Glossary

A router attached to multiple areas that maintains individual link state databases for each area.

The process of establishing the identity and/or validity of a sender or message. That is, the determination of whether an entity is who or what it claims to be.

A server that's not responsible for maintaining DNS zone information. It simply resolves name requests to IP addresses on behalf of DNS clients and caches the results.

A trusted source that issues digital certificates to requestors. A third-party CA or Windows 2000 Certificate Services can be used.

A document published by a Certificate Authority that lists issued certificates that are no longer valid. By default, the CA publishes the CRL on a weekly basis.

In Windows 2000, this is the ability of an administrator to distribute certain administrative tasks to other individuals or groups. In terms of DNS, delegation involves giving a portion of a domain namespace to another server. That server will then be responsible for resolving name resolution requests.

A form of routing that enables on-demand connections over PPP links. On-demand connections can be created over dial-up, persistent, or non-persistent media.

A scaled-down version of DHCP included with NAT (Network Address Translation) and ICS (Internet Connection Sharing). It assigns IP addresses to clients on the local area network in the range of 192.168.0.1 “ 192.168.0.254 . This range is configurable with NAT but not with ICS.

A digital document from a trusted entity (a certificate authority) that binds a public key to a specific identity that has the corresponding private key. Digital certificates are used to authenticate and secure information exchange across networks. They are digitally signed by the certification authority that issued them and can be issued for a user , a computer, or a service.

A name-resolution system used to translate domain names into IP addresses. DNS is included as a service with Windows 2000.

A protocol used to dynamically assign IP addresses to devices on a network. It can also be used to provide DHCP clients with optional parameters such as the IP address of the default gateway. DHCP in Windows 2000 can also be integrated with DNS.

The automatic update of routing tables through the use of routing protocols such as RIP (Routing Information Protocol) or OSPF (Open Shortest Path First).

Enables a DNS client to automatically register and update its own resource records with a DNS server. It can be used in conjunction with DHCP so clients can update their resource records when IP addresses change.

Encrypts data that is stored on a Windows 2000/XP hard disk. EFS is public key “based. Contents of an encrypted file cannot be viewed without the corresponding private key.

The conversion of data into a format that is not readable by an unauthorized individual.

A certificate authority that is used to assign digital certificates to users within a Windows 2000 domain. An enterprise CA requires Active Directory and DNS. An enterprise root CA is at the top of the hierarchy. A subordinate CA is configured as a child CA to a parent CA. A parent CA can be a root CA or an intermediate (non-root) CA.

A frame is a packet of information transmitted from one system to another; the type of frame can vary depending on the system in use. To communicate with a NetWare server, for example, the computer running Windows 2000 must be using the same frame type as the computer running NetWare.

A Windows 2000 service that centralizes the administration of multiple remote access servers. IAS provides a centralized means for authentication and storage of auditing and accounting information for RAS clients. This is Microsoft's implementation of a RADIUS server.

Enables a computer to share a single Internet connection with other computers on the local area network. ICS was introduced in Windows 98 and is included with Windows 2000.

A command that displays the TCP/IP network configuration for a host where the command is run. When used without parameters, it displays the IP address, subnet mask, and default gateway for a host.

A set of encryption protocols used to support the secure exchange of data at the IP layer. In Transport mode, only the data portion or payload is encrypted. In Tunnel mode, both the header and the payload are encrypted.

Determines the amount of time a client can use an IP address assigned from a DHCP server before the address must be renewed.

A text file that can be used to resolve NetBIOS names to IP addresses. The file exists in the Windows directory and contains NetBIOS to IP address mappings.

A range of Internet Protocol (IP) addresses (from 239.0.0.0 to 239.254.255.255 ). These are multicast addresses that can be prevented from propagating in either direction (sending or receiving).

Multilink is the aggregation of multiple connections to create one connection with combined bandwidth. It can be used with demand-dial connections to automatically add and drop physical links as bandwidth requirements change.

This is the resolution of a domain name or a NetBIOS name to an IP address. Names entered by users must be resolved to IP addresses before hosts can communicate. Name resolution can be provided through text files or name servers such as WINS and DNS.

A component of a network address translator that performs additional translation and payload adjustment beyond the IP, TCP, and UDP headers so that information that might not otherwise be translatable can be passed through the translation process. NAT editors were developed by OEMs for different IP protocols that obtain the necessary information for network address translation.

An application programming interface (API) used in Windows versions prior to Windows 2000 that provided network naming services for computers, devices, services, and other network resources. With the introduction of Active Directory, NetBIOS naming was replaced with the Domain Name System (DNS).

Provides a means of connecting multiple computers to the Internet using a single public IP address.

A tool used to monitor and capture network traffic, which is useful for troubleshooting network problems. It is included with Windows 2000.

The Microsoft implementation of the IPX/SPX (Internetwork Packet Exchange/Sequenced Packet Exchange) protocol, which enables a computer to communicate with a NetWare-based computer or another Windows computer running IPX/SPX.

A routing protocol that uses the shortest path first or link state routing algorithm to calculate the shortest path to each host. It shares that calculated portion of the routing table with other OSPF routers.

Limits the type of traffic allowed to pass through a router or Internet gateway.

A network connection that is always active. WINS servers use persistent connections to replicate the WINS database between servers.

A command used to test network connectivity between two TCP/IP hosts. The ping command will display whether the destination host is reachable and how long it took to receive a reply.

A WINS server that fetches database changes from its replication partners to itself.

A WINS server that sends update notification messages to its replication partners when changes to its database occur.

An industry standard for providing authorization, authentication, and accounting services for dial-up and remote access services.

A service that enables remote clients to dial in to a Windows 2000 server and access network resources as though they were physically attached to the network, albeit slower.

A DNS server that is authoritative for the root of the namespace.

A protocol that allows routers to automatically exchange routing information. Because RIP routers periodically exchange entire routing tables, it is designed for use with small to medium sized networks.

Determines the pool of IP addresses from which a DHCP server can assign IP addresses. Every DHCP server must be configured with at least one scope.

Standalone CAs issue digital certificates to requestors, but don't require an Active Directory domain to operate . A standalone root CA or a standalone subordinate CA can be configured.

Network routing that uses manually updated routing tables. Routing tables can be updated statically using the route command, which is beneficial because there is no traffic generated between routers. The disadvantage of static routing is that the routing tables must be manually updated each time there is a change to the network topology.

The portion of an IP address that indicates the network ID.

Enables a DHCP server to assign IP addresses from more than one scope to clients on a single physical network (subnet).

An industry standard suite of protocols that enables two hosts to establish a connection and exchange data.

A process in which records in a WINS database are marked as being extinct. This means they are released by the WINS server for immediate use.

A way of using a public infrastructure, such as the Internet, to securely connect to remote offices. The privacy of data transmissions is maintained through a variety of security procedures and tunneling protocols. VPNs can provide the same capabilities as a dedicated leased line while reducing costs.

A computer that allows non-WINS clients to participate in a WINS environment by listening for name request broadcasts and forwarding them to a WINS server.

The process of duplicating the WINS database on all WINS servers with the most up-to-date naming information.

DNS database files that contain resource records for a single domain or a set of domains. There are two types of zones in DNS: forward lookup zones for mapping names to IP addresses and reverse lookup zones for mapping IP addresses to domain names.