Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Network+ Terminology
| Term | Definition |
|---|---|
| 802.11 standards | IEEE standards for wireless networking based on spread spectrum radio transmission in the 2.4 GHz and 5 GHz bands. The standard, known as Wi-Fi, has six main iterations: a, b, g, Wi-Fi 4 (n), Wi-Fi 5 (ac), and Wi-Fi 6 (ax). |
| 802.11h | Amendment to Wi-Fi standards that defines a Dynamic Frequency Selection (DFS) mechanism to avoid interference with radar and cellular communications in the 5 GHz frequency band. |
| 802.1p | IEEE standard defining a 3-bit (0 to 7) class of service priority field within the 802.1Q format. |
| 802.1q | Trunking protocols enable switches to exchange data about VLAN configurations. The 802.1Q protocol is often used to tag frames destined for different VLANs across trunk links. |
| 802.1x | Standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication. Also called port-based network access control, and IEEE 802.1X. |
| 802.3 ethernet standards | Standards developed as the IEEE 802.3 series describing media types, access methods, data rates, and distance limitations at OSI layers 1 and 2 using xBASE-y designations. |
| access control list (ACL) | The collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read-only, read/write, and so on). |
| access point (AP) | A device that provides a connection between wireless devices and can connect to wired networks, implementing an infrastructure mode WLAN. |
| access/edge layer | Lowest tier in a hierarchical network topology acting as the attachment point for end systems. |
| active-active | High availability cluster configuration where all nodes are utilized continually. |
| active-passive | High availability cluster configuration where one or more nodes are only utilized during failover. |
| ad hoc network | Type of wireless network where connected devices communicate directly with each other instead of over an established medium. Also called Independent Basic Service Set (IBSS). |
| address resolution protocol (ARP) | Broadcast mechanism by which the hardware MAC address of an interface is matched to an IP address on a local network segment. |
| addressing | Unique identifier for a network node, such as a MAC address, IPv4 address, or IPv6 address. |
| adjacent channel interference (ACI) | Troubleshooting issue where access points within range of one another are configured to use different but overlapping channels, causing increased noise. Also called channel overlap. |
| administrative distance (AD) | Metric determining the trustworthiness of routes derived from different routing protocols. |
| administratively down | Switch or router port that has been purposefully disabled via the management interface. |
| advanced persistent threat (APT) | Threat actors with the ability to craft novel exploits and techniques to obtain, maintain, and diversify unauthorized access to network systems over a long period. |
| angled physical contact (APC) | Fiber optic connector finishing type that uses an angled polish for the ferrule. |
| antenna type | Specially arranged metal wires that can send and receive radio signals, typically implemented as either an omnidirectional or a unidirectional type. |
| anycast | IP delivery mechanism whereby a packet is addressed to a single host from a group sharing the same address. |
| application layer (Layer 7) | OSI model layer providing support to applications requiring network services (file transfer, printing, email, databases, and so on). Also called layer 7. |
| application programming interface (API) | Methods exposed by a script, program, or web application that allow other scripts or apps to interact with it. |
| arp command | Utility to display and modify contents of host's cache of IP to MAC address mappings, as resolved by address resolution protocol (ARP) replies. |
| arp spoofing | A network-based attack where an attacker with access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. |
| attenuation | Attenuation, or degradation of a signal as it travels over media, determines the maximum distance for a particular media type at a given bit rate. |
| authentication header (AH) | IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks. |
| authoritative name server | DNS server designated by a name server record for the domain that holds a complete copy of zone records. |
| automatic private ip addressing (APIPA) | Mechanism for Windows hosts configured to obtain an address automatically that cannot contact a DHCP server to revert to using an address from the range 169.254.x.y. This is also called a link local address. |
| automation | Using scripts and APIs to provision and deprovision systems without manual intervention. |
| autonomous system (AS) | Group of network prefixes under the administrative control of a single organization used to establish routing boundaries. |
| availability monitoring | Processes and tools that facilitate reporting and alerting when a host or app cannot be contacted over the network. |
| backup configuration | Configuration settings that will be applied if an appliance, instance, or app is restored from backup media. |
| band steering | Feature of Wi-Fi that allows an access point to try to ensure that clients use a particular frequency band, such as 5 GHz rather than 2.4 GHz. |
| bandwidth | Generally used to refer to the amount of data that can be transferred through a connection over a given period. Bandwidth more properly means the range of frequencies supported by transmission media, measured in Hertz. |
| bandwidth speed tester | Hosted utility used to measure actual speed obtained by an Internet link to a representative server or to measure the response times of websites from different locations on the Internet. |
| baseline metrics | Values for resource utilization that assess the performance or stability of a service based on historical information or vendor guidance. |
| basic service set identifier (BSSID) | MAC address of an access point supporting a basic service area. |
| bayonet neill-concelman (BNC) connector | Twist and lock connector for coaxial cable. |
| bidirectional wavelength division multiplexing (BWDM) | System that allows bidirectional data transfer over a single fiber strand by using separate wavelengths for transmit and receive streams. Also called wavelength division multiplexing (WDM). |
| bit rate | Amount of data that can be transferred over a network connection in a given amount of time, typically measured in bits or bytes per second (or some more suitable multiple thereof). |
| border gateway protocol (BGP) | Path vector exterior gateway routing protocol used principally by ISPs to establish routing between autonomous systems. |
| botnet | Group of hosts or devices that has been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks. Also referred to as a zombie. |
| bottleneck | Troubleshooting issue where performance for a whole network or system is constrained by the performance of a single link, device, or subsystem. |
| bridge | Intermediate system that isolates collision domains to separate segments while joining segments within the same broadcast domain. |
| bring your own device (BYOD) | Security framework and tools to facilitate use of personally owned devices to access corporate networks and data. |
| broadcast | Packet or frame addressed to all hosts on a local network segment, subnet, or broadcast domain. The broadcast address of IP is one where the host bits are all set to 1; at the MAC layer it is the address ff:ff:ff:ff:ff:ff. |
| broadcast domain | Network segment in which all nodes receive the same broadcast frames at layer 2. |
| broadcast storm | Traffic that is recirculated and amplified by loops in a switching topology, causing network slowdowns and crashing switches. |
| brute force | Type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords. |
| bugfix | Update to software code that addresses a single discrete error and is typically applied in a development or test environment rather than a production one. |
| business continuity plan (BCP) | Collection of processes that enable an organization to maintain normal business operations in the face of some adverse event. |
| business impact analysis (BIA) | Systematic activity that identifies organizational risks and determines their effect on ongoing, mission-critical operations. Also called process assessment. |
| cable crimper | Tool to join a network jack to the ends of a network patch cable. |
| cable map | Physical plan showing cable routes through building spaces between communications closets and work areas. |
| cable stripper | Tool for stripping the cable jacket or wire insulation. |
| cable tester | Two-part tool used to test successful termination of copper cable by attaching to each end of a cable and energizing each wire conductor in turn with an LED to indicate an end-to-end connection. |
| canonical notation | Format for representing IPv6 addresses using hex double-bytes with colon delimitation and zero compression. |
| captive portal | Webpage or website to which a client is redirected before being granted full network access. |
| carrier sense multiple access with collision avoidance (CSMA/CA) | Mechanism used by 802.11 Wi-Fi standards to cope with contention over the shared access media. |
| carrier sense multiple access with collision detection (CSMA/CD) | Recognizes a signal collision on the basis of electrical fluctuations produced when signals combine. |
| categories of cable standards | ANSI/TIA/EIA cable category designations, with higher numbers representing better support for higher data rates. |
| cellular radio | Standards for implementing data access over cellular networks are implemented as successive generations. |
| certificate authority (CA) | A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys. |
| change management | Process for approving, preparing, supporting, and managing new or updated business processes or technologies. |
| channel bonding | Capability to aggregate one or more adjacent channels to increase bandwidth. |
| cia triad | Three principles of security control and management: confidentiality, integrity, and availability. Also known as the information security triad. Also referred to in reverse order as the AIC triad. |
| cipher suite | Lists of cryptographic algorithms that a server and client can use to negotiate a secure connection. |
| cisco discovery protocol (CDP) | Proprietary protocol used by Cisco network appliances to discover layer 2 adjacent devices or neighbors. |
| classful addressing | Legacy form of IP addressing where the network ID is determined automatically from the first octet of the address. Netmasks that align to whole octet boundaries are still sometimes referred to as class A, B, or C. |
| classless interdomain routing (CIDR) | Using network prefixes to aggregate routes to multiple network blocks ("supernetting"). This replaced the old method of assigning class-based IP addresses based on the network size. |
| client-server | Administration paradigm where some host machines are designated as providing server and services, and other machines are designated as client devices that only consume server services. |
| cloud access security broker (CASB) | Enterprise management software designed to mediate access to cloud services by users across all types of devices. |
| cloud deployment model | Classifying the ownership and management of a cloud as public, private, community, or hybrid. |
| cloud direct connection | A dedicated connection between the on-premises network and a cloud service provider. |
| cloud gateway | In cloud infrastructure, a virtual router that facilitates routing between subnets and public networks. External connectivity can be provisioned using various types of NAT and VPN. |
| cloud service model | Classifying the provision of cloud services and the limit of the cloud service provider's responsibility as software, platform, infrastructure, and so on. |
| clustering | Load balancing technique where a group of servers is configured as a unit and works together to provide network services. |
| co-channel interference (CCI) | Troubleshooting issue where access points within range of one another are configured to use the same channel, causing increased contention. |
| coarse wavelength division multiplexing (CWDM) | Technology for multiplexing up to 16 signal channels on a single fiber using different wavelengths. |
| coaxial | Media type using two separate conductors that share a common axis categorized using the Radio Grade (RG) specifications. |
| cold site | Predetermined alternate location where a network can be rebuilt after a disaster. |
| collapsed core | Two-tier hierarchical network topology where access layer switches connect directly to a full mesh core layer. |
| collision domain | Network segment where nodes are attached to the same shared access media, such as a bus network or Ethernet hub. |
| colocation | Deploying private servers, network appliances, and interconnects to a hosted datacenter facility shared with other customers. |
| command and control (C&C or C2) | Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets. Also called C2. |
| community string | In Simple Network Management Protocol (SNMP), a password-like value that permits a management system to access an agent. |
| configuration drift | Risk that systems and networks will deviate from a baseline or golden configuration over time. |
| configuration management | A process through which an organization's information systems components are kept in a controlled state that meets the organization's requirements, including those for security and compliance. |
| configuration monitoring | Processes and tools that facilitate reporting and alerting when a host or app's configuration deviates from a baseline or golden configuration. |
| content filtering | Security measure performed on email and Internet traffic to identify and block suspicious, malicious, and/or inappropriate content in accordance with an organization’s policies. |
| convergence | Process whereby routers agree on routes through the network to establish the same network topology in their routing tables (steady state). The time taken to reach steady state is a measure of a routing protocol’s convergence performance. |
| core layer | Highest tier in a hierarchical network topology providing interconnections between blocks. |
| crosstalk | Phenomenon whereby one wire causes interference in another as a result of their close proximity. |
| cryptographic hash algorithm | A function that converts an arbitrary-length string input to a fixed-length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output. |
| cyclic redundancy check (CRC) | Calculation of a checksum based on the contents of a frame used to detect errors. |
| data at rest | Information that is primarily stored on specific media, rather than moving from one medium to another. |
| data center interconnect (DCI) | Technologies such as VXLAN and EVPN that establish links between hosts in two or more separate datacenter facilities. |
| data in transit | Information that is being transmitted between two hosts, such as over a private network or the Internet. |
| data link layer (layer 2) | OSI model layer responsible for transferring data between nodes. Also called layer 2. |
| data remnants | Leftover information on a storage medium even after basic attempts have been made to remove that data. Also called a remnant. |
| data sovereignty | In data protection, the principle that countries and states may impose individual requirements on data collected or stored within their jurisdiction. |
| datacenters | Facility dedicated to the provisioning of reliable power, environmental controls, and network fabric to server computers. |
| deauthentication attack | Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack. |
| decibel (dB) loss | Loss of signal strength between a transmitter and receiver due to attenuation and interference measured in decibels. Also called insertion loss. |
| decommissioning | In asset management, the policies and procedures that govern the removal of devices and software from production networks, and their subsequent disposal through sale, donation, or as waste. |
| default gateway | IP configuration parameter that identifies the address of a router on the local subnet that the host can use to contact other networks. |
| default route | Entry in the routing table to represent the forwarding path that will be used if no other entries are matched. |
| default vlan | Default VLAN ID (1) for all unconfigured switch ports. |
| defense in depth | Security strategy that positions the layers of network security as network traffic roadblocks. Each layer is intended to slow an attack's progress, rather than eliminating it outright. |
| demarcation point | Location that represents the end of the access provider’s network (and therefore their responsibility for maintaining it). |
| denial of service (DoS) | Any type of physical, application, or network attack that affects the availability of a managed resource. |
| dense wavelength division multiplexing (DWDM) | Technology for multiplexing 40 or 80 signal channels on a single fiber using different wavelengths. |
| dhcp relay | Configuration of a router to forward DHCP traffic where the client and server are in different subnets |
| dictionary | Type of password attack that compares encrypted passwords against a predetermined list of possible password values. |
| differentiated services (DiffServ) | Header field used to indicate a priority value for a layer 3 (IP) packet to facilitate quality of service (QoS) or class of service (CoS) scheduling. |
| dig command | Utility to query a DNS and return information about a particular domain name. |
| digital certificate | Identification and authentication information presented in the X.509 format and issued by a Certificate Authority (CA) as a guarantee that a key pair is valid for a particular subject (user or host). |
| directly connected routes | Entry in the routing table representing a subnet in which the router has an active interface. |
| disassociation | Management frame handling process by which a station is disconnected from an access point. |
| disaster recovery plan (DRP) | Documented and resourced plan showing actions and responsibilities to be used in response to critical incidents. |
| discretionary access control (DAC) | An access control model where each resource is protected by an access control list (ACL) managed by the resource's owner (or owners). |
| distance vector | Algorithm used by routing protocols that selects a forwarding path based on the next hop router with the lowest hop count to the destination network. |
| distributed dos (DDoS) | Attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic. |
| distribution or aggregation layer | Intermediate tier in a hierarchical network topology providing interconnections between the access layer and the core. |
| distribution system (DS) | Connecting access points to a switched network via cabling to facilitate roaming within an extended service area (ESA). A wireless distribution system uses a access points configured in repeater mode to facilitate roaming. |
| dns caching | Data store on DNS clients and servers holding results of recent queries. |
| dns over hypertext transfer protocol secure (DoH) | Protocol that mitigates risks from snooping and modification when a client queries a DNS server by encapsulating DNS traffic within an HTTP-Secure (HTTPS) session. |
| dns over transport layer security (DoT) | Protocol that mitigates risks from snooping and modification when a client queries a DNS server by encapsulating DNS traffic within a Transport Layer Security (TLS) session. |
| dns poisoning | Attack where a threat actor injects false resource records into a client or server cache to redirect a domain name to an IP address of the attacker's choosing. |
| domain name system (DNS) | Service that maps fully qualified domain name labels to IP addresses on most TCP/IP networks, including the Internet. |
| domain name system security extensions (DNSSEC) | Security protocol that provides authentication of DNS data and upholds DNS data integrity. |
| dotted decimal notation | Format for expressing IPv4 addresses using four decimal values from 0 to 255 for each octet. |
| dual stack | Host operating multiple protocols simultaneously on the same interface. Most hosts are capable of dual stack IPv4 and IPv6 operation, for instance. |
| dumpster diving | The social engineering technique of discovering things about an organization (or person) based on what it throws away. |
| dynamic host configuration protocol (DHCP) | Protocol used to automatically assign IP addressing information to hosts that have not been configured manually. |
| dynamic routing | Entry in the routing table that has been learned from another router via a dynamic routing protocol. Also called a learned route. |
| east-west traffic | Design paradigm accounting for the fact that datacenter traffic between servers is greater than that passing in and out (north-south). |
| effective isotropic radiated power (EIRP) | Signal strength from a transmitter, measured as the sum of transmit power, antenna cable/connector loss, and antenna gain. |
| elasticity | Property by which a computing environment can instantly react to both increasing and decreasing demands in workload. |
| electromagnetic interference (EMI) | Noise that occurs when a magnetic field around one electrical circuit or device interferes with the signal being carried on an adjacent circuit. Also called interference. |
| encapsulating security protocol (ESP) | IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet. |
| encapsulation | A method by which protocols build data packets by adding headers and trailers to existing data. |
| encryption algorithm | Scrambling the characters used in a message so that the message can be seen but not understood or modified unless it can be deciphered. |
| end of life (EOL) | Product life cycle phase where mainstream vendor support is no longer available. |
| end of support (EOS) | Product life cycle phase where support is no longer available from the vendor. |
| enhanced igrp (EIGRP) | Advanced distance vector dynamic routing protocol using bandwidth and delay metrics to establish optimum forwarding paths. |
| enterprise authentication | Wireless network authentication mode where the access point acts as pass-through for credentials that are verified by an AAA server. |
| enumeration | Attack that aims to list resources on the network, host, or system as a whole to identify potential targets for further attack. Also referred to as footprinting and fingerprinting. |
| escalation | In the context of support procedures, incident response, and breach-reporting, escalation is the process of involving expert and senior staff to assist in problem management. |
| ethernet headers | Fields in a frame used to identify source and destination MAC addresses, protocol type, and error detection. |
| ethernet vpn (EVPN) | Using Border Gateway Protocol (BGP) to advertise virtual extensible LAN (VXLAN) networks as routes. |
| evil twin | Wireless access point that deceives users into believing that it is a legitimate network access point. |
| explicit deny | Firewall ACL rule configured manually to block any traffic not matched by previous rules. |
| exploit | Specific method by which malware code infects a target host, often via some vulnerability in a software process. Also called exploit technique. |
| extended ssid (ESSID) | Network name configured on multiple access points to form an extended service area. |
| extended unique identifier (EUI) | IEEE's preferred term for a network interface's unique identifier. An EUI-48 corresponds to a MAC address while an EUI-64 is one that uses a 64-bit address space. |
| extensible authentication protocol (EAP) | Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication, and establish secure tunnels through which to submit credentials. |
| f-type connectors | Screw down connector used with coaxial cable. |
| fat ap | Access point whose firmware contains enough processing logic to be able to function autonomously and handle clients without the use of a wireless controller. |
| fiber distribution panel | Type of distribution frame with pre-wired connectors used with fiber optic cabling. |
| fiber optic cable | Network cable type that uses light signals as the basis for data transmission. |
| fibre channel | High-speed network communications protocol used to implement SANs. |
| file transfer protocol (FTP) | Application protocol used to transfer files between network hosts. Variants include S(ecure)FTP, FTP with SSL (FTPS and FTPES), and T(rivial)FTP. FTP utilizes ports 20 and 21. |
| firewall | Software or hardware device that protects a network segment or individual host by filtering packets to an access control list. |
| first hop redundancy protocols (FHRPs) | Provisioning failover routers to serve as the default gateway for a subnet. Also referred to as Virtual Router Redundancy Protocol (VRRP) and Hot Standby Router Protocol (HSRP). |
| fragmentation | Mechanism for splitting a layer 3 datagram between multiple frames to fit the maximum transmission unit (MTU) of the underlying Data Link network. |
| frame | Common term for the protocol data unit for layer 2. |
| frequency band | Portion of the radio frequency spectrum in which wireless products operate, such as 2.4 GHz band or 5 GHz band. Also called frequencies. |
| full tunnel | VPN configuration where all traffic is routed via the VPN gateway. |
| full-duplex | Network link that allows interfaces to send and receive simultaneously. |
| fully qualified domain name (FQDN) | Unique label specified in a DNS hierarchy to identify a particular host within a subdomain within a top-level domain. |
| general data protection regulation (GDPR) | Provisions and requirements protecting the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US's Privacy Shield requirements. |
| generic routing encapsulation (GRE) | Tunneling protocol allowing the transmission of encapsulated frames or packets from different types of network protocol over an IP network. |
| geofencing | Security control that can enforce a virtual boundary based on real-world geography. |
| giant | Ethernet frame that is larger than the receiving interface will accept. |
| global positioning system (GPS) | A means of determining a receiver's position on Earth based on information received from orbital satellites. |
| half-duplex | Network link where simultaneously sending and receiving is not possible. |
| hardening | Process of making a host or app configuration secure by reducing its attack surface, running only necessary services, installing software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched. |
| heat map | In a Wi-Fi site survey, a diagram showing signal strength and channel uitilization at different locations. |
| high availability | Metric that defines how closely systems approach the goal of providing data availability 100% of the time while maintaining a high level of system performance. |
| honeypot | Host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration. Also called a honeynet or a honeyfile. |
| hop | One link in the path from a host to a router or from router to router. Each time a packet passes through a router, its hop count (or TTL) is decreased by one. |
| host name | Label applied to a host computer that is unique on the local network. |
| hosts file | List of static name to IP address mappings maintained on a host computer that will typically take precedence over name resolution queries. |
| hot site | Fully configured alternate processing site that can be brought online either instantly or very quickly after a disaster. |
| html5 vpn or clientless vpn | Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless). Also called clientless VPN. |
| hub | Layer 1 (Physical) network device used to implement a star network topology on legacy Ethernet networks, working as a multiport repeater. |
| hub-and-spoke | Wide area network topology with the same layout as a star topology. |
| hybrid | A cloud deployment that uses both private and public elements. |
| hybrid topology | A network that uses a combination of physical or logical topologies. In practice, most networks use hybrid topologies. For example, modern types of Ethernet are physically wired as stars but logically operate as buses. |
| hypertext transfer protocol (HTTP) | Application protocol used to provide web content to browsers. HTTP uses port 80. HTTPS(ecure) provides for encrypted transfers, using SSL/TLS and port 443. |
| identity and access management (IAM) | Security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets such as networks, operating systems, and applications. |
| ifconfig command | Deprecated Linux command tool used to gather information about the IP configuration of the network adapter or to configure the network adapter. |
| implicit deny | Firewall ACL rule configured by default to block any traffic not matched by previous rules. |
| industrial control system (ICS) | Network managing embedded devices (computer systems that are designed to perform a specific, dedicated function). |
| infrastructure as a service (IaaS) | Cloud service model that provisions virtual machines and network infrastructure. |
| infrastructure as code (IaC) | Provisioning architecture in which deployment of resources is performed by scripted automation and orchestration. |
| instant secure erase (ISE) | Media sanitization command built into HDDs and SSDs that are self-encrypting that works by erasing the encryption key, leaving remnants unrecoverable. |
| insulation-displacement connection (IDC) | Block used to terminate twisted pair cabling at a wall plate or patch panel available in different formats, such as 110, BIX, and Krone. |
| interface statistics | Metrics recorded by a host or switch that enable monitoring of link state, resets, speed, duplex setting, utilization, and error rates. |
| intermediate distribution frame (IDF) | Passive wiring panel providing a central termination point for cabling. |
| internet control message protocol (ICMP) | IP-level protocol for reporting errors and status information supporting the function of troubleshooting utilities such as ping. |
| internet key exchange (IKE) | Framework for creating a security association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree on secure protocols and cipher suites to use to exchange data. |
| internet message access protocol (IMAP) | Application protocol providing a means for a client to access and manage email messages stored in a mailbox on a remote server. IMAP4 utilizes TCP port number 143, while the secure version IMAPS uses TCP/993. |
| internet of things (IoT) | Devices that can report state and configuration data and be remotely managed over IP networks. |
| internet protocol security (IPSec) | Network protocol suite used to secure data through authentication and encryption as the data travels across the network or the Internet. |
| internet service provider (ISP) | Provides Internet connectivity and web services to its customers. |
| intrusion detection system (IDS) | Security appliance or software that uses passive hardware sensors to monitor traffic on a specific segment of the network. Also called a network intrusion detection system (NIDS). |
| intrusion prevention system (IPS) | Security appliance or software that combines detection capabilities with functions that can actively block attacks. |
| ip address management (IPAM) | Software consolidating management of multiple DHCP and DNS services to provide oversight into IP address allocation across an enterprise network. |
| ip command | Linux command tool used to gather information about the IP configuration of the network adapter or to configure the network adapter. |
| ip helper | Command set in a router OS to support DHCP relay and other broadcast forwarding functionality. |
| ip protocol type | Identifier for a protocol working over the Internet Protocol, such as TCP, UDP, ICMP, GRE, EIGRP, or OSPF. |
| ip scanner | Utility that can probe a network to detect which IP addresses are in use by hosts. Also called IP scanning. |
| ipconfig command | Command tool used to gather information about the IP configuration of a Windows host. |
| iperf | Utility used to measure the bandwidth achievable over a network link. |
| iterative lookup | DNS query type whereby a server responds with information from its own data store only. |
| jitter | Variation in the time it takes for a signal to reach the recipient. Jitter manifests itself as an inconsistent rate of packet delivery. If packet loss or delay is excessive, then noticeable audio or video problems (artifacts) are experienced by users. |
| jumbo frame | Ethernet frame with a payload larger than 1,500 bytes (up to 9,216 bytes). |
| jump server | A hardened server that provides access to other hosts. |
| kerberos | Single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system. |
| latency | The time it takes for a signal to reach the recipient. |
| layer 3 switch | Switch appliance capable of IP routing between virtual LAN (VLAN) subnets using hardware-optimized path selection and forwarding. |
| least privilege | Basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role. Also referred to as the principle of least privilege. |
| lifecycle roadmap | Method to track the lifecycle phases of one or more hardware, service, or software systems in your organization. Also called the system lifecycle. |
| lightweight directory access protocol (LDAP) | Network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information. |
| link layer discovery protocol (LLDP) | Standards-based protocol used by network appliances to discover layer 2 adjacent devices or neighbors. |
| link local | IP addressing scheme used within the scope of a single broadcast domain only. |
| link state | Algorithm used by routing protocols that builds a complete network topology to use to select optimum forwarding paths. |
| load balancer | Type of switch, router, or software that distributes client requests between different resources, such as communications links or similarly configured servers. This provides fault tolerance and improves throughput. |
| local area network (LAN) | Network scope restricted to a single geographic location and owned/managed by a single organization. |
| local connector (LC) | Small form factor push-pull fiber optic connector; available in simplex and duplex versions. |
| logging level | Threshold for storing or forwarding an event message based on its severity index or value. Also referred to as the severity level. |
| long term evolution (LTE) | Packet data communications specification providing an upgrade path for 2G and 3G cellular networks. LTE services use a SIM card to identify the subscriber and network provider. LTE Advanced is designed to provide 4G standard network access. |
| loopback address | IP address by which a host can address itself over any available interface. |
| mac address table | Data store on a switch that keeps track of the MAC addresses associated with each port. As the switch uses a type of memory called content addressable memory (CAM), this is sometimes called the CAM table. |
| mac filtering | Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it. |
| mac flooding | Network attack where a switch's cache table is inundated with frames from random source MAC addresses so that it starts flooding unicast traffic, facilitating snooping attacks. |
| main distribution frame (MDF) | Passive wiring panel providing a central termination point for cabling. A MDF distributes backbone or "vertical" wiring through a building and connections to external access provider networks. |
| malware | Software that serves a malicious purpose, typically installed without the user's consent (or knowledge). |
| management information base (MIB) | Database that stores Simple Network Management Protocol (SNMP) properties and values of a network device and its components. |
| maximum tolerable downtime (MTD) | Longest period that a process can be inoperable without causing irrevocable business failure. |
| maximum transmission unit (MTU) | Maximum size in bytes of a frame's payload. If the payload cannot be encapsulated within a single frame at the Data Link layer, it must be fragmented. |
| mean time between failures (MTBF) | Metric for a device or component that predicts the expected time between failures. |
| mean time to failure (MTTF) | Metric indicating average time a device or component is expected to be in operation. |
| mean time to repair (MTTR) | Metric representing average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure. |
| media access control (MAC) address | Hardware address that uniquely identifies each network interface at layer 2 (Data Link). A MAC address is 48 bits long with the first half representing the manufacturer's Organizationally Unique Identifier (OUI). Also called a client identifier. |
| media converter | Layer 1 (Physical) network device that translates signals received over one media type for transmission over a different media type. |
| medium dependent interface/medium dependent interface crossover (MDI/MDIX) | System that distinguishes transmit and receive pins on different interface types. The interface on an end system is MDI while that on an intermediate system is MDIX. |
| memorandum of understanding (MOU) | Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money. |
| mesh topology | A topology often used in WANs where each device has (in theory) a point-to-point connection with every other device (fully connected); in practice, only the more important devices are directly interconnected (partial mesh). |
| microsegmentation | Function of an Ethernet switch whereby collision domains are reduced to the scope of a single port only. |
| missing route | Troubleshooting issue where a routing table does not contain a required entry due either to manual misconfiguration or failure of a dynamic routing protocol update. |
| mission essential function (MEF) | Business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all. |
| multi-fiber push-on (MPO) | Fiber optic cable type that terminates multiple strands to a single compact connector, supporting parallel links. |
| multicast | A packet addressed to a selection of hosts (in IP, those belonging to a multicast group). |
| multifactor | Authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA. |
| multimode fiber (MMF) | Fiber optic cable type using LED or vertical cavity surface emitting laser optics and graded using optical multimode types for core size and bandwidth. |
| multiple input multiple output (MIMO) | Use of multiple reception and transmission antennae to boost bandwidth via spatial multiplexing and to boost range and signal reliability via spatial diversity. |
| multiuser mimo (MU-MIMO) | Use of spatial multiplexing to connect multiple MU-MIMO-capable stations simultaneously, providing the stations are not on the same directional path. |
| nat64 | IPv6 transition mechanism that uses Network Address Translation (NAT) to convert destination IPv4 addresses to IPv6 format at routing boundaries. |
| native vlan | VLAN ID used for any untagged frames received on a trunk port. The same ID should be used on both ends of the trunk, and the ID should not be left as the default VLAN ID (1). |
| neighbor discovery (ND) protocol | IPv6 protocol used to identify link local nodes. |
| netflow | Cisco-developed means of reporting network flow information to a structured database. NetFlow allows better understanding of IP traffic flows as used by different network applications and hosts. |
| netstat | Cross-platform command tool to show network information on a machine running TCP/IP, notably active connections and the routing table. |
| network access control (NAC) | General term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level. |
| network adapter | Adapter card that provides one or more Ethernet ports for connecting hosts to a network so that they can exchange data over a link. |
| network address translation (NAT) | Routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally. |
| network attached storage (NAS) | Storage device enclosure with network port and an embedded OS that supports typical network file access protocols (FTP and SMB for instance). |
| network discovery | Processes and tools that facilitate identification of hosts present on a network or subnet. |
| network function virtualization (NFV) | Provisioning virtual network appliances, such as switches, routers, and firewalls, via VMs and containers. |
| network layer (layer 3) | OSI model layer responsible for logical network addressing and forwarding. |
| network loop | Troubleshooting issue where layer 2 frames are forwarded between switches or bridges in an endless loop. |
| network mask | Number of bits applied to an IP address to mask the network ID portion from the host/interface ID portion. This can be expressed as a bit prefix in slash notation or as a dotted decimal subnet mask. |
| network security group | Rules that filter communication between cloud networks and from cloud networks to the Internet. |
| network security list | In Oracle Cloud Infrastructure, traffic filtering rules that apply to a subnet, rather than just network interfaces. |
| Enforcing a security zone by separating a segment of the network from access by the rest of the network. | |
| network time protocol (NTP) | Application protocol allowing machines to synchronize to the same time clock that runs over UDP port 123. |
| network time security (NTS) | Method of securing NTP queries and responses using Transport Layer Security (TLS). NTS typically uses TCP port 4460. |
| nmap security scanner | A highly adaptable, open-source network scanner used primarily to scan hosts and ports to locate services and detect vulnerabilites. |
| non-disclosure agreement (NDA) | Agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties. |
| north-south | Network data flows that go into and out of an organization's network or datacenter. |
| nslookup command | Cross-platform command tool for querying DNS resource records. |
| on-path | Attack where the threat actor makes an independent connection between two victims and is able to read and possibly modify traffic. Formerly called a man-in-the-middle (MitM) attack. |
| open authentication | Wireless network authentication mode where guest (unauthenticated) access is permitted. |
| open shortest path first (OSPF) | Dynamic routing protocol that uses a link-state algorithm and a hierarchical topology. |
| open systems interconnection (OSI) reference model | Assigns network and hardware components and functions at seven discrete layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application. |
| operational technology (OT) | Communications network designed to implement an industrial control system rather than data networking. |
| optical link budget | Assessment of allowable signal loss over a fiber optic link. Also referred to as low optical link budget. |
| optical multimode (OM) | Classification system for multimode fiber designating core size and modal bandwidth. |
| option (DCHP) | DHCP configuration that assigns additional parameters, such as DNS server addresses. In DHCPv4, an option is used to identify the default gateway address. |
| orchestration | Automation of multiple coordinated steps in a deployment process. |
| out-of-band (OOB) | Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem. |
| overlay network | Network protocols that use encapsulation to provision virtual tunnels and networks without requiring reconfiguration of the underlying transport network. |
| packet loss | Network PDUs that do not reach their destination due to transmission errors, congestion, or security policies. |
| packet sniffer | Recording data from frames as they pass over network media, using methods such as a mirror port or tap device. |
| patch | A small unit of supplemental code meant to address either a security problem or a functionality flaw in a software package or operating system. |
| patch panel | Type of distribution frame used with twisted pair cabling with IDCs to terminate fixed cabling on one side and modular jacks to make cross-connections to other equipment on the other. Also called a patch bay. |
| payment card industry data security standard (PCI DSS) | The information security standard for organizations that process credit or bank card payments. |
| peer-to-peer | Administration paradigm whereby any computer device may be configured to operate as both server and client. |
| performance metrics | Measurement of a value affecting system performance, such as CPU or memory utilization. |
| personally identifiable information (PII) | Data that can be used to identify or contact an individual (or, in the case of identity theft, to impersonate them). |
| phishing | Email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim. |
| physical layer (PHY) | Lowest layer of the OSI model providing for the transmission and receipt of data bits from node to node. This includes the network medium and mechanical and electrical specifications for using the media. Also referred to as layer 1. |
| ping command | Cross-platform command tool for testing IP packet transmission. |
| platform as a service (PaaS) | Cloud service model that provisions application and database services as a platform for development of apps. |
| playbook | A checklist of actions to perform to complete a standard procedure or detect and respond to a specific type of incident. |
| plenum | Cable for use in building voids designed to be fire resistant and to produce a minimal amount of smoke if burned. Also called plenum cable. |
| point to point | A point-to-point topology is one where two nodes have a dedicated connection to one another. |
| point-to-point protocol (PPP) | Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks. |
| polarization | Orientation of the wave propagating from an antenna. |
| port | In TCP and UDP applications, a unique number assigned to a particular application protocol. Server ports are typically assigned well-known or registered numbers while client ports use dynamic or ephemeral numbering. |
| port address translation (PAT) | Maps private host IP addresses onto a single public IP address. Each host is tracked by assigning it a random high TCP port for communications. |
| port aggregation | Combining the bandwidth of two or more switch ports into a single channel link. |
| port mirroring | Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch. Also called a switched port analyzer (SPAN). |
| port role | In Spanning Tree Protocol (STP), each port is assigned a role (root, designated, blocked, or disabled) depending on its position in the topology. |
| port scanner | Utility that can probe a host to enumerate the status of TCP and UDP ports. |
| port security | Preventing a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile. |
| port states | In Spanning Tree Protocol (STP), topology changes cause ports to transition through different states (blocking, listening, learning, forwarding, and disabled). |
| port tagging | On a switch with VLANs configured, a port with an end station host connected operates in untagged mode (access port). A tagged port will normally be part of a trunk link. |
| port-side exhaust/intake | Feature of switches that allows fans to switch between expelling hot air and drawing in cool air from the side with ports. |
| posture assessment | Audit process and tools for verifying compliance with a compliance framework or configuration baseline. |
| power budget | When configuring Power over Ethernet, the maximum amount of power available across all switchports. |
| power over ethernet (PoE) | Specification allowing power to be supplied via switch ports and ordinary data cabling to devices such as VoIP handsets and wireless access points. Devices can draw up to about 13W (or 25W for PoE+). |
| pre-shared key (PSK) | Wireless network authentication mode where a passphrase-based mechanism is used to allow group authentication to a wireless network. The passphrase is used to derive an encryption key. |
| precision time protocol (PTP) | Provides clock synchronization to network devices to a higher degree of accuracy than Network Time Protocol (NTP). |
| presentation layer (Layer 6) | OSI model layer that transforms data between the formats used by the network and applications. Also called layer 6. |
| private branch exchange (PBX) | Routes incoming calls to direct dial numbers and provides facilities such as voice mail, Automatic Call Distribution (ACD), and Interactive Voice Response (IVR). |
| private cloud | A cloud that is deployed for use by a single entity. |
| private key | In asymmetric encryption method where the key is only known to the holder |
| production configuration | Configuration settings used when an appliance, instance, or app is booted or started. |
| Utility that can parse the header fields and payloads of protocols in captured frames for display and analysis. Also called a packet analyzer. | |
| protocol data unit (PDU) | Network packet encapsulating a data payload from an upper layer protocol with header fields used at the current layer. |
| proxy server | Server that mediates the communications between a client and another server. It can filter and often modify communications, as well as provide caching services to improve performance. Also called a forward proxy. |
| public cloud | A cloud that is deployed for shared use by multiple independent tenants. |
| public key | During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair. |
| public key infrastructure (PKI) | Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities. |
| public switched telephone network (PSTN) | Global network connecting national telecommunications systems. |
| public versus private addressing | Some IP address ranges are designated for use on private networks only. Packets with source IP addresses in public ranges are permitted to be forwarded over the Internet. |
| punch down tool | Tool used to terminate solid twisted pair copper cable to an insulation displacement connector. |
| quad small form-factor pluggable (QSFP) | Fiber optic transceiver module type supporting four individual duplex lanes at 1 Gbps (QSFP) or 10 Gbps (QSFP+) that can be aggregated into a single 4 Gbps or 40 Gbps channel. |
| quality of service (QoS) | Systems that differentiate data passing over the network that can reserve bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth is often described as class of service (CoS). |
| rack | Storage solution for server and network equipment. Racks are designed to a standard width and height (measured in multiples of 1U or 1.75"). Racks offer better density, cooling, and security than ordinary office furniture. |
| rack diagram | Physical plan of appliances installed in a network rack and their power and network connections. |
| radio frequency (RF) attenuation | Loss of signal strength due to distance and environmental factors. Also referred to as free space path loss. |
| received signal strength indicator (RSSI) | Signal strength as measured at the receiver, using either decibel units or an index value. |
| recovery point objective (RPO) | Longest period that an organization can tolerate lost data being unrecoverable. |
| recovery time objective (RTO) | Maximum time allowed to restore a system after a failure event. |
| recursive lookup | DNS query type whereby a server submits additional queries to other servers to obtain the requested information. |
| registered jack (RJ) | Series of jack/plug types used with twisted pair cabling, such as RJ45 and RJ11. |
| remote authentication dial-in user service (RADIUS) | AAA protocol used to manage remote and wireless authentication infrastructures. |
| remote desktop protocol (RDP) | Application protocol for operating remote connections to a host using a graphical interface. TCP port 3389. |
| repeater | Layer 1 device that regenerates and retransmits signals to overcome media distance limitations. |
| reservation | DHCP configuration that assigns either a pre-reserved or persistent IP address to a given host, based on its hardware address or other ID. |
| resource records | Data file storing information about a DNS zone. |
| reverse dns | DNS query type to resolve an IP address to a host name. |
| rfc 1918 | Standards document that defines private address ranges. |
| risk | Likelihood and impact (or consequence) of a threat actor exercising a vulnerability. |
| rogue access point | Wireless access point that has been enabled on the network without authorization. |
| role-based access control (RBAC) | Access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions. |
| root bridge selection | In Spanning Tree Protocol (STP), the process and metrics that determine which bridge or switch will be identified as root. Selection of an inappropriate root device can cause performance and security issues. |
| route command | Cross-platform command tools used to display and manage the routing table on a Windows or Linux host. |
| router | Intermediate system working at the Network layer capable of forwarding packets around logical networks of different layer 1 and layer 2 types. |
| router advertisement (RA) | Packet sent by an IPv6-capable router to notify hosts about prefixes and autoconfiguration methods available on the local link |
| routing information protocol (RIP) | Distance vector-based routing protocol that uses a hop count to determine the least-cost path to a destination network. |
| routing loop | Troubleshooting issue where a packet is forwarded between routers in a loop until its TTL expires. |
| routing table | Data store on an IP host used to determine the interface over which to forward a packet. |
| runt | Malformed Ethernet frame that is smaller than the permitted 64 byte minimum size. |
| sanitization | Process of thoroughly and completely removing data from a storage medium so that file remnants cannot be recovered. |
| satellite | System of microwave transmissions where orbital satellites relay signals between terrestrial receivers or other orbital satellites. |
| scalability | Property by which a computing environment is able to gracefully fulfill its ever-increasing resource needs. |
| scope | Range of consecutive IP addresses in the same subnet that a DHCP server can lease to clients. |
| screened subnet | Segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports. Formerly referred to as a demilitarized zone (DMZ), this usage is now deprecated. |
| secure access service edge (SASE) | A networking and security architecture that provides secure access to cloud applications and services while reducing complexity. |
| secure erase (SE) | Method of sanitizing a drive using the ATA command set. |
| secure shell (SSH) | Application protocol supporting secure tunneling and remote terminal emulation and file copy. SSH runs over TCP port 22. |
| security assertion markup language (SAML) | An XML-based data format used to exchange authentication information between a client and a service. |
| security information and event management (SIEM) | Solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications. |
| security service edge (SSE) | Design paradigm and associated technologies that mediate access to cloud services and web applications. |
| self-signed certificate | A digital certificate that has been signed by the entity that issued it, rather than by a CA. |
| server message block (SMB) | Application protocol used for requesting files from Windows servers and delivering them to clients. |
| service level agreement (SLA) | Agreement that sets the service requirements and expectations between a consumer and a provider. |
| session initiation protocol (SIP) | Application protocol used to establish, disestablish, and manage VoIP and conferencing communications sessions. |
| session layer (Layer 5) | OSI model layer that provides services for applications that need to exchange multiple messages (dialog control). Also referred to as layer 5. |
| shadow it | Computer hardware, software, or services used on a private network without authorization from the system owner. |
| shellcode | A lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system. |
| shoulder surfing | Social engineering tactic to obtain someone's password or PIN by observing them as they type it in. |
| show arp command | Command tools used in router operating systems to list the contents of the Address Resolution Protocol (ARP) cache of IP address to MAC address mappings. |
| show commands | Set of commands in a switch OS to report configuration or interface information. |
| show route command | Command tools used in router operating systems to list the contents of routing tables. |
| simple mail transfer protocol (SMTP) | Application protocol used to send mail between hosts on the Internet. Messages are sent between servers over TCP port 25 or submitted by a mail client over secure port TCP/587. |
| simple network management protocol (SNMP) | Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default. |
| simultaneous authentication of equals (SAE) | Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method. |
| single mode fiber (SMF) | Fiber optic cable type that uses laser diodes and narrow core construction to support high bandwidths over distances of over 5 km. |
| small form factor pluggable (SFP) | Fiber optic transceiver module type supporting duplex 1 Gbps (SFP) or 10 Gbps (SFP+) links. |
| small office/home office (SOHO) | Category of network type and products that are used to implement small-scale LANs and off-the-shelf Internet connection types. |
| social engineering | Activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines. |
| socket | Combination of a TCP/UDP port number and IP address. A client socket can form a connection with a server socket to exchange data. |
| software as a service (SaaS) | Cloud service model that provisions fully developed application services to users. |
| software defined networking (SDN) | APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems. |
| software-defined wans (SD-WAN) | Services that use software-defined mechanisms and routing policies to implement virtual tunnels and overlay networks over multiple types of transport network. |
| source control | Technologies that manage development of software code by tracking and merging or rejecting changes from multiple authors. |
| spanning tree protocol (STP) | Protocol that prevents layer 2 network loops by dynamically blocking switch ports as needed. |
| spectrum analyzer | Device that can detect the source of interference on a wireless network. |
| spine and leaf topology | Topology commonly used in datacenters comprising a top tier of aggregation switches forming a backbone for a leaf tier of top-of-rack switches. |
| split tunnel | VPN configuration where only traffic for the private network is routed via the VPN gateway. |
| spoofing | Attack technique where the threat actor disguises their identity or impersonates another user or resource. |
| standard operating procedure (SOP) | Documentation of best practice and work instructions to use to perform a common administrative task. |
| star topology | Topology where each node is connected to a central point, typically a switch or a router. |
| stateless address autoconfiguration (SLAAC) | Mechanism used in IPv6 for hosts to assign addresses to interfaces without requiring manual intervention. |
| static route | Entry in the routing table added manually by an administrator. |
| storage area network (SAN) | Network dedicated to provisioning storage resources, typically consisting of storage devices and servers connected to switches via host bus adapters. |
| straight tip (ST) | Bayonet-style twist-and-lock connector for fiber optic cabling. |
| structured query language (SQL) | Programming and query language common to many relational database management systems. |
| subinterfaces | Configuring a router's physical interface with multiple virtual interfaces connected to separate virtual LAN (VLAN) IDs over a trunk. |
| subnet addressing | Division of a single IP network into two or more smaller broadcast domains by using longer netmasks within the boundaries of the network. Also called a subnet mask. |
| subscriber connector (SC) | Push/pull connector used with fiber optic cabling. |
| supervisory control and data acquisition (SCADA) | Type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer. |
| switch | Intermediate system used to establish contention-free network segments at layer 2 (Data Link). |
| switch virtual interface (SVI) | Feature of layer 3 switches that allows a virtual interface assigned with an IP address to act as the default gateway for a VLAN. |
| syslog | Application protocol and event logging format enabling different appliances and software applications to transmit logs or event records to a central server. Syslog works over UDP port 514 by default. |
| t568a and t568b | Twisted pair termination pinouts defined in the ANSI/TIA/EIA 568 Commercial Building Telecommunications Standards. |
| tabletop exercise | A discussion of simulated emergency situations and security incidents. |
| tailgating | Social engineering technique to gain access to a building by following someone who is unaware of their presence. |
| tap | Hardware device inserted into a cable to copy frames for analysis. |
| tcp flags | Field in the header of a TCP segment designating the connection state, such as SYN, ACK, or FIN. |
| tcpdump | Command line packet sniffing utility. |
| telnet | Application protocol supporting unsecure terminal emulation for remote host management. Telnet runs over TCP port 23. |
| term | Definition |
| terminal access controller access control system (TACACS+) | AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management. |
| thin ap | Access point that requires a wireless controller in order to function. |
| threat | Potential for an entity to exercise a vulnerability (that is, to breach security). |
| three-tier hierarchal model | Paradigm to simplify network design by separating switch and router functionality and placement into three tiers each with a separate role, performance requirements, and physical topology. |
| throughput | Amount of data transfer supported by a link in typical conditions. |
| time to live (TTL) | Counter field in the IP header recording the number of hops a packet can make before being dropped. |
| tone generator | Used to identify one cable within a bundle by applying an audible signal. Also called fox and hound. |
| top-of-rack (ToR) | High-performance switch model designed to implement the leaf tier in a spine and leaf topology. |
| topology | Network specification that determines the network's overall layout, signaling, and dataflow patterns. |
| traceroute/tracert command | Diagnostic utilities that trace the route taken by a packet as it "hops" to the destination host on a remote network. tracert is the Windows implementation, while traceroute runs on Linux. |
| traffic analysis | Processes and tools that facilitate reporting of network communication flows summarized by host or protocol type. |
| traffic shapers | Appliances and/or software that enable administrators to closely monitor network traffic and to manage that network traffic. |
| transceiver | Component in a network interface that converts data to and from the media signalling type. Modular transceivers are designed to plug into switches and routers. |
| transmission control protocol (TCP) | Protocol in the TCP/IP suite operating at the Transport layer to provide connection-oriented, guaranteed delivery of packets. |
| transport layer | OSI model layer responsible for ensuring reliable data delivery. |
| transport layer security (TLS) | Security protocol that uses certificates for authentication and encryption to protect web communications and other application protocols. |
| trivial file transfer protocol (TFTP) | Simplified form of FTP supporting only file copying. TFTP works over UDP port 69. |
| troubleshooting methodology | Structured approach to problem-solving using identification, theory of cause, testing, planning, implementation, verification, and documentation steps. |
| trunks | Backbone link established between switches and routers to transport frames for multiple virtual LANs (VLANs). |
| tunneling | Encapsulating data from a local protocol within another protocol's PDU to transport it to a remote network over an intermediate network. |
| twinaxial | Media type similar to coax but with two inner conductors to improve performance. |
| twisted pair cable | Network cable construction with insulated copper wires twisted about each other. A pair of color-coded wires transmits a balanced electrical signal. The twisting of the wire pairs at different rates acts to reduce interference and crosstalk. |
| ultra physical contact (UPC) | Fiber optic connector finishing type that uses a slightly curved polish for the ferrule. |
| unicast | A packet addressed to a single host. If the host is not on the local subnet, the packet must be sent via one or more routers. |
| uniform resource locator (URL) filtering | Type of content filter applied to restrict client queries to particular uniform resource locator (URL) web addresses. |
| uninterruptible power supply (UPS) | Battery-powered device that supplies AC power that an electronic device can use in the event of power failure. |
| unshielded twisted pair (UTP) | Media type that uses copper conductors arranged in pairs that are twisted to reduce interference. Typically cables are 4-pair or 2-pair. |
| user datagram protocol (UDP) | Protocol in the TCP/IP suite operating at the Transport layer to provide connectionless, non-guaranteed communication. |
| variable length subnet masking (VLSM) | Using network prefixes of different lengths within an IP network to create subnets of different sizes. |
| version control | Within a source control system, a process that assigns an identification number to each release of an app or script. |
| virtual appliance | A preconfigured, self-contained virtual machine image ready to be deployed and run on a hypervisor. |
| virtual extensible lan (VXLAN) | Technology used to implement an overlay network so that hosts in separate subnets can establish layer 2 adjacency in a discrete logical segment. The 24-bit VXLAN ID space supports up to 16 million logical segments. |
| virtual ip | Public address of a load balanced cluster that is shared by the devices implementing the cluster. |
| virtual lan (VLAN) | A logical network segment comprising a broadcast domain established using a feature of managed switches to assign each port an ID. |
| virtual private cloud (VPC) | A private network segment made available to a single cloud consumer on a public cloud. |
| visual fault locator | Troubleshooting tool used to identify breaks or imperfections in fiber optic cable. |
| vlan hopping | Exploiting a misconfiguration to direct traffic to a different VLAN without authorization. |
| voice or auxiliary vlan | Feature of VoIP handsets and switches to segregate data and voice traffic while using a single network wall port to attach the handset and the computer. Also called auxiliary VLAN. |
| voice over ip (VoIP) | Generic name for protocols that carry voice traffic over data networks. |
| voip phones | Handset or software client that implements a type of voice over Internet Protocol (VoIP) to allow a user to place and receive calls. |
| vulnerability | Weakness that could be triggered accidentally or exploited intentionally to cause a security breach. |
| vulnerability assessment | Evaluation of a system's security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system. Also called vulnerability testing. |
| warm site | Alternate processing location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed. |
| wi-fi analyzer | Device or software that can report characteristics of a WLAN, such as signal strength and channel utilization. |
| wi-fi protected access (WPA) | Standards for authenticating and encrypting access to Wi-Fi networks. Also called WPA2 and WPA3. |
| wide area networks (WANs) | Network scope that spans a large geographical area, incorporating more than one site and often a mix of different media types and protocols plus the use of public telecommunications networks. |
| wire map tester | Tool to verify termination/pinouts of cable. |
| wireless controller | Device that provides wireless LAN management for multiple APs. |
| wireless mesh network (WMN) | Wireless network topology where all nodes—including client stations—are capable of providing forwarding and path discovery. This improves coverage and throughput compared to using just fixed access points and extenders. |
| wireshark | Widely used protocol analyzer. |
| wiring diagram | Documentation of connector pinouts and/or cable runs. |
| work recovery time (WRT) | In disaster recovery, time additional to the RTO of individual systems to perform reintegration and testing of a restored or upgraded system following an event. |
| yaml ain't markup language (YAML) | Language for configuration files and applications such as Netplan and Ansible. |
| zero trust architecture (ZTA) | The security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed. |
| zero-day | Vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability. |
| zone index | Parameter assigned by a host to distinguish ambiguous interface addresses within a link local scope. |
| zone transfer | Mechanism by which a secondary name server obtains a read-only copy of zone records from the primary server. |
Created by:
maninthebush
Popular Computers sets