Z

Safe mode bypasses startup files and runs a basic set of files and drivers including mouse, keyboard, video, mass storage, and basic system services. Safe mode is used for troubleshooting Windows when your system fails to boot properly-for example, when a device driver is corrupt or after you make an erroneous change to the registry. Safe mode bypasses the system startup files to allow you to start with a "clean" configuration.

To access safe mode when booting Windows 98 and Windows Millennium Edition (Me), press the F5 key when the screen shows the message "Starting Windows 98..." or "Starting Windows Me..." You can also start safe mode from the command prompt by typing win /d:m . You can also press F6 to access safe mode with networking support. When you are in safe mode, you are informed of this by text displayed in all four corners of the screen.

To access safe mode while booting Windows 2000, Windows XP, or Windows .NET Server, press the F8 key when you see the message "Please select the operating system to start." You will then be presented with a list of options that includes three safe mode options: standard, networking-enabled, and safe mode with command prompt. Use the arrow keys to navigate the list. Press the Enter key to make your selection.

Safe mode. Entering Safe Mode in Windows 2000.

SAM database

Stands for Security Account Manager (SAM) database, which contains user and group account information on a Microsoft Windows NT domain controller.

See Also Security Account Manager (SAM) database

SAN

Stands for storage area network, a dedicated storage network separate from the network where servers reside.

See Also storage area network (SAN)

SAP

Stands for Service Advertising Protocol, a Novell NetWare protocol for advertising network resources.

See Also Service Advertising Protocol (SAP)

SAS

Stands for secure attention sequence, the Ctrl+Alt+ Delete keystroke combination in Microsoft Windows NT, Windows 2000, Windows XP, and Windows .NET Server that displays the Windows Security dialog box.

See Also secure attention sequence (SAS)

SATAN

Stands for Security Administrator Tool for Analyzing Networks, a popular network security analysis tool.

See Also Security Administrator Tool for Analyzing Networks (SATAN)

Satellite Internet Backbone (SIBone)

A satellite-based network exchange point.

Overview

The Satellite Internet Backbone (SIBone) is the first network exchange point on the Internet that is located in outer space. SIBone uses a satellite deployed by eSAT, and Internet service providers (ISPs) can connect to this exchange point by colocating routers at eSAT's data centers (called teleports), where satellite links using radio telescopes connect the ground station with the satellite. eSAT's satellite employs a proprietary technology called Virtual Onboard Switching (VOS) to simulate a mesh-based technology.

SIBone provides Tier-2 ISPs with an alternative to buying transit services from larger Tier-1 ISPs. VOS allows Tier-2 ISPs to exchange Internet traffic with each other directly, potentially saving costs. SIBone's downside, however, is that the satellite's geosynchronous orbit means that it is 22,236 miles (35,785 kilometers) above the Earth's surface, which can increase the latency of connections by as much as 500 milliseconds (msec). This latency might be acceptable for general purpose Internet traffic but is too large for Voice over IP (VoIP) applications to work well.

See Also Internet ,Internet service provider (ISP) ,latency ,Voice over IP (VoIP)

schema

A set of rules defining the structure of a directory.

Overview

In the Active Directory directory service of Microsoft Windows 2000 and Windows .NET Server, the schema defines which objects can be contained in the directory and what attributes those objects can have. The schema can also be considered a formal definition of Active Directory.

Active Directory comes with a default schema that is sufficient in most instances and that defines common network objects in the directory such as users, groups, domains, and computers. You can modify the schema by using the Active Directory Schema, a snap-in for the Microsoft Management Console (MMC). The schema is extensible in that new object classes and attribute types can be added to it. Members of the Schema Admins group have the necessary rights for modifying and extending the schema. The built-in Administrator account is included in this group. You can make the following types of modifications to the schema:

• Create new classes and attributes

• Modify existing classes and attributes

• Deactivate existing classes and attributes

Notes

The schema is actually stored in Active Directory itself in a container under the RootDSE object. Key attributes within the Active Directory schema that are prefixed with "System-" cannot be modified. This ensures consistency of the schema.

If you modify the schema, you should wait five minutes for the modifications to be written to the system, whereupon the changes are updated in Active Directory and replicated to all domain controllers. Therefore, if you modify the schema, you should wait until the changes have replicated throughout your entire enterprise before you create new objects that use these modifications.

As a safety measure, domain controllers by default have read-only permissions on the schema. If you want to write changes to the schema, you must first modify a registry setting on the domain controller on which you plan to make modifications. (Make modifications to the schema from only one domain controller at a time.) The Schema Manager MMC snap-in offers a check box that you can use to set or clear the key. To modify the registry manually, you add the parameter "Schema Update Allowed" with data type REG_DWORD and a nonzero value to the following registry key:

HKEY_LOCAL_MACHINE       \System           \CurrentControlSet               \Services                    \NTDS                         \Parameters

See Also Active Directory

scope

Short for Dynamic Host Configuration Protocol (DHCP) scope, a range of Internet Protocol (IP) addresses that a DHCP server can lease out to DHCP clients.

See Also DHCP scope

scripting

Writing scripts for performing administration, building dynamic Web sites, and other tasks.

Overview

Scripting involves using scripting languages to write short programs called scripts. These scripts are then executed with the help of a scripting engine, an interpreter that is usually built in to the client or server where the script is executed.

Some uses for scripting in enterprise and e-business environments include

• Automating administrative tasks such as performing backups and unlocking user accounts

• Adding dynamic functionality to static Hypertext Markup Language (HTML) pages to create forms, shopping carts, and other features

Types

There are a wide variety of scripting languages used in enterprise and e-business environments today. Some of the more popular languages include

• Batch file languages: A batch file is a collection of Microsoft Windows or UNIX commands saved in a text file. On the Windows platform, for example, batch files are files that have the extension .bat. Batch files can be either manually executed by administrators or can be scheduled to run at specific times. In UNIX environments writing batch files is often called shell scripting.

• Practical Extraction and Reporting Language (Perl): This is a popular scripting language used in UNIX environments for writing common gateway interface (CGI) scripts that add dynamic functionality to static Web pages. There are also versions of Perl for the Windows platform.

• Rexx: This language originated in IBM's OS/2 computing environment, and is a scripting language that has powerful string manipulation features comparable to those found in Perl.

• Python: This is another scripting language that is popular in the UNIX environment. It includes support for object-oriented programming.

• Visual Basic Scripting Edition (VBScript): This is a subset of Visual Basic for Applications (VBA) and is a popular tool on Windows platforms for building dynamic Web sites.

• JScript: This is Microsoft Corporation's implementation of JavaScript and confirms to the European Computer Manufacturers Association (ECMA) 262 standard. JScript is a powerful tool for writing scripts that perform administrative tasks on the Windows platform.

Implementation

Looking specifically at Web scripting on the Windows platform, two basic approaches can be used:

• Server-side scripting: Here the script is executed on the Web server side of a Hypertext Transfer Protocol (HTTP) session. The client requests a page from the server, and the server processes the script and generates HTML, which is then sent to the client. Server-side scripting is popular and forms the basis of Microsoft Active Server Pages (ASP), a platform for building dynamic Web applications based on Microsoft Internet Information Services (IIS). Similar platforms include ColdFusion from Allaire Corporation, Java Server Pages (JSP) from Sun Microsystems, and PHP from the Apache Software Foundation.

• Client-side scripting: Here the script is embedded in the Web page downloaded by the client and is executed within the client browser to add dynamic functionality to the page.

Notes

The Windows Script Host (WSH) is a component of Windows that first appeared in Windows NT 4. The WSH enables scripts of various types to be run without the need of a separate container application, and it supports a wide range of ActiveX scripting engines.

See Also Active Server Pages (ASP) ,batch file ,Hypertext Markup Language (HTML) ,Hypertext Transfer Protocol (HTTP) ,Internet Information Services (IIS) ,JScript ,Practical Extraction and Reporting Language (Perl) ,VBScript ,Windows commands ,Windows Script Host (WSH)

SCSI

Stands for Small Computer System Interface, a popular general-purpose input/output (I/O) bus.

See Also Small Computer System Interface (SCSI)

SC/ST connectors

Connectors commonly used in fiber-optic networking.

Overview

The SC and ST connectors are the most widely used type of connectors for fiber-optic cabling. They are defined in the Electronic Industries Alliance/Telecommunications Industry Association (EIA/TIA) 568A cabling standard. Details of these connector types are as follows:

• SC: This stands for subscriber connector and is a duplex (two strand) fiber-optic connector having a square molded plastic body about twice the size of a standard RJ-45 copper wire connector and a push- pull locking interface. SC connectors are typically used in data communication, cable television (CATV), and telephony environments.

• ST: This stands for straight tip and is a simplex (one strand) fiber-optic connector with round ceramic ferrules and bayonet locking features. ST connectors are generally more common than SC connectors in fiber-optic networking environments.

Both SC and ST connectors can be used with either single-mode or multimode fiber-optic cabling. Coupling receptacles for these connectors come in either panel-mount or free-handing designs. For narrow space installations, you can even get 90-degree boot versions instead of straight versions.

SC and ST connectors. Fiber-optic SC and ST connectors.

Issues

The main problem with SC and ST connectors is that they are expensive. To terminate a fiber-optic cable with one of these connectors you must splice the cable, polish the end of the fiber, and glue the connector onto the cable. The cost of these connectors plus installation labor means that about 35 percent of the cost of a fiber-optic patch cord is due to the connectors. As a result, fiber- optic cabling manufacturers have been developing new connector types that are easier to install and more compatible with writing panels for existing Category 5 (Cat5) cabling infrastructures. An early development in this regard was the SMA connector, a snap-in connector that features threaded-nut locking. Subtypes of this connector include SMA905 and SMA906.

A recent development has been the emergence of new fiber-optic connectors compatible with RJ-45 connectors. These new connectors allow existing Cat5 wiring panels to be used for optical interconnects instead of having to install special SC/ST/SMA patch panels in wiring closets. Some of the more popular versions of these new connectors include

• MT-RJ: Developed by Alcoa, AMP, and Siecor (now Corning Cable Systems)

• LC: Developed by Lucent Technologies

• VF-45: Developed by 3M Corporation

• Opti-Jack: Developed by Panduit Corporation

These different standards are inoperable with one another, and the TIA is essentially letting the market decide which will become the new market standard. The move to these smaller-footprint optical connectors means that SC/ST connectors are beginning to be viewed as legacy technology and might soon be on their way out.

Notes

For harsh environments, a good choice is the military- grade connector. These connectors satisfy the MIL-C- 83522 (ST) specifications and are corrosion-proof; have isolated relief boots to reduce cable strain; and are heat, shock, vibration, fungus, and salt-spray resistant.

See Also Category 5 (Cat5) cabling ,fiber-optic cabling ,RJ connectors

SDLC

Stands for Synchronous Data Link Control, a data-link layer protocol developed in the 1970s by IBM for its Systems Network Architecture (SNA) networking environment.

See Also Synchronous Data Link Control (SDLC)

SDSL

Stands for Symmetric Digital Subscriber Line, a form of business-grade Digital Subscriber Line (DSL) service.

See Also Symmetric Digital Subscriber Line (SDSL)

secondary name server

A type of name server in the Domain Name System (DNS).

Overview

A secondary name server is one that downloads its file of resource records from a master name server. The master name server can be either a primary name server or another secondary name server. Primary name servers get their resource records from local files called zone files. Secondary name servers do not maintain local zone files-they obtain their files from master name servers by means of a zone transfer, which occurs when a secondary name server polls a master name server and determines that there are updates to the DNS database that need to be downloaded. This primary/secondary (master/slave) architecture means that a DNS administrator has to maintain only a single set of DNS resource records (on the primary name server), which simplifies DNS administration.

A name server can be a primary name server for one zone and a secondary name server for a different zone. In other words, name servers are defined as primary or secondary on a per-zone basis. On Berkeley Internet Naming Domain (BIND) implementations of DNS, secondary name servers are often referred to as slave name servers.

Notes

Secondary name servers can be used to provide redundancy and load balancing for name resolution. On a corporate Internet Protocol (IP) network that uses DNS as its name resolution method, it is a good idea to have at least two name servers-a primary master name server, and a secondary name server for backup. Otherwise, if the primary goes down, users will not be able to resolve server names on the network and therefore will not be able to find and access any network resources.

BIND makes it possible for slave name servers to keep backup copies of zone files in case the master name server goes down. It is generally a good practice to keep such backup copies. You can also implement a list of up to 10 master name servers that can be tried successively by each slave name server in a very large DNS implementation. BIND v8 includes a feature whereby the primary notifies the slave when changes have been made to the primary's DNS database. This notification process causes BIND v8 name servers to be more up to date with each other than with the polling procedure of earlier BIND implementations.

See Also Berkeley Internet Name Domain (BIND) ,name server ,zone ,zone file

secondary ring

The backup ring in Fiber Distributed Data Interface (FDDI) networking.

Overview

FDDI is a dual-ring topology networking architecture based on a token-passing access method. The secondary ring usually sits dark (unused), except when a fault occurs on the primary ring, in which case the network reconfigures itself to make use of the secondary ring to wrap around the fault. Because the data travels on the secondary ring in the opposite direction than it was traveling on the primary ring, when it's put to use, the secondary ring reroutes data back the way it came, thus avoiding the problem spot.

The dual-ring configuration provides FDDI with a degree of fault tolerance-if a computer or cable on the primary ring goes down, the secondary ring is put to use, working in conjunction with the portion of the primary ring that is not broken. This feature is known as a self-healing capability and is performed when the stations on both sides of the link concentrator reconfigure themselves when a failure occurs in the link (due to a cable break, a loose connector, or some device failure).

The FDDI specification allows the length of the two rings to reach up to 125 miles (200 kilometers), with up to 1000 attached stations. However, since the secondary ring is usually used for redundancy purposes, a maximum of 500 stations is allowed on an FDDI network. Repeaters are needed every 1.25 miles (2 kilometers) around the rings.

Notes

You can run the FDDI primary ring and secondary ring along different physical paths to make your FDDI network even more redundant. If an accident or disaster affects one of the rings, it might not affect the other.

See Also Fiber Distributed Data Interface (FDDI) ,primary ring

secure attention sequence (SAS)

The Ctrl+Alt+Delete keystroke combination in Microsoft Windows NT, Windows 2000, Windows XP, and Windows .NET Server that displays the Windows Security dialog box.

Overview

Users can use the secure attention sequence keystroke combination to do the following:

• Log on to or log off of a Windows workstation

• Lock the console or unlock a locked workstation

• Change their passwords

• Invoke Task Manager

• Shut down, log off, or restart their systems

Notes

The secure attention sequence (SAS) offers protection against Trojan horse programs that masquerade as common system applications. For example, it is impossible to write a Trojan horse program that presents the user with a phony Windows Security dialog box in an attempt to steal a user's credentials, because this program cannot be activated by the SAS. The most that a hacker can do is write a Trojan horse program that displays a Windows Security dialog box at random times while the user is already logged on. To guard against such an event, you should educate users to always use the SAS keystroke sequence even if the computer they are using already displays what appears to be the Windows Security dialog box.

The SAS also kills any logon scripts that are running and can be used to terminate scripts that have stopped responding.

Secure Hypertext Transfer Protocol (S-HTTP)

An Internet protocol for encryption of Hypertext Transfer Protocol (HTTP) traffic.

Overview

Secure Hypertext Transfer Protocol (S-HTTP) is an application-level protocol that extends the HTTP protocol by adding encryption to Web pages. It also provides mechanisms for authentication and signatures of messages. S-HTTP provides broad support for implementing different types of cryptographic algorithms and key management systems. Although S-HTTP systems can make use of digital certificates and public keys, messages can also be encrypted on a per-transaction basis using symmetric session keys.

S-HTTP was proposed as a draft standard in 1996 and is still under development. S-HTTP is not as widely implemented as Secure Sockets Layer (SSL), which is the most popular protocol for encrypting information sent over the Internet.

Notes

S-HTTP is also the name given to World Wide Web (WWW) server software that implements the S-HTTP protocol. This software was developed by Enterprise Integrations Technologies (EIT), the National Center for Supercomputing Applications (NCSA), and RSA Security.

See Also cryptography , Hypertext Transfer Protocol (HTTP) , World Wide Web (WWW)

Secure/Multipurpose Internet Mail Extensions (S/MIME)

A scheme for secure e-mail messaging.

Overview

RSA Security developed Secure/Multipurpose Internet Mail Extensions (S/MIME) as a mechanism for adding security to the Simple Mail Transfer Protocol (SMTP) e-mail messaging protocol. S/MIME adds support for digital signatures and encryption to SMTP to enable authentication of the sender and protect the privacy of the communication. S/MIME is defined in RFCs 2311 through 2315.

Implementation

S/MIME is basically an extension of the widely implemented Multipurpose Internet Mail Extensions (MIME) encoding standard, which defines how the body portion of an SMTP message is structured and formatted. S/MIME uses the RSA public key cryptography algorithm along with the Data Encryption Standard (DES) or Rivest-Shamir-Adleman (RSA) encryption algorithm. In an S/MIME message, the MIME body section consists of a message in PKCS #7 format that contains an encrypted form of the MIME body parts. The MIME content type for the encrypted data is application/pkcs7-mime.

Prospects

S/MIME has gained some popularity in the enterprise but its deployment has been hindered by the complexity and cost of implementing public key infrastructure (PKI) schemes. S/MIME is simpler to implement than the earlier Privacy Enhanced Mail (PEM) specification, but it has not achieved the same widespread use as the Pretty Good Privacy (PGP) scheme developed by Phil Zimmermann.

Notes

Note that since Hypertext Transfer Protocol (HTTP) messages can also transport MIME data, HTTP can also employ S/MIME for secure communications, although this is rarely implemented.

See Also Data Encryption Standard (DES) , e-mail ,encryption ,Hypertext Transfer Protocol (HTTP) ,Multipurpose Internet Mail Extensions (MIME) ,PKCS #7 ,Privacy Enhanced Mail (PEM) ,public key infrastructure (PKI) ,Rivest-Shamir-Adelman (RSA) algorithm ,

Secure Sockets Layer (SSL)

A transport layer security protocol used on the Internet.

Overview

Secure Sockets Layer (SSL) is a security protocol used for securing communications performed over the Internet. SSL provides three things:

• Authentication: Ensures that the message received is from the individual it says it is from

• Confidentiality: Protects the message from being read by unintended recipients along the way

• Integrity: Ensures that the message has not been modified along the way

Netscape Communications developed SSL in 1996 to enable secure transmission of information over the Internet.

Implementation

SSL operates between the application and transport layers of the Open Systems Interconnection (OSI) reference model. SSL supports only those applications and application-layer protocols for which it has been explicitly implemented. In other words, SSL is not a transparent security protocol that can work automatically with any application-layer protocol. SSL commonly operates with the Hypertext Transfer Protocol (HTTP) and sometimes with the Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol (NNTP). SSL has been implemented in a wide variety of applications including Web servers, Web browsers, and other Internet applications. Both the client and the server applications must support SSL in order for it to work.

SSL employs public-key encryption for secure authentication and symmetric key encryption for encryption of transmitted information. For public key encryption SSL employs the Rivest-Shamir-Adleman (RSA) encryption algorithm and therefore depends on the implementation of a supporting public key infrastructure (PKI). Message integrity is guaranteed by incorporating a message integrity check mechanism called a message authentication code (MAC).

An SSL session begins when an SSL-enabled client requests a connection with an SSL-enabled server over Transmission Control Protocol (TCP) port 443, the SSL port. This initiates the SSL handshake between the client and server. A Web page that uses SSL has a Uniform Resource Locator (URL) that begins with https instead of the standard http prefix. The server then sends the client its digital certificate and public key. The client and server then negotiate a mutually acceptable level of encryption, which is usually 40-bit, 56-bit, or 128-bit strength, depending on legal restrictions and availability. The client then generates a secret session key, encrypts it with the server's public key, and sends the encrypted session key to the server, which decrypts the session key using its private key. From that point on, the secret key cryptography is employed, and the session key is used to encrypt all data exchanged between the client and server, providing secure, private communication.

Issues

The main problems with SSL are

• Using SSL to secure Web transactions adds significant processing overhead to Web servers, sometimes as much as two orders of magnitude. In other words, a Web server that can support thousands of simultaneous unencrypted HTTP sessions might only be able to support a few dozen SSL sessions based on the same hardware configuration.

• SSL is difficult to implement in e-commerce environments that use Web server farms and server load balancers. This is because SSL is designed to use persistence, which means that the client must maintain the same Internet Protocol (IP) address during the entire session.

To address these issues, you can use specialized network devices called SSL Accelerators to offload SSL processing and session caching to other servers for enhanced performance and greater persistence.

Prospects

The Internet Engineering Task Force (IETF) has standardized a variant of SSL. This variant is known as Transport Layer Security (TLS), and it is similar to SSL 3 but is not interoperable with that protocol. Microsoft Windows 2000, Windows XP, and Windows .NET Server support both SSL and TLS security. As TLS becomes more widely implemented, use of the proprietary SSL protocol might fade, but this is likely to take place over many years due to wide industry support for SSL.

See Also Hypertext Transfer Protocol (HTTP) ,Internet ,Internet Engineering Task Force (IETF) ,port ,public key cryptography ,Rivest-Shamir-Adelman (RSA) algorithm ,Transmission Control Protocol (TCP) ,Transport Layer Security (TLS) ,Uniform Resource Locator (URL)

security

Protection of computer, network, and business assets.

Overview

Security is an important concern in the field of IT (information technology), particularly since the Internet provided a ubiquitous method for connecting networks and systems all over the world. The rise in business on the Internet (e-business) in the 1990s resulted in an exponential increase in attacks on corporate networks, with an accompanying increasing awareness of the fundamental importance of security for protection of business assets such as financial data and confidential personnel information.

Security in general is difficult to achieve in any open system-that is, a system connected to other systems. E-businesses are by definition open systems, whether they involve business-to-client or business-to-consumer (B2C) relationships, as in e-commerce sites and online stores, or business-to-business (B2B) relationships, as in supply-chain and financial transaction systems. Some of the difficulties in securing open systems include

• Recognizing the importance of security and allocating staff and financial resources to implement it properly

• Finding and protecting the weakest point in your system

• Maintaining high security while keeping the system friendly and usable for those involved

In addition, even closed systems must consider the necessity of securing their assets from misuse by those working within the company or organization. In fact, many security analysts consider the "threat from within" to be the more serious one, despite the large amount of attention given to hackers in the mass media in the last few years.

Security encompasses a broad range of subjects that also includes:

• Privacy: Ensuring the confidentiality of information, usually through encryption

• Integrity: Ensuring the protection of information from being modified or deleted, again usually through encryption

Implementation

Fundamental to securing assets that are accessible through IT systems such as corporate networks and e-commerce sites are the three basic principles of security: authentication, authorization, and auditing. These three are often referred to as "golden rules" because Au is the chemical symbol for gold. These three principles are

• Authentication: The process by which a principal (a trusted, identified entity) identifies a user, consumer, or client. Authentication can employ passwords, signatures, smart cards, biometric identification, and other tools. The basis of authentication from an IT perspective is security protocols, which are protocols that enable users to be securely authenticated by network security principals. Examples of such security protocols include NTLM and Kerberos.

• Authorization: Once a user is authenticated, the next step is to ensure that the user can access only those resources for which the user is properly authorized. This is done through implementing access controls, permissions, privileges, and other elements, depending on the systems involved. The securest form of authorization is the mandatory or nondiscretionary access control, which enforces strict rules concerning resource access that affect even the resource's owners.

• Auditing: The third step is to ensure that access to resources and privileges is logged for purposes of later review. Audit logs help administrators determine when systems have been compromised and take steps to further secure them.

In addition to these golden rules, a number of other strategies are crucial for ensuring the security of business resources accessible through IT systems. These include

• Murphy's Law: If something can go wrong, it will. Therefore no system is completely secure and every system will fail at some point. Accept this fact and be prepared.

• Do not trust technology: Security is more about people than it is about technology. Systems will not be secure if administrators fail in their responsibilities to implement patches in a timely manner as new vulnerabilities are discovered for applications and operating systems. Likewise, a firewall is no help if the administrator has not taken the time to configure it properly. Similarly, users must be educated to be "security-conscious" and to avoid such silly mistakes as taping their passwords under their keyboards or opening executable attachments.

• Least privilege: Never give users more privileges than they need.

• Multiple mechanisms: Never trust a single security system such as a firewall-have multiple systems in place that redundantly protect your assets, including firewalls, virus scanners, intrusion detection devices, hostile content blockers, and virtual private networking (VPN). On the other hand, try to keep security systems as simple as possible, so you do not get overwhelmed with the job of managing security.

• Comprehensiveness: It is no use securing one part of a corporate network if another part is left unsecured. Any security solution must be a comprehensive one that hardens every aspect of the system from outside (or inside) attack.

• Weakest link: Identify the weakest point in your system and monitor it regularly. The weakest link of a system is different from the choke point, the narrowest part of the system through which an attacker must enter. However, you should also monitor choke points continuously, even if they are hardened.

• Security policy: Take the time to write and internally publish a comprehensive security policy that covers the management, use, and implementation of IT systems in a secure fashion. A security policy outlines your environment's basic security architecture, rules for accessing resources, and how these rules are enforced.

• Security audit: Having an independent organization check your network's security is a good idea to ensure that your security policy is comprehensive and implemented properly.

• Standard deployment: Have a standard process in place for deploying new IT resources such as Web servers on your network. For example, you should first create a standard "hardened" operating system image, then install additional applications needed, add a binary checksum to facilitate detection of modifications to your system, perform vulnerability analysis for your applications, and finally deploy your server on the network. Never deploy a server that is not properly hardened or that still has its default accounts and passwords in place unchanged.

• Do not forget the obvious: Most security breaches are caused by well-known vulnerabilities that have not been secured even though patches are readily available.

• Know your enemy: The best defense is a good knowledge about likely attackers. Familiarity with the procedures and tools used by hackers will help you identify, harden, and maintain your system's security. Good network security specialists usually have a collection of popular hacker tools in their arsenal, as many of these tools can be used for identifying vulnerabilities.

• Regular assessment: Periodically review your company's compliance with its security policy and ensure that your goals are being met.

• Consider outsourcing: Managed security providers (MSPs) are a new breed of company that has arisen in recent years to help small and medium- sized businesses secure their IT systems. You can save costs using these companies' services, but carefully evaluate their offerings first and remember that ultimately security is your own company's responsibility. Appointing a Chief Security Officer (CSO) is an important step in determining how best to implement your company's security requirements.

Finally, here are some tips on how to make your IT environment more secure:

• Use strong passwords and change them every 90 days. Be careful about telephone requests to change an employee's password in case someone is impersonating the employee.

• Teach employees how to choose and protect their passwords.

• Immediately disable accounts of departing employees.

• Pay special attention to security for telecommuters (employees working from home) as you do not have direct management over their working environment. Ensure that they are using personal firewalls and remind them of the consequences of not complying with the company security policy.

• Disable all unnecessary services on servers.

• Apply new security patches released by vendors as soon as possible, but ensure that your systems are fully backed up first in case the patch causes unexpected problems.

• Ensure that your virus protection software has its signature updated regularly.

• Pay special attention to the security of your wireless networks. Most wireless networks are implemented with default security and the result is that anyone driving near your building with a laptop in their car can often access your network.

See Also access control ,auditing ,authentication protocol ,business-to-business ,encryption ,firewall ,hacking ,intrusion detection system (IDS) ,Kerberos ,network security ,password ,permissions ,privacy ,virtual private network (VPN)

Security Account Manager (SAM) database

Contains user and group account information on a Microsoft Windows NT domain controller.

Overview

All user accounts, group accounts, and resource definitions such as shares and printers on a Windows NT-based network have their security principals defined in the Security Account Manager (SAM) database. The SAM database is also known as the domain directory database, or sometimes simply the directory database.

The master copy of the SAM database is stored on the primary domain controller (PDC) and occupies a portion of the Windows NT registry. Periodic directory synchronization ensures that backup domain controllers (BDCs) have an accurate replica of this master database, so BDCs can also be used for logons and for pass-through authentication of users attempting to access network resources.

Because the entire SAM database must reside in a domain controller's RAM, it cannot exceed about 40 megabytes (MB) in Windows NT, which works out to about 40,000 user accounts, or 26,000 users and Windows NT workstations combined. The following table lists the size of common objects in a SAM database.

Notes

In Windows 2000 and Windows .NET Server, the functions of the SAM database have been migrated to the more powerful and scalable Active Directory directory service.

See Also Active Directory ,backup domain controller (BDC) ,primary domain controller (PDC) ,registry

Security Administrator Tool for Analyzing Networks (SATAN)

A popular network security analysis tool.

Overview

Security Administrator Tool for Analyzing Networks (SATAN) is a free tool developed by Dan Farmer and Wietse Venema in 1995 for remotely analyzing the security of networks. SATAN consists of a variety of routines that probe a network for security holes in ways that are similar to the ones hackers use. The tool tests the vulnerabilities of Transmission Control Protocol/Internet Protocol (TCP/IP) hosts using common TCP/IP protocols, such as File Transfer Protocol (FTP), Network File System (NFS), and Network Information System (NIS), and analyzes how the host responds to requests based on these protocols. The results are stored in a database and can be displayed using a Web browser.

SATAN runs on machines running UNIX and needs the Perl interpreter to operate. Typically, SATAN identifies weaknesses in the setup and configuration of network software; network administrators can use it to check the configuration of their network software. SATAN can also identify the network services that are running and provide information about the types of hardware and software and the topology of the network.

Issues

Because SATAN is free and can be downloaded from numerous places on the Internet, both network administrators and hackers can use it. If you are concerned about the possible misuse of SATAN against your network, you can obtain various types of free anti-SATAN software on the Internet that alert you to a SATAN attack so that you can take remedial action.

See Also File Transfer Protocol (FTP) ,Network File System (NFS) ,Network Information System (NIS) ,network security

security descriptor

A unique header for an object stored in the Active Directory directory service of Microsoft Windows 2000 and Windows .NET Server.

Overview

Security descriptors contain security identifiers (SIDs), which are discretionary access control lists (DACLs) or system access control lists (SACLs) that specify the access permissions for the object. Specifically, the security descriptor for an object contains the following:

• Owner SID: Identifies the security principal (the owner of the object)

• Group SID: Used only by Services for Macintosh and the POSIX subsystem

• DACL: Contains the access permissions and rights for the object and its attributes, along with the SIDs of the security principals who can access the object

• SACL: Contains system-wide security policies such as the auditing policy

See Also Active Directory , discretionary access control list (DACL) ,

security group

A type of group in Microsoft Windows 2000 and Windows .NET Server.

Overview

Security groups are security principals that can contain other security principals such as user, group, and computer objects from the Active Directory directory service. They are one of two types of groups used in Windows 2000, the other being distribution groups. Security groups are used for grouping accounts and for controlling access to resources, much in the same way that global groups and local groups are used in Windows NT-based networks. (In other words, all groups in Windows NT are security groups.)

Types

Security groups come in three types:

• Domain local groups: Provide users with permissions to access resources; used only within the specific domain in which they are created

• Global groups: Logically group users for administrative purposes and have visibility in the current domain and trusted domains

• Universal groups: Similar to global groups but reduce global catalog replication traffic when they are used

See Also distribution group ,group

security identifier (SID)

An internal number used in Microsoft Windows 2000 and Windows .NET Server that uniquely identifies a user, group, or other object.

Overview

Security identifiers (SIDs) are used internally by Windows 2000 to provide user accounts with access to network resources. SIDs are guaranteed to be unique because they are created using a combination of user information, domain information, and time and date of account creation. The general format of a SID is a series of decimal numbers separated by dashes in the following form:

S-1-X-Y1-Y2-....

X is the value of the identifier authority, and Y1, Y2, and so on are values of subauthorities. The prefix S-1 means "SID revision 1."

Changing the name of a user, computer, or domain does not change the underlying SID for that account. Administrators cannot modify the SID for an account in Windows NT, and there is generally no need to know the SID assigned to a particular account. SIDs are primarily intended to be used internally by the operating system to ensure that accounts are uniquely identified to the system.

security log

A log in Microsoft Windows 2000, Windows XP, and Windows .NET Server that records auditing events.

Overview

Entries in the security log are either success entries, which are identified by a key symbol, or failure entries, which are identified by a padlock symbol. You can view and manage the security log by using the administrative tool Event Viewer, where you can view additional details by opening the property sheet for the particular event. You can also select events by filtering the security log. You can export the security log as a .csv file and import it into a spreadsheet or database program for further analysis.

Notes

In a high-security environment, you can enable a registry parameter named CrashOnAuditFail, which causes the system to display a Stop screen when the security log is full. This prevents unaudited system access on your server. When you restart the system, you must archive the current contents of the security log before continuing. See the Microsoft Windows 2000 Server Resource Kit from Microsoft Press for more information.

See Also application log ,

security principal

An object in the Active Directory directory service of Microsoft Windows 2000 and Windows .NET Server that can be assigned permissions and rights.

Overview

Three types of security principals are used in Windows 2000 networks:

• User objects: Represent individual user accounts

• Group objects: Can be used to group other security principals for assigning permissions and to ease administration

• Computer objects: Represent individual computers running Windows 2000 on the network

Security principals are uniquely identified by security identifiers (SIDs), which provide a unique, internal, alphanumeric identifier for the security principal.

See Also Active Directory ,

security protocols

Protocols used for authentication clients.

Overview

Security protocols are protocols that allow networks and systems to authenticate users, computers, and applications for purposes of accessing resources on these networks and systems. Security protocols use various forms of encryption to ensure the privacy, authenticity, and integrity of a user's credentials and of network communications.

Types

Some of the popular security protocols in use today include

• NTLM: Stands for Windows NT Lan Manager, the native security protocol on Microsoft Windows NT domain-based networks. NTLM is also known as Windows NT Challenge/Response Authentication protocol.

• Kerberos: Developed at the Massachusetts Institute of Technology (MIT) and used as the native security protocol by the Active Directory directory service on Windows 2000- and Windows .NET Server-based networks.

• Remote Authentication Dial-In User Services (RADIUS): A client/server protocol used to securely authenticate dial-up users for authentication, authorization, and accounting (AAA).

• Terminal access controller access control system (TACACS): A proprietary protocol developed by Cisco Systems and similar to RADIUS.

• Secure Sockets Layer (SSL): A protocol that secures Hypertext Transfer Protocol (HTTP) communications between users and Web servers.

See Also authentication protocol , Hypertext Transfer Protocol (HTTP) ,Kerberos ,protocol ,Remote Authentication Dial-In User Service (RADIUS) , Terminal Access Controller Access Control System (TACACS), Windows NT Challenge/Response Authentication

security provider

A server or device on a network that authenticates users trying to log on or access network resources.

Overview

In a Microsoft Windows 2000- or Windows .NET Server-based network, special servers called domain controllers act as security providers and handle tasks such as user logons and control of resource access. If all domain controllers are temporarily offline, users can still log on to their local computers and use local computer resources but cannot be authenticated for accessing resources elsewhere on the network.

Notes

Windows 98 and Windows Millennium Edition (Me) can operate as stand-alone computing environments or as part of a Windows 2000 domain. If files on a computer running Windows 98 or Windows Me will be shared by users on a Windows 2000- or Windows .NET Server-based network, be sure that you have configured Windows 98 or Windows Me networking to use user- level security instead of the more common share-level security used in workgroup environments.

See Also domain controller

segmentation

The process of dividing a large network into smaller connected networks.

Overview

Segmentation improves the performance of Ethernet networks by reducing the size of collision domains. Because stations on an Ethernet network use contention to try to use the networking media, fewer stations in a given network segment means less contention and better network performance. Bridges or routers are generally used to segment an Ethernet network into smaller collision domains.

Notes

The term segmentation is also used to refer to the process by which routers break down oversized frames into smaller portions that are sequenced, forwarded, and then reassembled at the receiving station. Segmentation is usually a sign that the network is misconfigured because segmentation eats valuable CPU cycles on routers and produces greater latency in network communication.

See Also collision domain ,Ethernet ,frame

separator page

A page that is printed between print jobs.

Overview

In the old days, separator pages indicated when one print job finished and the next one began. In Microsoft Windows NT, Windows 2000, Windows XP, and Windows .NET Server, separator pages can have two functions:

• Separating printed output in a multiuser environment so that users can more easily retrieve their print jobs

• Switching a print device between different print modes (if the device has this capability)-for example, switching between Printer Control Language (PCL) mode and PostScript mode

Windows 2000 includes several separator pages, which are located in the \Winnt\System32 directory:

• Pcl.sep: Switches the printing mode to PCL printing, typically for printers made by Hewlett- Packard. A separator page is also printed.

• Pscript.sep: Switches the printing mode to PostScript for supported printers. No separator page is printed.

• Sysprint.sep: Functions much as pscript.sep does but also prints a separator page.

Notes

You can use Notepad to edit any default separator page file to create a custom separator file. You can add new lines by using printer escape codes such as those shown in the following table.

If a printer can auto-switch between printing modes (by identifying the type of the rendered file sent to it), you do not need to specify a separator page.

serial encapsulation protocols

Protocols used to encapsulate local area network (LAN) traffic for sending over a wide area network (WAN).

Overview

LAN traffic such as Ethernet frames cannot normally be sent over a WAN link without first encapsulating them in a format suitable for WAN serial transmission. This is accomplished through the use of special encapsulation protocols, with different protocols generally being used for different WAN technologies.

Types

Serial encapsulation protocols fall into two basic types:

• Synchronous: These protocols are used for synchronous serial links such as leased lines and packet-switching services, and include High-level Data-Link Control (HDLC), Link Access Control, B-channel (LAPB) used in X.25 networking, and Point-to-Point Protocol (PPP). HDLC is the default protocol used for synchronous serial connections on Cisco routers.

• Asynchronous: These protocols are used for asynchronous (dialup) serial links and include Serial Line Internet Protocol (SLIP) and Point-to-Point Protocol (PPP).

Notes

With the emergence of metropolitan Ethernet, the days of serial encapsulation might soon be over. Carriers such as Yipes Communications can now provision Gigabit Ethernet (GbE) directly to your demarc point, allowing you to connect your WAN as easily as you build your LAN.

See Also Gigabit Ethernet (GbE) , High-level Data Link Control (HDLC) ,metropolitan Ethernet ,Point-to-Point Protocol (PPP) ,

serial interface

An interface on a device that is used for serial transmission.

See Also serial transmission

Serial Line Internet Protocol (SLIP)

A serial encapsulation protocol.

Overview

Serial Line Internet Protocol (SLIP) is a packet-framing protocol developed for sending Internet Protocol (IP) datagrams over point-to-point wide area networking (WAN) links. SLIP was developed in 1984 for UNIX environments as a simple protocol that provides only frame delimitation and has limited error recovery mechanisms. Later, a variant of SLIP called C-SLIP was developed that included support for data compression.

SLIP was used mainly in UNIX platforms to provide access to the Internet using low-speed dial-up links. SLIP is defined in RFC 1055 and C-SLIP in RFC 1144.

Comparison

SLIP is a legacy protocol that has now been replaced by the Point-to-Point Protocol (PPP) for the following reasons:

• Although SLIP supports only the Transmission Control Protocol/Internet Protocol (TCP/IP) network protocol, PPP is a multiprotocol encapsulation protocol that can also support Internetwork Packet Exchange (IPX) and AppleTalk. This is not really an issue if you are connecting to the Internet, however, since the Internet is strictly TCP/IP-based.

• SLIP generally requires that the host's TCP/IP parameters be configured manually, but PPP can negotiate the parameters during session establishment. These parameters include the host's IP address, the window size, and compression.

• SLIP might require the user to write a script for automating the logon process, but PPP supports both the Password Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP), which let you automatically forward your credentials to the PPP server for authentication.

See Also Point-to-Point Protocol (PPP) ,wide area network (WAN)

serial transmission

A form of signal transmission that sends information one bit at a time over a single data channel.

Overview

Serial transmission is performed over different kinds of electrical interfaces called serial interfaces. These serial interfaces are generally used to connect data communications equipment (DCE) such as modems to data terminal equipment (DTE) such as computers and terminals. The term interface indicates that these specifications describe how to establish an electrical (pinning) and mechanical (connector) shared boundary between devices. An interface specifies a series of protocols, an arrangement of pins, special control signals, and other functions that enable devices to communicate with each other.

Types

The common serial interfaces used in computer networking and telecommunications include the following:

• RS-232: The most commonly used serial interface in ordinary network communication, which supports transmission over a range of 0 to 20 kilobits per second (Kbps) at distances of up to 50 feet (15.24 meters). RS-232 can use either DB9 or DB25 connectors.

• RS-422: Specifies a balanced electrical interface but no specific mechanical interface for point-to- point serial communication. RS-422 typically uses either DB9 or DB37 connectors.

• RS-423: Similar to RS-422, except that unbalanced lines are used instead of balanced ones.

• RS-449: Specifies the mechanical interface for RS-422 and RS-423 and is used with these interfaces for high-speed serial communication with Channel Service Unit/Data Service Units (CSU/DSUs) and routers.

• RS-485: Defines a balanced, multipoint interface using tristate drivers to reduce noise. The combined interface RS-422/485 allows you to daisy-chain up to 31 serial devices to a single serial port and is typically used for interfacing industrial sensors and measuring equipment to a computer.

• RS-530: A successor to RS-232 and RS-449 that provides high-speed synchronous and asynchronous serial communication of up to 2 megabits per second (Mbps).

• V.35: An International Telecommunication Union (ITU) standard for data transmission at 48 Kbps that is typically used for connecting CSU/DSUs and routers for wide area network (WAN) communication over digital data service (DDS) lines. V.35 uses a block-shaped 34-pin connector.

• X.21: An ITU standard for synchronous communication between DTEs and DCEs on public X.25 packet-switched networks. X.21 typically uses a DB15 connector.

Notes

Serial interfaces such as RS-232 are the most commonly used protocol for devices called line drivers, which enable terminals and hosts to be connected over phone lines and extend the distance over which the serial interface can function by regenerating the signal.

Related terminology includes

• Serial cable: A cable used to connect pieces of DCE to pieces of DTE by using a serial interface

• Serial port: A plug or connector on pieces of DTE that can use serial transmission to send and receive data

See Also data communications equipment (DCE) ,data terminal equipment (DTE) ,line driver ,parallel transmission ,RS-232 ,V.35

server

A computer whose role in a network is to provide services and resources to users.

Overview

Servers usually have one or more specific roles in a network, including:

• Application servers: These are used as the back end in a client/server environment. Examples include mail servers and database servers.

• File and print servers: These provide users with centralized locations for storing files and accessing print devices.

• Authentication servers: These servers validate users for logging on and accessing network resources. An example might be a Microsoft Windows 2000 domain controller.

• Web servers: These can be used to serve Web content ranging from static Hypertext Markup Language (HTML) pages to e-commerce sites.

See Also Web server

server-based network

A network in which one or more servers centrally manage network security and storage.

Overview

In a server-based network, special computers called servers handle network tasks such as authenticating users, storing files, managing printers, and running applications such as database and e-mail programs. Security is generally centralized in a security provider, which allows users to have one user account for logging on to any computer in the network. Because files are stored centrally, they can be easily secured and backed up.

Server-based networks are more costly and complex to set up and administer than peer-to-peer networks, and they often require the services of a full-time network administrator. They are ideal for businesses that are concerned about security and file integrity and have more than 10 computers.

Examples

Microsoft Windows 2000 is a robust platform for server-based networking that offers centralized network administration, networking that is easy to set up and configure, NTFS file system (NTFS) security, file and print sharing, user profiles that allow multiple users to share one computer or allow one user to log on to many computers, Routing and Remote Access for supporting mobile users, and Internet Information Services (IIS) for establishing an intranet or Internet presence.

See Also peer-to-peer network

server farm

A group of servers managed as a whole.

Overview

Server farms are typically used in large enterprises and e-commerce sites to group Web servers together for handling loads that would exceed the capacity of individual servers. Server farms are generally switched networks running Gigabit Ethernet (GbE) that are separate from the regular corporate network. They often employ load balancing and caching appliances at the front end to give users who are accessing the servers the illusion that they are accessing a single mega-server instead of many smaller servers grouped together. Server farms generally employ 1U or 2U rack-mounted servers that can be deployed by the hundreds or thousands in relatively small rooms.

Server farms come in all shapes and sizes and are often interconnected with storage area networks (SANs) to provide enterprise-level storage capacity and manageability that complements the farm's processing power.

See Also Gigabit Ethernet (GbE) , rack ,

serverless backup

A backup technology sometimes used in storage area networks (SANs).

Overview

Serverless backup is a new backup technology in which volumes are imaged and their images are stored for archival purposes. Serverless backup generally employs agents that create a "snapshot" of a database or file system and copies this snapshot to tape. Examples of vendors in this emerging market include Legato Systems, Computer Associates, VERITAS Software Corporation, and others. With the growing importance of SANs in enterprise environments, serverless backup is one technology enterprise networking architects might want to watch in the next few years.

See Also backup ,

Server Message Block (SMB)

A general-purposes information-sharing protocol.

Overview

Server Message Block (SMB) is a client/server protocol developed jointly by Microsoft Corporation, IBM, and Intel Corporation for passing information between computers on a network. SMB employs NetBIOS for its transport protocol, and is widely used on Microsoft Windows networks and IBM's OS/2 platform for file and print sharing purposes. SMB can also be used on Transmission Control Protocol/Internet Protocol (TCP/IP) networks, in which case it uses NetBIOS over TCP/IP (NetBT) as its transport.

A popular open-source version of SMB called Samba is available for most UNIX platforms. Samba provides full-featured SMB servers which allow Windows clients access to file and print resources on UNIX networks and is a popular platform for Windows/UNIX interoperability.

Uses

SMB supports functions such as:

• Opening and closing connections between SMB clients (redirectors) and SMB servers (file and print servers) to allow clients to access shared network resources

• Locating, reading, and writing to files on a file server

• Locating and printing to shared print queues

SMB can also be used as a general message-passing protocol for performing remote transactions in a distributed applications environment. Remote procedure calls (RPCs) can be performed over SMB, and SMB also supports other interprocess communication (IPC) mechanisms, including named pipes and mailslots.

Implementation

SMB employs four basic types of messages:

• Session control messages: Open or close a redirector connection to a shared resource on the server. The SMB redirector packages the requests sent to remote servers in an SMB-enabled network.

• File messages: Used by the redirector to gain access to files on the server.

• Printer messages: Used by the redirector to send data to a print queue and get status information about the queue.

• Message messages: Let applications exchange messages with another computer.

SMB supports both share-level and user-level authentication, with user-level being preferred for greater security.

Notes

Common Internet File System (CIFS) is a standards- based version of the proprietary SMB protocol and runs directly on top of TCP/IP.

For More Information

You can find Samba at www.samba.org

See Also Common Internet File System (CIFS) ,NetBIOS ,NetBIOS over TCP/IP (NetBT) ,redirector ,UNIX

Server Operators

A built-in group in Microsoft Windows 2000 whose members have the rights to administer servers on the network.

Overview

Server Operators is a domain local group whose initial membership is empty. The Server Operators group has the following pre-assigned rights:

• Log on locally to the server console

• Change the system time

• Back up files and directories

• Restore files and directories

• Shut down the system

• Force shutdown from a remote system

Server Operators can also share and manage disk resources and printers on the network and lock the server.

See Also built-in group

service

An operating system background process that provides some specific functionality for the network.

Overview

Services are processes that run in the background and provide functionality for other computers on the network. For example, the Server service enables a Microsoft Windows 2000 machine to act as a server and offer shared resources to other machines on the network. Similarly, the Workstation service enables machines to act as clients and access shared resources on servers. What are called services on Windows networks are referred to as daemons on UNIX networks.

In Windows NT, Windows 2000, Windows XP, and Windows .NET Server, services are remote procedure call (RPC)-enabled so that they can be called from remote computers over the network. Most services can be added and removed by using the Add/Remove Windows Components option in Add/Remove Programs and can be controlled and configured using the Services snap-in, which is accessible from Administrative Tools.

The following tables list the default services available for typical Windows 2000 Server and Windows NT 4 Server installations and indicates which services are normally installed and started automatically.

See Also daemon

Service Advertising Protocol (SAP)

A Novell NetWare protocol for advertising network resources.

Overview

Service Advertising Protocol (SAP) is used with Internetwork Packet Exchange (IPX) to enable file and print servers to advertise their availability to clients on a network. SAP periodically advertises the address of the server and the types of services it can provide to clients. It sends its advertisements by making frequent broadcasts to all machines on the local network. Routers generally forward the advertisements so that network services can be made available to machines throughout an IPX internetwork.

Issues

The use of SAP broadcasts on IPX internetworks creates effective limits on the size of a usable IPX internetwork. However, you can configure routers to reduce unnecessary SAP traffic by

• Filtering unnecessary SAP broadcasts using access lists on routers

• Using Cisco Systems IPX routers that allow SAP broadcasts to contain update information only, instead of the entire SAP table, and to forward SAP updates only when a change to the SAP table has occurred

See Also Internetwork Packet Exchange (IPX) ,NetWare protocols

service-level agreement (SLA)

An agreement to provide services above a specified minimum level.

Overview

A service-level agreement (SLA) is a contractual agreement between a customer and a service provider that outlines what services will be provided and defines the acceptable range of performance and availability of those services. SLAs also generally indicate the costs and penalties that will be incurred when performance and availability fall below acceptable levels. SLAs are typically used in contracts with telecommunications service providers (telcos) that provision wide area networking (WAN) connections.

service pack

A collection of patches, fixes, and minor upgrades for a Microsoft product.

Overview

Service packs are typically identified with a number, such as Service Pack 2. Occasionally, interim releases of service packs are also issued, such as Service Pack 2a (SP2a) for Microsoft Transaction Server (MTS). Service packs for each product are generally cumulative. For example, if you apply Service Pack 3 to a product, you normally do not have to apply Service Packs 1 and 2 first, because Service Pack 3 includes the fixes and upgrades in Service Packs 1 and 2. Microsoft Office service packs are known as service releases and are numbered SR-n instead.

Service packs are usually included in Microsoft Developer Network (MSDN) and TechNet subscriptions and are also available for download from the Microsoft Web site. Check MSDN and TechNet for a list of current service packs and what they do for each product. Before you apply a service pack, read its documentation to determine whether you need to apply it. Occasionally, you must apply service packs in a specific order on a system that is running more than one BackOffice product. Check MSDN, TechNet, or the Microsoft Knowledge Base for information on this kind of situation.

Notes

A service pack is not the same as a decimal release, such as an upgrade from version 4 to version 4.01.

services file

A text file that assigns Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port numbers to Transmission Control Protocol/Internet Protocol (TCP/IP) protocols and services.

Overview

The entries in the services file are used for well-known service (WKS) records in Domain Name System (DNS) servers and other Windows Sockets applications. You can also use the file to quickly determine which well-known TCP or UDP port number is assigned to a specific network service or protocol.

You will find the services file at the following location on a computer running Microsoft Windows:

• Windows XP and Windows 2000: %SystemRoot%\System32\drivers\etc\services

• Windows 95 and Windows 98: %WinDir%\Services

Each line in the services file contains the standard name for the service followed by the well-known port number as defined in RFC 1060, an alias, and an optional comment prefixed with a pound sign (#). The following example is part of the sample services file included with Windows:

# Format: # <service name>  <port number>/<protocol>  [aliases...]  [#<comment>]    ... ftp-data  20/tcp         # FTP, data ftp       21/tcp         # FTP. control telnet    23/tcp smtp      25/tcp  mail   # Simple Mail                          Transfer Protocol time      37/tcp  timeserver time      37/udp  timeserver

Notes

You can change the default port number for a TCP/IP service by editing the services file-for example, if you need to run multiple Simple Network Management Protocol (SNMP) agents or if you want to change the default File Transfer Protocol (FTP) control port to make access more private.

See Also hosts file ,lmhosts file ,Networks file ,protocol file

Services for Macintosh

An optional set of services and protocols in Microsoft Windows 2000 and Windows .NET Server that enables file and print resources to be shared between Macintosh computers and computers running Windows 2000 or Windows .NET Server.

Overview

Services for Macintosh simplifies the administration of resources on heterogeneous networks containing a mix of Macintosh and Windows servers and clients. On the Windows 2000 and Windows .NET Server platforms, these services and protocols are sometimes known under the umbrella name AppleTalk network integration.

Services for Macintosh consists of three optional components:

• AppleTalk protocol: Apple's proprietary network protocol for Macintosh computers.

• File Server for Macintosh (MacFile): Lets you specify which volumes on your Windows 2000- or Windows .NET Server-based server you want to make available to Macintosh clients as Macintosh- accessible volumes, manages differences in permissions between the two platforms, and makes sure that Macintosh file names are legal NTFS file system (NTFS) names.

• Print Server for Macintosh (MacPrint): Enables Macintosh clients to spool their print jobs to a Windows 2000 or Windows .NET Server print server.

Macintosh client machines can access Windows 2000 or Windows .NET Server machines running Services for Macintosh in the same way that they access file and print resources on an AppleShare server. Services for Macintosh supports an unlimited number of client connections using the AppleTalk Filing Protocol (AFP), Apple's presentation-layer protocol for sharing files and applications over an AppleTalk network.

Implementation

On servers running Windows 2000 or Windows .NET Server, you can install File Server for Macintosh or Print Server for Macintosh by using the Windows Components Wizard from Add/Remove Programs in Control Panel, which automatically installs the AppleTalk protocol as well. You can also separately install the AppleTalk protocol by using Network and Dial-Up Connections. Services for Macintosh requires an NTFS-formatted volume in order to operate. When Services for Macintosh is first installed, a Macintosh- accessible volume called Public Files is created on the server running Windows 2000 or Windows .NET Server. You can create other Macintosh-accessible volumes later using My Computer.

See Also AppleTalk

session initiation protocol (SIP)

A signaling protocol used in Voice over IP (VoIP).

Overview

Session initiation protocol (SIP) is an Internet Engineering Task Force (IETF) initiative to replace part of the older H.323 conferencing protocol developed by the International Telecommunication Union (ITU). Using SIP, a VoIP client can initiate and terminate call sessions, invite members into a conferencing session, and perform other telephony tasks. SIP also enables Private Branch Exchanges (PBXs), VoIP gateways, and other communications devices to communicate with one another in a standardized way.

SIP is designed with simplicity in mind in order to avoid the heavy overhead of H.323. SIP employs ASCII text messages similar in format to Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) messages. SIP operates at the application level of the Open Systems Interconnection (OSI) reference model.

SIP is defined in RFC 2543. 3Com Corporation has been the driving force behind the development of SIP.

See Also H.323 , Hypertext Transfer Protocol (HTTP) ,Open Systems Interconnection (OSI) reference model ,Private Branch Exchange (PBX) , Voice over IP (VoIP)

session layer

Layer 5 of the Open Systems Interconnection (OSI) reference model.

Overview

The session layer enables sessions to be established and terminated between computers on a network. The session layer does not concern itself with issues such as the reliability and efficiency of data transfer between stations because these functions are provided by the first four layers of the OSI reference model. The session layer is responsible for synchronizing data exchange between computers, structuring communication sessions, and other issues directly related to conversations between networked computers. The session layer is also responsible for name recognition functions at the level of logical network names and for assigning communication ports. For example, the NetBIOS protocol is considered to run at the session level.

The session layer of the OSI reference model is not widely implemented in common local area network (LAN) protocol suites such as Transmission Control Protocol/Internet Protocol (TCP/IP) and Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX). Instead, the top three layers of the OSI model-the application layer, presentation layer, and session layer-are often thought of best as a homogeneous whole subsumed within a generalized application layer.

See Also NetBIOS ,Open Systems Interconnection (OSI) reference model

share

Shared (or sharing of) network resources.

Overview

As a verb, the word share means to make resources on a computer available to other users on the network who have suitable permissions. Resources that can be shared include disk volumes, directories, and printers.

As a noun, the word share is typically another name for a folder or directory that allows users on the network who have suitable permissions to access its contents. The name of a share does not have to be the same as the local name of the object. A share usually contains such items as public data, network applications, and users' home folders.

In Microsoft Windows 98 and Windows Millennium Edition (Me), share access can take two forms:

• Share-level security: Controls access to a share using a password that is the same for all users. For example, a user who wants to connect to a share on a peer server running Windows 98 or Windows Me that uses share- level security must know only the password for the share in order to access it. Share-level security is commonly used in small workgroups.

• User-level security: Controls access to a share through user credentials and group membership. For example, one group of users can be assigned read-only access to the share, another group can be assigned full access, and a third group can be assigned custom access. In order for user-level security to work, the network must have a security provider (such as a Windows 2000 or Windows .NET Server domain controller).

In Windows 2000, shares are always based on user-level security. A network user's access to a shared folder on an NTFS file system (NTFS) volume is governed by a combination of NTFS permissions and shared folder permissions.

Notes

Share names that do not conform to the MS-DOS 8.3 naming convention cannot be accessed by MS-DOS-based workstations.

See Also NTFS permissions (Windows 2000,Windows XP ,and Windows .NET Server)

shared folder

A folder that has been shared to allow its contents to be accessed by users on the network (provided they have suitable permissions).

See Also share

shared folder permissions

In Microsoft Windows, a set of permissions that can be assigned to a shared folder to control access by users and groups on the network.

Overview

Shared folder permissions can be applied only to the entire shared folder, not to its files and subfolders. If you want to control access to individual files and subfolders within a network share, you can use the more granular NTFS file system (NTFS) permissions on Windows NT, Windows 2000, Windows XP, and Windows .NET Server. In addition, shared folder permissions are effective only when a user accesses the folder over the network. If a user can log on locally to the console of the computer where the share is located, that user can always access the contents of the shared folder regardless of the shared folder permissions set (unless the folder is on an NTFS volume and the NTFS permissions restrict the user from accessing the resource). Finally, shared folder permissions are the only way to secure network resources that are stored on file allocation table (FAT) volumes.

Shared folder permissions. The Change Access Rights dialog box in Windows 98.

If a user belongs to two or more groups, and these groups have different permissions on a given share, the user's ability to access the folder over the network can be calculated by two rules:

• The effective permission is the least restrictive (most permissive) permission, as in this example:

  read + change = change permission

• No access or deny access overrides all other permissions, as in this example:

  read + no access = no access

Different versions of Windows employ different mechanisms for assigning shared folder permissions to users and groups. The following tables show the permissions for each of these operating systems and lists what the permissions allow users to perform.

Shared folder permissions. The Access Through Share Permissions dialog box in Windows NT 4.

Notes

When you first share a folder in Windows 2000, Windows XP, and Windows .NET Server, the default permissions are Full Control for the Everyone group. You should remove this default permission and assign more appropriate permissions to the share, such as change permission for Domain Users and full control for Administrators.

Shared folder permissions. The Permissions dialog box in Windows 2000.

When you assign permissions to shared folders, use group accounts instead of user accounts in order to simplify administration. Give users the most restrictive permissions that still enable them to perform the necessary tasks on the files in the share.

See Also NTFS permissions (Windows 2000, Windows XP ,and Windows .NET Server),NTFS permissions (Windows NT) ,

shared SCSI bus

A Small Computer System Interface (SCSI) disk system shared between two nodes in a cluster.

Overview

Shared SCSI buses are used in clustering to allow multiple nodes in a cluster to access the same disk system. The shared SCSI bus logically represents the total interconnection between the cluster and the shared storage devices, but in practice this consists of a number of electrically separate SCSI bus segments. Each disk on a shared SCSI bus is owned by only one of the cluster's nodes. If the disk group fails over, ownership of the disk switches from the failed node to the other node.

Notes

When using a shared SCSI bus with Windows Clustering on Microsoft Windows 2000, you can remove the internal termination of the SCSI bus and use Y-cables or trilink connectors for terminating the external bus. In this way, you can remove the device if maintenance is required without affecting other devices on the bus.

See Also clustering ,

share-level security

A mode of security on computers running Microsoft Windows 98 and Windows Millennium Edition (Me) that protects shared folders and printers using a password.

Overview

When using share-level security, all users use the same password to access the resource and any user who knows the password has permission to use the resource. The security options for protecting a shared folder using share-level security include

• Allowing read-only access, with or without a password

• Allowing full access, with or without a password

• Specifying one password for read-only access and another for full access

  

  Share-level security. The Sharing tab of a folder's Properties dialog box.

Share-level security is often used in small peer-to-peer networks with computers running Windows 98 or Windows Me. Use the Network utility in Control Panel to enable share-level security.

See Also peer-to-peer network ,user-level security

shell

The user interface for an operating system.

Overview

The term shell refers to the external user-accessible portion of an operating system, and the term kernel refers to the part that is normally hidden from the user. On UNIX platforms shell usually refers to the command- line interface (also called the command interpreter), but on Microsoft Windows platforms the desktop graphical user interface (GUI) element can also be considered a type of shell.

In a UNIX command-line shell, when a user types a command such as ls (list directory contents), the shell executes the associated program called ls. When the shell executes the command, it typically starts a new process for the command and goes into a sleep state until the command finishes executing, at which time the shell wakes up and issues a prompt to indicate that it is ready to receive another command. The output of shell commands is directed by default to Standard Output, which is the screen, but you can redirect command outputs to files and other applications. One advantage of using a command-line shell is that shell scripts can be written for batch execution of a series of shell commands.

Various shells are available for different UNIX platforms, each tailored to a different administration and programming environment. One commonly used shell is the Bourne Shell, which functions as both a command interpreter and a high-level programming language in which shell scripts can be used to automate groups of processes. Other UNIX shells include the C Shell of System V UNIX, which includes job control and command history mechanisms, and the Korn shell, which supports command-line editing.

Notes

The command prompt in Windows provides similar functionality to UNIX shells, although scripting capabilities are more limited because they are based on the MS-DOS command language. The Windows Script Host (WSH) overcomes these limitations by supporting higher-level scripting languages such as Microsoft Visual Basic, Scripting Edition (VBScript), and JScript.

UNIX shell scripts are called batch files in Windows programming environments. In an IBM mainframe environment, they are called EXECs.

See Also kernel ,UNIX ,Windows Script Host (WSH)

shielded twisted-pair (STP) cabling

Twisted-pair cabling that contains internal shielding.

Overview

The shielding in shielded twisted-pair (STP) cabling is designed to reduce crosstalk and other forms of electromagnetic interference (EMI). The outer insulating jacket contains an inner braided copper mesh to shield the pairs of twisted cables, which themselves are wrapped in foil.

STP cabling is more expensive than unshielded twisted- pair (UTP) cabling. It has an impedance of 150 ohms, has a maximum length of 295 feet (90 meters), and is used primarily in networking environments with a high amount of EMI due to motors, air conditioners, power lines, or other noisy electrical components. STP cabling is the default type of cabling for IBM Token Ring networks.

STP cabling comes in various grades or categories defined by the Electronic Industries Association/ Telecommunications Industry Associaiton (EIA/TIA) wiring standards, as shown in the following table.

See Also crosstalk , electromagnetic interference (EMI) , unshielded twisted-pair (UTP) cabling

shielding

Metallic material added to cabling to reduce susceptibility to noise due to electromagnetic interference (EMI).

Overview

Shielding usually takes one of two forms:

• A braided copper or aluminum mesh enclosing the signal-carrying wires. This type of shielding offers superior performance and should be used in industrial areas where heavy machinery generates a lot of EMI.

• An aluminum foil sleeve that encloses individual wires or the entire wire bundle. This kind of shielding is more suitable for office environments to shield against noise due to air conditioners, fans, and other motors.

For best performance, you can combine both kinds of shielding. An additional uninsulated drain wire is sometimes used to terminate the shield; it runs the length of the wire in contact with the foil sleeve or mesh. Shielded cabling is generally more expensive than unshielded cabling.

See Also coaxial cabling ,

short

A condition that occurs when signal-carrying conductors make contact.

Overview

The effect of a short is similar to having a break in the cable-network communication ceases. To find or isolate a short, use a cable tester or time domain reflectometer. Cable shorts can occur only in copper cables, not fiber-optic cables, although breaks can occur in fiber-optic cables.

See Also network troubleshooting

Shortest Path First (SPF)

A routing algorithm used by the Open Shortest Path First (OSPF) protocol.

Overview

Also called the Dijkstra algorithm, Shortest Path First (SPF) is a routing algorithm in which a router computes the shortest path between each pair of nodes in the network. When an OSPF router is initialized, it sends a Hello message to determine whether it has any neighbors (routers that have an interface on the same network). Neighbors respond to the initiating router by using the same Hello packets. In fact, these Hello packets also serve to tell other routers that the transmitting router is still alive (keep-alive function). If more than two OSPF routers are on the internetwork, the Hello protocol causes one of the routers to be designated as the one to send out link state advertisements (LSAs) to all other routers on the network.

Neighbors then synchronize their topological databases with each other to become "adjacent" routers. Each router periodically floods the network with cost information for its adjacent nodes in the form of LSAs, allowing them to compile complete tables of network connections and calculate the path of least cost between any two nodes. Finally, each router analyzes its own database of network topology information and uses it to determine a shortest-path tree using itself as the root; from this tree, it derives a routing table for itself.

See Also Open Shortest Path First (OSPF)

Short Message Service (SMS)

A protocol for sending short text messages over cellular communications systems.

Overview

Short Message Service (SMS) is a two-way text-based messaging service originally developed for the Global System for Mobile Communications (GSM) cellular telephone systems deployed across Europe. SMS allows messages to be sent or received simultaneously with voice, fax, or data transmission over GSM systems because it uses a separate signaling path instead of a dedicated channel. SMS thus works reliably even during peak usage periods of cellular systems. SMS offers an advantage over paging systems in that it notifies the sender using an alert when the recipient has received the message.

SMS can send short messages of up to 160 alphanumeric characters between two cellular users. SMS messages are typically charged to the senders, which encourages users to leave their cell phones on at all times in order to receive SMS messages and alerts.

Implementation

SMS works as a store-and-forward service in which messages that are sent are stored at an SMS messaging center until the recipient can connect and receive them. To use SMS, the user needs a subscription to a GSM bearer that supports SMS and a cell phone that supports SMS. The SMS function must be enabled for that user, typically through a subscription charge together with a per-message fee. Some SMS systems support compression to increase the amount of information that can be included in a message, and support concatenation of messages to create a single message from several message fragments.

Prospects

SMS has proven so popular in Europe that many non-GSM cellular systems around the world have also been implementing it in various degrees. Examples include Digital Advanced Mobile Phone System (D-AMPS) in the United States and Personal Digital Cellular (PDC) in Japan. The worldwide cdmaOne (IS-95b) system supports larger 256-byte two-way messages, but the analog Advanced Mobile Phone System (AMPS) still deployed in much of the United States supports 14-byte receive-only messaging.

SMS has also helped energize the drive toward deploying wireless application protocol (WAP) by creating consumer readiness for broadband wireless e-business.

See Also 2G ,2.5G ,cellular communications ,Global System for Mobile Communications (GSM) ,Wireless Application Protocol (WAP)

S-HTTP

Stands for Secure Hypertext Transfer Protocol, an Internet protocol for encryption of Hypertext Transfer Protocol (HTTP) traffic.

See Also Secure Hypertext Transfer Protocol (S-HTTP)

SIBone

Stands for Satellite Internet Backbone, a satellite-based network exchange point.

See Also Satellite Internet Backbone (SIBone)

SID

Stands for security identifier, an internal number used in Microsoft Windows 2000, Windows XP, and Windows .NET Server that uniquely identifies a user, group, or other object.

See Also security identifier (SID)

signal

An electrical transmission that carries information.

Overview

In its simplest form, a signal is a form of alternating current (AC) running on network cabling that is generated by a networking component such as a network interface card (NIC). Signals are usually purposeful transmissions, as opposed to noise, which is an undesirable transmission generated randomly by networking components and the surrounding environment. Signals can be classified as:

• Electrical: Travel over copper wire as a medium

• Optical: Travel through fiber-optic cabling

• Electromagnetic: Travel through free space, as in wireless networking and cellular communications

In the computer networking environment, signals are generally square waves and thus digital in nature, carrying information in binary format. To accomplish this, information must be encoded into the signal using a line coding mechanism, a technique for representing binary information using a series of discrete voltages. The earliest digital signaling method used in computer networking is the unipolar nonreturn to zero (NRZ) mechanism, in which a binary 1 is represented by a positive voltage and a zero by no voltage. Ethernet uses a different method called Manchester coding, and other networking technologies employ other kinds of signaling methods.

See Also line coding , Manchester coding ,network interface card (NIC) ,

signaling

The process in which control information is exchanged during establishment of a communication session.

Overview

In wide area network (WAN) technologies, signaling is the process by which the devices at either end of a WAN link communicate with each other to establish common timing and signal-flow settings. Signaling must occur before a communication session is established and before data is actually sent over the link. Session-establishment signaling between telecommunications devices generally has a certain degree of latency. That is, it takes time for sessions to be negotiated and established before data can be sent. For example, analog modems typically take 15 to 30 seconds from dial-up until the connection is established, and Integrated Services Digital Network (ISDN) dial-up services sometimes take only 1 to 2 seconds to establish a connection.

Implementation

Signaling between telecommunications devices generally takes place by one of two methods:

• In-band signaling: The signaling information is sent in the same communication channel as the data itself.

• Out-of-band signaling: The signaling happens on a separate channel, usually a separate pair of wires.

See Also analog modem ,in-band signaling ,Integrated Services Digital Network (ISDN) ,latency ,out-of-band (OOB) signaling ,wide area network (WAN)

signal loss

The loss of strength of a signal as it propagates over a medium.

Overview

Signal loss generally refers to loss of signal strength in guided media such as copper cabling and fiber-optic cabling. Unguided media such as wireless networking technologies have signals that decrease in power per unit area primarily because of the inverse square law.

A number of mechanisms can cause signal loss in a wire or cable:

• Attenuation: Caused by resistive losses in the cable and affects only copper cabling

• Absorption: Causes signal loss in fiber cabling because the glass core material is not perfectly transparent

• Fractures: Can result in both attenuation and absorption of signal strength

• Splices, connectors, and couplings: Involve dissimilar materials joined together and generally produce some loss

Signal loss is usually expressed in units of decibels (dB) per source of the loss. The following table shows typical signal loss values for fiber-optic cabling. These rough values are useful for estimating total signal loss, which you can calculate by simply adding the loss for each element in the light path.

Notes

The total end-to-end signal loss of a light path through a fiber-optic cabling system is known as the optical power budget. If this value is greater than the power launch rating of your line driver, your system will not work.

Simple Mail Transfer Protocol (SMTP)

An application-layer protocol for delivery of e-mail over the Internet.

Overview

Simple Mail Transfer Protocol (SMTP) defines a message format and forwarding procedure to enable messages to be sent between hosts on the Internet. As such, SMTP is one of the most important protocols in use on the Internet. The basics of SMTP are defined in RFCs 821 and 822.

Implementation

To forward a message, an SMTP host first establishes a connection with a second SMTP host using Transmission Control Protocol (TCP) port 25. An SMTP session is then initiated by sending a HELO command and receiving an OK response. The first host then uses the following commands to forward messages to the second host:

• MAIL FR: Identifies the sending host to the receiving host

• RCPT TO: Identifies the targeted message recipient to the receiving host by using the Domain Name System (DNS) format user@DNSdomain

• DATA: Initiates the sending of the message body as a series of lines of ASCII text, ending with a single period (.) alone on a line

• QUIT: Closes the SMTP connection

SMTP uses plain 7-bit ASCII text to send e-mail messages and to issue SMTP commands to receiving hosts. Multipurpose Internet Mail Extensions (MIME) is typically used to encode multipart binary files including attachments into a form that SMTP can handle.

Notes

Note that SMTP only provides message transport only from one SMTP host to another. Support for storing messages in mailboxes is provided by Post Office Protocol version 3 (POP3) and Internet Mail Access Protocol version 4 (IMAP4).

See Also ASCII ,Internet Mail Access Protocol version 4 (IMAP4) ,Multipurpose Internet Mail Extensions (MIME) ,Post Office Protocol version 3 (POP3) ,Transmission Control Protocol (TCP)

Simple Network Management Protocol (SNMP)

A popular protocol for network management.

Overview

Simple Network Management Protocol (SNMP) is an Internet-standard Layer-7 (application layer) protocol for collecting information from and configuring network devices such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network. SNMP can be used to collect information about network statistics from these devices and to relay this information to a central management console to monitor network health, trap errors, perform diagnostics, and generate reports. Typical statistical information might include the number of packets or frames sent or received per second and the number of errors per second. SNMP can also be used for reading and sometimes modifying device configuration information such as the IP address of an interface, or the version of the operating system running on the device.

Simple Network Management Protocol (SNMP). How SNMP can be used to manage devices on a network.

SNMP was developed in the late 1980s and is still the most popular network management protocol in use. There are two versions of SNMP:

• SNMPv1: This is the original version of SNMP, which lacked security for ensuring the authenticity and integrity of SNMP messages.

• SNMPv2: This version has increased security that supports a simple authentication scheme based on SNMP communities.

SNMPv2 is defined in RFCs 1901 through 1908 and 2089.

Implementation

SNMP is a client/server protocol that consists of two components that work together:

• SNMP agents: These are programs that run on the network devices to be managed (called managed devices) and that collect Transmission Control Protocol/Internet Protocol (TCP/IP)-related configuration information and statistics about the operation of the device. Agents do not require heavy CPU usage to run. The types of information that an agent can collect are defined in a local database called a Management Information Base (MIB). MIB databases are hierarchical and contain managed objects that have uniquely assigned identifiers issued by the International Organization for Standardization (ISO). SNMP variables are specific instances of managed objects in MIBs. Agents running on managed devices monitor specific sets of SNMP variables and temporarily store this information until the agent is polled by a management system, whereupon the agent reports the values of the stored information to the management system. Most network devices have built-in SNMP agent software and associated MIBs.

• SNMP management system: Also called Network Management System (NMS), this is software that runs on an administrative console and can display data gathered from managed devices in a user- friendly form through a graphical user interface (GUI). SNMP Management Systems software can notify the administrator when certain conditions (such as errors) occur. Most SNMP management systems can also automatically determine the topology and components of a network with SNMP- enabled computers, routers, hubs, and switches and can display network topology, traffic, and conditions in graphical format. SNMP management systems regularly poll managed devices using SNMP messages for statistical and configuration information and then store this information in a central database, which can be used to present the information in a friendly way to users.

SNMP is a simple protocol that is message-based in operation. SNMP messages are sent between management consoles and managed devices over User Datagram Protocol (UDP) port 161. These messages contain a header and a payload called the Protocol Data Unit (PDU). The header contains information about the community being referenced. A community is a subset of agents that will be monitored using a specific management system and institutes a primitive level of security, acting as a primitive means of authentication. SNMP messages come in four types, three of which are issued by management stations and one by agents:

• Get: Issued by the management system to an agent on a managed device to read the value of a specific variable on the device.

• Getnext: Issued by the management system to determine which SNMP variables are supported by an agent running on a managed device and to traverse a series of variables to read their values sequentially.

• Set: Issued by the management system to an agent on a managed device to write a value for a specific variable on the device.

• Trap: Issued by an agent running on a managed device when an error or alert condition occurs. The trap message is sent to the management system to alert administrators of the situation.

SNMP version 2 adds additional security features, can be applied to network architectures other than TCP/IP, and supports additional data types. It is only partially backward compatible with SNMP 1. SNMP 2 also defines two additional types of messages:

• Getbulk: Similar to getnext but allows the retrieval of greater amounts of information in one data block

• Inform: Allows management systems to send information to other management systems using a trap-like message

The management station regularly sends get, getnext, and set messages to the SNMP agent on the managed device, in effect periodically polling the agent for the status of the device. The agent verifies the community name in the message, verifies the IP address or host name of the SNMP management system, processes the request, and sends the results to the management system.

Notes

A new version of SNMP called SNMPv3 is currently being developed to enhance the security of earlier versions.

See Also application layer ,International Organization for Standardization (ISO) ,Internet Protocol (IP) ,Management Information Base (MIB) ,network management ,port ,User Datagram Protocol (UDP)

Simple Object Access Protocol (SOAP)

A message-passing protocol used to enable distributed Web services.

Overview

Simple Object Access Protocol (SOAP) is a protocol developed by Microsoft Corporation, IBM, and other vendors to enable Web applications and services to communicate with one another over the Internet. SOAP enables these services to communicate regardless of the platform they are running on or the programming languages with which they were developed. SOAP is a cross-platform, standards-based solution that is easy to implement and that has broad industry support. SOAP has been proposed as a World Wide Web Consortium (W3C) standard.

Implementation

SOAP connects components of distributed applications using an XML-based RPC mechanism based on Extensible Markup Language (XML) and the Remote Procedure Call (RPC) architecture. Using SOAP, an application on one host can invoke object methods and functions on a remote host running a SOAP application. To perform this, the first application creates a block of XML text that contains the location of the remote object on the network and the data needed by the object to invoke the method. The application then passes the XML block to a SOAP server that encapsulates and transports the message block to the remote application using Hypertext Transfer Protocol (HTTP) or some other common Internet application layer protocol. Once the method has been invoked and execution is complete, the remote application returns a similar XML-based message to the initiating application.

SOAP is intended to complement existing distributed application platforms such as Microsoft's Distributed Component Object Model (DCOM) and the Open Group's Common Object Request Broker Architecture (CORBA). SOAP also forms the underlying transport mechanism for the Electronic Business Extensible Markup Language (ebXML) developed by the Organization for the Advancement of Structured Information Standards (OASIS).

See Also Common Object Request Broker Architecture (CORBA) ,Distributed Component Object Model (DCOM) ,Electronic Business Extensible Markup Language (ebXML) ,Hypertext Transfer Protocol (HTTP) ,remote procedure call (RPC) ,World Wide Web Consortium (W3C) ,XML

simple volume

A type of disk volume in Microsoft Windows 2000, Windows XP, and Windows .NET Server.

Overview

In Windows 2000, Windows XP, and Windows .NET Server, a simple volume is one made up of one or more contiguous blocks of free disk space on a single physical disk. You can extend simple volumes to include additional free disk space from the initial drive or from other drives, forming a spanned volume. You can create simple volumes only on dynamic volumes created using Disk Management. Simple volumes have no fault tolerance but can be mirrored to form mirrored volumes.

See Also volume

simplex

A form of communication in which signals are sent in only one direction.

Overview

Simplex is different from duplex, in which signals can simultaneously be sent and received by a station, and from half-duplex transmission, in which signals can be sent or received but not both at the same time. Simplex transmission occurs in many common communication applications, the most obvious being broadcast and cable television. It is not used in true network communication because stations on a network generally need to communicate both ways. Some forms of network communication might seem to be simplex in nature, such as streaming audio or video, but the communication actually takes place using bidirectional network traffic, usually Transmission Control Protocol (TCP) traffic. Simplex communication is not included in the V series recommendations of the International Telecommunication Union (ITU).

See Also duplex ,half-duplex

single domain model

A type of Microsoft Windows NT domain model used for small networks.

Overview

In the single domain model, all global users and group accounts reside in a single domain and all network resources reside in the same domain. The single domain model is simple to implement and offers centralized administration of accounts and resources. Although the model can theoretically work for as many as 40,000 accounts, it performs poorly with large numbers of accounts. The single domain model is, therefore, generally used only in small to mid-sized Windows NT-based networks.

When you upgrade a Windows NT-based network based on the single domain model to a Windows 2000-based network, you usually end up with a single domain in Active Directory directory service. You can then use Active Directory to create organizational units (OUs) to organize your network and assign administrative rights and permissions.

See Also complete trust model ,master domain ,multiple master domain model

single master domain model

A type of Microsoft Windows NT domain model used for large networks.

Single master domain model. The structure of the single master domain model.

Overview

In the single master domain model, all global users and group accounts reside in a single Windows NT domain called the accounts domain. Network resources reside in other domains are called resource domains. Each resource domain must have a trust relationship with the accounts domain. Users who log on to their accounts in the accounts domain can access shared network resources in any resource domain if they have the appropriate permissions. The advantages and disadvantages of using this model are shown in the following table.

When you upgrade a Windows NT-based network based on the single master domain model to a Windows 2000-based network, you usually perform the upgrade from the top down. You first upgrade the master domain to a Windows 2000 domain based on Active Directory directory service. Then you upgrade resource domains to child domains within a directory tree whose root domain is the former master domain. You can move user accounts from the master domain to the domains where users actually work, because two-way transitive trusts enable users in any domain within the domain tree to access resources in any other domain.

Alternatively, companies with a centralized IT (information technology) department can upgrade both the master domain and the resource domains to a single Windows 2000 domain. Organizational units (OUs) can then be created within Active Directory to mirror the administrative structure of the former master domain model. Administrative rights and permissions can be assigned to users and groups based on the new OUs. Here are the advantages of using this approach:

• One domain to manage

• No trust relationships to create or manage

• Faster searching because all directory objects reside in a single domain

See Also complete trust model , multiple master domain model ,

single-mode fiber-optic cabling

A type of fiber-optic cabling that can carry only one signal at a time.

Overview

Single-mode fiber-optic cabling typically has a core that is only 5 or 10 micrometers in diameter-much smaller than the core of multimode fiber, which needs room to carry many different light signals simultaneously. Single-mode fiber uses light generated by a laser-emitting diode to carry signals. Such laser light is extremely stable and uniform and can be accurately focused, making it perfect for long-distance transmission. Single-mode fiber has extremely low signal attenuation and is typically used for long cable runs because it can generally carry signals up to 50 times farther than multimode fiber, which can carry many different signals simultaneously.

Uses

Use single-mode fiber-optic cabling for long cable runs or where extra bandwidth is required. The bandwidth of single-mode fiber is typically double that of multimode fiber. Be aware, however, that installing single-mode fiber requires more care and expertise to avoid signal loss, especially if you terminate the cable with connectors. Single-mode fiber is also more expensive than multimode because multimode systems use transmitters that have cheaper light-emitting diodes, but single- mode systems use more expensive laser-emitting diodes in their transmitters. Also, when you use single-mode fiber-optic cabling, the ancillary devices such as line drivers cost more.

See Also fiber-optic cabling ,multimode fiber-optic cabling

Single Sign On (SSO)

Any technology that requires users to have only one set of credentials to access network resources.

Overview

Single Sign On (SSO) has been an elusive goal in enterprise networking for many years. Enterprise networks are generally heterogeneous systems comprised of operating systems and applications from many vendors, and users on these networks often require different sets of credentials for each platform they need to access. As a result, different vendors have pursued the concept of SSO, whereby users employ only one set of credentials to log on to the network and access any applications or resources they might need.

SSO can be viewed as either a benefit or a hazard. From the benefit point of view, some analysts estimate that password maintenance costs the average enterprise hundreds of dollars per user each year-a cost that can be reduced through implementing SSO technologies. On the other hand, the complexity of implementing true SSO in a heterogeneous networking environment can be so great that many network administrators are loath to attempt it.

Marketplace

The foundation for Microsoft Windows 2000's SSO solution is the Kerberos authentication protocol, which can enable SSO to be implemented in a mixed Windows/ UNIX environment. Novell has its own SSO solution called Novell Single Sign On (NSSO) that can be used in a mixed Novell/Windows environment. Security companies such as Entrust Technologies and RSA Security have offered SSO solutions based on public key cryptography systems. Third-party companies such as Axent Technologies also offer their own SSO systems for cross-platform authentication.

See Also authentication protocol ,Kerberos ,public key cryptography

SIP

Stands for session initiation protocol, a signaling protocol used in Voice over IP (VoIP).

See Also session initiation protocol (SIP)

SLA

Stands for service-level agreement, an agreement to provide services above a specified minimum level.

See Also service-level agreement (SLA)

SLIP

Stands for Serial Line Internet Protocol, a serial encapsulation protocol.

See Also Serial Line Internet Protocol (SLIP)

Small Business Server

A complete, integrated server solution from Microsoft Corporation for businesses with 25 or fewer PCs.

Overview

Microsoft BackOffice Small Business Server includes file, print, and application services; communication services; and Internet connection services.

Small Business Server integrates these applications from the BackOffice family of products:

• Microsoft Windows NT

• Microsoft Exchange Server

• Microsoft SQL Server

• Internet Information Services

• Microsoft Proxy Server

Small Business Server also extends this BackOffice functionality by including the following:

• Microsoft Fax Service

• Microsoft Modem Sharing Server

• Internet connectivity for small businesses

Small Business Server is easy to set up and manage, and it can grow with a business's needs. It includes the following features:

• Unified, integrated administration through the Small Business Server Console

• Simple, wizard-based installation and configuration (from creating users to installing printers and establishing Internet connectivity)

• Easy setup and configuration of client computers using the Set Up Computer Wizard

• Extensive online help and troubleshooting tips for the administrator and users

• An easy upgrade path to BackOffice Server when a business grows beyond 25 computers

• Support for e-mail, the Internet, and fax

• Scheduling and collaboration features through the Microsoft Outlook desktop information manager and Exchange Server

For More Information

Visit www.microsoft.com/sbserver.

Small Computer System Interface (SCSI)

A popular general-purpose input/output (I/O) bus.

Overview

Small Computer System Interface (SCSI) is a hardware bus specification for connecting storage devices and peripherals to a computer using a parallel transmission interface. SCSI was developed by Apple Computer and is widely used in the enterprise environment for servers and high-end workstations. Although SCSI is mainly used as a hard disk interface, it can also be used for connecting peripherals such as printers, scanners, and so on. The main competitor to SCSI is the Integrated Drive Electronics (IDE) interface, which is widely used in commodity PCs.

SCSI is defined by a number of American National Standards Institute (ANSI) standards that include the SCSI-1, SCSI-2, SCSI-3, and SCSI-5 specifications.

Advantages and Disadvantages

SCSI has two main advantages over IDE:

• SCSI supports daisy-chaining of multiple devices, making SCSI drives a more scalable solution for internal PC storage systems.

• SCSI drives generally have faster transfer speeds and better performance than IDE drives.

On the negative side, this extra performance comes at a significantly higher cost, and IDE drives have been closing in on SCSI speeds for the last few years. SCSI also has multiple versions that are incompatible with one another.

Types

SCSI standards and implementations can be classified in several ways. For example, SCSI devices differ depending on the width of the data path used, giving two categories:

• Narrow SCSI: One byte (8 bits) of data are transferred for each clock cycle. Narrow SCSI devices typically use the 50-pin Centronics SCSI interface.

• Wide SCSI: Two bytes (16 bits) are transferred each cycle. Wide SCSI devices usually employ a 68-pin parallel SCSI interface.

SCSI devices can also be classified according to their use of grounding:

• Single-ended: These use unbalanced transmission in which one data lead and one ground lead establish single-ended signal transmission over the bus. This type of device is more prone to the effects of noise and is less forgiving of cable lengths beyond specifications. Single-ended (SE) SCSI is generally considered obsolete.

• Differential: These use balanced transmission in which there are two data leads, neither of which are at ground potential. These devices are generally more expensive but are resistant to the effects of noise and can often function over distances that exceed the SCSI specifications. Differential SCSI is used in two common forms: high-voltage differential (HVD) and low-voltage differential (LVD) SCSI.

Finally, forms of SCSI are differentiated by the clock speed used:

• SCSI: This is the original 1986 SCSI-1 standard and supports transmission rates of 5 megabytes per second (MBps) over an 8-bit bus and supports up to seven daisy-chained devices. SCSI cables typically use Centronics 50 or Telco 50 connectors, and the chained bus length must not exceed 6 meters (20 feet).

• Fast SCSI: Sometimes referred to as Plain SCSI, the SCSI-2 standard supports transmission rates of 10 MBps over an 8-bit bus (called Fast Narrow SCSI) using Micro DB50 connectors or 20 MBps over a 16-bit bus (called Fast Wide SCSI). Fast SCSI supports up to seven daisy-chained devices and the bus length must not exceed 6 meters (20 feet) for Fast Narrow SCSI and 3 meters (10 feet) for Fast Wide SCSI.

• Ultra SCSI: Sometimes called Fast-20 SCSI, the SCSI-3 standard supports transmission rates of 20 MBps over an 8-bit bus (Narrow Ultra SCSI) or 40 MBps over a 16-bit bus (Wide Ultra SCSI). Ultra SCSI can support up to 15 daisy-chained devices and its cables typically use MicroD 68-pin or Mini 68 connectors. There are also variants of Ultra SCSI called Ultra2 SCSI, which supports 40 MBps (Narrow) or 80 MBps (Wide), and Ultra3 SCSI, which supports 80 MBps (Narrow) or 160 MBps (Wide).

• SCSI-5: Also called Very High Density Connector Interface (VHDCI), this form of SCSI is similar to SCSI-3 but uses a smaller 0.8 millimeter connector.

All these various forms of SCSI are incompatible with one another.

Small Computer System Interface (SCSI). Four varieties of SCSI interface.

Implementation

To implement SCSI on a system, you use a SCSI adapter to interface with the system bus, suitable SCSI devices such as SCSI hard drives, SCSI cables to daisy- chain the devices, and SCSI terminators for the ends of the bus. Each device on a SCSI bus must have a SCSI device ID number assigned to it, allowing SCSI to be used for daisy-chaining a number of devices together on a single parallel bus. You can change SCSI IDs by using dip switches or jumpers or by using special SCSI configuration software.

SCSI cables must always be properly terminated in order for devices to be properly recognized; they should also use high-quality active terminators. Diagnostic terminators that help identify problems in signal quality are also available.

Always use the shortest cable possible for SCSI connections, because longer cables cause signals to weaken and are more affected by noise due to electromagnetic interference (EMI). When you calculate the total length of the SCSI bus, add the lengths of all the SCSI cable segments plus any internal SCSI cabling.

Be sure that all devices on a SCSI bus are configured for either single-ended or differential transmission-do not mix these methods on a single bus. You can connect single-ended devices to differential transmission devices only by using a signal converter. If you do not use a signal converter, your SCSI devices might be damaged by unexpected voltages.

See Also Fibre Channel ,

smart card

A plastic card with an embedded microchip used to authenticate the owner.

Overview

Smart cards have been around a long time, at least in concept. The first patent on "chip cards" was issued in 1974, but the technology of that day did not support implementation of the concept. By 1978, however, smart cards began to make their appearance, and their use spread rapidly, particularly in France and several other European countries.

Smart card technology was initially proprietary vendor- based technology that required cards, card readers, and software drivers to be used from a single vendor to ensure interoperability. To overcome this issue, the International Organization for Standards (ISO) developed the ISO 7816 standard that defined the operation of the physical and data-link layer of smart cards and readers. This standard was quickly adopted by financial credit institutions such as Visa International and MasterCard International and by the Global System for Mobile Communications (GSM) cellular phone system. In the last few years smart card readers have even become a built-in feature of high-end laptops from Acer America Corporation, Compaq Computer Corporation, and other PC vendors. Microsoft Windows 2000, Windows XP, and Windows .NET Server also have built-in support for smart card authentication, making the technology easy to implement in the enterprise desktop arena.

See Also authentication protocol ,Global System for Mobile Communications (GSM)

SMB

Stands for Server Message Block, a general-purposes information-sharing protocol.

See Also Server Message Block (SMB)

SMDS

Stands for Switched Multimegabit Data Services, a high-speed metropolitan area network (MAN) data service offered by some telcos.

See Also Switched Multimegabit Data Services (SMDS)

S/MIME

Stands for Secure/Multipurpose Internet Mail Extensions, a scheme for secure e-mail messaging.

See Also Secure/Multipurpose Internet Mail Extensions (S/MIME)

SMS (Short Message Service)

Stands for Short Message Service, a protocol for sending short text messages over cellular communications systems.

See Also Short Message Service (SMS)

SMS (System Management Server)

Stands for Systems Management Server, a server application from Microsoft Corporation for managing an organization's networked computers.

See Also Systems Management Server (SMS)

SMTP

Stands for Simple Mail Transfer Protocol, an application- layer protocol for delivery of e-mail over the Internet.

See Also Simple Mail Transfer Protocol (SMTP)

SNA

Stands for Systems Network Architecture, a set of IBM mainframe networking standards and protocols introduced in 1974.

See Also Systems Network Architecture (SNA)

SNADS

Stands for SNA Distribution Services, the e-mail messaging transport protocol for IBM's Systems Network Architecture (SNA).

Overview

SNADS is a mainframe host-based messaging system that is commonly used in SNA networking environments. Microsoft Exchange Server includes a connector for enabling messaging connectivity between SNADS mail systems and Exchange servers. You can use Microsoft SNA Server to provide the underlying network connectivity for this connector to function. The SNADS connector allows Exchange Server to leverage the functionality of existing host-based messaging systems such as AS/400 and System 3x during migration to a distributed client/server-based environment.

See Also Exchange Server ,

snap-in

A component that can be loaded into the Microsoft Management Console (MMC).

Overview

Snap-ins provide a specific management capability in Microsoft Windows 2000, Windows XP, Windows .NET Server, or Microsoft server applications. Numerous snap-ins are available for administering Windows 2000-based networks, including third-party snap-ins for managing installable third-party applications and services.

Snap-ins come in two types:

• Stand-alone snap-ins (or simply "snap-ins"), which provide an associated set of administrative functions

• Extensions, which provide additional functionality to stand-alone snap-ins

The following table shows some of the snap-ins that come with Windows 2000. Not all of them appear in the administrative tools program group accessed from the Start menu.

See Also Microsoft Management Console (MMC)

SNA Server

A Microsoft Corporation server application for local area network (LAN)-host integration, now replaced by Microsoft Host Integration Server.

See Also Host Integration Server

sniffing

Passively monitoring network traffic.

Overview

Sniffing is a term used to describe the process of nonintrusively capturing network traffic. Sniffing can be used for good or bad reasons. For example, network administrators might connect a packet analyzer ("sniffer") to a local area network (LAN) segment or Ethernet switch port to troubleshoot network problems. Hackers also employ sniffers to unobtrusively examine network traffic and look for weaknesses that might be exploited.

Sniffing makes use of network interfaces running in something called "promiscuous mode." In this mode the interface reads and examines every frame or packet on the segment. This is in contrast to an interface working in normal mode, where only those frames addressed to the interface (or broadcast to every interface) are processed.

See Also hacking ,interface ,network troubleshooting

SNMP

Stands for Simple Network Management Protocol, a popular protocol for network management.

See Also Simple Network Management Protocol (SNMP)

SOAP

Stands for Simple Object Access Protocol, a message- passing protocol used to enable distributed Web services.

See Also Simple Object Access Protocol (SOAP)

SOA record

Stands for start of authority record, the first record in a Domain Name System (DNS) zone file.

See Also start of authority (SOA) record

socket

A logical endpoint for communication between two hosts on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.

Overview

A socket is also an application programming interface (API) for establishing, maintaining, and tearing down communication between TCP/IP hosts. Sockets were first developed for the Berkeley UNIX platform as a way of providing support for creating virtual connections between different processes.

Sockets provide a mechanism for building distributed network applications such as client/server applications. Two sockets form a complete bidirectional communication path between processes on two different TCP/IP hosts. Network-aware applications and services can create and destroy sockets as needed.

Architecture

As an endpoint for network communication between hosts, a socket is uniquely identified by three attributes:

• The host's IP address

• The type of service needed-for example, a connectionless protocol such as User Datagram Protocol (UDP) or a connection-oriented protocol such as Transmission Control Protocol (TCP)

• The port number used by the application or service running on the host

For example, the following identifier would represent a socket for the Simple Mail Transfer Protocol (SMTP) mail service running on a host with the specified IP address. (Port 25 is the well-known port number for the SMTP service on a TCP/IP host.)

172.16.8.55 (TCP port 25)

Notes

In the Win32 programming environment, sockets are implemented using a programming interface called Windows Sockets. Windows Sockets on Microsoft Windows platforms supports most Internet protocols and services, such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Telnet.

See Also Windows Sockets

SOCKS

A circuit-layer proxy used to securely send data over distrusted networks.

Overview

SOCKS is a protocol that can be used to establish a secure connection between two computers over the Internet. SOCKS was first developed in 1990, and its current version, SOCKSv5, originated in 1995. SOCKS is widely implemented in firewall, proxy server, and virtual private network (VPN) hardware and software. SOCKS is defined in RFCs 1928, 1929, and 1961.

Implementation

To use SOCKS, you must have SOCKS-enabled client software installed on the hosts that will be communicating over the proxy server. SOCKS lets hosts on each side of a proxy server communicate with each other by establishing a relay connection between the internal and external networks. Using SOCKS, these virtual circuits are set up and torn down between the two hosts on a session- by-session basis. When a SOCKS client wants to connect to a host on the other side of a firewall or proxy server to access network resources, SOCKS server software running on the proxy server authenticates the host's request, creates a circuit-level proxy connection to the target host, requests the necessary data, and relays the information back to the requesting host.

SOCKS. How the SOCKS v5 protocol works.

The SOCKS client on the requesting host must first negotiate an authentication method with the SOCKS server before it sends the user's credentials to the SOCKS server for authentication. SOCKS v5 supports a number of authentication methods, including Challenge Handshake Authentication Protocol (CHAP), and digital certificates based on a public key infrastructure (PKI). Once the user is authenticated, the SOCKS client sends a request message using the SOCKS protocol to the SOCKS server (the daemon or SOCKS service running on the firewall or proxy server). This request message contains the address of the target host, such as a Web server on a corporate intranet. The SOCKS server then establishes a Transmission Control Protocol (TCP) connection with the target host that functions as a proxy circuit between the requesting and target hosts. Once this "virtual circuit" is established, the SOCKS server notifies the SOCKS client and communication can begin between the two hosts, with the SOCKS server relaying each packet sent between them.

SOCKS servers usually include comprehensive logging functionality to analyze the flow of traffic between the trusted and distrusted networks.

Notes

The previous version of the protocol, SOCKS v4, was more difficult to configure on the client side and had no support for authentication of users or encryption of data. It also did not support User Datagram Protocol (UDP) traffic. SOCKS v5 is easier to configure, supports various authentication methods and encryption algorithms, and supports connectionless UDP traffic.

See Also Challenge Handshake Authentication Protocol (CHAP) ,firewall ,proxy server ,public key infrastructure (PKI) ,Transmission Control Protocol (TCP) ,virtual private network (VPN)

softswitch

A media gateway controller for Voice over IP (VoIP).

Overview

Softswitches are part of the infrastructure that links VoIP implementations to the Public Switched Telephone Network (PSTN). They are used to set up telephone calls and coordinate the actions of other telephony devices such as media gateways and signaling gateways. Media gateways are used to translate traffic between Internet Protocol (IP) networks and a carrier's Asynchronous Transfer Mode (ATM) backbone network, and signaling gateways perform services similar to the Signaling System 7 (SS7) protocol used in the PSTN for call establishment, routing, and termination.

Softswitches are less expensive than traditional voice telephony switches. Many telcos are beginning to implement softswitches in their central office (CO) switching fabric to prepare for an eventual move to VoIP technologies, which will enable voice and data networks to converge.

See Also Asynchronous Transfer Mode (ATM) ,central office (CO) ,Public Switched Telephone Network (PSTN) ,telco ,Voice over IP (VoIP)

solid conductor wire

Wire that has a single solid copper core surrounded by insulation, as opposed to stranded conductor wire, which consists of many fine strands of wire woven into a conducting bundle.

Overview

Unshielded twisted-pair (UTP) cabling commonly comes in both solid and stranded forms. The solid conductor form is generally used for vertical backbone cabling between wiring closets on different floors and for horizontal runs from wiring closets to wall plates in work areas on each floor. Solid cabling is also used for permanently installed long cable runs inside and between buildings because it has less attenuation than stranded conductor wire and signals can travel farther without losing strength.

The following table compares the advantages of these two types of wire.

See Also stranded conductor wire ,unshielded twisted-pair (UTP) cabling

SONET

Stands for Synchronous Optical Network, a physical layer specification for broadband synchronous transmission used by telecommunications carriers.

See Also Synchronous Optical Network (SONET)

source address

The address from which a frame or packet of data originates on a network.

Overview

The source address identifies the sending host to the receiving host and is used by the receiving host as a destination address for a response packet (such as an acknowledgment). Bridges also use the source address in building their internal routing tables of media access control (MAC) addresses for determining which packets should be forwarded to other network segments.

The source address refers to one of the following:

• The physical address, such as the MAC address of an Ethernet frame

• The logical address, such as the Internet Protocol (IP) address of an IP packet

Source addresses always identify the specific host that transmitted the packet or frame onto the network. This is in contrast to destination addresses, which sometimes direct packets to all hosts or to a specific group of hosts on the network.

Notes

You can see the source address of a packet or frame by using a network sniffer such as Network Monitor, a tool included with Microsoft Systems Management Server (SMS). Network Monitor displays source addresses in both ASCII and hexadecimal form.

See Also destination address

spam

Unsolicited e-mail such as chain letters and advertising for services or products.

Overview

Spam is sometimes politely referred to as unsolicited commercial e-mail (UCE). To avoid getting spam, you can do the following:

• Avoid posting messages to Usenet newsgroups.

• Never reply to junk mail.

• Configure filters on your mail client to filter out mail containing certain keywords.

• Ask your Internet service provider (ISP) to configure its mail servers to reject spam.

If your e-mail address somehow gets on the mailing lists of spammers, you can usually configure rules on your e-mail program's Inbox to discard mail that comes from a specific address, uses words such as sale or buy in the subject header, or has specific words or phrases in the body of the message, but this is usually a tedious and losing game. A better solution is to use the Delete key. If the situation gets really bad, see whether your mail administrator or ISP can filter out spam.

See Also e-mail

spanned volume

A type of disk volume in Microsoft Windows 2000 and Windows .NET Server.

Overview

A spanned volume is one made up of free space from more than one physical disk. You can extend spanned volumes by adding additional free space from other physical disks. Spanned volumes must be created on dynamic disks. They are not fault tolerant and cannot be mirrored.

Notes

In Windows NT, the equivalent to a spanned volume is a volume set.

See Also volume

spanning tree algorithm (STA)

An algorithm that eliminates loops in a bridged or switched network.

Overview

The spanning tree algorithm (STA) has two main purposes:

• To establish a loop-free (tree-like) topology in a network containing bridges and switches. The elimination of loops in bridged (switched) networks is essential in order for communications to be reliable and to prevent traffic from endlessly looping around the network.

• To ensure that there is a path between each pair of network segments in a bridged network. In other words, to ensure that this loop-free tree actually "spans" the entire network.

The STA was created by Radia Perlman.

Implementation

To collect the network topology information needed to use the STA, bridges and switches periodically send to each other special data-link layer messages called bridge protocol data unit (BPDU) messages, which are based on the IEEE 802.1 specification. These messages allow a bridged/switched network to elect a root bridge for the entire network and designated bridges for each network segment, which form the basis of the spanning tree created by the algorithm. The STA determines which ports are redundant and form loops on the network and issues messages that cause those ports to be shut down (blocked) to eliminate the loops. Ports that are blocked are still active (still receiving BPDU messages), however, so that if the network topology changes (for example, by a bridge going down or being moved) the port can be unblocked if required to ensure that the network is still fully spanned.

Issues

Implementing the STA on Ethernet switches can sometimes prevent Dynamic Host Configuration Protocol (DHCP) clients from renewing their leases with the DHCP server. For example, it could take a few seconds for the STA to check the ports on a switch for loops, and if a DHCP client tried to obtain a DHCP lease during this time, the DHCPREQUEST packet could be lost. Should this problem arise, you can work around it either by disabling the algorithm on switches or by manually releasing and renewing the computer's Internet Protocol (IP) address using ipconfig.

See Also 802.1 ,bridge ,Ethernet switch

sparse mode

One of two forms of the spanning tree algorithm (STA) used in multicasting.

Overview

Whereas dense mode routing is designed for large-scale multicasting where hosts are spread out across every corner of the network, sparse mode is intended to be efficient in routing multicast packets to clusters of hosts across a network. Sparse mode thus assumes that hosts are sparsely concentrated in small clusters or pockets scattered around a few areas of the network. An example of a situation where sparse mode multicasting might be required would be a corporate webcast originating at headquarters and targeted at a limited number of branch offices. Sparse mode is also more effective at dealing with heavy traffic congestion than dense mode when the number of intended recipients is small.

Implementation

Sparse mode multicasting creates a single multicast routing tree for all recipients. Unlike dense mode, where every corner of the network is first flooded with multicast packets and branches that are then pruned back, sparse mode relies on the recipient hosts to initiate the connection by sending a request to a nearby router.

Sparse mode multicasting can employ several different routing protocols to handle the flow:

• Core-Based Trees (CBT)

• Protocol Independent Multicast-Sparse Mode (PIM-SM)

See Also Core-Based Trees (CBT) , dense mode ,multicasting ,Protocol Independent Multicast-Sparse Mode (PIM-SM) ,routing protocol ,

special identity

Also known as a system group, a special group account in Microsoft Windows 2000 whose membership is controlled by the operating system itself, not by administrators or individual users.

Overview

User accounts become "members" of these special groups based on the type of system activity they participate in; you cannot modify the "membership" of these groups directly. Special identities on Windows 2000 systems include the following:

• Creator Owner: Consists of users who will create files or subdirectories within the current directory on an NTFS file system (NTFS) volume.

• Everyone: Consists of all network users, including guests and users from distrusted domains. Granting NTFS permissions to Everyone allows anyone to access the file or directory.

• Interactive: Consists of all users who log on interactively to the console of the machine or who access the NTFS file system on the machine from a local console.

• Network: Consists of all users who log on to the machine from over the network or who access the NTFS file system on the machine from over the network.

• System: Consists of the local operating system. System is not normally used when assigning permissions to files and directories on NTFS volumes.

• Authenticated Users: Consists of all users with a valid user account in the local directory database or in Active Directory directory service.

• Anonymous Logon: Consists of any user accounts that Windows 2000 did not authenticate.

• Dialup: Consists of any users who currently have a dial-up connection.

SPF

Stands for Shortest Path First, a routing algorithm used by the Open Shortest Path First (OSPF) protocol.

See Also Shortest Path First (SPF)

SPM

Stands for statistical packet multiplexing, another name for statistical multiplexing (STM), a multiplexing technique used in frame relay and Asynchronous Transfer Mode (ATM) networking.

See Also statistical multiplexing (STM)

spoofing

A tactic used by hackers that involves forging the identity of a packet source.

Overview

Spoofing is generally used to attempt to breach a network's security in order to compromise its systems. Spoofing is performed by altering packets' source addresses, making them appear as though they came from a trusted user within the network rather than from a distrusted outside user. Spoofing is one of the common methods used by hackers and is of particular concern when a network is connected to the Internet.

Because of limitations in the design of the current Internet Protocol (IP) standard, IPv4, spoofing of IP packets cannot be prevented, only protected against. One way to protect your network against IP address spoofing is to use the packet-filtering features of a router or firewall. Configure your packet-filtering router so that the input filter on the external router interface discards any packet coming from the external network whose source address makes it look as though it originated from your own internal network. Similarly, configure the output filter on your internal router interface to discard any outgoing packets that have a source address different from that of your internal network to protect against spoofing attacks from within your own network.

See Also hacking ,Internet Protocol (IP) ,packet filtering

spooling

The process of temporarily storing documents sent for printing on a hard disk and then sending them to the print device when it is ready (or when some other criterion has been met).

Overview

The application software that performs spooling is called a spooler. The spooler accepts and temporarily stores documents to be printed and then sends them to the printer according to predefined conditions such as print priority and schedule. Spooling of print jobs allows control to be returned more quickly to the application that generated the job. Spooling also allows jobs to be queued when the printer is unavailable so that the application does not have to generate the jobs again.

Notes

The term spool is actually an acronym for Simultaneous Peripheral Operation On Line.

See Also printing terminology

spread spectrum

A wireless networking technology originally developed by the U.S. military for secure wireless communication.

Overview

Unlike other forms of wireless communication, spread spectrum technologies take advantage of a large portion of the electromagnetic spectrum, making it difficult for distrusted users to "listen in" on private conversations. Spread spectrum networking systems generally use very low power signals in the high radio or low microwave portion of the electromagnetic spectrum.

In the United States, spread spectrum communication can utilize three portions of the electromagnetic spectrum that have been allocated by the Federal Communications Commission (FCC) for wireless devices without special licensing:

• Industrial band: 902 to 928 megahertz (MHz)

• Scientific band: 2400 to 2483.5 MHz

• Medical band: 5725 to 5850 MHz

Types

Two basic mechanisms can be used to implement spread spectrum wireless communication: direct sequencing and frequency-hopping.

• Direct sequencing: This mechanism takes an individual binary bit from the transmission signal and converts it to a binary string. This string is then transmitted as a single wideband signal over an adjacent set of frequencies, with each bit in the string transmitted at a different frequency. The receiving station examines the bit pattern of the binary string and determines which single bit was originally transmitted by the sending station. This technology has built-in fault tolerance because electromagnetic interference (EMI) might degrade a portion of the binary string, but if the receiving station can recognize a different portion of the string, communication is assured. A typical example of direct sequencing technology might be to assign the string 10011011 to bit 1 and its inverse 01100100 to bit 0. Transmission of the bit sequence 110 would then consist of three transmitted strings: 10011011, 10011011, and 01100100.

• Frequency-hopping: This uses a continually changing carrier frequency. The pattern by which the carrier frequency is changed is programmed according to an algorithm known to both the sending and receiving stations. For communication to take place, the two stations must remain synchronized throughout the session. One station is designated the master station and the other the slave station. If particular frequencies within the spread spectrum communication band contain interference from other radio sources, frequency-hopping technology can avoid these frequencies by using adaptive techniques. To further enhance security, either station can also dynamically change the pattern of frequency hopping.

Uses

Spread spectrum technologies can have a variety of uses in networking, including point-to-point links between networks, wireless local area networks (LANs), and cellular-based roving network communication. One common use in networking environments is for connecting stations to a LAN when it is impractical or impossible to lay cabling. You can also use spread spectrum wireless bridge technologies to establish point-to-point or multipoint communication between buildings on a campus. These devices usually support line-of-sight connections that function to distances of 18.5 miles (30 kilometers) or more, with speed decreasing as the distance increases. Spread spectrum devices for wireless LAN stations generally have a much shorter range, usually no more than about 655 feet (200 meters).

See Also Direct Sequence Spread Spectrum (DSSS) ,direct sequencing ,frequency hopping ,Frequency Hopping Spread Spectrum (FHSS) ,wireless networking

SQL

Stands for Structured Query Language, a standards- based language used by relational database management programs primarily for constructing queries.

See Also Structured Query Language (SQL)

SQL Server

A high-performance client/server relational database management system (RDBMS) for the Microsoft Windows 2000 and Windows .NET Server operating systems.

Overview

A RDBMS is used in high-volume transaction-processing environments such as online order entry systems, data warehousing, decision-support applications, and e-commerce. Microsoft SQL Server includes the following advanced features:

• A distributed management framework for centrally managing all servers running SQL Server in an organization

• Built-in data replication to copy information throughout an enterprise-not only to SQL Server databases but also to Oracle, IBM DB2, Sybase, and other databases

• The Web Assistant for populating a Web server with structured query language (SQL) data for Internet or private intranet use

• Microsoft Distributed Transaction Coordinator for creating distributed transaction-based applications across multiple servers

• Integration with the security features of the Windows NT platform

• A high-performance, scalable, multithreaded parallel architecture

• Scalable dynamic locking architecture for page-level and row-level locking

• Data warehousing and online analytical processing (OLAP) enhancements

• Support for OLE Automation stored procedures

• Integration with Microsoft Exchange through the SQL Mail utility

• Support for Windows .NET Server, Windows 2000, Windows NT, Windows 98, and Windows 95

• A query processor that supports the complex queries used in decision support, data warehousing, and OLAP applications

• Wizards that ease tasks for administrators and programmers

• Support for Microsoft Management Console (MMC)

• Tools for profiling and tuning a server's performance

• Integration with Microsoft Proxy Server and Microsoft Office 2000

SQL Server is a client/server database system. The server runs the SQL Server database software, which processes requests submitted by the database client software and sends the results back to the client. The SQL Executive and the SQL Server Database Engine service are examples of database services performed by SQL Server.

The SQL Server software is arranged in multiple layers. The Net-Library layer, which accepts connections from clients, hides the network connectivity details when a client communicates with a server running SQL Server. Net-Libraries use interprocess communication (IPC) mechanisms such as named pipes, remote procedure calls (RPCs), and Windows Sockets. Several Net- Libraries are included with SQL Server for both the server and the client. Net-Libraries on the server listen for client connection attempts.

A client computer runs the database client software, which is used to connect to the server running SQL Server, make requests, receive results, and display the results on the user's screen. Examples of database client software that can connect to SQL Server include SQL Server Enterprise Manager, ISQL/w, and Microsoft Access. The database client software is also made up of multiple layers. Users interact directly with the client application, which might present a form such as an order entry form. When the user submits the form, the client software interacts with the server running SQL Server using open database connectivity (ODBC) or DB-Library application programming interfaces (APIs). The server processes the request and returns information to the client.

For More Information

Visit www.microsoft.com/sql.

See Also database ,

SSL

Stands for Secure Sockets Layer, a transport layer security protocol used on the Internet.

See Also Secure Sockets Layer (SSL)

SSO

Stands for Single Sign On, any technology that requires users to have only one set of credentials to access network resources.

See Also Single Sign On (SSO)

SSP

Stands for storage service provider, a company offering outsourced storage services.

See Also storage service provider (SSP)

STA

Stands for spanning tree algorithm, an algorithm that eliminates loops in a bridged or switched network.

See Also spanning tree algorithm (STA)

stackable hubs

Hubs that can be connected to operate as a single hub.

Overview

Stackable hubs can be placed one above another on an equipment rack and connected using specialized short cables, generally ribbon cables. The reason for using stackable hubs is that the stacked hubs effectively create a single hub with a large number of ports and a single collision domain. This is generally superior to the older way of cascading hubs together by using uplink ports, a method which tends to generate crosstalk. Note that when you stack several hubs, the top and bottom hubs usually have a free connection that must be properly terminated in order for the stacked array to function properly.

Stackable hubs. How to connect stackable hubs.

Besides hubs, Ethernet switches are often stackable as well. Switches are stacked mainly to provide greater scalability and increased manageability. Popular stackable Fast Ethernet switches for workgroup environments include 3Com Corporation's SuperStackII line of switches, Cisco Systems' Catalyst 2500 series, and Nortel Networks' BayStack 450 series.

See Also crosstalk ,Ethernet switch ,hub ,rack

stand-alone server

A server that does not perform logon authentication and is not part of a domain.

See Also member server

standard Ethernet

The original Institute of Electrical and Electronics Engineers (IEEE) standard for implementing 10 megabits per second (Mbps) Ethernet over thick coaxial cabling.

See Also 10Base5

standards organizations

Organizations that help standardize technologies and practices.

Overview

Many standards organizations have contributed specifications and standards to the computer networking industry. Without these agencies, the networking world would be a nightmare of noninteroperable proprietary vendor-developed technologies. Some of the larger and more important standards bodies related to computer networking and Internet standards include

• American National Standards Institute (ANSI)

• European Computer Manufacturers Association (ECMA)

• Institute of Electrical and Electronics Engineers (IEEE)

• Internet Engineering Task Force (IETF)

• International Organization for Standards (ISO)

• International Telecommunication Union (ITU)

• Object Management Group (OMG)

• World Wide Web Consortium (W3C)

Many standards bodies are also devoted to specific technology areas, such as the ATM Forum and the Fibre Channel Alliance. The work of all these standards bodies is important to the long-term viability of the IT (Information Technology) sector and marketplace.

See Also American National Standards Institute (ANSI) ,Institute of Electrical and Electronics Engineers (IEEE) ,International Organization for Standardization (ISO) ,International Telecommunication Union (ITU) ,Internet Engineering Task Force (IETF) ,World Wide Web Consortium (W3C)

star bus topology

A combination of star topology superimposed on a backbone bus topology.

Star bus topology. Example of a star bus topology.

Overview

Star bus topology is a networking topology in which hubs for workgroups or departmental local area networks (LANs) are connected by using a network bus to form a single network. You can connect these hubs by using one of the following:

• Regular 10Base2 or 10BaseT cables with uplink ports on the hubs

• Crossover cables for regular (host) ports on the hub

• Special cables for stackable hubs

Notes

When you use this topology with standard Ethernet hubs, do not create an excessively large collision domain by adding too many stations. This will degrade network performance unless you segment the network by using bridges or routers.

See Also bus topology ,

StarLAN

The popular name of 1Base5, an obsolete 1 megabit per second (Mbps) local area network (LAN) networking technology.

See Also 1Base5

start of authority (SOA) record

The first record in a Domain Name System (DNS) zone file.

Overview

The start of authority (SOA) record defines the general properties of the zone for a name server, such as the name server on which the zone file resides, the zone of authority, and the administrative contact for the domain.

Examples

Here is an example of a start of authority (SOA) record:

@   IN   SOA   nameserver.place.dom.                  postmaster.place.dom. ( 1         ; serial number 3600      ; refresh   [1h] 600       ; retry     [10m] 86400     ; expire    [1d] 3600 )    ; min TTL   [1h]

This SOA record contains the following information:

• The name of the subdomain over which a particular name server has authority (nameserver.place.dom)

• The name of the host on which this zone file resides

• The e-mail address of the person responsible for administering the subdomain (postmaster@ place.dom)

• A serial number, which increases when the zone data is updated and which is used in zone transfers to determine whether the secondary name server needs a new version of the zone file

• A refresh interval, in seconds, that informs the secondary name server how frequently it should check with the master name server to see whether its zone information is current

• A retry interval, in seconds, that tells the secondary name server how often to contact the master name server if the initial contact is unsuccessful

• An expire interval, in seconds, that informs the secondary name server how long to keep trying to contact the master name server for a refresh of the zone data before the data expires and the secondary name server no longer responds to name queries

• The Time to Live (TTL), which is a value returned by the name server to resolvers when a name is resolved, informing the resolver how long it can cache the resolved name and Internet Protocol (IP) address

See Also Domain Name System (DNS) ,resource record (RR)

star topology

A networking topology in which the components are connected by individual cables to a central unit, usually a hub.

Overview

Star topology is the most popular way to connect computers in a workgroup or departmental local area network (LAN), but it is slightly more expensive than using bus topology. When a computer or other networking component transmits a signal to the network, the signal travels to the hub, which forwards the signal simultaneously to all other components connected to the hub. One advantage of star topology is that the failure of a single computer or cable does not bring down the entire LAN. Another advantage is that topology centralizes networking equipment, which can reduce costs in the long run by making network management much easier.

Star topology is used mainly to

• Connect computers in a workgroup or departmental LAN using a hub.

• Connect workgroup or departmental hubs using a master hub or switch. This is a special star topology called either cascading hubs or star-wired topology.

  

  Star topology. Example of a star topology network.

Notes

If no one on a star network can access network resources, the hub might be down or overloaded. Try resetting the hub by using the reset switch, or try powering it off and then on. If a hub frequently needs to be reset, you might have a hardware malfunction or network bandwidth might be reaching capacity (which means that you should upgrade your components).

See Also bus topology , mesh topology ,ring topology ,

static address

An Internet Protocol (IP) address that is manually assigned to a host on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.

Overview

Static IP addresses are usually used for

• Small workgroups whose machine configurations will not change often. Peer-to-peer networks that use Microsoft Windows 95 or Windows 98 do not have a Dynamic Host Configuration Protocol (DHCP) server to assign IP addresses to stations on the network.

• Servers on a network, which should have an IP address that does not change. An alternative is to assign a DHCP reservation to these servers so that they receive their IP addresses automatically from a DHCP server but always receive the same reserved address.

• Windows NT-, Windows 2000-, and Windows .NET Server-based servers that are running certain services, such as DHCP, Windows Internet Name Service (WINS), or Domain Name System (DNS). Servers running these services normally require static IP addresses.

Computers running Windows support both static IP addressing and dynamic IP addressing through the DHCP.

See Also Dynamic Host Configuration Protocol (DHCP) ,IP address

static mapping

On a Windows Internet Name Service (WINS) server, a manually entered NetBIOS name to Internet Protocol (IP) address mapping stored in the WINS database.

Overview

WINS servers normally create mappings dynamically when a WINS client performs NetBIOS name registration upon client initialization. Non-WINS clients do not register their names, so administrators must manually create WINS database entries. Once they do this, other hosts on the network can perform NetBIOS name discovery queries to resolve the NetBIOS name of non- WINS clients into their IP addresses.

See Also Windows Internet Name Service (WINS)

static routing

A routing mechanism that depends on manually configured routing tables.

Overview

Static routing is generally used in smaller networks that contain only a couple of routers or when security is an issue. Routers that use static routing are sometimes called static routers. Each static router must be configured and maintained separately because static routers do not exchange routing information with each other.

For a static router to function properly, the routing table must contain a route for every network in the internetwork. Hosts on a network are configured so that their default gateway address matches the Internet Protocol (IP) address of the local router interface. When a host needs to send a packet to another network, it forwards the packet to the local router, which checks its routing table and determines which route to use to forward the packet.

Advantages and Disadvantages

Static routers are more difficult to administer than dynamic routers, but they can be more secure because the administrator controls the configuration of the router. They are therefore immune from attempts by hackers to spoof dynamic routing protocol packets in order to reconfigure the router and try to hijack network traffic.

Notes

You can configure a multihomed server as a static router in Microsoft Windows 2000 by first clicking the Advanced button on the Transmission Control Protocol/Internet Protocol (TCP/IP) property sheet. Select the Options tab, select TCP/IP Filtering and click Properties, then select Enable TCP/IP Filtering. You can then add static routes for each remote network by using the Route command.

See Also dynamic routing ,routing table

statistical multiplexing (STM)

A multiplexing technique used in frame relay and Asynchronous Transfer Mode (ATM) networking.

Overview

Statistical multiplexing (STM) enables information from a number of channels to be combined for transmission over a single channel. STM dynamically allocates bandwidth only to channels that are currently transmitting on an as-needed basis, without any bandwidth being allocated to quiet (non-transmitting) channels. This is in contrast to time-division multiplexing (TDM), where quiet devices still use up a portion of the multiplexed data stream, filling it with empty packets. STM usually packages the data from the active channels into packets and dynamically feeds them into the output channel on a first in, first out (FIFO) basis, but it can also allocate extra bandwidth to specific input channels on demand.

Switches and other devices that support statistical multiplexing usually include support for other features, such as:

• Store-and-forward error detection and correction: Identifies which channel sent each packet of data and corrects errors that occur

• Data compression: Increases the amount of data that can be sent per packet

A multiplexer that is capable of statistically multiplexing several data streams together is sometimes called a statmux. If you have a statmux at each end of a digital line, the receiving statmux can identify the channel of each packet sent by the sending statmux and demultiplex the data stream into its original data channels.

Notes

STM is sometimes referred to as statistical time-division multiplexing (STDM) or statistical packet multiplexing (SPM), but the shorter term is used more often.

See Also Asynchronous Transfer Mode (ATM) ,frame relay ,multiplexer (MUX) ,multiplexing ,time-division multiplexing (TDM)

STDM

Stands for statistical time-division multiplexing, another name for statistical multiplexing, a multiplexing technique used in frame relay and Asynchronous Transfer Mode (ATM) networking.

See Also statistical multiplexing (STM)

STM

Stands for statistical multiplexing, a multiplexing technique used in frame relay and Asynchronous Transfer Mode (ATM) networking.

See Also statistical multiplexing (STM)

stop screen

A blue screen that appears when the Microsoft Windows NT, Windows 2000, Windows XP, or Windows .NET Server operating system experiences a fatal problem and terminates itself.

Overview

A stop screen includes the following information:

• The top of the screen shows the bugcheck information-the error code and a list of up to four developer-defined parameters.

• The middle portion of the screen lists all modules that have been successfully loaded and initialized by the operating system. This information is listed in three columns: preferred memory location, link time stamp, and driver name.

• The bottom portion shows the build number of the kernel and a stack dump that indicates the address range in which the driver might have failed.

The most important part of a stop screen is the bugcheck information in the first few lines, which gives a stop code and parameters that can help identify the source of the problem to Microsoft Corporation support technicians.

The following table shows some common bugcheck codes and how to interpret them.

Notes

Sometimes you can compare the addresses of the parameters in the top portion of the stop screen with the addresses of drivers in the stack dump at the bottom and identify which driver might have caused the crash, but this will not always work. For more information on bugcheck codes and how to interpret them, check Microsoft TechNet.

See Also TechNet

storage

Various technologies used to store information.

Overview

Advances in storage technologies and an explosion of enterprise storage needs have made the storage segment the hottest segment of the IT (information technology) market in the last few years. For example, demand for redundant array of independent disks (RAID) systems is doubling every year, and the overall storage utility market is expected to grow to $7 billion by 2003. New technologies such as solid state disks are eliminating the input/output (I/O) bottleneck in high-end servers, and the emergence of 10 Gigabit Ethernet (10GbE) makes storage over IP a promising technology that challenges the supremacy of Fibre Channel in the enterprise storage arena.

Types

Storage in the enterprise environment generally follows a hierarchical three-tier system:

• Online storage: This is the primary form of storage used by servers and is used to store data that needs to be easily accessible. The simplest form of online storage is disk storage-that is, disk drives housed within a PC server box. For additional storage other solutions might be used, including RAID-5 arrays, network attached storage (NAS) appliances, and storage area networks (SANs).

• Nearline storage: Also called secondary storage, this form is used to store data that infrequently needs to be accessed. Common forms of nearline storage include optical storage technologies such as CD-RW and DVD-RW drives, magneto-optical disks, and Write-Once Read-Many (WORM) disks.

• Offline storage: Also called tertiary storage, this form is used to store data that is archived and rarely needs to be accessed. Various forms of tape backup technologies are used for this type of storage.

The main problem with traditional disk drives, whose capacity has risen and footprint has fallen dramatically in recent years, is that the architecture of PC servers limits the amount of disk storage possible. Another issue is that free storage space inside one server cannot easily be allocated to another server. To get around these limitations, enhanced storage technologies have been developed in the last decade. The most popular of these storage technologies in the enterprise arena are currently

• RAID-5 arrays: These are external units that can be attached using Small Computer System Interface (SCSI) to servers to provide greater capacity than internal disk storage systems can provide. SCSI arrays are still the most popular form of storage in the enterprise arena, are easy to deploy and use, and can support many terabytes of storage.

• Network attached storage (NAS): These are generally stand-alone appliances that can be connected to your Ethernet network to quickly add storage capacity as needed. The main problem with NAS appliances is that they must be managed individually, so deploying a lot of them can become a management headache for administrators.

• Storage area network (SAN): This is a separate Fibre Channel or SCSI network containing storage appliances networked together and managed using an integrated set of tools. SANs are easier to manage than NASs but are also more expensive and complex to deploy.

• Storage service provider (SSP): These are companies that you can outsource your enterprise storage needs to, and they provide a managed storage environment for a wide range of business needs.

Marketplace

In the real world, different storage technologies generally overlap. Thus, an enterprise storage array such as IBM's Shark uses a combination of SAN and RAID technologies to provide up to 11 terabytes of storage. Shark connects to host servers through either UltraSCSI or Fibre Channel Enterprise Systems Connection (ESCON) links, can be deployed up to 60 miles (96 kilometers) away, supports snapshot backups, and can be used with Microsoft Windows, UNIX, and OS/390 mainframe systems. Besides IBM, the other heavyweight in the high-end storage market is EMC Corporation.

A popular vendor of NAS appliances is Snap Appliances, whose Snap Server line of storage devices can add up to 240 gigabytes (GB) of storage in minutes, support remote management through Simple Network Management Protocol (SNMP), and integrate with network management systems such as Hewlett-Packard Company's OpenView and Computer Associates' Unicentre/TNG. In addition to IBM and EMC, other popular SAN vendors include Connex and MTI Technology Corporation. Vendors of tertiary (offline) storage include VERITAS Software Corporation, EMC, and many others.

Prospects

Solid state disks are the hottest thing in storage nowadays. These disks are essentially multiple boards of synchronous dynamic random access memory (SDRAM) that are implemented in high-end servers to store most frequently used data such as pagefiles and swapfiles, temp files, log files, database tables and indexes, and logon credentials. These categories of data generally represent only about 5 percent of all stored data, but account for around 50 percent of all I/O generated by servers. Using solid state disks can eliminate the storage bottleneck from which enterprise servers have traditionally suffered.

See Also 10G Ethernet , Fibre Channel ,network attached storage (NAS) ,redundant array of independent disks (RAID) , tape drive

storage area network (SAN)

A dedicated storage network separate from the network where servers reside.

Overview

Storage area networks (SANs) currently represent the pinnacle of enterprise network storage. SANs are architectures rather than devices, and they provide a highly scalable and manageable storage solution for the needs of the largest enterprises. The idea of SANs originated in mainframe computing environments, but SANs have gained a significant foothold in distributed client/server environments in the last few years.

Typical applications that use a SAN include enterprise resource planning (ERP), Customer Relationship Management (CRM), enterprise data warehousing, and other high-availability applications that require significant amounts of storage. SANs can also be used as remote storage and archival facilities connected to corporate networks by Asynchronous Transfer Mode (ATM) or Synchronous Optical Network (SONET) connections.

Implementation

SANs use dedicated networks that contain a variety of storage technologies, including redundant array of independent disks (RAID) technologies such as disk mirroring and disk striping, magnetic and optical disk storage, and even tape libraries for archival purposes. SANs generally use high-speed Fibre Channel, a high- speed direct connection technology supporting data transfer rates of up to 1 gigabit per second (Gbps), for interconnections between SAN storage devices and server farms. The essence of the SAN idea is to have two separate networks connected: the corporate network with its servers and the storage network with its storage devices. In addition to Fibre Channel, other SAN interconnection technologies include Enterprise System Connection (ESCON) and variants of Small Computer System Interface (SCSI).

SANs can be implemented in three basic topologies:

• Point-to-point: Early SANs were direct physical connections between mainframe hosts and storage arrays, but this configuration is rarely used in a distributed client/server networking environment.

• Arbitrated loop: This approach employs Fibre Channel hubs to provide shared bandwidth with round-robin forwarding to enable multiple storage devices and servers to communicate with one another. Arbitrated loop SANs are best used in workgroup or departmental environments.

• Fabric: This is the most popular approach today, and it employs Fibre Channel switches to create a high-bandwidth any-to-any connection between storage devices and servers that use them. Fabric- based SANs are suitable for the largest enterprise environments.

  

  Storage area network (SAN). Basic network architecture of a SAN.

Marketplace

Some of the enterprise-level SAN vendors include Brocade Communications Systems, Compaq Computer Corporation, EMC Corporation, Hewlett-Packard, IBM, StorageTek, Sun Microsystems, and TrueSAN Networks. Less costly SAN solutions for mid-sized businesses are available from DotHill Systems, LSI Logic Corporation, MTI Corporation, nStor Technologies, and other vendors.

Issues

Despite the efforts of organizations such as the Storage Networking Industry Association (SNIA) and the Fibre Channel Alliance, SAN solutions from different vendors still suffer from some degree of interoperability problems, particularly in the area of Fibre Channel fabric switches. As a result, enterprise network architects who are thinking about implementing a SAN for their company are probably best off implementing a solution from a single SAN vendor.

Prospects

An emerging approach called storage over IP connects SANs to server farms using Internet Protocol (IP) running on Gigabit Ethernet (GbE). Other names for this technology are Storage over SAN (SoSAN) and Gigabit Ethernet SAN. Some analysts predict that storage over IP will eventually replace Fibre Channel as the dominant SAN technology in the enterprise, but this is likely to take a decade or so.

SAN management has traditionally used proprietary management tools, but an initiative of the FibreAlliance, which has the support of over 40 different storage vendors, is intended to change this situation. The FibreAlliance is working toward implementing a Fibre Channel Management Integration (FCMGMT-INT) Management Information Base (MIB) to allow Fibre Channel SANs to be managed using the open standard Simple Network Management Protocol (SNMP).

Notes

It is easy to get confused by the various buzzwords relating to external enterprise-level storage devices because standards in this area have not been developed and ratified by standards bodies. Here are two other related storage system concepts:

• Direct-attached storage (DAS): Involves a storage system connected to only a single computer using either Small Computer System Interface (SCSI) or Fibre Channel technology. DAS is usually the only solution if your servers are at different geographical locations around your enterprise or if the application that uses them can support only this form of storage-for example, Windows Clustering, which can use a shared SCSI bus.

• Network-attached storage (NAS): Involves data storage devices connected to computers using a standard network connection such as Ethernet. This is in contrast to SAN, in which a group of computers uses multipoint Fibre Channel technology. Another difference between NAS and SAN is that NAS involves the use of file servers similar to the Network File System (NFS) used in UNIX environments (from which the concept of NAS evolved), but SAN uses block-mode input/output (I/O) for applications such as clustering and database access. Use a SAN if your data can be centrally located within your enterprise and if your application needs to access data directly using block transfers instead of using shared files. Use NAS if your data needs to be shared between different operating system platforms or for file-based applications such as Web servers.

See Also Asynchronous Transfer Mode (ATM) , Customer Relationship Management (CRM) ,enterprise resource planning (ERP) ,Fibre Channel ,Gigabit Ethernet (GbE) ,redundant array of independent disks (RAID) ,

storage over IP

Various technologies used to transport storage data across Internet Protocol (IP) networks.

Overview

Storage over IP is an umbrella term for a group of emerging technologies intended mainly for connecting storage area networks (SANs) with server farms using IP networks. Storage over IP promises to simplify enterprise storage management by utilizing familiar networking technologies such as Fast Ethernet and Gigabit Ethernet (GbE) instead of Fibre Channel, the technology currently favored to connect SANs to server networks. Storage over IP also promises to allow SANs to grow beyond the current 6.2-mile (10-kilometer) limit imposed by Fibre Channel architecture.

Types

Some of the proposed standards for storage over IP include

• ISCSI: This specification allows Small Computer System Interface (SCSI) commands to be transported over Transmission Control Protocol (TCP). To implement iSCSI, you do not need to make changes to your network-the addition of Fibre Channel-to-Gigabit Ethernet switching gear is all that is required. Backers of the iSCSI specification include Adaptec, Cisco Systems, Hewlett- Packard, IBM, Quantum Corporation, and SANgate Systems.

• EtherStorage: A solution developed by Adaptec primarily for the lower end of the storage over IP market, EtherStorage employs Ultra-3 SCSI drives and standard GbE switches together with a proprietary IP-to-SCSI bridge.

• Fibre Channel over IP: This technology encapsulates Fibre Channel frames in IP packets that can be transported over GbE, Asynchronous Transfer Mode (ATM), or Synchronous Optical Network (SONET) networks. Fibre Channel over IP is supported by Brocade Communications Systems, Gadzoox Networks, Lucent Technologies, McData Corporation, and QLogic Corporation.

• Fibre Channel Backbone: This is similar to Fibre Channel over IP but is especially designed for the wide area network (WAN) environment and is supported by Brocade Communications Systems and Gadzoox Networks.

• Service Specific Connection Oriented Protocol (SSCOP): A specification developed by the International Telecommunication Union (ITU), which employs a data-link Asynchronous Transfer Mode (ATM) protocol for sending storage data over IP.

• Storage over IP (SOIP): A specification developed Nishan Systems, which has patented the name "storage over IP" or "SOIP" for a technology that combines features of iSCSI and Fibre Channel over IP. SOIP is supported by Dell Computer Corporation, Quantum, Siemens, and Sun Microsystems.

See Also Fast Ethernet , Fibre Channel ,Gigabit Ethernet (GbE) , Transmission Control Protocol (TCP)

storage service provider (SSP)

A company offering outsourced storage services.

Overview

Storage service providers (SSPs) are service providers modeled on the Application Service Provider (ASP) model that help companies manage their storage requirements. SSPs generally offer services in three areas:

• Primary data storage: Online storage residing either locally on your network or at a remote data center-in either case the SSP manages these devices.

• Backup and restore: Off-site archiving for greater security.

• High availability: Data is replicated off-site and is made available from anywhere.

Marketplace

Some of the popular players in the rapidly evolving SSP market include Arsenal Digital Solutions, Articulent, CreekPath Systems, ManagedStorage International, NaviSite, Nuclio Corporation, sanrise, Storability, StorageNetworks (a pioneer in this field), StorageProvider, StorageWay, and WorldStor.

See Also storage

stored procedure

A precompiled set of Structured Query Language (SQL) statements that can be executed on demand as a single entity.

Overview

Stored procedures are generally stored in a database. They support features such as user-declared variables and conditional execution and can be run with a single call. They can accept parameters, and they can return parameters and status values. They can also call other stored procedures. You can create permanent stored procedures for global administrative tasks or temporary ones for a specific task.

In Microsoft SQL Server you create a stored procedure by creating a series of SQL statements. SQL Server parses and analyzes the stored procedure and stores it in various system tables. When you execute it for the first time, it is loaded into memory and compiled, storing the execution plan in the procedure cache. By preparsing and prenormalizing a stored procedure, you can achieve significant performance gains compared to using a simple SQL query.

You can use stored procedures with Microsoft SQL Server to

• Create devices and databases

• Access or update information in database tables

• Perform other administrative or user actions

A trigger is a special type of stored procedure that you can use to enforce referential integrity in a database. Other types of stored procedures supported by SQL Server include the following:

• Extended stored procedures: Dynamic-link libraries (DLLs) that can be loaded and run like stored procedures

• Remote stored procedures: Run from a remote client

• System stored procedures: Included with SQL Server to simplify common administrative tasks and to obtain information from system tables

• User-defined stored procedures: Created by users for a specific database

• User-defined system stored procedures: Created by users and runnable in any database

See Also Structured Query Language (SQL)

STP cabling

Stands for shielded twisted-pair cabling, twisted-pair cabling that contains internal shielding.

See Also shielded twisted-pair (STP) cabling

stranded conductor wire

Wire that has a core composed of many thin copper strands woven together and surrounded by insulation.

Overview

Stranded conductor wire is generally used for drop cables between computers and wall plates and for patch cables connecting patch panels with hubs and switches. Stranded conductor wire has more attenuation than solid conductor wire and should be used only for short cable runs. Stranded conductor wire is more durable and reliable than solid conductor wire because it can be bent numerous times without fracturing or breaking, and because damage to the wire has less impact on the surface area of the wire and hence on its capacity to carry alternating current.

Types

Stranded wire comes in two basic configuration types:

• Bunch-stranded wire: Uses a number of thin wires with the same diameter and twists them together in one direction.

• Concentric-stranded wire: Uses several layers of thin wires wrapped in alternating directions. These wires are generally easier to splice and terminate than bunch-stranded wires.

See Also solid conductor wire

striped volume

A type of disk volume in Microsoft Windows 2000, Windows XP, and Windows .NET Server.

Overview

A striped volume is one that stores its data across two or more physical disks in stripes. Striping allocates data alternately and evenly across multiple physical disks. Striped volumes must be created on dynamic disks. They are not fault-tolerant and cannot be mirrored or extended. Striped volumes in Windows 2000, Windows XP, and Windows .NET Server are the equivalent of striped sets in Windows NT.

See Also volume

stripe set

A type of disk volume in Microsoft Windows NT.

Overview

A stripe set is a single volume created using discontiguous free areas on two or more hard disks. Stripe sets are similar to volume sets but can give much faster read/write performance if segments reside on separately controlled drives. Use the Windows NT administrative tool Disk Administrator to create stripe sets by combining 2-32 free areas on two or more disk drives.

Notes

The Windows NT system partition and boot partition cannot be volume sets. Stripe sets also cannot be extended the way volume sets can.

stripe set with parity

A type of fault-tolerant disk volume in Microsoft Windows NT.

Overview

Stripe sets with parity are a fault tolerance technology whereby data is written simultaneously to two or more different disks. Parity information is distributed across the various disks so that if one disk drive fails, the lost data can be regenerated from the parity information. You can use the Windows NT administrative tool Disk Administrator to create, delete, and regenerate stripe sets with parity. Stripe sets with parity are often used to provide fault tolerance for application and data volumes in Windows NT. In Microsoft Windows 2000, Windows XP, and Windows .NET Server, a stripe set with parity is known as a RAID 5 volume.

See Also redundant array of independent disks (RAID)

Structured Query Language (SQL)

A standards-based language used by relational database management programs primarily for constructing queries.

Overview

Structured Query Language (SQL) was originally developed by IBM for mainframe computing environments and is widely used in relational database management systems. The standard version of SQL is defined by the American National Standards Institute (ANSI), but many vendors have made enhancements to its syntax and command functions. The latest SQL standard is called SQL-92 but is more properly known as ANSI standard SQL X3.135-1992 or International Organization for Standardization (ISO) standard ISO/IEC 9075:1992. Microsoft SQL Server conforms to the ANSI SQL-92 standard and enhances this standard with additional statements for certain types of applications, such as data warehousing and Internet/intranet applications.

SQL includes a number of statements that you can use to perform different types of relational operations on the contents of a database, including creating databases and database objects, modifying these objects, and querying databases for information. The most basic SQL statement is the SELECT statement, which you can use to retrieve rows and columns of data from database tables and format the results set.

Examples

The typical format of a SELECT statement is

SELECT <columns> FROM <tables> WHERE <rows>

where a group of columns are retrieved from a table or tables in which data values are restricted to a particular row or rows. To return all the columns from a table, you can use a wildcard (but this is generally inefficient and should be avoided):

SELECT * FROM <tables>

Notes

If possible, include a WHERE clause in a SELECT statement to restrict the scope of your query and avoid unnecessary expenditure of system resources. The WHERE clause can include various comparison and logical operators, such as =, >, LIKE, BETWEEN, AND, and IS NULL.

See Also database ,

structured wiring

Another name for the hierarchical system of unshielded twisted-pair (UTP) cabling used in the typical corporate network.

See Also cabling ,infrastructure ,premise cabling ,unshielded twisted-pair (UTP) cabling

subnet

A portion of a network that has been subnetted.

See Also subnetting

subnet mask

A 32-bit number that is used to partition Internet Protocol (IP) addresses into a network ID and a host ID.

Overview

Subnet masks are used by Transmission Control Protocol/Internet Protocol (TCP/IP) services and applications to determine whether a given IP address on an internetwork is a local network address or a remote network address. Two types of subnet masks are used in TCP/IP networking:

• Default subnet mask: Partitions IP addresses into their network ID and host ID portions

• Custom subnet mask: Further partitions the network ID into a number of separate subnets by using a process called subnetting

The default subnet masks for IP address classes A, B, and C are shown in the following table. The table also shows how these subnet masks would partition an IP address such as w.x.y.z into a network ID and a host ID portion.

Implementation

Subnet masks are represented as four-octet dotted-decimal numbers, just as IP addresses are, except that the most common values for an octet in a subnet mask are 0 and 255. In binary notation, decimal 0 represents the octet 00000000, and decimal 255 represents 11111111. A subnet mask thus consists of 32 binary digits, the first n of which are 1s and the remaining of which are 0s.

When the subnet mask is logically ANDed with a 32-bit IP address of a TCP/IP host, the result is the network ID of the host-the portion of the host's IP address that identifies which network the host is on. When the inverse of the subnet mask (for example, the NOT mask) is logically ANDed with the IP address of the host, the result is the host ID of the host-the portion of the host's IP address that uniquely identifies the host on its network.

Examples

For example, consider the IP address 207.61.16.119 and the subnet mask 255.255.255.0. Converting these two numbers to binary and ANDing them gives the host's Network ID:

Host = 11001111 00111101 00010000 01110111 Mask = 11111111 11111111 11111111 00000000 AND  = 11001111 00111101 00010000 00000000      = 207.61.16.0 = network ID

Taking the logical NOT of the subnet mask and ANDing it with the host's IP address gives the host's Host ID:

    Host = 11001111 00111101 00010000 01110111 NOT Mask = 00000000 00000000 00000000 11111111      AND = 00000000 00000000 00000000 01110111          = 0.0.0.119 = host ID

See Also IP address ,

subnetting

Partitioning a single Internet Protocol (IP) network into multiple subnets.

Overview

To subnet an IP network, you take the assigned network ID and borrow bits from the host ID to establish a group of subnet IDs (subnetted network IDs), one for each subnet. The more bits you borrow, the more subnets you produce, but the fewer the number of possible hosts for each subnet. The borrowing process also defines a unique custom subnet mask for the network. Subnets are then typically joined together using routers.

The advantages of subnetting include

• Reducing network congestion by limiting the range of broadcasts using routers

• Enabling different networking architectures to be joined

Implementation

To subnet your network, you first determine how many subnets you need and the maximum number of possible hosts on each subnet. Then use one of the three tables below, depending on whether you have a Class A, B, or C network ID assigned to your network.

Examples

For example, consider a class B network that uses the network ID 172.16.0.0. If this network needs to be subnetted into six subnets, you can accomplish this using a custom subnet mask of 255.255.224.0. Each subnet can be shown to support a maximum of 8190 hosts. The IP address blocks for these six subnets can be selected from the eight possible subnets:

• 172.16.0.1 to 172.16.31.254

• 172.16.32.1 to 172.16.63.254

• 172.16.64.1 to 172.16.95.254

• 172.16.96.1 to 172.16.127.254

• 172.16.128.1 to 172.16.159.254

• 172.16.160.1 to 172.16.191.254

• 172.16.192.1 to 172.16.223.254

• 172.16.224.1 to 172.16.255.254

See Also IP address ,

subtree

A major logical section of the Microsoft Windows 2000, Windows XP, and Windows .NET Server registries.

Overview

Subtrees are the root keys of the registry, and all other registry keys are subkeys of these root keys. The following table summarizes the functions of the five subtrees of the registry.

Notes

In Windows 98 and Windows Millennium Edition (Me), a sixth subtree called HKEY_DYN_DATA is generated dynamically and is used for performance measuring by means of System Monitor and plug and play configuration of devices. This subtree is also called the hardware tree.

Most registry troubleshooting takes place in the HKEY_LOCAL_MACHINE\System\Current ControlSet subkey.

See Also registry

supernetting

The opposite of subnetting.

Overview

Subnetting involves creating a subnet mask that causes an Internet Protocol (IP) address to have more network ID bits than its default (classful) subnet mask. For example, the default subnet mask for a Class B address is 255.255.0.0, which identifies addresses for this network as having 16 network ID bits and 16 host ID bits. Subnetting is used to divide the default network into smaller networks. For example, a subnetted subnet mask of 255.255.128.0 identifies each Class B address as having 17 network ID bits and only 15 host ID bits.

Supernetting is the opposite procedure-instead of borrowing bits from the host ID to increase the bits for the network ID (thus increasing the number of networks), supernetting borrows bits from the network ID to increase bits for the host ID, thus combining smaller networks to create larger networks. For example, a supernetted subnet mask of 255.254.0.0 identifies each class B address as having 15 network ID bits and 17 host ID bits, thus creating fewer networks, each with more hosts, than when using the default subnet mask.

Implementation

Supernetting is needed because the number of available class B addresses is small. By using supernetting, contiguous blocks of class C addresses can be combined and used for networks larger than a single class C block can satisfy. For example, if a company needs to deploy 2000 hosts as an IP network that is directly connected to the Internet, it can assign IP addresses for these hosts by

• Using a single class B network ID. This approach is wasteful, as each class B network can support up to 65,534 different hosts, so most of these addresses would end up not being used. Also, it might be difficult or impossible to obtain a class B network ID from your Internet service provider (ISP), as they might have none available to assign.

• Using eight separate class C network IDs, each of which can support up to 254 different hosts, making a total of 8 x 254 = 2032 hosts. This method would work, but it would lead to poorer routing performance because each router would require eight entries in its routing table, one for each of the eight networks to which frames could be forwarded.

• Using supernetting to collapse the above block of eight class C network IDs into a single supernetted network ID. This is the best solution, as only one routing table entry will be required. The router must support classless interdomain routing (CIDR) for this procedure to work (most routers on the Internet support CIDR).

See Also classless interdomain routing (CIDR) , IP address ,

surge protector

Also known as a surge suppressor, a device that protects sensitive data communications equipment (DCE) and data terminal equipment (DTE) from sudden rises in power line voltages called surges or spikes.

Overview

Surges occur only with copper cabling such as twisted-pair cabling or coaxial cabling-they do not occur with fiber-optic cabling, which is one advantage of using this more expensive type of cabling for networking applications. Surge protectors use various technologies for absorbing or deflecting unwanted electrical current, including avalanche diodes, metal oxide varistors, and chokes or filters. One of the best electrical protection methods, especially for copper wiring runs between different buildings, is to use opto isolators, which convert electrical signals to light and then back again, thus providing true electrical isolation between the connected buildings. However, opto isolation in itself does not provide surge protection; this is the responsibility of the other components described, the most common component being one of the various types of diodes.

Surge protectors for computer networking come in two main types:

• Data-line surge protectors: Connected to network cabling to prevent power surges from damaging networking components.

• Alternating current (AC) outlet surge protectors: Connected to AC outlets that provide power for networking components. These surge protectors prevent AC power spikes from damaging networking components.

See Also data communications equipment (DCE) ,data terminal equipment (DTE)

SVC

Stands for switched virtual circuit, circuit-switching where switches are dynamically set up and torn down as needed.

See Also switched virtual circuit (SVC)

switch

Any device that can control the flow of electrical signals.

Overview

A number of types of switches are used in computer networking for different purposes. For example, to control access by computers to printers, keyboards, and monitors you can use

• Matrix switches: Have a keypad for mapping input ports to output ports and are typically used to connect several printers to several workstations

• Code-operated switches: Use a data string sent by the PC to select the printer port to be used

• Port-contention or scanning switches: Use several input ports but only one output port and monitor the input ports continually for data to route to the output port

• Keyboard Video Mouse (KVM) switches: Allow one keyboard/video-monitor/mouse to be used for several servers

In the context of high-speed Ethernet networks, the term switch refers to an Ethernet switch, also called a local area network (LAN) switch or simply a switch. Thus, the phrase "routers and switches" is understood to mean "routers and Ethernet switches." In general, when referring to controlling data flow within a network, the term "switch" describes any data-link layer device that transfers frames between connected networks. Besides Ethernet, another popular networking technology that employs switches is Asynchronous Transfer Mode (ATM) networking.

Finally, the term switch is also used to refer to a device used at a telco central office (CO) for establishing connections in circuit-switched services or for forwarding packets in packet-switched services.

See Also Asynchronous Transfer Mode (ATM) ,central office (CO) ,circuit-switched services ,data-link layer ,Ethernet ,Ethernet switch ,Keyboard Video Mouse (KVM) switch ,packet-switching services

Switched 56

A digital switched-data communication technology that provides full-duplex dial-up connections at a speed of 56 kilobits per second (Kbps).

Switched 56. Using the Switched 56 service.

Overview

Switched 56 is essentially the dial-up version of digital data service (DDS) and is generally cheaper than leased-line services. A device called a data set, which is a type of Data Service Unit (DSU), provides Switched 56 services to customer premises. For a typical local area network (LAN) connection, a router on the LAN is attached to the data set by using a V.35 serial interface. The data set is then connected over the customer's local loop twisted-pair wiring to access equipment located at the telco's central office (CO).

Switched 56 uses the same communication channels as DS0. You can establish circuits by manually entering the destination number on a numeric keypad or (more typically) by using in-band signaling when connecting bridges or routers to the service. Depending on the wiring at the customer premises and the equipment at the CO, you can use one of three configurations for this service:

• Type I service: Uses a two-pair (4-wire) connection and is supported up to 3.5 miles (5.5 kilometers) from the CO over standard 26-gauge copper twisted-pair wiring.

• Type II service: Uses a one-pair (2-wire) connection with in-band signaling. This type is not widely implemented.

• Type III service: Uses a one-pair (2-wire) connection with out-of-band signaling and is supported to up to 3.5 miles (5.5 kilometers) from the CO on 22- gauge or 24-gauge copper twisted-pair wiring and includes forward error correction for enhanced data transmission. Although Type III service appears to be full-duplex, in reality time-compression multiplexing (TCM) rapidly switches half-duplex communication at 160 Kbps to simulate full-duplex at 56 Kbps.

Notes

Some carriers offer other higher speed versions of Switched 56. For example, some carriers offer Switched 56 as a 64-Kbps service under the name Switched 64. Other higher dial-up services include Switched 384 and Switched 1536, although these are not widely offered anymore.

Switched 56 is a data-only service that is often available where Integrated Services Digital Network (ISDN) is not available. However, Switched 56 does not support advanced ISDN features such as caller ID and has greater latency for establishing a connection. The cost is typically billed in the same way that ordinary telephone calls are-that is, local calls are free and long distance is billed by the minute.

Dial-up Switched 56 was originally used as a backup wide area network (WAN) link between two networks connected by expensive T1 lines, but it has been phased out by most carriers in favor of ISDN.

See Also telecommunications services

Switched Multimegabit Data Services (SMDS)

A high-speed metropolitan area network (MAN) data service offered by some telcos.

Overview

Switched Multimegabit Data Services (SMDS) is a connectionless, shared-medium telecommunications service that can support data transfer speeds ranging from 56 kilobits per second (Kbps) to 34 megabits per second (Mbps). SMDS was developed by Bellcore in the late 1980s and was first deployed in 1992. SMDS was the first high-speed broadband networking technology offered to subscribers for high-speed wide area network (WAN) communications and was a precursor to Asynchronous Transfer Mode (ATM) networking. SMDS never really caught on, however, and most carriers are now phasing it out, offering ATM and Synchronous Optical Networking (SONET) services instead. About the only place where SMDS is still provisioned in preference to ATM is Great Britain, where British Telecom (BT) continues to offer this service to customers.

Switched Multimegabit Data Services (SMDS). Connecting a LAN to an SMDS service.

Implementation

SMDS is a packet-switching technology similar to Frame Relay and cell-switched ATM. SMDS cells are, in fact, almost identical to ATM cells but use an 8-bit access control field instead of a 4-bit generic flow control field as in ATM. In contrast to the connection- oriented switched-fabric of ATM, however, SMDS is a connectionless service that operates over a shared medium. SMDS and ATM are thus very different in operation and architecture.

The subscriber typically connects to the carrier's SMDS service through a switch or router using an integrated Channel Service Unit/Data Service Unit (CSU/DSU). The CSU/DSU demark point connects to the carrier's SMDS switches over a copper DS-1 connection (1.544 Mbps) for low-speed access or a fiber DS-3 connection (44.736 Mbps) to achieve the highest possible transmission speeds. This point of connection between the subscriber's LAN and the telco's central office (CO) is called the Subscriber Network Interface (SNI). The CO provides a gateway to the SMDS packet-switching network, which consists of high-speed switches joined by trunk lines connecting different telco COs.

An SMDS packet consists of a header with the source address, destination address, and a payload of up to 9188 bytes. The SMDS payload is large so that SMDS can easily encapsulate Ethernet, Token Ring, and Fiber Distributed Data Interface (FDDI) frames for WAN transmission. The E.164 addressing scheme uses decimal numbers up to 15 digits long and includes a country code, area code, and subscriber ID number (similar to ordinary telephone numbers). Different address classes support different data transfer speeds. The serial protocol used for communication between the customer premises equipment and SMDS equipment at the telco's CO is called the SMDS Interface Protocol (SIP), which is based on the IEEE 802.6 standard for MANs. The primary function of SIP is to provide encapsulation of the LAN protocol. (Internet Protocol, Internetwork Packet Exchange, AppleTalk, and just about anything else is supported.) Higher-layer protocols support processes such as address resolution and source address screening.

See Also 802.6 , Asynchronous Transfer Mode (ATM) ,Channel Service Unit/Data Service Unit (CSU/DSU) ,Ethernet ,Fiber Distributed Data Interface (FDDI) ,frame relay ,metropolitan area network (MAN) ,router , telco, Token Ring, wide area network (WAN)

switched virtual circuit (SVC)

Circuit-switching where switches are dynamically set up and torn down as needed.

Overview

Switched virtual circuits (SVCs) are used in circuit- switched services such as the Public Switched Telephone Network (PSTN) and Integrated Services Digital Network (ISDN). The PSTN employs a separate signaling network called Signaling System 7 (SS7) for establishing a communications session between two end nodes. The SS7 is used to configure switches in the telco switching fabric in order to establish a temporary path between the two end nodes. Once the call is finished, SS7 is used to tear down the connection, freeing up these switches to be used for other connections.

SVCs are also employed in certain wide area network (WAN) services such as Asynchronous Transfer Mode (ATM) and frame relay networking. Here different signaling methods are used to set up a temporary switched path through the ATM or frame relay cloud. For example, ATM can use the Interim Interswitch Signaling Protocol (IISP) or the Private Network-to-Network Interface (PNNI) signaling protocols to set up and tear down SVCs, and it can also use Multiprotocol Label Switching (MPLS) to route cells over ATM wide area network (WAN) links.

Comparison

SVCs might be contrasted with permanent virtual circuits (PVCs), which are more commonly used in ATM and frame relay WAN environments. PVCs are point-to-point connections between two end nodes that are permanently configured by the service provider and that utilize dedicated switches in the provider's switching fabric. PVCs are more expensive than SVCs because they need dedicated switching resources. In contrast, SVCs are temporary links in which the actual path over which frames are routed between the two end nodes varies from session to session. Each new session thus requires a new switching path to be established, with the result that SVCs are more flexible and cheaper than PVCs but often suffer from inconsistent connection quality between different sessions.

Notes

Most telcos still offer only PVCs for their wide-area ATM service offerings, mainly because SVCs are more difficult to implement due to the extra signaling protocols involved.

See Also Asynchronous Transfer Mode (ATM) ,circuit-switched services ,frame relay ,Integrated Services Digital Network (ISDN) ,Multiprotocol Label Switching (MPLS) ,permanent virtual circuit (PVC) ,Public Switched Telephone Network (PSTN) ,telco ,wide area network (WAN)

Symmetric Digital Subscriber Line (SDSL)

A form of business-grade Digital Subscriber Line (DSL) service.

Overview

Symmetric Digital Subscriber Line (SDSL) is used to provide business subscribers with permanent, high- speed data connections at speeds similar to dedicated T1 lines but at much lower prices. SDSL is based on High-bit-rate Digital Subscriber Line (HDSL) and provides data transfer speeds of 1.5 megabits per second (Mbps) in North America and 2.048 Mbps in Europe. Unlike its cousin Asymmetric Digital Subscriber Line (ADSL), which is popular in the residential broadband Internet access market, HDSL is a symmetric technology in which upstream and downstream speeds are equal.

SDSL employs the 2 Binary 1 Quaternary (2B1Q) line coding scheme used by the Basic Rate Services (BRI) form of Integrated Services Digital Network (ISDN). Although its cousin HDSL needs two pairs of copper wires (four wires), SDSL requires only one pair of wires (two wires) to work. Unlike ADSL, however, which allows a single phone line to carry both voice and data by using a splitter to "split off" frequencies above 26 kilohertz (KHz) for DSL signaling, SDSL takes complete control of the frequency spectrum of the wires, uses no splitter, and provides a data-only service.

SDSL maximum data rates vary with distance from the telco central office (CO). For distances up to 10,000 feet (3 kilometers), speeds of 1.5 Mbps are supported, which is equivalent to T1 speed. At farther distances speeds drop, until at 18,000 feet (5.5 kilometers) SDSL can only carry data at 416 kilobits per second (Kbps).

In the last few years, SDSL has became an attractive offering from competitive local exchange carriers (CLECs) who wanted to compete with high-priced T1 lines offered by incumbent local exchange carriers (ILECs), who generally used HDSL for provisioning these services.

Notes

SDSL is sometimes interpreted to stand for single-line DSL instead of symmetric DSL because it uses a single twisted-pair copper wire.

See Also Asymmetric Digital Subscriber Line (ADSL) ,Basic Rate Interface ISDN (BRI-ISDN) ,central office (CO) ,Competitive Local Exchange Carrier (CLEC) ,High-bit-rate Digital Subscriber Line (HDSL) ,Incumbent Local Exchange Carrier (ILEC) ,Integrated Services Digital Network (ISDN) ,line coding ,T1 ,telco

SYN attack

A popular form of denial of service (DoS) attack.

Overview

Also called SYN flooding, the SYN attack is a form of DoS attack directed at Transmission Control Protocol/Internet Protocol (TCP/IP) networks connected to the Internet. A SYN attack is a protocol-level attack that can make a computer's network services unavailable to other users. SYN flooding is a DoS methodology specific that exploits the session establishment mechanism of the TCP. Using SYN flooding, an attacker can usurp control of all possible TCP/IP connections to a Web server or other Internet resource, making it impossible for legitimate users to access the resource. The SYN refers to the "synchronize sequence number" message that is used to initialize a TCP connection.

Implementation

A malicious user initiates a SYN attack by sending a Transmission Control Protocol (TCP) connection request (SYN packet) to a targeted server in a network, usually a Web server. The attacker uses spoofing to alter the source IP address in the SYN packet. When the server receives the connection request, it allocates resources for handling and tracking the new connection and responds by sending a SYN-ACK packet to the nonexistent source address. Because there is no response to the SYN-ACK packet, the server continues to retransmit SYN-ACK several times (five times in Microsoft Windows NT) at increasingly longer time intervals. Finally, after the last retransmission, the server gives up and deallocates the resources previously allocated for the connection. For servers running Windows NT, the default time for this entire process is 189 seconds. The attacker configures software to automatically send large numbers of TCP SYNs in an attempt to tie up the server's TCP resources and prevent other users from connecting to the server.

Notes

SYN attacks against private networks are simple to prevent: you configure a firewall with access lists to accept only incoming IP addresses with known addresses. However, if you are running a Web server that needs to be accessible to anyone on the Internet, it is usually more difficult to defend the server against a SYN attack because if you configure an input filter, the attacker can simply modify the source IP address in the SYN packets. Ways to defend Web servers against SYN attacks include decreasing the time-out period for the TCP three-way handshake mechanism, increasing the size of the SYN-ACK queue, and applying various vendor- supplied patches to your Web server. For more information on configuring Internet Information Services (IIS) servers to withstand SYN attacks, consult the Microsoft Internet Information Server Resource Kit from Microsoft Press.

If you are running a Web server and your Web clients are receiving messages such as "The connection has been reset by the remote host," you might be the target of a SYN attack. If you are running IIS as your Web server, type netstat -n -p tcp at the command prompt to examine the number of TCP connections in a SYN_ RECEIVED state. A large number of SYN_RECEIVED connections might indicate that your server is under attack.

See Also denial of service (DoS) ,hacking ,TCP three-way handshake ,Transmission Control Protocol (TCP)

sync

Stands for synchronous transmission, serial transmission in which the sending and receiving nodes are synchronized together by a timing signal.

See Also synchronous transmission

Synchronous Data Link Control (SDLC)

A data-link layer protocol developed in the 1970s by IBM for its Systems Network Architecture (SNA) networking environment.

Overview

Synchronous Data Link Control (SDLC) is primarily used in wide area networks (WANs) that use leased lines to connect mainframe SNA hosts and remote terminals. SDLC was the first bit-oriented synchronous transmission protocol developed by IBM. It quickly displaced the older, less efficient, character-oriented synchronous protocols such as Bisync and DDCMP. In a serial SDLC link, data is sent as a synchronous bit stream divided into frames that contain addressing and control information in addition to the payload of data.

Synchronous Data Link Control (SDLC). Connecting remote terminals to a mainframe host using SDLC.

Implementation

SDLC uses a master/slave architecture in which one station is designated as primary (master) and the remaining stations are secondary (slaves). The primary station establishes and tears down SDLC connections, manages these connections, and polls each secondary station in a specific order to determine whether any secondary station wants to transmit data. You can use SDLC in a variety of connection topologies, including direct point-to-point connections between a primary and a secondary station and multipoint connections between a primary and a group of secondary stations. Ring topologies are also possible in which a primary controls a ring of secondary stations and is itself part of the ring.

Notes

A number of popular protocols have been derived from the SDLC protocol and standardized by various standards bodies. These include the following:

• High-level Data Link Control (HDLC): Developed by the International Organization for Standardization (ISO) and used by Cisco Systems routers for serial communication over leased lines as an alternative to the Point-to-Point Protocol (PPP)

• Link Access Procedure Balanced (LAPB): Part of the X.25 protocol stack

• Logical Link Control (LLC) or IEEE 802.2: The most popular data link protocol for local area networks (LANs)

See Also High-level Data Link Control (HDLC) ,

Synchronous Optical Network (SONET)

A physical layer specification for broadband synchronous transmission used by telecommunications carriers.

Overview

Synchronous Optical Network (SONET) can simultaneously carry voice, video, and data over long distances of fiber-optic cabling at speeds in excess of 1 gigabit per second (Gbps). SONET was developed by Bellcore in the mid-1980s to carry high-volume voice traffic on the Public Switched Telephone System (PSTN). SONET was standardized by the American National Standards Institute (ANSI). A European version called Synchronous Digital Hierarchy (SDH), standardized by the International Telecommunication Union (ITU), is almost identical to the SONET specification.

Uses

SONET is primarily used by telecommunications carriers (telcos) as the underlying transport mechanism for Asynchronous Transfer Mode (ATM) networking. As such, SONET is widely deployed in both the internal telco switching networks and the trunk networks owned by long-distance carriers. SONET is used in the enterprise environment mainly as the underlying transport for high-speed ATM wide area network (WAN) connections. SONET is a reliable WAN technology that typically provides better than five-nines (99.999 percent) uptime.

Implementation

SONET transmission is generally built from multiplexed DS-0, DS-1, or DS-3 digital signal channels. SONET employs optical time-division multiplexing (TDM) technologies to form a single Synchronous Transport Signal (STS) link that is demultiplexed at the receiving end. The basic SONET transmission rate is 87 bytes transmitted every 125 microseconds, and these SONET frames are transmitted whether or not payload (data) is present. As a result, SONET tends to be somewhat wasteful of bandwidth, with utilizations in access networks often below 5 percent and in ATM backbones below 30 percent. SONET frames expand in size as the speed increases, with 16,704-byte frames being employed for OC-192 circuits. SONET transports local area network (LAN) traffic such as Gigabit Ethernet (GbE) frames by encapsulating them within SONET frames.

SONET capacity is measured in optical carrier (OC) units. A standard Synchronous Transport Signal (STS) SONET channel is equivalent to one OC unit and consists of 810 multiplexed 64 kilobit-per-second (Kbps) DS0 circuits forming a total capacity of 51.84 megabits per second (Mbps). Of these 810 circuits, 783 are used for payload and 27 are used for framing, error correction, format identification, and other forms of protocol overhead. The table below shows some of the currently defined SONET speeds.

SONET is usually implemented in telco networks as a dual-ring topology in order to provide redundancy and fault tolerance. One ring is the active ring and carries traffic in one direction only. The backup ring remains inactive unless a break in the primary ring occurs, in which case the backup ring takes over and carries traffic in the opposite direction. SONET rings utilize a self-healing technology called Automatic Protection Switching (APS) that can detect when the active ring is broken and switch traffic to the backup ring within 50 milliseconds.

Issues

Because SONET was originally designed as a circuit- switched TDM communications technology, it is ill- suited to carrying packet data and wasteful of bandwidth when used for this purpose. SONET was designed for carrying voice, a form of traffic that is highly sensitive to latency and jitter, and not packet data, which can tolerate high degrees of variation and delay.

SONET is also complex and expensive to deploy, which is why its implementation has been limited to telco networks. Due to the large installed base of telco SONET equipment, SONET is likely to remain around for many years despite the emergence of optical Ethernet in the metropolitan area network (MAN) as a viable alternative. SONET's main advantage over Gigabit Ethernet (GbE) and emerging 10 Gigabit Ethernet (10GbE) technologies is that it can transport data over much longer distances than these newer technologies can. Even if local exchange carriers (LECs) eventually migrate their systems entirely to 10GbE, SONET is likely to remain the technology of choice for inter-exchange carriers (IXCs) to carry data on their long-haul trunk lines.

Prospects

The trend with many carriers is to abandon SONET entirely except for use as a common communications interface passing traffic off to other carriers. Some newer carriers such as Yipes Communications are pursuing this route, using GbE instead of SONET within the remaining portion of their MANs.

A new SONET technology called resilient packet ring (RPR) enables SONET to simultaneously utilize both rings in a standard dual-ring system. If one ring fails, all traffic is routed to the remaining ring.

See Also American National Standards Institute (ANSI) ,Asynchronous Transfer Mode (ATM) ,DS-0 ,Gigabit Ethernet (GbE) ,inter-exchange carrier (IXC) ,local exchange carrier (LEC) ,multiplexing ,optical carrier (OC-x) level ,Public Switched Telephone Network (PSTN) ,resilient packet ring (RPR) ,telco ,wide area network (WAN)

synchronous transmission

Serial transmission in which the sending and receiving nodes are synchronized together by a timing signal.

Overview

Synchronous transmission is a form of serial transmission that uses clocking circuitry at both the transmitting station and the receiving station to ensure that communication is synchronized. This is in contrast to asynchronous transmission, in which start and stop bits are added to the beginning and end of each frame. Synchronous transmission is used in digital modems such as Integrated Services Digital Network (ISDN) terminal adapters, Channel Service Unit/Data Service Units (CSU/DSUs) for T-carrier services, and similar telecommunications services. Synchronous transmission interfaces are generally about 20 percent faster and somewhat more reliable than comparable asynchronous interfaces.

Implementation

Devices that communicate with each other synchronously use either separate clocking channels to ensure synchronization between them or some kind of special signal code embedded in the signal for self-clocking purposes. Separate clocking lines are generally used when the distance between the data terminal equipment (DTE) and data communications equipment (DCE) is fairly short. Typically, the receiving station (such as a modem, a common form of DCE) provides the clocking signal to the transmitting station (usually a computer or a terminal).

The alternative is to use signal preamble, a special group of bytes (usually 8 bytes) called a SYNC signal that alerts the receiver that data is coming, synchronizes the clocks at the two devices, and starts the transmission. Special predefined voltage transition patterns familiar to both the transmitting and receiving stations are contained within the signal and are used to maintain synchronization between the devices. The receiver must extract this embedded information from the signal and use it to maintain synchronization between it and the transmitting station.

See Also asynchronous transmission ,

SYN flooding

Also known as SYN attack, a popular form of denial of service (DoS) attack.

See Also SYN attack

system access control list (SACL)

A form of access control list (ACL) used by Microsoft Windows 2000 and Windows .NET Server for security control.

Overview

System access control lists (SACLs) are used for establishing systemwide security policies for actions such as logging or auditing resource access. SACLs should not be confused with the more familiar discretionary access control lists (DACLs) used by Windows 2000 and Windows .NET Server to control access to Active Directory directory service and NTFS file system (NTFS) objects by users and groups.

The SACL attached to a system, directory, or file object specifies

• Which security principals (users, groups, computers) should be audited when accessing the object

• Which access events should be audited for these principals

• Whether a Success or Failure attribute is generated for an access event, depending on the permissions granted in the DACL for the object

See Also access control ,access control list (ACL) ,discretionary access control list (DACL)

system group

Another name for special identity, a special group account in Microsoft Windows 2000 whose membership is controlled by the operating system itself, not by administrators or individual users.

See Also special identity

system log

A log in Microsoft Windows NT, Windows 2000, Windows XP, and Windows .NET Server that records events generated by the operating system.

Overview

Events logged in the system log mainly consist of information about services starting, stopping, or failing and about system device drivers that fail. Administrators cannot alter the type of information logged in the system log. You can view and manage the system log by using the administrative tool Event Viewer.

The following are three types of events that can be logged to the system log:

• Errors: Identified by a white X in a red circle; indicates a significant problem that might have caused data loss or the loss of some aspect of system functionality (for example, a service failing to start properly)

• Warnings: Identified by an exclamation mark in a yellow triangle; indicates a problem that might not be critical but might have an impact later (such as low disk space)

• Information: Identified by a blue letter i in a speech balloon; indicates a significant but harmless event such as a service starting or device driver initializing

See Also application log ,

system partition

The partition on which Microsoft Windows 2000 and Windows .NET Server install hardware-specific files that are needed to start the operating system.

Overview

The files installed on the system partition include the boot loader file (ntldr), the hardware detector file (Ntdetect.com), and the Boot.ini file. The system partition is different from the boot partition, which contains the actual Windows 2000 operating system files and supporting files. During the boot process, the code in the Master Boot Record (MBR) locates the system partition by scanning the partition table.

The system partition must be on the first physical hard disk of the machine and must be an active partition (and hence a primary partition). In a default Windows 2000 installation, both the system partition and boot partition are on the C: drive.

See Also boot partition

system policy

A file that applies a set of rules to a Microsoft Windows NT computer or set of computers to restrict what users or groups of users can see and do on their workstations.

Overview

System policies are included as an administrative feature on the Windows NT operating system platform for helping administrators lock down the desktop configuration of Microsoft Windows NT Workstation, Windows 98, and Windows 95 clients. On the Windows 2000 and Windows .NET Server platforms, a more advanced feature called Group Policy is implemented, which is integrated with Active Directory directory service.

System policies work by overwriting specific registry keys on the computers they are applied to. To apply a system policy to computers in a Windows NT domain, put the Ntconfig.pol file in the NetLogon Share on the primary domain controller (PDC) and use the Directory Replicator Service to replicate the file to other domain controllers. When users log on to the network, the system policy file is downloaded and applied to their Windows NT workstations.

You can create system policy files for Windows NT Workstation clients by using the administrative tool System Policy Editor. A system policy file created this way is usually named Ntconfig.pol.

Notes

If users have Windows 95 or Windows 98 clients, use Poledit.exe to create a Config.pol file and place this in the NetLogon Share, as just described. System policy files created for Windows 95 and Windows 98 clients are usually named Config.pol. If you have a mix of Windows NT, Windows 95, and Windows 98 clients on the network, you must create both an Ntconfig.pol file and a Config.pol file and store them in the NetLogon Share on the PDC.

See Also Group Policy

Systems Management Server (SMS)

A server application from Microsoft Corporation for managing an organization's networked computers.

Overview

Microsoft Systems Management Server (SMS) lets network administrators

• Manage their hardware and software assets

• Distribute new software from a central location

• Manage shared applications loaded from network servers

• Perform network protocol analysis for planning and troubleshooting purposes

• Perform remote troubleshooting and remotely control individual PCs

For example, you can use SMS to determine which computers need updated drivers, which have sufficient free disk space to run new applications, or how many copies of Microsoft Office are installed in your organization. This simplifies maintenance and upgrading tasks for network administrators.

Using SMS, you can also manage, install, and control server-based applications from a central location. You can perform network protocol analysis to locate and resolve bottlenecks on your network. Using the administrative tools of the Microsoft Windows NT operating system, administrators have a single, consistent administrative environment for managing their network assets.

SMS organizes a company's network assets into hierarchical logical groupings of computers and domains called sites. Using the top site, an administrator can centrally manage the entire network. Sites can be designed so that sites without administrators can be managed by sites with administrators. This logical structure is scalable-as your company grows and your needs change, you can add sites and structure.

A typical SMS enterprise deployment might consist of the following tiers:

• A central SMS machine linked to a computer running Microsoft SQL Server that hosts the corporate inventory database, which includes centralized hardware and software inventory information on all your networked computers.

• Primary SMS servers for sharing the load of distribution to the logon servers. These are located so that the majority of network traffic generated by SMS is on local segments.

• Local area network (LAN) servers such as Windows NT and Windows 2000 domain controllers, file and print servers, and application servers.

• Clients such as Windows NT, Windows 2000, Windows 98, or Windows 95.

Software is distributed down the hierarchy, and inventory information is passed up the hierarchy. At each SMS site, inventory information is collected and forwarded to the site above it. Thus, the SMS database at the top site has complete inventory information for the entire network. From this top site, you can use the Systems Management Server Administrator program to query and view the inventory database for hardware, software, and configuration information about any computer on your network. Queries can be specific-for example, you can determine which computers in your network have Pentium processors or which systems have Office installed.

You can also use SMS to distribute and install software on clients and servers on your network, and you can schedule software distribution to minimize the impact on your system. The Systems Management Server Administrator program can

• Send software from one site to another.

• Move software to selected servers called distribution servers. Users can then access and install the software on their clients from these servers.

• Set up and configure network applications on servers for shared use by groups of users. SMS automatically creates a program item for the network application on users' computers.

• Install and configure software on clients and servers.

The following additional features of SMS 2 make it easy to use:

• Integrated setup with SQL Server

• Enhanced administration using wizards, taskpads, and Microsoft Management Console (MMC)

• Context-sensitive Hypertext Markup Language (HTML)-based help

• A nonintrusive 32-bit agent client that is invisible to the user except when distribution packages are available

• A status system that provides a common reporting mechanism for all components

• Support for the Common Information Model (CIM) specification

• Dynamic, discovery-based software inventory mechanisms

• The Network Topology Tracing Tool, which provides a graphical display of the network routes between servers within a site, including infrastructure devices such as routers and hubs

• Dynamic distribution lists for sending software to users automatically when they join a group

For More Information

Visit www.microsoft.com/smsmgmt.

Systems Network Architecture (SNA)

A set of IBM mainframe networking standards and protocols introduced in 1974.

Overview

Systems Network Architecture (SNA) includes services for configuring and managing system resources within an IBM mainframe networking environment. SNA originally defined a centralized architecture with mainframe hosts controlling terminals, but it has also been adapted for peer-to-peer communication and distributed client/server computing environments.

Architecture

SNA has seven protocol layers and is similar but not identical to the Open Systems Interconnection (OSI) reference model, whose development it influenced. The SNA protocol suite includes the following:

• Synchronous Data Link Control (SDLC) protocol: For data-link layer control of the flow of frames within an SNA network. SNA also supports IEEE 802.5 and 802.2 token passing with Logical Link Control (LLC).

• Network Control Program (NCP): For routing, segmentation, and framing functions. NCP usually runs on the host or on the front-end processor.

• Virtual Telecommunications Access Method (VTAM): For sequencing, flow control, error recovery, and session management functions. You use VTAM to implement Network Accessible Units (NAUs), which control the flow of data, in an SNA network.

• Advanced Peer-to-Peer Networking (APPN): Enables SNA connections between two hosts, such as a PC host accessing an application running on a mainframe host using Advanced Program-to- Program Communications (APPC) sessions. You use APPN to implement Physical Units (PUs) and Logical Units (LUs), which are forms of NAUs that control communication processes for hosts and terminals. LUs represent SNA end nodes such as connections by users or applications, and two LUs communicate by using associated PUs, which are hardware devices or terminals. A number of types of LUs and PUs are used in an SNA networking environment.

• NetView: A network management program for configuring, controlling, troubleshooting, and usage accounting of SNA networks.

Before data can be transferred over SNA, a session must be established between an LU on the client and an LU on the host. For example, a Microsoft Windows NT- or Windows 2000-based server running Microsoft Host Integration Server can connect to a mainframe host by using SNA. Host Integration Server provides connectivity between Windows and SNA environments by providing an SNA gateway running on a Windows NT-, Windows 2000-, or Windows .NET-based server. Windows clients can then connect to the SNA mainframe host by going through the Host Integration Server gateway. By using LU 6.2, which is a peer-to-peer protocol, the Windows NT-based server running Host Integration Server or the mainframe host can initiate the user session. Clients on a Windows NT- or Windows 2000-based network can then access data stored on the host, including data stored in structured or unstructured AS/400 or Virtual Storage Access Method (VSAM) files, DB2 database tables, and transaction processing monitors.

Notes

Non-SNA architectures such as Token Ring networks can interface with SNA networks using Service Points (SPs).

See Also Advanced Peer-to-Peer Networking (APPN) , Open Systems Interconnection (OSI) reference model ,

SYSVOL share

An administrative share on Active Directory directory service-based installations of Microsoft Windows 2000 and Windows .NET Server.

Overview

The SYSVOL share is a shared directory on a domain controller on Windows 2000- and Windows .NET Server-based networks that contains the server's copy of the domain public files, such as group policy objects and scripts for the current domain and the entire enterprise. The contents of this share are replicated to all domain controllers in the Windows 2000 domain. The default path for the SYSVOL share is \%System_Root%\Sysvol\SYSVOL.

Notes

The SYSVOL share must be on an NTFS file system (NTFS) 5 volume because Active Directory uses the journaling function of NTFS 5 to track replication updates.

Microsoft Encyclopedia of Networking

ISBN: 0735613788
EAN: 2147483647

Year: 2002
Pages: 36

Authors: Mitch Tulloch, Ingrid Tulloch

BUY ON AMAZON