message.
Host: Any computer attached to the Internet
(can be either personal client or server).
Host Computer: 1) In terminal–host computing, the host that provides the processing
power; 2) on an internet, any host.
Host Name: An unofficial designation for a
host computer.
Host Part: The part of an IP address that identifies a particular host on a subnet.
Hot Spot: A public location where anyone can
connect to an access point for Internet
access.
HTML: See Hypertext Markup Language.
HTML Body: Body part in a Hypertext Markup
Language message.
HTTP: See Hypertext Transfer Protocol.
HTTP Request Message: In HTTP, a message
in which a client requests a file or another
service from a server.
HTTP Request–Response Cycle: An HTTP
client request followed by an HTTP server
response.
HTTP Response Message: In HTTP, a message
in which a server responds to a client
request; either contains a requested file or
an error message explaining why the
requested file could not be supplied.
Hub: An early device used by Ethernet LANs to
move frames in a system. Hubs broadcast
each arriving bit out all ports except for
the port that receives the signal.
Hub-and-Spoke Topology: A topology in which
all communication goes through one site.
Hybrid Mode: In password cracking, a mode
that tries variations on common word
passwords.
Hybrid TCP/IP-OSI Standards Architecture:
The architecture that uses OSI standards
at the physical and data link layers and
TCP/IP standards at the internet, transport, and application layers; dominant in
corporations today.
Hypertext Markup Language (HTML): The
language used to create webpages.
Hypertext Transfer Protocol (HTTP): The protocol that governs interactions between the
browser and webserver application program.
Hz: See Hertz.
ICC: See International Common Carrier.
ICF: See Internet Connection Firewall.
599
PANKMG01_0132214415.QXD
600
5/12/06
6:15 PM
Page 600
Glossary
ICMP Echo: A message sent by a host or router
to another host or router. If the target
device’s internet process is able to do so, it
will send back an echo response message.
ICMP Error Message: A message sent in error
advisement to inform a source device that
an error has occurred.
ICMP: See Internet Control Message Protocol.
ICS: See Internet Connection Sharing.
IDC: See Insulation Displacement Connection.
Identification Field: In IPv4, header field used
to reassemble fragmented packets. Each
transmitted packet is given a unique identification field value. If the packet is fragmented en route, all fragments are given
the initial packet’s identification field
value.
Identity Theft: Stealing enough information
about a person to impersonate him or her
in complex financial transactions.
IDS: See Intrusion Detection System.
IEEE: See Institute for Electrical and Electronics
Engineers.
IETF: See Internet Engineering Task Force.
ILEC: See Incumbent Local Exchange Carrier.
IM: See Instant Messaging.
Image: An exact copy.
IMAP: See Internet Message Access Protocol.
Impostor: Someone who claims to be someone
else.
Incident: A successful attack.
Incident Severity: The degree of destruction
inflicted by an attack.
Incumbent Local Exchange Carrier (ILEC):
The traditional monopoly telephone company within each LATA.
Index Server: A server used by Napster.
Stations connected to Napster would first
upload a list of their files available for sharing to index servers. Later, when they
searched, their searches went to the index
servers and were returned from there.
Individual Throughput: The actual speed a single user receives (usually much lower than
aggregate throughput in a system with
shared transmission speed).
Ingress Filtering: The filtering of traffic coming into a site from the outside.
Inherit: When permissions are assigned to a
user in a directory, user automatically
receives the same permissions in sub-
directories unless this automatic inheritance is blocked.
Initial Installation: The initial phase of a product’s life cycle. Ongoing costs may be
much higher.
Initialization Vector: A bit string used in conjunction with a key for encryption.
Initial Labor Costs: The labor costs of setting
up a system for the first time.
Initial Sequence Number (ISN): The sequence
number placed in the first TCP segment
a side transmits in a session; selected
randomly.
Instance: An actual example of a category.
Instant Messaging (IM): A popular P2P application that allows two users to type messages
back and forth in real time.
Institute for Electrical and Electronics
Engineers (IEEE): An international organization whose 802 LAN/MAN Standards
Committee creates many LAN standards.
Insulation: Nonconducting coating around
each wire in a UTP cord.
Insulation Displacement Connection (IDC):
Connection method used in UTP. A
connector bites through the insulation
around a wire, making contact with the
wire inside.
Interexchange Carrier (IXC): A telephone
carrier that transmits voice traffic between
LATAs.
Interface: 1) The router’s equivalent of a network interface card; a port on a router that
must be designed for the network to which
it connects. 2) In Web services, the outlet
through which an object communicates
with the outside world.
Interference: See Electromagnetic Interference.
Interior Routing Protocol: Routing protocol
used within a firm’s internet.
Internal Back-End System: In e-commerce, an
internal e-commerce system that handles
accounting, pricing, product availability,
shipment, and other matters.
Internal Router: A router that connects different LANs within a site.
International Common Carrier (ICC): A telephone carrier that provides international
service.
International Organization for Standardization (ISO): A strong standards agency
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 601
Glossary
for manufacturing, including computer
manufacturing.
International Telecommunications UnionTelecommunications Standards Sector
(ITU-T): A standards agency that is part
of the United Nations and that oversees
international telecommunications.
Internet: 1) A group of networks connected by
routers so that any application on any host
on any network can communicate with
any application on any other host on any
other network. 2) A general term for any
internetwork (spelled with a lowercase i);
3) the worldwide Internet (spelled with a
capital I).
Internet Backbone: The collection of all
Internet Service Providers that provide
Internet transmission service.
Internet Connection Firewall (ICF): The
built-in stateful firewall that comes with
Windows XP.
Internet Connection Sharing (ICS): Microsoft
Windows service that allows a PC to connect to the Internet through another PC.
Internet Control Message Protocol (ICMP):
The protocol created by the IETF to oversee
supervisory messages at the internet layer.
Internet Engineering Task Force (IETF):
TCP/IP’s standards agency.
Internet Layer: The layer that governs the
transmission of a packet across an entire
internet.
Internet Message Access Protocol (IMAP):
One of the two protocols used to download received e-mail from an e-mail server;
offers more features but is less popular
than POP.
Internet Network: A network on the Internet
owned by a single organization, such as a
corporation, university, or ISP.
Internet Options: In Microsoft Windows, way
of setting security and other settings for
Browser communication.
Internet Protocol (IP): The TCP/IP protocol
that governs operations at the internet
layer. Governs packet delivery from host to
host across a series of routers.
Internet Service Provider: Carrier that provides Internet access and transmission.
Internetwork Operating System (IOS): The
operating system that Cisco Systems uses
on all of its routers and most of its
switches.
Intranet: An internet for internal transmission
within firms; uses the TCP/IP transmission
standards that govern transmission over
the Internet.
Intrusion Detection System (IDS): A security
system that examines messages traveling
through a network. IDSs look at traffic
broadly, identifying messages that are suspicious. Instead of discarding these packets, IDSs will sound an alarm.
Intrusion Protection System (IPS): Firewall
system that uses sophisticated packet filtering methods to stop attacks.
Inverse square law: Radio signal strength
declines with the square of transmission
distance.
IOS: See Internetwork Operating System.
IP: See Internet Protocol.
IP Address: An Internet Protocol address; the
address that every computer needs when it
connects to the Internet; IP addresses are
32 bits long.
Ipconfig/all: Windows command line command
in newer versions of Windows that shows
configuration parameters for the PC.
IP Security (IPsec): A set of standards that
operate at the internet layer and provide
security to all upper layer protocols
transparently.
IP Telephone: A telephone that has the electronics to encode voice for digital transmission and to send and receive packets
over an IP internet.
IP Telephony: The transmission of telephone
signals over IP internets instead of over
circuit-switched networks.
IP Version 4 (IPv4): The standard that governs
most routers on the Internet and private
internets.
IP Version 6 (IPv6): A new version of the
Internet Protocol.
Ipconfig (ipconfig): A command used to find
information about one’s own computer,
used in newer versions of Windows (the
command is typed as ipconfig/all[Enter]
at the command line).
IPS: See intrusion prevention system.
IPsec Gateway: Border device at a site that
converts between internal data traffic into
601
PANKMG01_0132214415.QXD
602
5/12/06
6:15 PM
Page 602
Glossary
protected data traffic that travels over an
untrusted system such as the Internet.
IPsec: See IP Security.
IPv4: See IP Version 4.
IPv6: See IP Version 6.
IPX/SPX Architecture: Non-TCP/IP standards
architecture found at upper layers in
LANs; required on all older Novell
NetWare file servers.
Iris: The colored part of the eye, used in biometric authentication.
ISN: See Initial Sequence Number.
ISO: See International Organization for
Standardization.
ISO/IEC 11801: European standard for wire
and optical fiber media.
ISP: See Internet Service Provider.
IT Disaster Recovery: Recovering from a disaster that damages computer equipment
or data.
IT Guru. See OPNET IT Guru.
ITU-T: See International Telecommunications
Union-Telecommunications Standards
Sector.
IXC: See Interexchange Carrier.
Jacket: The outer plastic covering, made of PVC,
that encloses and protects the four pairs of
wires in UTP or the core and cladding in
optical fiber.
Java Applet: Small Java program that is downloaded as part of a webpage.
Jitter: Variability in latency.
JPEG: Popular graphics file format.
kbps: Kilobits per second.
Key: A bit string used with an encryption
method to encrypt and decrypt a message.
Different keys used with a single encryption method will give different ciphertexts
from the same plaintext.
Key Exchange: The secure transfer of a symmetric session key between two communicating parties.
Key-Hashed Message Authentication Code
(HMAC): Electronic signature technology that is efficient and inexpensive but
lacks nonrepudiation.
Key Management: The management of key
creation, distribution, and other operations.
Label Header: In MPLS, the header added to
packets before the IP header; contains
information that aids and speeds routers
in choosing which interface to send the
packet back out.
Label Number: In MPLS, number in the label
header that aids label-switching routers in
packet sending.
Label Switching Router: Router that implements MPLS label switching.
Label Switching Table: In MPLS, the table used
by label-switching routers to decide which
interface to use to forward a packet.
LAN: See Local Area Network.
Language Independence: In SOAP, the fact
that Web service objects do not have to be
written in any particular language.
LATA: See Local Access and Transport Area.
Latency: Delay, usually measured in milliseconds.
Latency-Intolerant: An application whose performance is harmed by even slight latency.
Layer 3: See Internet Layer.
Layer 3 Switch: A router that does processing
in hardware, that is much faster and less
expensive than traditional software-based
routers. Layer 3 switches are usually dominant in the Ethernet core above workgroup switches.
Layer 4: See Transport Layer.
Layer 4 Switch: A switch that examines the port
number fields of each arriving packet’s
encapsulated TCP segment, allowing it to
switch packets based on the application
they contain. Layer 4 switches can give priority or even deny forwarding to IP packets from certain applications.
Layer 5: See Application Layer.
Leased Line Circuit: A high-speed pointto-point circuit.
Legacy Network: A network that uses obsolete
technology; may have to be lived with for
some time because upgrading all legacy
networks at one time is too expensive.
Legal Retention: Rules that require IM messages to be captured and stored in order to
comply with legal requirements.
Length Field: 1) The field in an Ethernet MAC
frame that gives the length of the data
field in octets. 2) The field in a UDP datagram that enables the receiving transport
process to process the datagram properly.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 603
Glossary
LEO: See Low Earth Orbit Satellite.
Lightweight Directory Access Protocol: Simple
protocol for accessing directory servers.
Line of Sight: An unobstructed path between the
sender and receiver, necessary for radio
transmission at higher frequencies.
Link: Connection between a pair of routers.
Link Aggregation: The use of two or more
trunk links between a pair of switches; also
known as trunking or bonding.
Link State Protocol: Routing protocol in
which each router knows the state of each
link between routers.
Linux: A freeware version of Unix that runs on
standard PCs.
Linux Distribution: A package purchased from
a vendor that contains the Linux kernel
plus a collection of many other programs,
usually taken from the GNU project.
List Folder Contents: A Microsoft Windows
Server permission that allows the account
owner to see the contents of a folder
(directory).
LLC: See Logical Link Control.
LLC Header: See Logical Link Control Layer
Header.
Load-Balancing Router: Router used on a
server farm that sends client requests to
the first available server.
Local: The value placed in the next-hop routing
field of a routing table to specify that the
destination host is on the selected network
or subnet.
Local Access and Transport Area (LATA):
One of the roughly 200 site regions the
United States has been divided into for
telephone service.
Local Area Network (LAN): A network within
a site.
Local Calling: Telephone calls placed to a
nearby caller; less expensive than longdistance calls.
Local Loop: In telephony, the line used by the
customer to reach the PSTN’s central
transport core.
Log File: A file that contains data on events.
Logical Link Control Layer: The layer of functionality for the upper part of the data link
layer, now largely ignored.
Logical Link Control Layer Header: The
header at the start of the data field that
describes the type of packet contained in
the data field.
Logical Link Control Layer Subheader:
Group of fields at the beginning of the
Ethernet data field.
Long Distance: A telephone call placed to a
distance party; more expensive than a
local call.
Longest Match: The matching row that
matches a packet’s destination IP address
to the greatest number of bits; chosen by a
router when there are multiple matches.
Loopback Address: The IP address 127.0.0.1.
When a user pings this IP address, this will
test their own computer’s connection to
the Internet.
Loopback Interface: A testing interface on a
device. Messages sent to this interface are
sent back to the sending device.
Low Earth Orbit Satellite (LEO): A type of
satellite used in mobile wireless transmission; orbits a few hundred miles or a few
hundred kilometers above the earth.
MAC: See Media Access Control.
MAC Address: See Media Access Control.
Mainframe Computer: The largest type of dedicated server; extremely reliable.
Malware: Software that seeks to cause damage.
Malware-Scanning Program: A program that
searches a user’s PC looking for installed
malware.
MAN: See Metropolitan Area Network.
Manageable Switch: A switch that has sufficient
intelligence to be managed from a central
computer (the Manager).
Managed Device: A device that needs to be
administered, such as printers, hubs,
switches, routers, application programs,
user PCs, and other pieces of hardware
and software.
Managed Frame Relay: A type of Frame Relay
service that takes on most of the management that customers ordinarily would have
to do. Managed Frame Relay provides traffic
reports and actively manages day-to-day traffic to look for problems and get them fixed.
Management Information Base (MIB): A specification that defines what objects can exist
on each type of managed device and also
the specific characteristics of each object;
603
PANKMG01_0132214415.QXD
604
5/12/06
6:15 PM
Page 604
Glossary
the actual database stored on a manager
in SNMP. There are separate MIBs for
different types of managed devices; both a
schema and a database.
Management Program: A program that helps
network administrators manage their
networks.
Manager: The central PC or more powerful
computer that uses SNMP to collect information from many managed devices.
Mask: A 32-bit string beginning with a series of
ones and ending a series of zeroes; used by
routing tables to Interpret IP address part
sizes. The ones designate either the network part or the network plus software part.
Mask Operations: Applying a mask of ones and
zeros to a bit stream. Where the mask is
1, the original bit stream’s bit results.
Otherwise, the result is zero.
Mature: Technology that has been under development long enough to have its rough
edges smoothed off.
Maximum Segment Size (MSS): The maximum size of TCP data fields that a receiver
will accept.
Maximum Transmission Unit (MTU): The
maximum packet size that can be carried
by a particular LAN or WAN.
Mbps: Megabits per second.
MD5: A popular hashing method.
Mean Time to Repair (MTTR): The average
time it takes a staff to get a network back
up after it has been down.
Media Access Control (MAC): The process of
controlling when stations transmit; also,
the lowest part of the data link layer, defining functionality specific to a particular
LAN technology.
Media Gateway: A device that connects IP telephone networks to the ordinary public
switched telephone network. Media gateways
also convert between the signalling formats
of the IP telephone system and the PSTN.
Medium Earth Orbit Satellite (MEO): A type
of satellite used in mobile wireless transmission; orbits a few thousand miles or a
few thousand kilometers above the earth.
Megabits per second: Millions of bits per
second.
Megahertz (MHz): One million hertz.
MEO: See Medium Earth Orbit Satellite.
Mesh Networking: A type of networking in
which wireless devices route frames without the aid of wired LANs.
Mesh Topology: 1) A topology where there are
many connections among switches or
routers, so there are many alternative
routes for messages to get from one end of
the network to the other. 2) In network
design, a topology that provides direct
connections between every pair of sites.
Message: A discrete communication between
hardware or software processes.
Message Digest: The result of hashing a plaintext message. The message digest is signed
with the sender’s private key to produce
the digital signature.
Message Integrity: The assurance that a message has not been changed en route; or if a
message has been changed, the receiver
can tell that it has.
Message Timing: Controlling when hardware
or software processes may transmit.
Message Unit: Local telephone service in which
a user is charged based on distance and
duration.
Method: In Web services, a well-defined action
that a SOAP message can request.
Metric: A number describing the desirability of
a route represented by a certain row in a
routing table.
Metro Ethernet: See metropolitan area Ethernet.
Metropolitan Area Ethernet: Ethernet operating at the scale of a metropolitan area
network.
Metropolitan Area Network (MAN): A WAN
that spans a single urban area.
MHz: See Megahertz.
MHz-km: Measure of modal bandwidth, a measure of multimode fiber quality.
MIB: See Management Information Base.
Microsoft Windows Server: Microsoft’s network operating system for servers, which
comes in three versions: NT, 2000, and
2003.
Microsoft Windows XP Home: The dominant
operating system today for residential
PCs.
Microsoft Windows XP Professional: A version of Windows XP designed to be run in
organization; integrates with Windows
Server services.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 605
Glossary
Microwave: Traditional point-to-point radio
transmission system.
Microwave Repeater: Transmitter/receiver
that extends the distance a microwave link
can travel.
Millisecond (ms): The unit in which latency is
measured.
MIME: See Multipurpose Internet Mail
Extensions.
MIMO: See Multiple Input/Multiple Output.
Ministry of Telecommunications: A governmentcreated regulatory body that oversees
PTTs.
Mobile IP: A system for handling IP addresses
for mobile devices.
Mobile Telephone Switching Office (MTSO):
A control center that connects cellular customers to one another and to wired
telephone users, as well as overseeing all
cellular calls (determining what to do
when people move from one cell to
another, including which cellsite should
handle a caller when the caller wishes to
place a call).
Mobile Wireless Access: Local wireless service
in which the user may move to different
locations.
Modal Bandwidth: The measure of multimode
fiber quality; the fiber’s bandwidth–distance product. A modal bandwidth of
200 MHz-km means that if your bandwidth
is 100 MHz, then you can transmit 2 km.
Modal Dispersion: The main propagation
problem for optical fiber; dispersion in
which the difference in the arrival times of
various modes (permitted light rays) is too
large, causing the light rays of adjacent
pulses to overlap in their arrival times and
rendering the signal unreadable.
Mode: An angle light rays are permitted to
enter an optical fiber core.
Modify: A Microsoft Windows Server permission
that gives an account owner additional
permissions to act upon files, for example,
the permission to delete a file, which is not
included in Write.
Modulate: To convert digital signals to analog
signals.
Momentary Traffic Peak: A surplus of traffic
that briefly exceeds the network’s capacity,
happening only occasionally.
Monochrome Text: Text of one color against a
contrasting background.
More Fragments Flag Field: In IPv4, a flag
field that indicates whether there are more
fragments (set) or not (not set).
MPLS: See Multiprotocol Label Switching.
Ms: See Millisecond.
MS-CHAP: Microsoft version of the Challenge–
Response Authentication Protocol.
MSS: See Maximum Segment Size.
MTSO: See Mobile Telephone Switching
Office.
MTTR: See Mean Time to Repair.
MTU: See Maximum Transmission Unit.
Multicasting: Simultaneously sending messages
to multiple stations but not to all stations.
Multilayer Security: Applying security at more
than one layer to provide defense in depth.
Multimode Fiber: The most common type of
fiber in LANs, wherein light rays in a pulse
can enter a fairly thick core at multiple
angles.
Multipath Interference: Interference caused
when a receiver receives two or more
signals—a direct signal and one or more
reflected signals. The multiple signals may
interfere with one another.
Multiple Input/Multiple Output (MIMO): A
radio transmission method that sends several signals simultaneously in a single
radio channel.
Multiplexing: 1) Having the packets of many
conversations share trunk lines; reduces
trunk line cost. 2) The ability of a protocol
to carry messages from multiple nexthigher-layer protocols in a single communication session.
Multiprocessing Computer: A computer with
multiple microprocessors. This allows it to
run multiple programs at the same time.
Multiprotocol Label Switching (MPLS): A
traffic management tool used by many
ISPs.
Multiprotocol Router: A router that can handle not only TCP/IP internetworking protocols, but also internetworking protocols
for IPX/SPX, SNA, and other standards
architectures.
Multiprotocol: Characterized by implementing
many different protocols and products following different architectures.
605
PANKMG01_0132214415.QXD
606
5/12/06
6:15 PM
Page 606
Glossary
Multipurpose Internet Mail Extensions
(MIME): A standard for specifying the
contents of files.
Mutual Authentication: Authentication by
both parties.
Name Server: Server in the Domain Name
System.
Nanometer (nm): The measure used for wavelengths; one billionth of a meter (109
meters).
NAP: See Network Access Point.
Narrowband: 1) A channel with a small bandwidth and, therefore, a low maximum
speed; 2) low-speed transmission.
NAS: See Network Attached Storage.
NAT: See Network Address Translation.
Netstat: A popular route analysis tool, which
gives data on current connections between
a computer and other computers.
Network: In IP addressing, an organizational
concept—a group of hosts, single networks,
and routers owned by a single organization.
Network Access Point (NAP): A site where
ISPs interconnect and exchange traffic.
Network Address Translation (NAT):
Converting an IP address into another IP
address, usually at a border firewall; disguises a host’s true IP address from sniffers. Allows more internal addresses to be
used than an ISP supplies a firm with
external addresses.
Network Architecture: 1) A broad plan that
specifies everything that must be done for
two application programs on different networks on an internet to be able to work
together effectively. 2) A broad plan for
how the firm will connect all of its computers within buildings (LANs), between sites
(WANs), and to the Internet; also includes
security devices and services.
Network Attached Storage (NAS): Storage
device that connects directly to the network instead of to a computer.
Network Interface Card (NIC): Printed circuit expansion board for a PC; handles
communication with a network; sometimes built into the motherboard.
Network Layer: In OSI, Layer 3; governs internetworking. OSI network layer standards
are rarely used.
Network Management Agent (Agent): A
piece of software on the managed device
that communicates with the manager on
behalf of the managed device.
Network Management Program (Manager):
A program run by the network administrator on a central computer.
Network Management Utility: A program
used in network management.
Network Mapping: The act of mapping the layout of a network, including what hosts and
routers are active and how various devices
are connected. Its two phases are discovering and fingerprinting.
Network Mask: A mask that has 1s in the network part of an IP address and 0s in all
other parts.
Network Operating System (NOS): A PC
server operating system.
Network Part: The part of an IP address that
identifies the host’s network on the
Internet.
Network Security: The protection of a network from attackers.
Network Simulation: The building of a model
of a network that is used to project how the
network will operate after a change.
Network Topology: The order in which a network’s nodes are physically connected by
transmission lines.
Networked Application: An application that
provides service over a network.
Next Header Field: In IPv6, a header field that
describes the header following the current
header.
Next-Hop Router: A router to which another
router forwards a packet in order to get
the packet a step closer to reaching its destination host.
NIC: See Network Interface Card.
Nm (nm): See Nanometer.
Nmap: A network mapping tool that finds active
IP addresses and then fingerprints them to
determine their operating system and perhaps their operating system version.
Node: A client, server, switch, router, or other
type of device in a network.
Noise: Random electromagnetic energy within
wires; combines with the data signal to
make the data signal difficult to read.
Noise Floor: The mean of the noise energy.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 607
Glossary
Noise Spike: An occasional burst of noise that
is much higher or lower than the noise
floor; may cause the signal to become
unrecognisable.
Nonblocking: A nonblocking switch has
enough aggregate throughput to handle
even the highest possible input load (maximum input on all ports).
Nonoverlapping Channel: Channels whose frequencies do not overlap.
Normal Attack: An incident that does a small
amount of damage and can be handled by
the on-duty staff.
North Shore: The First Bank of Paradise’s
backup facility; able to take over within
minutes if Operations fails.
NOS: See Network Operating System.
Not Set: When a flags field is given the value 0.
Nslookup (nslookup): A command that allows
a PC user to send DNS lookup messages to
a DNS server.
Object: A specific Web service.
Object: In SNMP, an aspect of a managed
device about which data is kept.
OC: See Optical Carrier.
Octet: A collection of eight bits; same as a byte.
OFDM: See Orthogonal Frequency Division
Multiplexing.
Official Internet Protocol Standards:
Standards deemed official by the IETF.
Official Standards Organization: An internationally recognized organization that produces standards.
Omnidirectional Antenna: An antenna that
transmits signals in all directions and
receives incoming signals equally well
from all directions.
On/Off Signaling: Signaling wherein the signal is
on for a clock cycle to represent a one, and
off for a zero. (On/off signaling is binary.)
One-Pair Voice-Grade UTP: The traditional
telephone access lines to individual
residences.
Ongoing Costs: Costs beyond initial installation costs; often exceed installation costs.
Open Shortest Path First (OSPF): Complex but
highly scalable interior routing protocol.
Operations: The First Bank of Paradise’s building in an industrial area that houses the
bank’s mainframe operations and other
back-office technical functions; also has
most of the bank’s IT staff, including its
networking staff.
OPNET ACE: See OPNET Application
Characterization Environment.
OPNET Application Characterization Environment (ACE): A network simulation
program; focuses on application layer
performance.
OPNET IT Guru: A popular network simulation program; focuses primarily on data
link layer and internet layer performance.
Optical Carrier (OC): A number that indicates
SONET speeds.
Optical Fiber: Cabling that sends signals as
light pulses.
Optical Fiber Cord: A length of optical fiber.
Option: One of several possibilities that a user
or technologist can select.
Orthogonal Frequency Division Multiplexing
(OFDM): A form of spread spectrum
transmission that divides each broadband
channel into subcarriers and then
transmits parts of each frame in each
subcarrier.
Organizational Unit: In directory servers, a
subunit of the Organization node.
OSI: The Reference Model of Open Systems
Interconnection; the 7-layer network standards architecture created by ISO and
ITU-T; dominant at the physical and data
link layers, which govern transmission
within single networks (LANs or WANs).
OSI Application Layer (Layer 7): The layer
that governs application-specific matters
not covered by the OSI Presentation Layer
or the OSI Session Layer.
OSI Layer 5: See OSI Session Layer.
OSI Layer 6: See OSI Presentation Layer.
OSI Layer 7: See OSI Application Layer.
OSI Presentation Layer (Layer 6): The layer
designed to handle data formatting
differences between two communicating
computers.
OSI Session Layer (Layer 5): The layer that
initiates and maintains a connection
between application programs on different computers.
OSPF: See Open Shortest Path First.
Out of Phase: In multipath interference, the
condition of not being in sync, as occurs
607
PANKMG01_0132214415.QXD
608
5/12/06
6:15 PM
Page 608
Glossary
with signals that have been reflected and
thus traveled different distances and not
arrived at the receiver at the same time.
Outsourcing: Paying other firms to handle
some, most, or all IT chores.
Overprovision: To install much more capacity
in switches and trunk links than will be
needed most of the time, so that momentary traffic peaks will not cause problems.
Oversubscription: In Frame Relay, the state of
having port speeds less than the sum of
PVC speeds.
P2P: See Peer-to-Peer Architecture.
Packet: A message at the internet layer.
Packet Capture and Display Program: A program that captures selected packets or all
of the packets arriving at or going out of a
NIC. Afterward, the user can display key
header information for each packet in
greater or lesser detail.
Packet Filter Firewall: A firewall that examines
fields in the internet and transport headers of individual arriving packets. The firewall makes pass/deny decisions based
upon the contents of IP, TCP, UDP, and
ICMP fields.
Packet Switching: The breaking of conversations into short messages (typically a
few hundred bits long); allows multiplexing on trunk lines to reduce trunk line
costs.
PAD Field: A field that the sender adds to an
Ethernet frame if the data field is less than
46 octets long (the total length of the PAD
plus data field must be exactly 46 octets
long).
PAN: See Personal Area Network.
Parallel Transmission: A form of transmission
that uses multiple wire pairs or other transmission media simultaneously to send a
signal; increases transmission speed.
Pass Phrase: A series of words that is used to
generate a key.
Password: A secret keyboard string only the
account holder should know; authenticates user access to an account.
Password Length: The number of characters in
a password.
Password Reset: The act of changing a password
to some value known only to the systems
administrator and the account owner.
Patch: An addition to a program that will close
a security vulnerability in that program.
Patch Cord: A cord that comes precut in a variety of lengths, with a connector attached;
usually either UTP or optical fiber.
Payload: 1) A piece of code that can be executed by a virus or worm after it has spread
to multiple machines. 2) ATM’s name for a
data field.
Payment Mechanism: In e-commerce, ways for
purchasers to pay for their ordered goods
or services.
PBX: See Private Branch Exchange.
PC Server: A server that is a personal
computer.
PCM: Pulse Code Modulation.
PEAP: See Protected Extensible Authentication
Protocol.
Peer-to-Peer Architecture (P2P): The application architecture in which most or all
of the work is done by cooperating
user computers, such as desktop PCs. If
servers are present at all, they serve only
facilitating roles and do not control the
processing.
Peer-to-Peer Service: Service wherein client
PCs provide services to one another.
Perfect Internal Reflection: When light in optical fiber cabling begins to spread, it hits
the cladding and is reflected back into the
core so that no light escapes.
Permanent IP Address: An IP address given to
a server that the server keeps and uses
every single time it connects to the
Internet. (This is in contrast to client PCs,
which receive a new IP address every time
they connect to the Internet.)
Permanent Virtual Circuit (PVC): A PSDN
connection between corporate sites that is
set up once and kept in place for weeks,
months, or years at a time.
Permission: A rule that determines what an
account owner can do to a particular
resource (file or directory).
Personal Area Network (PAN): A small wireless network used by a single person.
Personal Mode: Pre-shared Key Mode in WPA
or 802.11i.
Phase Modulation: Modulation in which one
wave serves as a reference wave or a carrier
wave. Another wave varies its phase to represent one or more bits.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 609
Glossary
Phishing: Social engineering attack that uses an
official-looking e-mail message or website.
Physical Address: Data link layer address—Not
a physical layer address. Given this name
because it is the address of the NIC, which
is a physical device that implements both
the physical and data link layers.
Physical Layer: The standards layer that governs physical transmission between adjacent devices; OSI Layer 1.
Physical Link: A connection linking adjacent
devices on a network.
Piggybacking: The act of an attacker being
allowed physical entrance to a building by
following a legitimate user through a
locked door that the victim has opened.
Ping: Sending a message to another host and listening for a response to see if it is active.
Pixel: A dot on a computer screen.
PKI: See Public Key Infrastructure.
Plaintext: The original message the sender
wishes to send to the receiver; not limited
to text messages.
Plan–Protect–Respond Cycle: The basic management cycle in which the three named
stages are executed repeatedly.
Planning: Developing a broad security strategy
that will be appropriate for a firm’s security threats.
Plenum: The type of cabling that must be used
when cables run through airways to prevent toxic fumes in case of fire.
Point of Presence (POP): 1) In cellular telephony, a site at which various carriers that
provide telephone service are interconnected. 2) In PSDNs, a point of connection for user sites. There must be a private
line between the site and the POP.
Point-to-Point Topology: A topology wherein
two nodes are connected directly.
Point-to-Point Tunneling Protocol (PPTP): A
remote access VPN security standard offering moderate security. PPTP works at the
data link layer, and it protects all messages
above the data link layer, providing protection transparently.
POP: See 1) Point of Presence. 2) See Post Office
Protocol.
Pop-Up Blocker: A program that blocks annoying pop-up advertisements.
Port: In TCP and UDP messages, a header field
that designates the application layer
process on the server side and a specific
connection on the client side.
Port Number: The field in TCP and UDP that
tells the transport process what application
process sent the data in the data field or
should receive the data in the data field.
Portfolio: A planned collection of projects.
Post Office Protocol (POP): The most popular
protocol used to download e-mail from an
e-mail server to an e-mail client.
PPTP: See Point-to-Point Tunneling Protocol.
Preamble Field: The initial field in an Ethernet
MAC frame; synchronizes the receiver’s
clock to the sender’s clock.
Prefix Notation: A way of representing masks.
Gives the number of initial 1s in the mask.
Premises: The land and buildings owned by a
customer.
Presence Server: A server used in many P2P
systems; knows the IP addresses of each
user and also whether the user is currently
on line and perhaps whether or not the
user is willing to chat.
Pre-Shared Key: A mode of operation in WPA
and 802.11i in which all stations and an
access point share the same initial key.
Presentation Layer: See OSI Presentation
Layer.
Print Server: An electronic device that receives
print jobs and feeds them to the printer
attached to the print server.
Printer Sharing: Allowing multiple PCs to
share a single printer.
Priority: Preference given to latency-sensitive
traffic, such as voice and video traffic, so
that latency-sensitive traffic will go first if
there is congestion.
Priority Level: The three-bit field used to give a
frame one of eight priority levels from 000
(zero) to 111 (eight).
Private Branch Exchange (PBX): An internal
telephone switch.
Private IP Address: An IP address that may be
used only within a firm. Private IP addresses
have three designated ranges: 10.x.x.x,
192.168.x.x, and 172.16.x.x through
172.31.x.x.
Private Key: A key that only the true party
should know. Part of a public key–private
key pair.
Probable Annual Loss: The likely annual loss
from a particular threat. The cost of
609
PANKMG01_0132214415.QXD
610
5/12/06
6:15 PM
Page 610
Glossary
a successful attack times the probability of
a successful attack in a one-year period.
Probe Packet: A packet sent into a firm’s network during scanning; responses to the
probe packet tend to reveal information
about a firm’s general network design and
about its individual computers—including
their operating systems.
Problem Update: An update that causes disruptions, such as slowing computer operation.
Propagate: To travel.
Propagation Effects: Changes in the signal during propagation.
Property: A characteristic of an object.
Protected Extensible Authentication Protocol
(PEAP): A version of EAP preferred by
Microsoft Windows computers.
Protecting: Implementing a strategic security
plan; the most time-consuming stage in the
plan–protect–respond management cycle.
Protocol: 1) A standard that governs interactions between hardware and software
processes at the same layer but on different hosts. 2) In IP, the header field that
describes the content of the data field.
Protocol Fidelity: The assurance that an application using a particular port is the application it claims to be.
Protocol Field: In IP, a field that designates the
protocol of the message in the IP packet’s
data field.
Provable Attack Packet: A packet that is provably an attack packet.
PSDN: See Public Switched Data Network.
PSTN: See Public Switched Telephone Network.
PTT: See Public Telephone and Telegraphy
Authority.
Public IP Address: An IP address that must be
unique on the Internet.
Public Key: A key that is not kept secret. Part of
a public key–private key pair.
Public Key Authentication: Authentication in
which each user has a public key and a private key. Authentication depends on the
applicant knowing the true party’s private
key; requires a digital certificate to give the
true party’s public key.
Public Key Encryption: Encryption in which
each side has a public key and a private
key, so there are four keys in total for bidirectional communication. The sender
encrypts messages with the receiver’s
public key. The receiver, in turn, decrypts
incoming messages with the receiver’s own
private key.
Public Key Infrastructure (PKI): A total system
(infrastructure) for public key encryption.
Public Switched Data Network (PSDN): A
carrier WAN that provides data transmission service. The customer only needs to
connect to the PSDN by running one private line from each site to the PSDN carrier’s nearest POP.
Public Switched Telephone Network (PSTN):
The worldwide telephone network.
Public Telephone and Telegraphy authority
(PTT): The traditional title for the traditional monopoly telephone carrier in most
countries.
Public Utilities Commission (PUC): In the
United States, telecommunications regulatory agency at the state level.
PUC: See Public Utilities Commission.
Pulse Code Modulation (PCM): An analogto-digital conversion technique in which
the ADC samples the bandpass-filtered
signal 8,000 times per second, each time
measuring the intensity of the signal and
representing the intensity by a number
between 0 and 255.
PVC: See Permanent Virtual Circuit.
QAM: See Quadrature Amplitude Modulation.
QoS: See Quality of Service.
QPSK: See Quadrature Phase Shift Keying.
Quadrature Amplitude Modulation (QAM):
Modulation technique that uses two carrier
waves—a sine carrier wave and a cosine carrier wave. Each can vary in amplitude.
Quadrature Phase Shift Keying (QPSK):
Modulation with four possible phases. Each
of the four states represents two bits (00, 01,
10, and 11).
Quality of Service (QoS): Numerical service targets that must be met by networking staff.
Quality-of-Service (QoS) Parameters: In IPv4,
service quality parameters applied to all
packets with the same TOS field value.
Radio Frequency ID (RFID): A tag that can be
read at a distance by a radio transmitter/
receiver.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 611
Glossary
Radio Wave: An electromagnetic wave in the
radio range.
Rapid Spanning Tree Protocol: A version of
the Spanning Tree Protocol that has faster
convergence.
RAS: See Remote Access Server.
Raster Graphics: Form of graphics in which an
image is painted on the screen as a series
of dots.
Rated Speed: The official speed of a technology.
RBOC: See Regional Bell Operating Company.
Read: A Microsoft Windows Server permission
that allows an account owner to read files
in a directory. This is read-only access;
without further permissions, the account
owner cannot change the files.
Read and Execute: A set of Microsoft Windows
Server permissions needed to run executable programs.
Real Time Protocol (RTP): The protocol that
adds headers that contain sequence numbers to ensure that the UDP datagrams are
placed in proper sequence and that they
contain time stamps so that jitter can be
eliminated.
Reassembly: Putting a fragmented packet back
together.
Redundancy: Duplication of a hardware device
in order to enhance reliability.
Regenerate: In a switch or router, to clean up a
signal before sending it back out.
Regional Bell Operating Company (RBOC):
One of the companies that was created to
provide local service when the Bell System
(AT&T) was broken up in the early 1980s.
Relay Server: A server used in some IM systems, which every message flows through.
Relay servers permit the addition of special services, such as scanning for viruses
when files are transmitted in an IM system.
Reliabile: A protocol in which errors are
corrected by resending lost or damaged
messages.
Remote Access Server (RAS): A server to
which remote users connect in order to
have their identities authenticated so
they can get access to a site’s internal
resources.
Remote Monitoring (RMON) Probe: A specialized type of agent that collects data
on network traffic passing through its
location instead of information about the
RMON probe itself.
Repeat Purchasing: In e-commerce, a consumer
returning to a site where he or she had
made a purchase previously and making
another purchase; essential to profitability.
Request for Comment (RFC): A document
produced by the IETF that may become
designated as an Official Internet Protocol
Standard.
Request to Send: A message sent to an access
point when a station wishes to send and is
able to send because of CSMA/CA. The
station may send when it receives a clearto-send message.
Request to Send/Clear to Send: A system that
uses request-to-send and clear-to-send messages to control transmissions and avoid
collisions in wireless transmission.
Resegment: Dividing a collision domain into
several smaller collision domains to
reduce congestion and latency.
Responding: In security, the act of stopping and
repairing an attack.
Response Message: In Challenge–Response
Authentication Protocols, the message
that the applicant returns to the verifier.
Response Time: The difference between the
time a user types a request to the time the
user receives a response.
Retention: Rules that require IM messages to
be captured and stored in order to comply
with legal requirements.
RFC: See Request for Comment.
RFC 822: The original name for RFC 2822.
RFC 2822: The standard for e-mail bodies that
are plaintext messages.
RFID: See Radio Frequency ID.
Ring Topology: A topology in which stations are
connected in a loop and messages pass in
only one direction around the loop.
Ring Wrapping: In a network with a dual-ring
topology, responding to a break between
switches by turning the surviving parts of a
dual ring into a long single ring.
Right of Way: Permission to lay wires in public
areas; given by government regulators to
transmission carriers.
RIP: See Routing Information Protocol.
Risk Analysis: The process of balancing threats
and protection costs.
611
PANKMG01_0132214415.QXD
612
5/12/06
6:15 PM
Page 612
Glossary
RJ-45 Connector: The connector at the end of a
UTP cord, which plugs into an RJ-45 jack.
RJ-45 Jack: The type of jack into which UTP
cords’ RJ-45 connectors may plug.
RMON Probe: See Remote Monitoring Probe.
Roaming: The situation when a subscriber
leaves a metropolitan cellular system and
goes to another city or country. Roaming
requires the destination cellular system to
be technologically compatible with the
subscriber’s cellphone. It also requires
administration permission from the destination cellular system.
Robust Security Network (RSN): A wireless
network in which all stations and access
points communicate with 802.11i security.
Rogue Access Point: An access point set up by a
department or individual and not sanctioned by the firm.
Root: 1) The level at the top of a DNS hierarchy,
consisting of all domain names. 2) A super
account on a Unix server that automatically has full permissions in every directory
on the server.
Root Server: One of 13 top-level servers in the
Domain Name System (DNS).
Route: The path that a packet takes across an
internet.
Route Analysis: Determining the route a packet
takes between your host and another
host and analyzing performance along
this route.
Router: A device that forwards packets within
an internet. Routers connect two or more
single networks (subnets).
Routing: 1). The forwarding of IP packets;
2) the exchange of routing protocol information through routing protocols.
Routing Information Protocol (RIP): A simple
but limited interior routing protocol.
Routing Protocol: A protocol that allows
routers to transmit routing table information to one another.
RSA: Popular public key encryption method.
RST Bit: In a TCP segment, if the RST (reset)
bit is set, this tells the other side to end the
connection immediately.
RSTP: See Rapid Spanning Tree Protocol.
RTP: See Real Time Protocol.
RTS: See Request to Send.
RTS/CTS: See Request to Send/Clear to Send.
Sample: To read the intensity of a signal.
SC Connector: A square optical fiber connector, recommended in the TIA/EIA-568
standard for use in new installations.
Scalability: The ability of a technology to handle growth.
Scanning: To try to determine a network’s
design through the use of probe packets.
Schema: The design of a database, telling the
specific types of information the database
contains.
Scope: A parameter on a DHCP server that
determines how many subnets the DHCP
server may serve.
Script Kiddie: An attacker who possesses only
modest skills but uses attack scripts created
by experienced hackers; dangerous because
there are so many.
SDH: See Synchronous Digital Hierarchy.
Second-and-a-Half Generation (2.5G): A nickname for GPRS systems, which offer a substantial improvement over plain 2G GSM
but which is not a full third-generation
service.
Second-Generation (2G): The second generation of cellular telephony, introduced
in the early 1990s. Offers the improvements of digital service, 150 MHz of
bandwidth, a higher frequency range of
operation, and slightly higher data transmission speeds.
Second-Level Domain: The third level of a DNS
hierarchy, which usually specifies an organization (e.g., microsoft.com, hawaii.edu).
Secure Hash Algorithm (SHA): A hashing
algorithm that can produce hashes of different lengths.
Secure Shell (SSH): A program that provides
Telnet-like remote management capabilities; and FTP-like service; strongly encrypts
both usernames and passwords.
Secure Sockets Layer (SSL): The simplest VPN
security standard to implement; later
renamed Transport Layer Security. Provides
a secure connection at the transport layer,
protecting any applications above it that are
SSL/TLS-aware.
Semantics: In message exchange, the meaning
of each message.
Sequence Number Field: In TCP, a header
field that tells a TCP segment’s order
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 613
Glossary
among the multiple TCP segments sent by
one side.
Serial Transmission: Ethernet transmission
over a single pair in each direction.
Server: A host that provides services to residential or corporate users.
Server Farm: Large groups of servers that work
together to handle applications.
Server Station: A station that provides service
to client stations.
Service Band: A subdivision of the frequency
spectrum, dedicated to a specific service
such as FM radio or cellular telephone
service.
Service Control Point: A database of customer
information, used in Signaling System 7.
Service Level Agreement (SLA): A qualityof-service guarantee for throughput, availability, latency, error rate, and other matters.
Service Pack: For Microsoft Windows, large
cumulative updates that combine a number of individual updates.
Service Pack 2: In Microsoft Windows XP, a
security-focused update.
Session Initiation Protocol (SIP): Relatively
simple signaling protocol for voice over IP.
Session Key: Symmetric key that is used only
during a single communication session
between two parties.
Session Layer: See OSI Session Layer.
Set: 1) When a flags field is given the value 1.
2) An SNMP command sent by the manager that tells the agent to change a parameter on the managed device.
SETI@home: A project from the Search for
Extraterrestrial Intelligence (SETI), in
which volunteers download SETI@home
screen savers that are really programs.
These programs do work for the SETI@
home server when the volunteer computer
is idle. Processing ends when the user
begins to do work.
Setup Fee: The cost of initial vendor installation for a system.
Severity Rating: A rating for the severity of a risk.
SFF: See Small Form Factor.
SHA: See Secure Hash Algorithm.
Shadow Zone (Dead Spot): A location where a
receiver cannot receive radio transmission,
due to an obstruction blocking the direct
path between sender and receiver.
Shannon Equation: An equation by Claude
Shannon (1938) that shows that the maximum possible transmission speed (C )
when sending data through a channel is
directly proportional to its bandwidth (B),
and depends to a lesser extent on its signalto-noise ratio (S/N): C = B Log2 (1 + S/N).
Share: Microsoft’s name for something that is
shared, usually a directory or a printer.
Shared Documents Folder (SharedDocs): In
Windows XP, a directory that is automatically shared. To share a file with other users
on the computer or on an attached network, the user can copy a file from another
directory to the Shared Document Folder.
Shared Static Key: A key that is used by all
users in a system (shared) that is not
changed (static).
SharedDocs: See Shared Documents Folder.
SHDSL: See Super-High-Rate DSL.
Shielded Twisted Pair (STP): A type of twistedpair wiring that puts a metal foil sheath
around each pair and another metal mesh
around all pairs.
Shopping Cart: A core e-commerce function
that holds goods for the buyer while he or
she is shopping.
Signal: An information-carrying disturbance
that propagates through a transmission
medium.
Signal Bandwidth: The range of frequencies in a
signal, determined by subtracting the lowest frequency from the highest frequency.
Signaling: In telephony, the controlling of
calling, including setting up a path for a
conversation through the transport core,
maintaining and terminating the conversation path, collecting billing information,
and handling other supervisory functions.
Signaling Gateway: The device that sets up
conversations between parties, maintains
these conversations, ends them, provides
billing information, and does other work.
Signaling System 7: Telephone signaling system in the United States.
Signal-to-Noise Ratio (SNR): The ratio of the
signal strength to average noise strength;
should be high in order for the signal to
be effectively received.
Signing: Encrypting something with the sender’s
private key.
613
PANKMG01_0132214415.QXD
614
5/12/06
6:15 PM
Page 614
Glossary
Simple File Sharing: In Windows XP, extremely
weak security used on files in Shared
Documents folders. Simple File Sharing
does not even use a password; the only
security is that people must know the workgroup names to read and change files.
Simple Mail Transfer Protocol (SMTP): The
protocol used to send a message to a user’s
outgoing mail host and from one mail host
to another; requires a complex series of
interactions between the sender and
receiver before and after mail delivery.
Simple Network Management Protocol
(SNMP): The protocol that allows a general way to collect rich data from various
managed devices in a network.
Simple Object Access Protocol (SOAP): A
standardized way for a Web service to
expose its methods on an interface to the
outside world.
Single Point of Failure: When the failure in a
single component of a system can cause a
system to fail or be seriously degraded.
Single Sign-On (SSO): Authentication in which
a user can authenticate himself or herself
only once and then have access to all authorized resources on all authorized systems.
Single-Mode Fiber: Optical fiber whose core is
so thin (usually 8.3 microns in diameter)
that only a single mode can propagate—
the one traveling straight along the axis.
SIP: See Session Initiation Protocol.
Site Survey: In wireless LANs, a radio survey to
help determine where to place access
points.
Situation Analysis: The examination of a firm’s
current situation, which includes anticipation of how things will change in the future.
SLA: See Service Level Agreement.
Sliding Window Protocol: Flow control protocol that tells a receiver how many more
bytes it may transmit before receiving
another acknowledgement, which will give
a longer transmission window.
Slot: A very brief time period used in Time
Division Multiplexing; a subdivision of a
frame. Carries one sample for one circuit.
Small Form Factor (SFF): A variety of optical
fiber connectors; smaller than SC or
ST connectors but unfortunately not
standardized.
Small Office or Home Office (SOHO): A smallscale network for a small office or home
office.
Smart Access Point: An access point that can
be managed remotely.
SMTP: See Simple Mail Transfer Protocol.
SNA: See Systems Network Architecture.
Sneakernet: A joking reference to the practice
of walking files around physically, instead
of using a network for file sharing.
SNMP: See Simple Network Management
Protocol.
SNR: See Signal-to-Noise Ratio.
SOAP: See Simple Object Access Protocol.
Social Engineering: Tricking people into
doing something to get around security
protections.
Socket: The combination of an IP address and a
port number, designating a specific connection to a specific application on a specific host. It is written as an IP address, a
colon, and a port number, for instance
128.171.17.13:80.
SOHO: See Small Office or Home Office.
Solid-Wire UTP: Type of UTP in which each
of the eight wires really is a single solid
wire.
SONET: See Synchronous Optical Network.
Spam: Unsolicited commercial e-mail.
Spam Blocking: Software that recognizes and
deletes spam.
Spanning Tree Protocol (STP): See 802.1D
Spanning Tree Protocol.
Speech Codec: See codec.
Spread Spectrum Transmission: A type of
radio transmission that takes the original
signal and spreads the signal energy over a
much broader channel than would be
used in normal radio transmission; used in
order to reduce propagation problems,
not for security.
Spyware: Software that sits on a victim’s
machine and gathers information about
the victim.
SS7: See Signaling System 7.
SSH: See Secure Shell.
SSL: See Secure Sockets Layer.
SSL/TLS: See Secure Sockets Layer and
Transport Layer Security.
SSL/TLS-Aware: Modified to work with SSL/
TLS.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 615
Glossary
SSO: See Single Sign-On.
ST Connector: A cylindrical optical fiber connector, sometimes called a bayonet connector because of the manner in which it
pushes into an ST port and then twists to
be locked in place.
Standard: A rule of operation that allows two
hardware or software processes to work
together. Standards normally govern the
exchange of messages between two
entities.
Standards Agency: An organization that creates and maintains standards.
Standards Architecture: A family of related
standards that collectively allows an application program on one machine on an
internet to communicate with another
application program on another machine
on the internet.
Star Topology: A form of topology in which all
wires in a network connect to a single
switch.
Start of Frame Delimiter Field: The second
field of an Ethernet MAC frame, which
synchronizes the receiver’s clock to the
sender’s clock and then signals that the
synchronization has ended.
State: In digital physical layer signaling, one of
the few line conditions that represent
information.
Stateful Firewall: A firewall whose default
behavior is to allow all connections initiated by internal hosts but to block all connections initiated by external hosts. Only
passes packets that are part of approved
connections.
Station: A computer that communicates over a
network.
STM: See Synchronous Transfer Mode.
Store-and-Forward: Switching wherein the
Ethernet switch waits until it has received
the entire frame before sending the frame
back out.
Static IP Address: An IP address that never
changes.
STP: See 802.1D Spanning Tree Protocol or
Shielded Twisted Pair.
Strain Relief: Crimping the back of an RJ-45
connector into an RJ-45 cord so that if
the cord is pulled, it will not come out of
the connector.
Strand: In optical fiber, a core surrounded by a
cladding. For two-way transmission, two
optical fiber strands are needed.
Stranded-Wire UTP: Type of UTP in which in
which each of the eight “wires” really is a
collection of wire strands.
Stripping Tool: Tool for stripping the sheath off
the end of a UTP cord.
Strong Keys: Keys that are too long to be
cracked by exhaustive key search.
Subcarrier: A channel that is itself a subdivision
of a broadband channel, used to transmit
frames in OFDM.
Subnet: A small network that is a subdivision of
a large organization’s network.
Subnet Mask: A mask with 1s in the network
and subnet parts and zeros in the host part.
Subnet Part: The part of an IP address that
specifies a particular subnet within a
network.
Super Client: “Serverish” client in Gnutella that
is always on, that has a fixed IP address,
that has many files to share, and that is connected to several other super clients.
Super-High-Rate DSL (SHDSL): The next step
in business DSL, which can operate symmetrically over a single voice-grade twisted
pair and over a speed range of 384 kbps to
2.3 Mbps. It can also operate over somewhat longer distances than HDSL2.
Surreptitiously: Done without someone’s knowledge, such as surreptitious face recognition
scanning.
SVC: See Switched Virtual Circuit.
Switch: A device that forwards frames within a
single network.
Switched Virtual Circuit (SVC): A circuit
between sites that is set up just before a
call and that lasts only for the duration of
the call.
Switching Matrix: A switch component that
connects input ports to output ports.
Symmetric Key Encryption: Family of encryption methods in which the two sides use
the same key to encrypt messages to each
other and to decrypt incoming messages.
In bidirectional communication, only a
single key is used.
SYN Bit: In TCP, the flags field that is set to
indicate if the message is a synchronization message.
615
PANKMG01_0132214415.QXD
616
5/12/06
6:15 PM
Page 616
Glossary
Synchronous Digital Hierarchy (SDH): The
European version of the technology upon
which the world is nearly standardized.
Synchronous Optical Network (SONET):
The North American version of the technology upon which the world is nearly
standardized.
Synchronous Transfer Mode (STM): A number that indicates SDH speeds.
Syntax: In message exchange, how messages
are organized.
Systems Administration: The management of
a server.
Systems Network Architecture (SNA): The
standards architecture traditionally used
by IBM mainframe computers.
T568B: Wire color scheme for RJ-45 connectors; used most commonly in the United
States.
Tag: An indicator on an HTML file to show
where the browser should render graphics
files, when it should play audio files, and
so forth.
Tag Control Information: The second tag field,
which contains a 12-bit VLAN ID that it sets
to zero if VLANs are not being implemented. If VLANs are being used, each
VLAN will be assigned a different VLAN ID.
Tag Field: One of the two fields added to an
Ethernet MAC layer frame by the 802.1Q
standard.
Tag Protocol ID: The first tag field used in the
Ethernet MAC layer frame. The Tag
Protocol ID has the two-octet hexadecimal
value 81-00, which indicates that the frame
is tagged.
Tbps: Terabits per second.
TCO: See Total Cost of Ownership.
TCP: See Transmission Control Protocol.
TCP Segment: A TCP message.
TCP/IP: The Internet Engineering Tasks
Force’s standards architecture; dominant
above the data link layer.
TCPDUMP: The most popular freeware packet
analysis program; the Unix version.
TDM: See Time Division Multiplexing.
TDR: See Time Domain Reflectometry.
Telecommunications Closet: The location on
each floor of a building where cords coming up from the basement are connected
to cords that span out horizontally to telephones and computers on that floor.
Telephone Modem: A device used in telephony
that converts digital data into an analog
signal that can transfer over the local loop.
Telnet: The simplest remote configuration tool;
lacks encryption for confidentiality.
Temporal Dispersion: Another name for
modal dispersion.
Temporal Key Integrity Protocol (TKIP): A
security process used by 802.11i, where
each station has its own nonshared key
after authentication and where this key is
changed frequently.
Terabits per second: Trillions of bits per second.
Terminal Crosstalk Interference: Crosstalk
interference at the ends of a UTP cord,
where wires are untwisted to fit into the
connector. To control terminal crosstalk
interference, wires should not be untwisted
more than a half inch to fit into connectors.
Termination Equipment: Equipment that connects a site’s internal telephone system to
the local exchange carrier.
Terrestrial: Earth-based.
Test Signals: Signal sent by a high-quality UTP
tester through a UTP cord to check signal
quality parameters.
Texting: In cellular telephony, the transmission
of text messages.
TFTP: See Trivial File Transfer Protocol.
Third-Generation (3G): The newest generation
of cellular telephony, able to carry data at
much higher speeds than 2G systems.
Threat Enviornment: The threats that face the
company.
Three-Party Call: A call in which three people
can take part in a conversation.
Three-Tier Architecture: An architecture where
processing is done in three places: on the
client, on the application server, and on
other servers.
Three-Way Handshake: A three-message exchange that opens a connection in TCP.
Throughput: The transmission speed that users
actually get. Usually lower than a transmission system’s rated speed.
TIA/EIA/ANSI-568: The standard that governs
transmission media in the United States.
Time Division Multiplexing (TDM): A technology used by telephone carriers to provide
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 617
Glossary
reserved capacity on trunk lines between
switches. In TDM, time is first divided into
frames, each of which are divided into
slots; a circuit is given the same slot in
every frame.
Time Domain Reflectometry (TDR): Sending
a signal in a UTP cord and recording
reflections; can give the length of the cord
or the location of a propagation problem
in the cord.
Time to Live (TTL): The field added to a
packet and given a value by a source host,
usually between 64 and 128. Each router
along the way decrements the TTL field by
one. A router decrementing the TTL to
zero will discard the packet; this prevents
misaddressed packets from circulated endlessly among packet switches in search of
their nonexistent destinations.
TKIP: See Temporal Key Integrity Protocol.
TLS: See Transport Layer Security.
Token Passing: In token-ring networks, a token
frame is transmitted and used to determine when a station may transmit.
Token-Ring Network: A network that uses a
physical ring topology and token passing
at the media access control layer.
Toll Call: Long-distance call pricing in which
the price depends on distance and
duration.
Toll-Free Number Service: Service in which
anyone can call into a company, usually
without being charged. Area codes are
800, 888, 877, 866, and 855.
Top-Level Domain: The second level of a DNS
hierarchy, which categorizes the domain
by organization type (e.g., .com, .net, .edu,
.biz, .info) or by country (e.g., .uk, .ca, .ie,
.au, .jp, .ch).
Topology: The way in which nodes are linked
together by transmission lines.
TOS: See Type of Service.
Total Cost of Ownership (TCO): The total
cost of an entire system over its expected
lifespan.
Total Purchase Cost of Network Products:
The initial purchase price of a fully configured system.
Tracert (tracert): A Windows program that
shows latencies to every router along a
route and to the destination host.
Traffic Engineering: Designing and managing
traffic on a network.
Traffic Shaping: Limiting access to a network
based on type of traffic.
Trailer: The part of a message that comes after
the data field.
Transmission Line: A physical line that is used
to carry transmitted information.
Transmission Speed: The rate at which
information is transmitted in bits per
second.
Transaction Processing: Processing involving
simple, highly structured, and highvolume interactions.
Transceiver: A transmitter/receiver.
Transfer Syntax: In the OSI Presentation layer,
the syntax used by two presentation layer
processes to communicate, which may
or may not be quite different than either
of their internal methods of formatting
information.
Transmission Control Protocol (TCP): The
most common TCP/IP protocol at the
transport layer. Connection-oriented and
reliable.
Transparently: Without having a need to implement modifications.
Transport: In telephony, transmission; taking
voice signals from one subscriber’s access
line and delivering them to another customer’s access line.
Transport Core: The switches and transmission
lines that carry voice signals from one subscriber’s access line and delivering them to
another customer’s access line.
Transport Layer Security (TLS): The simplest
VPN security standard to implement; originally named Secure Sockets Layer.
Provides a secure connection at the transport layer, protecting any applications
above it that are SSL/TLS-aware.
Transport Layer: The layer that governs communication between two hosts; Layer 4 in
both OSI and TCP/IP.
Transport Mode: One of IPsec’s two modes of
operation, in which the two computers
that are communicating implement IPsec.
Transport mode gives strong end-to-end
security between the computers, but it
requires IPsec configuration and a digital
certificate on all machines.
617
PANKMG01_0132214415.QXD
618
5/12/06
6:15 PM
Page 618
Glossary
Traps: The type of message that an agent sends
if it detects a condition that it thinks the
manager should know about.
Triple DES (3DES): Symmetric key encryption
method in which a message is encrypted
three times with DES. If done with two or
three different keys, offers strong security.
However, it is processing intensive.
Trivial File Transfer Protocol (TFTP): A protocol used on switches and routers to download configuration information; has no
security.
Trojan Horse: A program that looks like an
ordinary system file, but continues to
exploit the user indefinitely.
Trunk Line: A type of transmission line that
links switches to each other, routers to
each other, or a router to a switch.
Trunking: See Link Aggregation.
TTL: See Time to Live.
Tunnel Mode: One of IPsec’s two modes of operation, in which the IPsec connection extends
only between IPsec gateways at the two sites.
Tunnel mode provides no protection within
sites, but it offers transparent security.
Twisted-Pair Wiring: Wiring in which each
pair’s wires are twisted around each other
several times per inch, reducing EMI.
Type of Service (TOS): IPv4 header field that
designates the type of service a certain
packet should receive.
U: The standard unit for measuring the height
of switches. One U is 1.75 inches (4.4 cm)
in height. Most switches, although not all,
are multiples of U.
UDDI: See Universal Description, Discovery,
and Integration.
UDDI Green Pages: The UDDI search option
that allows companies to understand how
to interact with specific Web services.
Green pages specify the interfaces on
which a Web service will respond, the
methods it will accept, and the properties
that can be changed or returned.
UDDI White Pages: The UDDI search option
that allows users to search for Web services by name, much like telephone white
pages.
UDDI Yellow Pages: The UDDI search option
that allows users to search for Web services
by function, such as accounting, much like
telephone yellow pages.
UDP: See User Datagram Protocol.
Ultrawideband (UWB): Spread spectrum
transmission system that has extremely
wide channels.
UNICODE: The standard that allows characters
of all languages to be represented.
Universal Description, Discovery, and Integration (UDDI): A protocol that is a distributed database that helps users find
appropriate Web services.
Unix: A network operating system used by all
workstation servers. Linux is a Unix version used on PCs.
Unlicensed Radio Band: A radio band that
does not require each station using it to
have a license.
Unreliable: (Of a protocol) not doing error
correction.
Unshielded Twisted Pair (UTP): Network cord
that contains four twisted pairs of wire
within a sheath. Each wire is covered with
insulation.
Update: To download and apply patches to fix a
system.
Uplink: In satellites, transmission from the
Earth to a communication satellite.
Uplink Port: Port on an Ethernet switch that
can be directly connected to a port in
a higher-level switch with a standard
UTP cord.
Usage Policy: A company policy for who may use
various tools and how they may use them.
User Datagram Protocol (UDP): Unreliable
transport-layer protocol in TCP/IP.
Username: An alias that signifies the account
that the account holder will be using.
UTP: See Unshielded Twisted Pair.
UWB: See Ultrawideband.
Validate: To test the accuracy of a network simulation model by comparing its performance with that of the real network. If the
predicted results match the actual results,
the model is validated.
Variable-Length Subnet Mask (VLSM): A mask
that allows subnets to be of different sizes.
Very Small Aperature Terminal (VSAT):
Communication satellite earthstation that
has a small-diameter antenna.
PANKMG01_0132214415.QXD
5/12/06
6:15 PM
Page 619
Glossary
VCI: See Virtual Channel Identifier.
Verifier: The party requiring the applicant to
prove his or her identity.
Vertical Riser: Space between the floors of a
building that telephone and data cabling
go through to get to the building’s upper
floor.
Viral Networking: Networking in which the
user’s PC connects to one or a few other
user PCs, which each connect to several
other user PCs. When the user’s PC first connects, it sends an initiation message to introduce itself via viral networking. Subsequent
search queries sent by the user also are
passed virally to all computers reachable
within a few hops; used in Gnutella.
Virtual Channel: In ATM, an individual connection within a virtual path.
Virtual Channel Identifier (VCI): One of the
two parts of ATM virtual circuit numbers.
Virtual Circuit: A transmission path between
two sites or devices; selected before transmission begins.
Virtual LAN (VLAN): A closed collection of
servers and the clients they serve.
Broadcast signals go only to computers in
the same VLAN.
Virtual Path Identifier (VPI): One of the two
parts of ATM virtual circuit numbers.
Virtual Path: In ATM, a group of connections
going between two sites.
Virtual Private Network (VPN): A network
that uses the Internet with added security
for data transmission.
Virus: A piece of executable code that attaches
itself to programs or data files. When the
program is executed or the data file
opened, the virus spreads to other programs or data files.
Virus Definitions Database: A database used
by antivirus programs to identify viruses.
As new viruses are found, the virus definitions database must be updated.
Virus Writer: Someone who creates viruses.
VLAN: See Virtual LAN.
VLSM: See Variable-Length Subnet Mask.
Voice Mail: A service that allows people to leave
a message if the user does not answer his
or her phone.
Voice-Grade: Wire of a quality useful for transmitting voice signals in the PSTN.
Voice over IP (VoIP): The transmission of voice
signals over an IP network.
VoIP: See Voice over IP.
VPI: See Virtual Path Identifier.
VPN: See Virtual Private Network.
VSAT: See Very Small Aperture Terminal.
Vulnerability: A security weakness found in
software.
Vulnerability Testing: Testing after protections
have been configured, in which a company
or a consultant attacks protections in the
way a determined attacker would and
notes which attacks that should have been
stopped actually succeeded.
WAN: See Wide Area Network.
War Driver: Someone who travels around looking for unprotected wireless access points.
WATS: See Wide Area Telephone Service.
Wavelength: The physical distance between
comparable points (e.g., from peak to
peak) in successive cycles of a wave.
Wavelength Division Multiplexing: Using signaling equipment to transmit several light
sources at slightly different wavelengths,
thus adding signal capacity at the cost of
using slightly more expensive signaling
equipment but without incurring the high
cost of laying new fiber.
WDM: See Wavelength Division Multiplexing.
Weak Keys: Keys that are shot enough to be
cracked by an exhaustive key search.
Webify: In SSL/TLS VPNs, the SSL/TLS gateway can translate output from some applications into a webpage.
Web Service: A way to send processing requests
to program (object) on another machine.
The object has an interface to the outside
world and methods that it is willing to
undertake. Messages are sent in SOAP
format.
Web-Enabled: Client/server processing applications that use ordinary browsers as client
programs.
Webmail: Web-enabled e-mail. User needs only
a browser to send and read e-mail.
Well-Known Port Number: Standard port number of a major application that is usually (but
not always) used. For example, the wellknown TCP port number for HTTP is 80.
WEP: See Wired Equivalent Privacy.
619
PANKMG01_0132214415.QXD
620
5/12/06
6:15 PM
Page 620
Glossary
Wide Area Network (WAN): A network that
links different sites together.
Wide Area Telephone Service (WATS): Service
that allows a company to place outgoing
long-distance calls at per-minute prices
lower than those of directly dialed calls.
Wi-Fi Alliance: Trade group created to create
interoperability tests of 802.11 LANs; actually produced the WPA standard.
WiMAX: Broadband wireless access method.
Standardized as 802.16.
Window Size Field: TCP header field that is
used for flow control. It tells the station
that receives the segment how many more
octets that station may transmit before getting another acknowledgement message
that will allow it to send more octets.
Windows XP: client Microsoft operating system.
Windows Internet Name Service (WINS):
The system required by Windows clients
and servers before Windows 2000 server to
provide IP address for host names.
WinDUMP: The most popular freeware packet
analysis program; the Windows version.
Winipcfg (winipcfg): A command used to find
information about one’s own computer;
used in older versions of windows.
WINS: See Windows Internet Name Service.
Wired Equivalent Privacy (WEP): A weak
security mechanism for 802.11.
Wireless Ethernet: Sometimes used as another
name for 802.11.
Wireless Access Point: Devices that controls
wireless clients and that bridges wireless
clients to servers and routers on the firm’s
main wired LAN.
Wireless LAN (WLAN): A local area network
that uses radio (or rarely, infrared) transmission instead of cabling to connect devices.
Wireless LAN Switch: An Ethernet switch to
which multiple wireless access points connect; manages the access points.
Wireless Networking: Networking that uses
radio transmission instead of wires to connect devices.
Wireless NIC: 802.11 network interface card.
Wireless Protected Access (WPA): 802.11
security method created as a stopgap
between WEP and 802.11i.
Wireless Protected Access 2 (WPA2): Another
name for 802.11 security.
WLAN: See Wireless LAN.
Work-Around: A process of making manual
changes to eliminate a vulnerability instead
of just installing a software patch.
Workgroup: A logical network. On a physical
network, only PCs in the same workgroup
can communicate.
Workgroup Name: To create a workgroup, all
PCs in the workgroup are assigned the
same workgroup name. They will find
each other automatically.
Workgroup Switch: A switch to which stations
connect directly.
Working Group: A specific subgroup of the 802
Committee, in charge of developing a specific group of standards. For instance, the
802.3 Working Group creates Ethernet
standards.
Workstation Server: The most popular type of
large dedicated server; runs the Unix
operating system. It uses custom-designed
microprocessors and runs the Unix operating system.
Worm: An attack program that propagates on
its own by seeking out other computers,
jumping to them, and installing itself.
WPA: See Wireless Protected Access.
WPA2: See Wireless Protected Access 2.
Write: A Microsoft Windows Server permission
that allows an account owner to change
the contents of files in the directory.
X.509: The main standard for digital certificates.
Zero-Day Exploit: An exploit that takes advantage of vulnerabilities that have not previously been discovered or for which updates
have not been created.
ZigBee: Low-speed, low-power protocol for connecting sensors and other very small
devices wirelessly.
Download PDF
Similar pages