GLOSSARY Flashcards
(310 cards)
1
Q
66 Block
A
Traditionally used in corporate environments for cross-connecting phone system cabling. As
10Mbps LANs started to grow in popularity in the late 1980s and early 1990s, these termination
blocks were used to cross-connect Category 3 UTP cabling. The electrical characteristics
(specifically, crosstalk) of a 66 block, however, do not support higher-speed LAN technologies, such
as 100Mbps Ethernet networks.
2
Q
110 Block
A
Because 66 blocks are subject to too much crosstalk for higher-speed LAN connections,
110 blocks can be used to terminate a cable (such as a Category 5 cable) being used for those higherspeed LANs.
3
Q
802.11a
A
Ratified in 1999, this standard supports speeds as high as 54Mbps. Other supported data
rates (which can be used if conditions are not suitable for the 54Mbps rate) include 6, 9, 12, 18, 24,
36, and 48Mbps. The 802.11a standard uses the 5GHz band and the OFDM transmission method.
4
Q
802.11ac
A
An IEEE wireless networking standard operating in the 5GHz range, with increased
throughput compared to previous Wi-Fi IEEE standards.
5
Q
802.11b
A
Ratified in 1999, this standard supports speeds as high as 11Mbps. However, 5.5Mbps is
another supported data rate. The 802.11b standard uses the 2.4GHz band and the DSSS transmission
method.
6
Q
802.11g
A
Ratified in 2003, this standard supports speeds as high as 54Mbps. Like 802.11a, other
supported data rates include 6, 9, 12, 18, 24, 36, and 48Mbps. However, like 802.11b, 802.11g
operates in the 2.4GHz band, which allows it to offer backward compatibility to 802.11b devices.
802.11g can use either the OFDM or DSSS transmission method.
7
Q
802.11n
A
Ratified in 2009, this standard supports a variety of speeds, depending on its
implementation. Although the speed of an 802.11n network could approach 300Mbps (through the use
of channel bonding), many 802.11n devices on the market have speed ratings in the 130 Mbps–
150Mbps range. Interestingly, an 802.11n WLAN can operate in the 2.4GHz band, the 5GHz band, or
both simultaneously. 802.11n uses the OFDM transmission method.
8
Q
Acceptable Use Policy (AUP)
A
Identifies what users of a network are and are not allowed to do on that
network. For example, retrieving sports scores during working hours via an organization’s Internet
connection might be deemed inappropriate by an AUP.
9
Q
Access Control List
A
Rules typically applied to router interfaces, which specify permitted and
denied traffic.
10
Q
Address Resolution Protocol
A
An A RP request is a broadcast asking for the MAC address
corresponding to a known IP address. An A RP reply contains the requested MAC address.
11
Q
Administrative Distance (AD)
A
A routing protocol’s index of believable. Routing protocols with a
smaller AD are considered more believable than routing protocols with a higher AD.
12
Q
Advanced Encryption Standard
A
Released in 2001, A ES is typically considered the preferred
symmetric encryption algorithm. A ES is available in 128-bit key, 192-bit key, and 256-bit key
versions.
13
Q
alerts
A
Various monitoring devices and services can provide you with automated alerting as to
network events. This is often a key element in network security to quickly learn when a potential
14
Q
ANT+
A
A wireless protocol for monitoring sensor data such as a person’s heart rate or a car’s tire
pressure, as well as for controlling systems such as indoor lighting and television sets. ANT+ is
designed and maintained by the ANT+ Alliance, which is owned by Garmin. It is based on the ANT
protocol.
15
Q
anycast
A
An any cast communication flow is a one-to-nearest (from the perspective of a router’s
routing table) flow.
16
Q
application layer (OSI model)
A
Layer 7 of the OSI model. This layer provides application services to
a network. An important yet often-misunderstood concept is that end-user applications do not reside
at the application layer. Instead, the application layer supports services used by end-user
applications. Another function of the application layer is advertising available services.
17
Q
application layer (TCP/IP stack)
A
Addresses concepts described by Layers 5, 6, and 7 (that is, the
session, presentation, and application layers) of the OSI model.
18
Q
arp command
A
Can be used in either the Microsoft Windows or the UNIX environment to see what a
Layer 2 MAC address corresponds to in a Layer 3 IP address.
19
Q
asset management
A
As related to networks, this is a formalized system of tracking network
components and managing the lifecycle of those components.
20
Q
asset tracking tags
A
Tags applied to physical network assets to permit the monitoring of the location
of these devices.
21
Q
asymmetric encryption
A
With asymmetric encryption, the sender and receiver of a packet use
different keys.
22
Q
Asynchronous Transfer Mode
A
A Layer 2 WAN technology that interconnects sites using
virtual circuits. These virtual circuits are identified by a pair of numbers, called the VPI/VCI pair. A
virtual path identifier (VPI) identifies a logical path, which can contain multiple virtual circuits. A
virtual circuit identifier (VCI) identifies the unique logical circuit within a virtual path.
23
Q
Authentication Header (AH)
A
An IPSec protocol that provides authentication and integrity services.
However, it does not provide encryption services.
24
Q
authentication server
A
In a network using 802.1X user authentication, an authentication server
(typically, a RADIUS server) checks a supplicant’s credentials. If the credentials are acceptable, the
authentication server notifies the authenticator that the supplicant is allowed to communicate on a
network. The authentication server also gives the authenticator a key that can be used to securely
transmit data during the authenticator’s session with the supplicant.
25
authenticator
In a network using 802.1X user authentication, an authenticator forwards a supplicant’s
authentication request on to an authentication server. After the authentication server authenticates the
supplicant, the authenticator receives a key that is used to communicate securely during a session with
the supplicant.
26
Automatic Private IP Addressing
Allows a networked device to self-assign an IP address
from the 169.254.0.0/16 network. Note that this address is only usable on the device’s local subnet
(meaning that the IP address is not routable).
27
availability
The measure of a network’s uptime.
28
badges
Identifiers worn by employees of an organization to assist with physical security.
29
bandwidth
The measure of network throughput capable on a network media or path
30
baseline
A collection of data portraying the characteristics of a network under normal operating
conditions. Data collected while troubleshooting can then be contrasted against baseline data.
31
Basic Rate Interface
A BRI circuit contains two 64Kbps B channels and one 16Kbps D
channel. Although such a circuit can carry two simultaneous voice conversations, the two B channels
can be logically bonded together into a single virtual circuit (by using PPP’s multilink interface
feature) to offer a 128Kbps data path.
32
basic service set
BSS - WLANs that have just one AP are called BSS WLANs. BSS WLANs are
said to run in infrastructure mode because wireless clients connect to an AP, which is typically
connected to a wired network infrastructure. A BSS network is often used in residential and SOHO
locations, where the signal strength provided by a single AP is sufficient to service all of the
WLAN’s wireless clients.
33
basic service set
BSS - WLANs that have just one AP are called BSS WLANs. BSS WLANs are
said to run in infrastructure mode because wireless clients connect to an AP, which is typically
connected to a wired network infrastructure. A BSS network is often used in residential and SOHO
locations, where the signal strength provided by a single AP is sufficient to service all of the
WLAN’s wireless clients.
34
biometrics
The use of unique characteristics of the body to provide access credentials and security.
For example, a thumbprint can be used to access a mobile device.
35
bit-error rate tester (BERT)
When troubleshooting a link where you suspect a high bit-error rate
(BER), you can use a piece of test equipment called a bit-error rate tester (BERT), which contains
both a pattern generator (which can generate a variety of bit patterns) and an error detector (which is
synchronized with the pattern generator and can determine the number of bit errors) and can calculate
a BER for the tested transmission link.
36
black-hole router
A router that drops packets that cannot be fragmented and are exceeding the MTU
size of an interface without notifying the sender.
37
block size
The number of IP addresses in a subnet, including the subnet’s address and the subnet’s
directed broadcast address.
38
Bluetooth
A wireless protocol for creating a personal area network, where a device such as a mobile
phone can send data to a headset, for example.
39
Bootstrap Protocol (BOOTP)
A legacy broadcast-based protocol used by networked devices to
obtain IP address information.
40
Border Gateway Protocol
Border Gateway Protocol (BGP) The only EGP in widespread use today. In fact, BGP is
considered to be the routing protocol that runs the Internet, which is an interconnection of multiple
autonomous systems. BGP is a path-vector routing protocol, meaning that it can use as its metric the
number of autonomous system hops that must be transited to reach a destination network, as opposed
to the number of required router hops.
41
basic service set
BSS - WLANs that have just one AP are called BSS WLANs. BSS WLANs are
said to run in infrastructure mode because wireless clients connect to an AP, which is typically
connected to a wired network infrastructure. A BSS network is often used in residential and SOHO
locations, where the signal strength provided by a single AP is sufficient to service all of the
WLAN’s wireless clients.
42
biometrics
The use of unique characteristics of the body to provide access credentials and security.
For example, a thumbprint can be used to access a mobile device.
43
bit-error rate tester (BERT)
When troubleshooting a link where you suspect a high bit-error rate
(BER), you can use a piece of test equipment called a bit-error rate tester (BERT), which contains
both a pattern generator (which can generate a variety of bit patterns) and an error detector (which is
synchronized with the pattern generator and can determine the number of bit errors) and can calculate
a BER for the tested transmission link.
44
black-hole router
A router that drops packets that cannot be fragmented and are exceeding the MTU
size of an interface without notifying the sender.
45
block size
The number of IP addresses in a subnet, including the subnet’s address and the subnet’s
directed broadcast address.
46
Bluetooth
A wireless protocol for creating a personal area network, where a device such as a mobile
phone can send data to a headset, for example.
47
Bootstrap Protocol (BOOTP)
A legacy broadcast-based protocol used by networked devices to
obtain IP address information.
48
Border Gateway Protocol
Border Gateway Protocol (BGP) The only EGP in widespread use today. In fact, BGP is
considered to be the routing protocol that runs the Internet, which is an interconnection of multiple
autonomous systems. BGP is a path-vector routing protocol, meaning that it can use as its metric the
number of autonomous system hops that must be transited to reach a destination network, as opposed
to the number of required router hops.
49
borrowed bits
Bits added to a classful subnet mask.
50
BPDU Guard
The ability of a switch to block a port where unexpected BPDUs are arriving from
another switch or attacker.
51
buffer overflow
This attack occurs when an attacker leverages a vulnerability in an application,
causing data to be written to a memory area (that is, a buffer) that’s being used by a different
application.
52
bus topology
Typically, this topology uses a cable running through the area requiring connectivity,
and devices to be networked can tap into that cable.
53
butt set
A piece of test equipment typically used by telephone technicians. The clips on a butt set canconnect to the tip and ring wires on a punch-down block (for example, a 66 block or a 110 block)
connecting to a telephone. This allows the technician to check the line (for example, to determine
whether a dial tone is present on the line and determine whether a call can be placed from the line).
54
basic service set
BSS - WLANs that have just one AP are called BSS WLANs. BSS WLANs are
said to run in infrastructure mode because wireless clients connect to an AP, which is typically
connected to a wired network infrastructure. A BSS network is often used in residential and SOHO
locations, where the signal strength provided by a single AP is sufficient to service all of the
WLAN’s wireless clients.
55
biometrics
The use of unique characteristics of the body to provide access credentials and security.
For example, a thumbprint can be used to access a mobile device.
56
bit-error rate tester (BERT)
When troubleshooting a link where you suspect a high bit-error rate
(BER), you can use a piece of test equipment called a bit-error rate tester (BERT), which contains
both a pattern generator (which can generate a variety of bit patterns) and an error detector (which is
synchronized with the pattern generator and can determine the number of bit errors) and can calculate
a BER for the tested transmission link.
57
black-hole router
A router that drops packets that cannot be fragmented and are exceeding the MTU
size of an interface without notifying the sender.
58
block size
The number of IP addresses in a subnet, including the subnet’s address and the subnet’s
directed broadcast address.
59
Bluetooth
A wireless protocol for creating a personal area network, where a device such as a mobile
phone can send data to a headset, for example.
60
Bootstrap Protocol (BOOTP)
A legacy broadcast-based protocol used by networked devices to
obtain IP address information.
61
Border Gateway Protocol
Border Gateway Protocol (BGP) The only EGP in widespread use today. In fact, BGP is
considered to be the routing protocol that runs the Internet, which is an interconnection of multiple
autonomous systems. BGP is a path-vector routing protocol, meaning that it can use as its metric the
number of autonomous system hops that must be transited to reach a destination network, as opposed
to the number of required router hops.
62
borrowed bits
Bits added to a classful subnet mask.
63
BPDU Guard
The ability of a switch to block a port where unexpected BPDUs are arriving from
another switch or attacker.
64
buffer overflow
This attack occurs when an attacker leverages a vulnerability in an application,
causing data to be written to a memory area (that is, a buffer) that’s being used by a different
application.
65
bus topology
Typically, this topology uses a cable running through the area requiring connectivity,
and devices to be networked can tap into that cable.
66
butt set
A piece of test equipment typically used by telephone technicians. The clips on a butt set canconnect to the tip and ring wires on a punch-down block (for example, a 66 block or a 110 block)
connecting to a telephone. This allows the technician to check the line (for example, to determine
whether a dial tone is present on the line and determine whether a call can be placed from the line).
67
cable certifier
If you are working with existing cable and want to determine its category, or if you
simply want to test the supported frequency range (and therefore data throughput) of the cable, you
can use a cable certifier.
68
cable modem
Attaches to the same coaxial cable (typically in a residence) that provides television
programming. A cable modem can use predetermined frequency ranges to transmit and receive data
over that coaxial cable.
69
cable tester
A cable tester can check the conductors in an Ethernet cable. It contains two parts. By
connecting these parts of the cable tester to each end of a cable under test, you can check the wires in
the cable for continuity (that is, check to make sure that there are no opens, or breaks, in a conductor).
In addition, you can verify an RJ-45 connector’s pin-outs (which are wires connected to the
appropriate pins on an RJ-45 connector).
70
campus area network
An interconnection of networks located in nearby buildings (for
example, buildings on a college campus).
71
captive portal
Typically a web page designed to collect the username and password of a user trying
to gain access to a network or application.
72
carrier-sense multiple access/collision avoidance (CSMA/CA)
Just as CSMA/CD is needed for
half-duplex Ethernet connections, CSMA/CA is needed for WLAN connections because of their halfduplex operation. Similar to how an Ethernet device listens to an Ethernet segment to determine
whether a frame exists on the segment, a WLAN device listens for a transmission on a wireless
channel to determine whether it is safe to transmit. In addition, the collision-avoidance part of the
CSMA/CA algorithm causes wireless devices to wait for a random back-off time before transmitting.
73
carrier-sense multiple access/collision detect (CSMA/CD)
Used on an Ethernet network to help
prevent a collision from occurring and to recover if a collision does occur. CSMA/CD is only needed
on half-duplex connections.
74
Central Office - CO
A building containing a telephone company’s telephone-switching equipment.
COs are categorized into five hierarchical classes. A Class 1 CO is a long-distance office serving a
regional area. A Class 2 CO is a second-level long-distance office; that is, it is subordinate to a Class
1 office. A Class 3 CO is a third-level long-distance office. A Class 4 CO is a fourth-level longdistance office, which provides telephone subscribers access to a live operator. A Class 5 CO is at
the bottom of the five-layer hierarchy and physically connects to customer devices in a local area.
75
Challenge Handshake Authentication Protocol (CHAP)
Like PAP, CHAP performs one-way
authentication. However, authentication is performed through a three-way handshake (challenge,
response, and acceptance messages) between a server and a client. The three-way handshake allows
a client to be authenticated without sending credential information across a network.
76
Central Office - CO
A building containing a telephone company’s telephone-switching equipment.
COs are categorized into five hierarchical classes. A Class 1 CO is a long-distance office serving a
regional area. A Class 2 CO is a second-level long-distance office; that is, it is subordinate to a Class
1 office. A Class 3 CO is a third-level long-distance office. A Class 4 CO is a fourth-level longdistance office, which provides telephone subscribers access to a live operator. A Class 5 CO is at
the bottom of the five-layer hierarchy and physically connects to customer devices in a local area.
77
Challenge Handshake Authentication Protocol (CHAP)
Like PAP, CHAP performs one-way
authentication. However, authentication is performed through a three-way handshake (challenge,
response, and acceptance messages) between a server and a client. The three-way handshake allows
a client to be authenticated without sending credential information across a network.
78
Challenge-Response Authentication Mechanism Message Digest 5 (CRAM-MD5)
A common
variant of HMAC frequently used in email systems. Like CHAP, CRAM-MD5 only performs one-way
authentication (the server authenticates the client).
79
Challenge-Response Authentication Mechanism Message Digest 5 (CRAM-MD5)
A common
variant of HMAC frequently used in email systems. Like CHAP, CRAM-MD5 only performs one-way
authentication (the server authenticates the client).
80
change management documentation
This important documentation explains the process whereby
| changes are permitted in the network. This often consists of a series of approvals and testing steps.
81
channel bonding
With channel bonding, two wireless bands can be logically bonded together,
forming a band with twice the bandwidth of an individual band. Some literature calls channel bonding
40MHz mode, which refers to the bonding of two adjacent 20MHz bands into a 40MHz band.
82
channel service unit/data service unit (CSU/DSU)
Acts as a digital modem that terminates a digital
| circuit (for example, a T1 or an E1 circuit).
83
circuit-switched connection
A connection that is brought up on an as-needed basis. A circuitswitched connection is analogous to a phone call, where you pick up a phone and dial a number, and a
connection is established based on the number you dial.
84
classful mask
A classful mask is the default subnet mask applied to Class A, B, and C IPv4 networks.
Specifically, Class A networks have a classful mask of 255.0.0.0. Class B networks have a classful
mask of 255.255.0.0, and Class C networks have a classful mask of 255.255.255.0.
85
classification
Classification is the process of placing traffic into different categories.
86
classless interdomain routing (CIDR)
Shortens a classful subnet mask by removing right-justified 1s
from a classful mask. As a result, CIDR allows contiguous classful networks to be aggregated. This
process is sometimes called route aggregation.
87
client
Defines the device an end user uses to access a network. This device might be a workstation,
laptop, smartphone with wireless capabilities, tablet, or variety of other end-user terminal devices.
88
client/server network
In a client/server network, a dedicated server (for example, a file server or a
print server) provides shared access to a resource (for example, files or a printer). Clients (for
example, PCs) on the network with appropriate privilege levels can gain access to those shared
resources.
89
client-to-site VPN
Also known as a remote-access VPN, a client-to-site VPN interconnects a remote
user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost.
90
clustering
Connecting systems together with the intent of delivering network services from the cluster
to increase responsiveness and capacity. This solution also increases availability and redundancy.
91
coaxial cable
Also known as coax, a coaxial cable is composed of two conductors. One of the
conductors is an inner insulated conductor. This inner conductor is surrounded by another conductor.
This second conductor is sometimes made of a metallic foil or woven wire.
92
code-division multiple access(CDMA)
An example of multiple access, where several transmitters
can send information simultaneously over a single communication channel. This allows several users
to share a band of frequencies. CDMA is used as the access method in many mobile phone standards.
93
cold sites
These are redundant sites for a network, and they require time and effort to bring online.
94
collision
A collision occurs when two devices on an Ethernet network simultaneously transmit a
frame. Because an Ethernet segment cannot handle more than one frame at a time, both frames become
corrupted.
95
committed information rate (CIR)
The CIR of an interface is the average traffic rate over the period
of a second.
96
Common Address Redundancy Protocol (CARP)
An open standard variant of HSRP (Hot Standby
| Router Protocol), which provides first-hop router redundancy.
97
congestion avoidance
If an interface’s output queue fills to capacity, newly arriving packets arediscarded (or tail dropped). Congestion avoidance can prevent this behavior. RED (Random Early
Detection) is an example of a congestion-avoidance mechanism.
98
congestion management
When a device, such as a switch or a router, receives traffic faster than it
can be transmitted, the device attempts to buffer (or store) the extra traffic until bandwidth becomes
available. This buffering process is called queuing or congestion management.
99
content engine
A dedicated appliance whose role is to locally cache content received from a remote
network (for example, a destination on the Internet). Subsequent requests for that content can be
serviced locally, from the content engine, thus reducing bandwidth demand on a WAN.
100
content switch
Can be used to load-balance requests for content across a group of servers containing
that content. If one of the servers in the group needs to have maintenance performed, that server could
be administratively removed from the group, as defined on the content switch. As a result, the content
switch can help maximize uptime when performing server maintenance. It minimizes the load on
individual servers by distributing its load across multiple identical servers. A content switch also
allows a network to scale because one or more additional servers could be added to the server group
defined on the content switch if the load on existing servers increases.
101
crimper
Used to attach a connector (for example, an RJ-45 connector) to the end of an unshielded
twisted-pair (UTP) cable.
102
current state modulation
One way to electrically or optically represent a binary 1 or 0 is to use
current state modulation, which represents a binary 1 with the presence of voltage (on a copper
cable) or the presence of light (on a fiber-optic cable). Similarly, the absence of light or voltage
represents a binary 0.
103
customer premise equipment (CPE)
This device resides at a customer site. A router, as an example,
can be a CPE that connects a customer with an MPLS service provider.
104
cyclic redundancy check (CRC)
A mathematical algorithm that is executed on a data string by both
the sender and the receiver of the data string. If the calculated CRC values match, the receiver can
conclude that the data string was not corrupted during transmission.
105
data link layer
As Layer 2 of the OSI model, this layer is concerned with the packaging of data into
frames and transmitting those frames on a network, performing error detection/correction, uniquely
identifying network devices with an address, and handling flow control.
106
decibel (dB)
A ratio of radiated power to a reference value. In the case of dBi, the reference value is
the signal strength (that is, the power) radiated from an isotropic antenna, which represents a
theoretical antenna that radiates an equal amount of power in all directions (in a spherical pattern).
An isotropic antenna is considered to have gain of 0 dBi.
107
decibel (dB) loss
A loss of signal power. If a transmission’s dB loss is too great, the transmission
cannot be properly interpreted by the intended recipient.
108
dedicated leased line
A logical connection interconnecting two sites. This logical connection might
physically connect through a service provider’s facility or a telephone company’s central office. The
expense of a dedicated leased line is typically higher than other WAN technologies offering similar
data rates, because with a dedicated leased line, a customer does not have to share bandwidth with
other customers.
109
default gateway
The IP address of a router (or multilayer switch) to which a networked device
sends traffic destined for a subnet other than the device’s local subnet.
110
default static route
A default static route is an administratively configured entry in a router’s routing
table that specifies where traffic for all unknown networks should be sent.
111
demarc
Also known as a demarcation point or a demarc extension, this is the point in a telephone
network where the maintenance responsibility passes from a telephone company to a subscriber
(unless the subscriber purchased an inside wiring plan). This demarc is typically a box mounted to
the outside of a customer’s building (for example, a residence).
112
demilitarized zone (DMZ)
Often contains servers that should be accessible from the Internet. This
approach would, for example, allow users on the Internet to initiate an email or a web session coming
into an organization’s email or web server. However, other protocols would be blocked.
113
denial of service (DoS)
A DoS attack floods a system with an excessive amount of traffic or
requests, which consumes the system’s processing resources and prevents the system from responding
to many legitimate requests.
114
designated port
In an STP topology, every network segment has a single designated port, which is the
port on that segment that is closest to the root bridge, in terms of cost. Therefore, all ports on a root
bridge are designated ports.
115
differential backup
A type of partial backup of a data set. All data that has changed since the last full
backup is targeted by the backup job.
116
differentiated services (DiffServ)
As its name suggests, DiffServ differentiates between multiple
traffic flows. Specifically, packets are marked, and routers and switches can then make decisions (for
example, dropping or forwarding decisions) based on those markings.
117
dig command
Can resolve an FQDN to an IP address on UNIX hosts.
118
digital subscriber line
A group of technologies that provide high-speed data transmission over
existing telephone wiring. DSL has several variants, which vary in data rates and distance limitations.
Three of the more popular DSL variants include asymmetric DSL (ADSL), symmetric DSL (DSL),
and very high bit-rate DSL (VDSL).
119
direct-sequence spread spectrum (DSSS)
Modulates data over an entire range of frequencies using
a series of symbols called chips. A chip is shorter in duration than a bit, meaning that chips are
transmitted at a higher rate than the actual data. These chips not only represent encoded data to be
transmitted, but also what appears to be random data. Because both parties involved in a DSSS
communication know which chips represent actual data and which chips do not, if a third-party
intercepted a DSSS transmission, it would be difficult for that party to eavesdrop on the data because
he would not easily know which chips represented valid bits. DSSS is more subject to environmental
factors, as opposed to FHSS and OFDM, because it uses an entire frequency spectrum.
120
distance vector
A category of routing protocol that sends a full copy of its routing table to its directly
attached neighbors.
121
dotted-decimal notation
A method of writing an IPv4 address or subnet mask, where groups of 8 bits
(called octets) are separated by periods.
122
dual stack
The ability of a network interface to run multiple protocols, such as IP and IPv6
123
Dynamic Host Configuration Protocol (DHCP)
Dynamically assigns IP address information (for
example, IP address, subnet mask, DNS server’s IP address, and default gateway’s IP address) to
network devices.
124
Dynamic Host Configuration Protocol (DHCP) snooping
The process of securing the network
| against a rogue DHCP server attack or other types of DHCP security attacks.
125
Dynamic Host Configuration Protocol (DHCP) Version 6
The IPv6 version of DHCP
126
Dynamic Multipoint VPN (DMVPN)
An overlay VPN approach where VPN connections are
| dynamically established and secured.
127
Dynamic NAT (DNAT)
A variant of NAT in which inside local addresses are automatically assigned
an inside global address from a pool of available addresses.
128
E1
An E1 circuit contains 32 channels, in contrast to the 24 channels on a T1 circuit. Only 30 of those
32 channels, however, can transmit data (or voice or video). Specifically, the first of those 32
channels is reserved for framing and synchronization, and the seventeenth channel is reserved for
signaling (that is, to set up, maintain, and tear down a session).
129
E3
A digital circuit in the same E-carrier family of standards as an E1. An E3 circuit’s available
bandwidth is 34.4Mbps.
130
edge label switch router (ELSR)
Resides at the edge of an MPLS service provider’s cloud and
| interconnects a service provider to one or more customers.
131
electromagnetic interference (EMI)
An electromagnetic waveform that can be received by network
cable (possibly corrupting data traveling on the cable) or radiated from a network cable (possibly
interfering with data traveling on another cable).
132
electrostatic discharge (ESD) wrist strap
To prevent static electricity in your body from damaging
electrical components on a circuit board, you can wear an ESD wrist strap. The strap is equipped
with a clip that you can attach to something with a ground potential (for example, a large metal desk).
While wearing the wrist strap, if you have any static buildup in your body, the static flows to the
object with a ground potential to which your strap is clipped, thus avoiding damage to any electrical
components that you might touch.
133
Encapsulating Security Payload (ESP)
An IPSec protocol that provides authentication, integrity,
| and encryption services.
134
Enhanced Interior Gateway Routing Protocol (EIGRP)
A Cisco proprietary protocol. Although
EIGRP is popular in Cisco-only networks, it is less popular in mixed-vendor networks. Like OSPF,
EIGRP is an IGP with very fast convergence and high scalability. EIGRP is considered to be an
advanced distance vector or a hybrid routing protocol.
135
Enterprise mode
In the context of wireless networking, this refers to using a centralized
authentication server such as RADIUS for authentication, instead of a preshared key (PSK)
136
Ethernet
Ethernet is a Layer 1 technology developed by Xerox and encompasses a variety of
standards that specify various media types, speeds, and distance limitations.
137
evil twin
A device that is postured to appear like a legitimate access point on the network to carry out
a wireless attack.
138
extended service set (ESS)
WLANs containing more than one AP are called ESS WLANs. Like
BSS WLANs, ESS WLANs operate in infrastructure mode. When you have more than one AP, take
care to prevent one AP from interfering with another. Specifically, nonoverlapping channels (that is,
channels 1, 6, and 11 for the 2.4GHz band) should be selected for adjacent wireless coverage areas.
139
Extended Unique Identifier-64 (EUI-64)
A method in IPv6 to calculate a unique host address
| portion for a node.
140
Exterior Gateway Protocol (EGP)
A routing protocol that operates between autonomous systems,
which are networks under different administrative control. Border Gateway Protocol (BGP) is the
only EGP in widespread use today.
141
Fibre Channel over Ethernet (FCoE)
Technology that permits SAN traffic of FC over the Ethernet
| media.
142
File Transfer Protocol (FTP)
A protocol capable of transferring files over a network.
143
File Transfer Protocol SSL (FTPS)
Uses SSL technology to secure the FTP file transfer.
144
firewall
Primarily a network security appliance, a firewall can protect a trusted network (for
example, a corporate LAN) from an untrusted network (for example, the Internet) by allowing the
trusted network to send traffic into the untrusted network and receive the return traffic from the
untrusted network, while blocking traffic for sessions that were initiated on the untrusted network.
145
Flood Guard
Serves as a preventive control against denial of service (DoS) or distributed denial of
service (DDoS) attacks. A Flood Guard is available either as a standalone device or as a firewall
component. It is capable of monitoring network traffic to identify DoS attacks in progress generated
through packet flooding.
146
Frame Relay
A Layer 2 WAN technology that interconnects sites using virtual circuits. These virtual
circuits are identified by locally significant data-link connection identifiers (DLCIs).
147
frequency-hopping spread spectrum (FHSS)
Allows the participants in a communication to hop
between predetermined frequencies. Security is enhanced because the participants can predict the
next frequency to be used but a third party cannot easily predict the next frequency. FHSS can also
provision extra bandwidth by simultaneously using more than one frequency.
148
FTP bounce
An FTP bounce attack uses the FTP PORT command to covertly open a connection with
a remote system. Specifically, an attacker connects to an FTP server and uses the PORT command to
cause the FTP server to open a communications channel with the intended victim, which might allow
a connection from the FTP server, while a connection directly from the attacker might be denied.
149
full backup
A backup job that ensures all data is backed up, regardless of when this data may have
been backed up previously.
150
full duplex
This connection allows a device to simultaneously transmit and receive data.
151
full-mesh topology
Directly connects every site to every other site.
152
geofencing
A virtual perimeter of a geographic area. You might create a wireless geofence boundary
around a data center to start an alarm if equipment leaves the perimeter.
153
Global System for Mobile Communications (GSM)
A standard developed by the European
Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation
digital cellular networks used by mobile devices such as tablets. GSM was first deployed in Finland
in December 1991. As of 2014, it has become the global standard for mobile communications, with
over 90% market share, operating in over 219 countries and territories.
154
GNU Privacy Guard (GPG)
A free variant of pretty good privacy (PGP), which is an asymmetric
encryption algorithm.
155
half duplex
A half-duplex connection allows a device to either receive or transmit data at any one
time. However, a half-duplex device cannot simultaneously transmit and receive.
156
hardware firewall
A network appliance dedicated to the purpose of acting as a firewall. This
appliance can have multiple interfaces for connecting to areas of a network requiring varying levels
of security.
157
IP Address Management
The software and processes for managing the IP addresses used in an
organization.
158
honey net
A network containing more than one honey pot
159
honey pot
Acts as a distracter. Specifically, a system designated as a honey pot appears to be an
attractive attack target. One school of thought on the use of a honey pot is to place one or more honeypot systems in a network to entice attackers into thinking the system is real. The attackers then use
their resources attacking the honey pot, resulting in their leaving the real servers alone.
160
host-based IPS (HIPS)
An HIPS system is a computer running intrusion prevention software for the
purpose of protecting the computer from attacks.
161
host command
Can resolve an FQDN to an IP address on hosts.
162
hot sites
Redundant data center locations that are ready to replace a failed data center with little to
no time or effort.
163
hub
An Ethernet hub is an older technology used to interconnect network components, such as clients
and servers. Hubs vary in their number of available ports. A hub does not perform an inspection of
the traffic it passes. Rather, a hub simply receives traffic in a port and repeats that traffic out all of its
other ports.
164
hub-and-spoke topology
When interconnecting multiple sites (for example, multiple corporate
locations) via WAN links, a hub-and-spoke topology has a WAN link from each remote site (a spoke
site) to the main site (the hub site).
165
Hypertext Transfer Protocol over SSL (HTTPS)
A method of securing web traffic over the Internet
| using Secure Socket Layer and Transport Layer Security technology.
166
incremental backup
A backup job that only backs up the changed data since the last incremental
backup.
167
independent basic service set (IBSS)
A WLAN can be created without the use of an AP. Such a
configuration, called an IBSS, is said to work in an ad hoc fashion. An ad hoc WLAN is useful for
temporary connections between wireless devices. For example, you might temporarily interconnect
two laptop computers to transfer a few files.
168
infrared (IR)
A wireless line-of-sight technology that might be found in an Internet of Things
deployment.
169
infrastructure as a service (IaaS)
Providing network infrastructure as a service using cloud
| technologies.
170
insider threat
In network security, this refers to an attacker who resides inside the network. Often,
this might be an employee of the company.
171
integrated services (IntServ)
Often referred to as hard QoS because IntServ can make strict
bandwidth reservations. IntServ uses signaling among network devices to provide bandwidth
reservations. Resource Reservation Protocol (RSVP) is an example of an IntServ approach to QoS.
Because IntServ must be configured on every router along a packet’s path, a primary drawback of
IntServ is its lack of scalability.
172
Integrated Services Digital Network (ISDN)
A digital telephony technology that supports multiple
64Kbps channels (known as bearer channels or B channels) on a single connection. ISDN was
popular back in the 1980s for connecting PBXs, which are telephone switches owned and operated
by a company, to a telephone company’s central office. ISDN has the ability to carry voice, video, or
data over its B channels. ISDN also offers a robust set of signaling protocols: Q.921 for Layer 2
signaling and Q.931 for Layer 3 signaling. These signaling protocols run on a separate channel in an
ISDN circuit (known as the delta channel, data channel, or D channel).
173
Interior Gateway Protocol (IGP)
A routing protocol that operates within an autonomous system,
which is a network under a single administrative control. OSPF and EIGRP are popular examples of
IGPs.
174
Intermediate Distribution Frame (IDF) documentation
The documentation related to a distribution
frame in a central office or customer premises, which cross-connects the user cable media to
individual user line circuits and may serve as a distribution point for multipair cables from the main
distribution frame (MDF) or combined distribution frame (CDF) to individual cables connected to
equipment in areas remote from these frames.
175
Intermediate System-to-Intermediate System (IS-IS)
A link-state routing protocol similar in its
operation to OSPF. IS-IS uses a configurable-yet-dimensionless metric associated with an interface
and runs Dijkstra’s shortest path first algorithm. Although using IS-IS as an IGP offers the scalability,
fast convergence, and vendor-interoperability benefits of OSPF, it has not been deployed as widely as
OSPF.
176
Internet Group Management Protocol (IGMP)
A multicast protocol used between clients and
| routers to let routers know which of their interfaces has a multicast receiver attached.
177
Internet Key Exchange (IKE)
A protocol used to set up an IPSec session.
178
Internet layer
This layer of the TCP/IP stack maps to Layer 3 (network layer) of the OSI model.
Although multiple routed protocols (for example, IPv4 and IPv6) may reside at the OSI model’s
network layer, the Internet layer of the TCP/IP stack focuses on IP as the protocol to be routed through
a network.
179
Internet Security Association and Key Management Protocol (ISAKMP)
Negotiates parameters
| for an IPSec session.
180
intrusion prevention system (IPS)
IPS devices can recognize the signature of a well-known attack
and respond to stop the attack. An IPS device resides inline with the traffic flow, unlike an IDS
sensor.
181
IP Security (IPSec)
IP Security (IPSec) A type of VPN that provides confidentiality, integrity, and authentication.
182
ipconfig command
A Microsoft Windows command that can be used to display IP address
configuration parameters on a PC. In addition, if DHCP is used by the PC, the ipconfig command can
be used to release and renew a DHCP lease, which is often useful during troubleshooting.
183
iptables
The software firewall that is included with most Linux distributions.
184
jitter
The uneven arrival of packets.
185
Kerberos
A client/server authentication protocol that supports mutual authentication between a client
and a server. Kerberos uses the concept of a trusted third party (a key distribution center) that hands
out tickets to be used instead of a username and password combination.
186
key fob
A device on a key ring that can provide security functions in the network.
187
label switch router (LSR)
Resides inside a service provider’s MPLS cloud and makes frameforwarding decisions based on labels applied to frames.
188
latency
The measure of delay in a network.
189
Layer 2 Forwarding (L2F)
A VPN protocol designed (by Cisco Systems) with the intent of
providing a tunneling protocol for PPP. Like L2TP, L2F lacks native security features.
190
Layer 2 Tunneling Protocol (L2TP)
A VPN protocol that lacks security features, such as encryption.
However, L2TP can still be used for a secure VPN connection if it is combined with another protocol
that provides encryption.
191
link aggregation
As defined by the IEEE 802.3ad standard, link aggregation allows multiple physical
connections to be logically bundled into a single logical connection.
192
link efficiency
To make the most of the limited bandwidth available on slower speed links, you might
choose to implement compression or link fragmentation and interleaving (LFI). These QoS
mechanisms are examples of link efficiency mechanisms.
193
link-local IP address
A link-local IP address is a nonroutable IP address usable only on a local
subnet.
194
link state
A category of routing protocol that maintains a topology of a network and uses an algorithm
to determine the shortest path to a destination network.
195
link-state advertisement (LSA)
Sent by routers in a network to advertise the networks the routers
know how to reach. Routers use those LSAs to construct a topological map of a network. The
algorithm run against this topological map is Dijkstra’s shortest path first algorithm.
196
load balancing
Distributing client requests among different network resources that can provide the
same service or data.
197
local area network (LAN)
Interconnects network components within a local region (for example,
within a building).
198
local loop
A connection between a customer’s premises and a local telephone company’s central
office.
199
locks
Various types of locks are a key element in physical security for the networks. Locks can also
exist on the network devices themselves.
200
logic bomb
This is an attacker’s malicious code that resides in a software system and will be
triggered when certain conditions are met.
201
logical diagrams
A logical network diagram details the network path from a logical perspective as
opposed to a physical one.
202
logical topology
The actual traffic flow of a network determines the network’s logical topology.
203
loopback
A loopback interface on a network device is a logical (virtual) interface that is often used
for testing purposes.
204
omnidirectional antenna
Radiates power at relatively equal power levels in all directions
(somewhat similar to the theoretical isotropic antenna). Omnidirectional antennas are popular in
residential WLANs and SOHO locations.
205
marking
Alters bits within a frame, cell, or packet to indicate how a network should treat that traffic.
Marking alone does not change how a network treats a packet. Other tools (such as queuing tools)
can, however, reference markings and make decisions (for example, forwarding decisions or
dropping decisions) based on those markings.
206
media
Devices need to be interconnected via some sort of media. This media could be copper
cabling. Alternatively, it could be a fiber-optic cable. Media might not even be a cable, as is the case
with wireless networks, where radio waves travel through the media of air.
207
metric
A value assigned to a route. Lower metrics are preferred over higher metrics.
208
modem
A device that permits a remote connection to the Internet or other remote networks. This
device might be dial-up or newer technologies such as cable.
209
motion detection
This physical security approach uses sensors to detect motion in a secured area.
210
multicast
A multicast communication flow is a one-to-many flow.
211
multifactor authentication
Similar to two-factor authentication, multifactor authentication requires
two or more types of successful authentication before granting access to a network.
212
multilayer switch
Like a router, a multilayer switch can make traffic forwarding decisions based on
Layer 3 information. Although multilayer switches more closely approach wire-speed throughput than
most routers, routers tend to have a greater feature set and are capable of supporting more interface
types than a multilayer switch.
213
MIMO
multiple-input multiple-output (MIMO) MIMO uses multiple antennas for transmission and
reception. These antennas do not interfere with one another, thanks to MIMO’s use of spatial
multiplexing, which encodes data based on the antenna from which the data will be transmitted. Both
reliability and throughput can be increased with MIMO’s simultaneous use of multiple antennas.
214
nbtstat command
Displays NetBIOS information for IP-based networks. The nbt prefix of the
nbtstat command refers to NetBIOS over TCP/IP, which is called NBT (or NetBT). This command
can, for example, display a listing of NetBIOS device names learned by a Microsoft Windows–based
PC.
215
neighbor discovery
Any process whereby network elements can discover each other on the network.
In the case of EIGRP, hello packets are used, for example.
216
Nessus
A network-vulnerability scanner available from Tenable Network Security.
217
netstat command
Can display a variety of information about IP-based connections on a Windows or
UNIX host.
218
network interface layer
The network interface layer of the TCP/IP stack (also known as the network
access layer) encompasses the technologies addressed by Layers 1 and 2 (that is, the physical and
data link layers) of the OSI model.
219
network layer
Layer 3 of the OSI model. This layer is primarily concerned with forwarding databased on logical addresses.
220
next hop
An IP address on the next router to which traffic should be forwarded.
221
nmap
This management tool permits the scanning of the network for hosts and services.
222
nondesignated port
In STP terms, nondesignated ports block traffic to create a loop-free topology.
223
notifications
Many network devices and technologies support notifications for key events. These are
often used in the area of security.
224
nslookup command
Can resolve an FQDN to an IP address on Microsoft Windows and UNIX hosts.
225
octet
A grouping of 8 bits. An IPv4 address consists of four octets (that is, a total of 32 bits).
226
onsite
The term onsite in the context of virtualization technologies refers to hosting virtual devices on
hardware physically located in a corporate data center.
227
open
A broken strand of copper that prevents current from flowing through a circuit.
228
packet-switched connection
Similar to a dedicated leased line, because most packet-switched
networks are always on. However, unlike a dedicated leased line, packet-switched connections allowmultiple customers to share a service provider’s bandwidth.
229
partial-mesh topology
A hybrid of a hub-and-spoke topology and a full-mesh topology. A partialmesh topology can be designed to provide an optimal route between selected sites, while avoiding
the expense of interconnecting every site to every other site.
230
peer-to-peer network
Allows interconnected devices (for example, PCs) to share their resources
with one another. These resources could be, for example, files or printers.
231
personal mode
In the context of wireless networking, this refers to using a preshared key (PSK)
instead of a centralized server, such as RADIUS, for authentication.
232
phishing
This network attack uses email or other messages to attempt to capture the authentication
information (or other information) from an end user.
233
physical diagrams
These diagrams provide a map of the physical layout of the network.
234
physical layer
Layer 1 of the OSI model. This layer is concerned with the transmission of bits on a
network.
235
physical topology
The way a network’s components are physically interconnected determines the
network’s physical topology.
236
ping command
One of the most commonly used command-line commands, ping can check IP
connectivity between two network devices. Multiple platforms (for example, routers, switches, and
hosts) support the ping command.
237
plenum
Plenum cabling is fire retardant and minimizes toxic fumes released by network cabling if
that cable were to catch on fire. As a result, plenum cabling is often a requirement of local fire codes
for cable in raised flooring or in other open-air return ducts.
238
poison reverse
This feature of a distance-vector routing protocol causes a route received on one
interface to be advertised back out of that same interface with a metric considered to be infinite.
239
port aggregation
Joining multiple network device ports together for increased bandwidth and
redundancy.
240
personal mode
In the context of wireless networking, this refers to using a preshared key (PSK)
instead of a centralized server, such as RADIUS, for authentication.
241
phishing
This network attack uses email or other messages to attempt to capture the authentication
information (or other information) from an end user.
242
physical diagrams
These diagrams provide a map of the physical layout of the network.
243
physical layer
Layer 1 of the OSI model. This layer is concerned with the transmission of bits on a
network.
244
physical topology
The way a network’s components are physically interconnected determines the
network’s physical topology.
245
ping command
One of the most commonly used command-line commands, ping can check IP
connectivity between two network devices. Multiple platforms (for example, routers, switches, and
hosts) support the ping command.
246
plenum
Plenum cabling is fire retardant and minimizes toxic fumes released by network cabling if
that cable were to catch on fire. As a result, plenum cabling is often a requirement of local fire codes
for cable in raised flooring or in other open-air return ducts.
247
poison reverse
This feature of a distance-vector routing protocol causes a route received on one
interface to be advertised back out of that same interface with a metric considered to be infinite.
248
port aggregation
Joining multiple network device ports together for increased bandwidth and
redundancy.
249
proxy server
Intercepts requests being sent from a client and forwards those requests on to their
intended destination. The proxy server then sends any return traffic to the client that initiated the
session. This provides address hiding for the client. Also, some proxy servers conserve WAN
bandwidth by offering a content-caching function. In addition, some proxy servers offer URL filtering
to, for example, block users from accessing social networking sites during working hours.
250
punch-down tool
When terminating wires on a punch-down block (for example, a 110 block), you
should use a punch-down tool, which is designed to properly insert an insulated wire between two
contact blades in a punch-down block, without damaging the blades.
251
rack diagrams
A diagram of the network devices mounted in a physical or virtual rack of equipment.
252
reliability
The measure of how error-free a network transmits packets.
253
ring topology
In a ring topology, traffic flows in a circular fashion around a closed network loop
(that is, a ring). Typically, a ring topology sends data, in a single direction, to each connected device
in turn, until the intended destination receives the data.
254
rogue access point
An access point that is not permitted on the network.
255
Root Guard
A switch protection mechanism for STP. The switch ensures that superior BPDU
messages are ignored.
256
root port
In an STP topology, every nonroot bridge has a single root port, which is the port on that
switch that is closest to the root bridge, in terms of cost.
257
route command
Can add, modify, or delete routes in the IP routing table of Microsoft Windows and
UNIX hosts. In addition, the route command can be used to view the IP routing table of Microsoft
Windows hosts.
258
route redistribution
Allows routes learned by one routing protocol to be injected into the routing
process of another routing protocol.
259
routed protocol
A protocol with an addressing scheme (for example, IP) that defines different
network addresses.
260
router
A router is considered a Layer 3 device, meaning that it makes its forwarding decisions based
on logical network addresses. Most modern networks use IP addressing.
261
routing protocol
A routing protocol (for example, RIP, OSPF, or EIGRP) that advertises route
information between routers, which describes how to reach specified destination networks.
262
satellite (WAN technology)
Provides WAN access to sites where terrestrial WAN solutions are
unavailable. Satellite WAN connections can suffer from long round-trip delay (which can be
unacceptable for latency-sensitive applications) and are susceptible to poor weather conditions.
263
security policy
A continually changing document that dictates a set of guidelines for network use.
These guidelines complement organizational objectives by specifying rules for how a network is
used.
264
server
As its name suggests, a server serves up resources to a network. These resources might
include email access as provided by an email server, web pages as provided by a web server, or
files available on a file server.
265
session layer
As Layer 5 of the OSI model, it’s responsible for setting up, maintaining, and tearing
down sessions.
266
short
A short occurs when two copper connectors touch each other, resulting in current flowing
through that short rather than the attached electrical circuit, because the short has lower resistance.
267
site-to-site VPN
Interconnects two sites, as an alternative to a leased line, at a reduced cost.
268
smart cards
Any pocket-sized card with embedded integrated circuits. Often, smart cards are used
for network security, specifically authentication.
269
snapshots
A backup method where a point-in-time capture of the data is performed.
270
social engineering
Attackers sometimes use social techniques (which often leverage people’s desire
to be helpful) to obtain confidential information. For example, an attacker might pose as a member of
an IT department and ask a company employee for her login credentials in order for the “IT staff to
test the connection.” This type of attack is called social engineering.
271
software-defined networking (SDN) controller
Often referred to as the “brains” of the SDN
| network, this device sends commands to the network devices to have configurations made.
272
software firewall
A computer running firewall software. For example, the software firewall could
protect the computer itself (for instance, preventing incoming connections to the computer).
Alternatively, a software firewall could be a computer with more than one network interface card that
runs firewall software to filter traffic flowing through the computer.
273
split horizon
This feature of a distance-vector routing protocol prevents a route learned on one
interface from being advertised back out of that same interface.
274
star topology
In a star topology, a network has a central point (for example, a switch) from which all
attached devices radiate.
275
state transition modulation
One way to electrically or optically represent a binary 1 or 0 is to use
the transition between a voltage level (for example, going from a state of no voltage to a state of
voltage, or vice versa, on a copper cable) or the transition of having light or no light on a fiber-optic
cable to represent a binary 1. Similarly, a binary 0 is represented by having no transition in a voltagelevel or light level from one time period to the next. This approach of representing binary digits is
called state transition modulation.
276
stateful firewall
Inspects traffic leaving the inside network as it goes out to the Internet. Then, when
returning traffic from the same session (as identified by source and destination IP addresses and port
numbers) attempts to enter the inside network, the stateful firewall permits that traffic. The process of
inspecting traffic to identify unique sessions is called stateful inspection.
277
subnet mask
A 32-bit value (in IPv4) that indicates what portion of the IP address is the network ID
versus what portion is the host ID.
278
supplicant
In a network using 802.1X user authentication, a supplicant is the device that wants to gain
access to a network.
279
switch
Like an Ethernet hub, an Ethernet switch interconnects network components. Like a hub,
switches are available with a variety of port densities. However, unlike a hub, a switch doesn’t
simply take traffic in on one port and forward copies of that traffic out all other ports. Rather, a
switch learns which devices reside off of which ports. As a result, when traffic comes in a switch
port, the switch interrogates the traffic to see where it’s destined. Then, based on what the switch has
learned, it forwards the traffic out of the appropriate port and not out all of the other ports.
280
symmetric encryption
With symmetric encryption, both the sender and the receiver of a packet use
the same key (a shared key) for encryption and decryption.
281
T3
In the same T-carrier family of standards as a T1, a T3 circuit offers an increased bandwidth
capacity. Whereas a T1 circuit combines 24 DS0s into a single physical connection to offer
1.544Mbps of bandwidth, a T3 circuit combines 672 DS0s into a single physical connection, with a
resulting bandwidth capacity of 44.7Mbps.
282
TCP/IP stack
Also known as the DoD model, this four-layer model (as opposed to the seven-layer
OSI model) targets the suite of TCP/IP protocols.
283
tcpdump
A common packet analyzer that runs under the command line. It allows the user to displayTCP/IP and other packets being transmitted or received over a network to which the computer is
attached.
284
telco
A telephone company. Some countries have government-maintained telcos, and other countries
have multiple telcos that compete with one another.
285
Telnet
A method of remote access for network devices that does not provide any security
mechanisms.
286
tip and ring
The red and green wires found in RJ-11 wall jacks, which carry voice, ringing voltage,
and signaling information between an analog device (for example, a phone or a modem) and an RJ-11
wall jack.
287
toner probe
Sometimes called a fox and hound, a toner probe allows you to place a tone generator at
one end of the connection (for example, in someone’s office) and use a probe on the punch-down
block to audibly detect to which pair of wires the tone generator is connected.
288
traceroute command
A UNIX command that displays every router hop along the path from a source
host to a destination host on an IP network. Information about the router hop can include the IP
address of the router hop and the round-trip delay of that router hop.
289
tracert command
A Microsoft Windows–based command that displays every router hop along the
path from a source host to a destination host on an IP network. Information about a router hop can
include such information as the IP address of the router hop and the round-trip delay of that router
hop.
290
traffic shaping
Instead of making a minimum amount of bandwidth available for specific traffictypes, you might want to limit available bandwidth. Both policing and shaping tools can accomplish
this objective. Collectively, these tools are called traffic conditioners. Traffic shaping delays excess
traffic by buffering it as opposed to dropping the excess traffic.
291
transport layer (OSI model)
As Layer 4 of the OSI model, it acts as a dividing line between the
upper layers and the lower layers. Specifically, messages are taken from the upper layers (Layers 5–
7) and encapsulated into segments for transmission to the lower layers (Layers 1–3). Similarly, data
streams coming from lower layers are decapsulated and sent to Layer 5 (the session layer) or some
other upper layer, depending on the protocol.
292
transport layer (TCP/IP stack)
The transport layer of the TCP/IP stack maps to Layer 4 (transport
layer) of the OSI model. The two primary protocols found at the TCP/IP stack’s transport layer are
TCP and UDP
293
trouble ticket
A problem report explaining the details of an issue being experienced in a network.
294
trunk
In the context of an Ethernet network, this is a single physical or logical connection that
simultaneously carries traffic for multiple VLANs. However, a trunk also refers to an interconnection
between telephone switches, in the context of telephony.
295
tunneling
Transmitting traffic with additional encapsulation.
296
twisted-pair cable
Today’s most popular media type is twisted-pair cable, where individually
insulated copper strands are intertwined into a twisted-pair cable. Two categories of twisted-pair
cable include shielded twisted pair (STP) and unshielded twisted pair (UTP).
297
unicast
A unicast communication flow is a one-to-one flow.
298
unidirectional antenna
Unidirectional antennas can focus their power in a specific direction, thus
avoiding potential interference with other wireless devices and perhaps reaching greater distances
than those possible with omnidirectional antennas. One application for unidirectional antennas is
interconnecting two nearby buildings.
299
video surveillance
A form of physical security where cameras monitor a network area
300
virtual desktop
A virtual desktop solution allows a user to store data in a centralized data center, as
opposed to the hard drive of his local computer. Then, with appropriate authentication credentials,
that user can access his data from various remote devices (for example, his smartphone or another
computer).
301
virtual PBX
Usually a VoIP telephony solution hosted by a service provider, which interconnects
with a company’s existing telephone system
302
virtual server
Allows a single physical server to host multiple virtual instances of various operating
systems. This allows, for example, a single physical server to simultaneously host multiple Microsoft
Windows servers and multiple Linux servers.
303
virtual switch
Performs Layer 2 functions (for example, VLAN separation and filtering) between
various server instances running on a single physical server.
304
war chalking
If an open WLAN (or a WLAN whose SSID and authentication credentials are known)
is found in a public place, a user might write a symbol on a wall (or some other nearby structure) to
let others know the characteristics of the discovered network. This practice, which is a variant of the
decades-old practice of hobos leaving symbols as messages to fellow hobos, is called war chalking.
305
war driving
Searching for Wi-Fi wireless networks by a person in a moving vehicle, using a laptop
or smartphone. Software for war driving is freely available on the Internet.
306
warm sites
A redundant site that can be brought online with minimal time and effort.
307
wide area network (WAN) link
An interconnection between two devices in a WAN.
308
wireless router
Attaches to a wired network and provides access to that wired network for
wirelessly attached clients, like a wireless AP. However, a wireless router is configured such that the
wired interface that connects to the rest of the network (or to the Internet) is on a different IP network
than the wireless clients. Typically, a wireless router performs NATing between these two IP address
spaces.
309
Z-Wave
A wireless communications protocol used primarily for home automation. It is a mesh
network using low-energy radio waves to communicate from appliance to appliance, allowing for
wireless control of residential appliances and other devices, such as lighting control, security
systems, thermostats, windows, locks, swimming pools, and garage door openers.
310
Zeroconf
A technology that performs three basic functions: assigning link-local IP addresses,
resolving computer names to IP addresses, and locating network services.
