Glossary

Uses the same algorithm as standard DES, but increases the key space by encrypting, decrypting , and then encrypting the data again, using different keys in an effort to prevent a brute-force attack. 3DES leverages all the security of DES while effectively lengthening the key.

The ethernet specification for thin coaxial cable, which transmits signals at 10Mbps (megabits per second), with a distance limit of 185 meters per segment without using a repeater. The 10 in the media type designation refers to the transmission speed in Mbps. The Base refers to baseband signaling. The last number varies for different media types. A T , for examples, means "twisted-pair cable," and F stands for "fiber- optic cable."

Numbers such as 2, 5, and 36 represent coaxial cable segment lengths. The 185-meter length in 10Base2 has been rounded up to 2 for 200, but it's actually only 185 meters. 10Base2 is also known as thin ethernet, ThinNet, or Cheapernet; it uses RG-58 coaxial cable in a bus topology.

The ethernet specification for thick coaxial cable, which transmits signals at 10Mbps, with a distance limit of 500 meters per segment without using a repeater. Also known as thick ethernet or ThickNet, 10Base5 uses RG-8 coaxial cable in a bus topology.

The ethernet specification for fiber-optic cable, which transmits signals at 10Mbps, with a distance limit of 1,000 meters per segment without using a repeater.

The ethernet specification for Fast Ethernet. There are three types of physical wiring that can carry signals: 100BaseT4 (four pairs of telephone twisted-pair wire), 100BaseTX (two pairs of data-grade twisted-pair wire), and 100BaseFX (a two- strand fiber-optic cable).

This 100Mbps Fast Ethernet physical layer specification uses Category 3 unshielded twisted-pair (UTP) cable in a star topology. (For the most part, Category 5 UTP cable is now used as part of the 100BaseTX specification.) 100BaseT4 has a maximum segment length of 100 meters, without using repeaters.

This 100Mbps Fast Ethernet physical layer specification uses Category 5 or better UTP cable in a star topology, with a maximum segment length of 100 meters without using repeaters. 100BaseTX uses only two pairs of wires in the cable because the specification insists on high-quality Category 5 cable.

The interfacing between a user , program, service, or another computer system and an object, usually a computer, a network resource, or a device attached to the computer, that results in the transfer of data.

Permissions such as Read and Write that can be set to allow or deny for users and groups. Access permissions, sometimes referred to as "access rights," can be set for files, folders, system and domain objects, and network resources.

Contains security information for a logon session for a user or a service. Access tokens are created when a user logs on to identify the user, the user's groups, and the user's privileges, and every process that takes place on a network on behalf of the user has a copy of the token. Network resources use the access token to control access rights of users, groups, or services. Access tokens also refer to smart cards; a user enters a password first and then the token displays a constantly changing ID code (set to a specific timeframe, such as every 240 seconds) that can be used to log in to a network at that particular time.

Tracking user activity, such as the length of the session, the services that were used, and the amount of data transferred during the session for trend analysis, audit comparisons, capacity planning, and other similar uses.

The principle of tracing specific actions to a specific user or users by using identification and authorization techniques to track, monitor, and log user actions on a system or within an environment.

An entry in an Access Control List (ACL) that designates the access rights that are allowed or denied for Discretionary ACLs or that are audited for System ACLs.

A list of security settings configured by the user or group . An ACL is set by ACEs that can be applied to folders, files, objects, or anything else having a security descriptor. There are two main types of ACLs: Discretionary ACLs and System ACLs.

Used to gather a specific set of users for nonsecurity- related functions. Sending email messages to a distribution group is a primary example. You cannot use distribution groups to assign rights and permissions.

Used to gather a specific set of users to assign access rights and permissions via the group, instead of individually to each user object. You can also use security groups as email distribution lists.

The default account name for the main system management account in Windows NT, 2000, and 2003 operating systems. The ROOT account is the default account name for the main system management account in Unix systems.

Anycast communications are designed to facilitate sending data and information from a single sender to the nearest of several target hosts under IPv6. Anycast communication is most often used when a single system is used to update information for many other systems. For example, a single router might be used to communicate routing updates to other routers.

APIPA is available on Windows 98, Windows Me, Windows 2000, Windows XP, and the Windows Server 2003. If a DHCP client doesn't receive any responses to its DHCPDISCOVER broadcast, it continues to make attempts to lease an address by retransmitting the message at varying intervals. If there is still no response, APIPA-aware clients can automatically configure IP addresses and subnet masks by using a selected address from the Microsoft-reserved Class B network, 169.254.0.0, with the subnet mask 255.255.0.0.

Network traffic is filtered in and out of a network based on application-level parameters at the router, gateway, or firewall. Network filtering increases network security and limits the type of traffic allowed to pass in either direction.

This layer, used by applications written to run over the network, allows access to network services that support those applications. Protocols normally found at this level are HTTP, S-HTTP or HTTPS, FTP, TFTP, SMTP, POP3, IMAP4, Network Time Protocol (NTP), DHCP, and SNMP.

This is the TCP/IP protocol that resolves IP addresses of computers on a LAN to MAC addresses. ARP is also a command-line utility used to display the IP-to-physical (MAC) address translation tables that the ARP protocol uses. You can also use ARP to set manual and static entries in the table.

In this process, credentials are presented and challenged when users or systems need to provide something, such as a smart card or a password, to prove that they are who they claim to be in the identification process. The main means of user authentication are access passwords (something the user knows ), access tokens (something the user owns, such as a keycard), and biometrics (something that is part of the user, such as a fingerprint or voice print). Any combination of these three means can be required for authentication, depending on the rules of the local network and the system.

Authorization is the level of access granted to users or systems and specifies what they are allowed to do with that access. Authorization is limited via file and data owners, the principle of least privilege, and the separation of duties and responsibilities. File and data owners are people responsible for managing and sustaining applicable rights and permissions for network resources. Authorization occurs after a user's or system's identification has been acknowledged and verified through authentication.

The process of making certain that systems and data are available to permitted personnel in a timely manner.

The process of duplicating data for storage, archival, and restoration. For Windows systems and in NTBackup, there are five different types of backups : normal, copy, daily, incremental, and differential.

A networked system on the public side of the DMZ that is not protected by a firewall or filtering router. Firewalls and routers can be considered bastion hosts, as can mail servers, DNS servers, Web servers, and FTP servers, for example. These systems are sometimes configured as a honeypot to deliberately provide hackers a target to hit and can be used to track and monitor attempted break-ins.

An Internet protocol that enables a diskless workstation to discover its own IP address, the IP address of a BOOTP server on the network, and a file to be loaded into memory to boot the machine. This is how workstations without a hard drive usually start up.

An OSI Layer 2 (Data Link) network device that is deployed to connect two LANs of similar topologies. Bridges and other Layer 2 devices, such as Layer 2 switches, form the boundaries of collision domains. All network devices that are interconnected by bridges are part of the same broadcast domain. Bridges simply forward packets without analyzing and rerouting messages, so they are protocol independent.

A type of general traffic, usually limited to a subnet. A client system sends out special broadcast frames to all available hosts at the same time. The frames are designed so that every host in the subnet receives the announcement, as no one client is specifically designated to receive the message. Broadcast messages are often used to advertise a network service, for name resolution, and other similar uses.

Network segments in which all devices on those segments can hear broadcast and multicast messages. Broadcast and multicast frames are found at Layer 3 of the OSI model, so devices such as Layer 2 switches and bridges simply pass these packets along. To create borders for broadcast domains so that you can segment which network devices hear broadcast messages, you need to use a Layer 3 switch or a router that operates at the Network layer.

A network device that functions as a router and a bridge. Brouters understand how to route specific types of packets, such as TCP/IP packets. Any other packets they receive are simply forwarded to other networks connected to the device.

A type of attack in which every possible key or username/password combination is attempted until the key or username/password combination is guessed.

In this attack on the buffer (a predetermined area of memory that holds data for processing), the data sent to the buffer is too large for it to handle. Depending on the error-handling routine of the program where the buffer overflow is occurring, the extra data could result in an output error (the correct response to this type of action, intentional or not) or the system becoming unstable and crashing. The excess data might also overwrite legitimate data in the adjacent space and allow the data sent to the buffer to overwrite and change the return address of a function call; this could even allow the attacker to run malicious code.

A trusted organization (often a third-party body) that issues digital certificates used to create digital signatures and public-private key pairs. A CA guarantees that the party granted the unique certificate is, in fact, who it claims to be. Certificates are the digitally signed documents that match public key pairs and guarantee that the public key belongs to the party that presents it.

A challenge-response authentication protocol that uses the MD5 one-way encryption scheme to encrypt the response. Remote access servers return a challenge to potential clients in the form of a session identifier and an arbitrary challenge string. The remote access client then sends a response containing the username and a one-way encryption of the challenge string, the session identifier, and the password. The remote access server checks the response and allows the connection if all the information supplied is valid.

CIDR was once referred to as "supernetting," but today CIDR (pronounced "cider") is the common term for a way to allocate and specify Internet addresses that client systems use, outside the standard IP address class ranges. An example of a CIDR IP address is 201.77.181.0/20; the 201.77.181.0 is the network address and the 20 means that the first 20 bits of the entire address are the network portion. CIDR allows using the last 12 bits for host addressing. Although CIDR is supported by the Border Gateway Protocol, Exterior Gateway Protocol, and Routing Information Protocol do not support CIDR.

This command-line utility displays or alters the encryption state of data on NTFS partitions. Cipher is used with EFS.

Enables inspection of networked sessions between systems, instead of inspecting the connections or the transmitted packets. Circuit-level filtering increases network security and limits the type of traffic allowed to pass in either direction.

A network segment in which all devices on the segment can "hear" when a collision happens. If a network design includes a switch at one end and a bridge at the other, for example, all hosts between those two network devices are considered part of a single collision domain. Devices beyond the Layer 2 switch and bridge typically belong to a different collision domain.

This backup option backs up all selected files and folders that do not rely on the archive bit. This process is similar to normal or full backups ”it simply backs up everything selected. The difference is that the copy backup does not reset the archive bit during the backup process, as in a normal backup. If you need to back up files and folders and do not want to affect other backup types by resetting the archive bit, a copy backup is the best option.

Protecting information by encrypting it into an unreadable format ( ciphertext ), so that only specific key holders can decipher (decrypt) the message into a readable text format.

This access, defined in the IEEE 802.11 standard, minimizes collisions caused by simultaneous transmissions on the network.

This protocol, part of the IEEE 802.3 standard, is used by network devices for carrier transmission access on ethernet networks. Each device uses CSMA/CD to sense whether the line is available for use or whether traffic is present. When nodes believe the line is available, they begin their transmissions. If another node tries to send at the same time, a collision occurs, and data frames from both nodes are discarded. Each node then waits a random amount of time and retries until it's successful.

A hardware device that converts digital data frames from the communications technology used on a LAN into frames appropriate for a WAN, and vice versa.

This set of controls allow the data or resource owner to specify who can access certain resources; access is restricted via a permission structure set for users. The most common implementation of DAC is Access Control Lists (ACLs).

This backup option does not rely on or reset the archive bit. It is used to back up all selected files and folders that have changed during that day.

This layer handles moving data across a physical link in a network. It contains two sublayers , Media Access Control (MAC) and Logical Link Control (LLC), that are described in the IEEE-802 LAN standards.

A 64-bit block cipher using a 56-bit key (originally used a 128-bit key). Developed by IBM, DES was formally selected as the U.S. government's standard encryption algorithm and quickly became the most widely used symmetric encryption algorithm by the National Security Agency (NSA). DES is no longer secure enough to use on sensitive data, however, so 3DES is recommended. Although the DES algorithm hasn't been cracked, the increased computing power available to hackers means that keys could be found by brute-force attacks within a matter of hours and at a lower cost than before.

This protocol is used to dynamically assign IP addresses to clients from a pool of addresses called a "scope." There are three different types of IP addressing: manual addressing, dynamic addressing, and Automatic Private IP Addressing (APIPA).

DHCP message type used by servers to acknowledge a client's acceptance of an offered IP address.

DHCP message type used by clients to reject an offered IP address.

DHCP message type used by clients to request configuration parameters from a DHCP server.

DHCP message type used by clients to obtain additional TCP/IP configuration parameters from a server.

DHCP message type used by servers to reject a client's acceptance of an offered IP address.

DHCP message type used by servers to offer IP addresses to requesting clients.

Relays DHCP and BOOTP messages between clients and servers on different subnets. The DHCP leasing process uses broadcast transmissions, which are limited to the subnet where they originated.

When a router running a DHCP relay agent receives broadcasts from DHCP clients, it relays them to DHCP servers on other networks.

DHCP message type used by clients to terminate an IP address lease.

DHCP message type used by clients to accept or renew an IP address assignment.

If a client on the network requires the same IP address at all times, a DHCP reservation can be configured to ensure that it always leases the same IP address from the DHCP server.

This backup option is normally used on a daily basis, between normal backups. It backs up only selected files and folders that have an archive bit set. During a differential backup, the archive bit is not reset (in other words, it is not turned off).

This security mechanism ensures a message's authenticity and integrity. A digital signature is generated by using a hash value, or message digest, of a document so that if the message is altered in any way, it no longer produces the same hash value from the same hash algorithm.

Used for company resources available to the Internet, such as Web servers and FTP servers, to separate that environment from the private, internal network. The DMZ is normally established between the Internet and an internal network's line of defense of firewalls, gateways, and proxy servers.

An attack in which a DNS server accepts and uses incorrect information from a host that has no authority to give that information. These spoofing attacks can cause security issues for DNS servers that are vulnerable to such attacks, and users who might be misdirected to other Web sites because of bogus zone data updates. Email servers could be affected, because their SRV and MX records used for email delivery could force email to be routed to nonauthorized mail servers, where attackers could collect it.

The core unit of the logical structure in Active Directory that can span one or more physical locations. All network objects exist within a domain, and each domain stores information only about the objects it contains. A Windows 2000 or 2003 domain is an administrator-defined logical grouping of computer systems, servers, and other networked resources that share a common directory database.

A grouping of domains that have a contiguous hierarchical namespace, connected by the default two-way transitive trust. The tree shares a common schema, configuration, and Global Catalog. Any child domains that are created have names that are combined with the name of the parent domain to form its DNS name.

This attack is generically defined as an attack against an organization in an effort to deny legitimate users access to that organization's resources. One example is an attack against a public Web site, in which an intentional flood of bogus connection requests (or any other type of traffic flooding) makes the service unavailable for legitimate users when they attempt to contact the site. A number of different types of attacks can be used as a DoS attack, such as buffer overflow attacks, SYN attacks, and viruses.

A simple firewall consisting of a host system with two NICs installed. The system is configured so that it does not route packets between the two connected networks. When a dual-homed gateway is used with a packet-filtering router placed at the Internet connection for additional security, it helps create a screened subnet that functions as a complete block to IP traffic between the Internet and an enterprise's intranet.

Supports additional authentication methods in PPP, such as tokens, one-time passwords, public key authentication using smart cards, certificates, and others.

Administrators use this utility to view system events, errors, service conditions, and other notable occurrences that are marked in a series of logs and kept on the local system. By default, three main logs are available for viewing in Event Viewer: System, Security, and Application. Five primary event types are logged in the Event Viewer: error, warning, information, success audit, and failure audit.

A segment of a company's intranet that has been intentionally made available to certain external entities in an effort to share and exchange data without making the entire intranet available.

A high-speed networking topology that runs at a rate of 100Mbps or faster. It is normally set up as a dual ring for redundancy, with the primary ring generally used for traffic and the secondary ring for backup. If the primary ring breaks down, the secondary ring reconfigures itself and flows in the opposite direction.

Hardware and software security implementations (sometimes a combination of both) designed to prevent unauthorized access to or from a private network. Firewalls are designed to limit the activity of allowed network traffic, such as firewalls that protect a DMZ or an intranet. There are several types of firewall techniques, including packet filters, application gateways, circuit-level gateways, and proxy servers.

A collection of one or more Active-Directory “based domains that share a common schema, configuration, and Global Catalog. If there is a single domain tree in the forest, it has a common domain namespace. Because there can be more than one domain tree in a forest, different domain trees have their own contiguous namespaces, but they still share a common schema, configuration, and Global Catalog.

A name resolution “to “IP address request that's used to locate a server's IP address so that when you enter http://www.examcram.com, for example, the name is resolved to its IP address. Forward lookup zones are required to be configured on DNS servers that are authoritative for a zone.

This protocol is used to transfer files from system to system.

In this data transmission configuration, two hosts on the same transmission medium can communicate at the same time when sending or receiving data. This configuration is much like the telephone: Both parties can speak and hear at the same time.

A gateway (sometimes called a "default gateway") is simply the default route from one subnet to other network locations on the LAN, WAN, or the Internet. Proxy servers and firewall servers that fully segment internal hosts on a network from the Internet are considered gateway devices.

A central repository of information for all objects in the domain. The Global Catalog contains a partial replica consisting of some information for all object attributes contained in the directory for every domain in the forest. The attributes most frequently used in queries are stored in the Global Catalog by default to ensure that it contains the information needed to determine the location of any object in the directory. For the local domain in which a Global Catalog server resides, the Global Catalog contains information for all objects in that domain.

An attempt to circumvent the security controls of a network or network host.

In this data transmission configuration, hosts on the same transmission medium can communicate only one at a time. This configuration is much like a walkie-talkie: Only one person at a time can speak while others on the same frequency listen. Whoever has the "speak and send" action at a certain point is the only one who can be heard on other walkie-talkies set to that frequency.

The process of optimizing a system's security configuration by "locking down" the underlying operating system by removing unneeded services and closing unused ports, for example.

Any system or network resource found on a network.

A manually updated text file on a local system used to map fully qualified domain names (FQDNs) to their IP addresses.

A code update (sometimes called a patch or a security update) that is normally released to correct a bug in a software product or to deploy a needed code upgrade to ensure system stability. Although hotfixes are normally associated with operating systems, the term is not exclusive to operating system patches and updates. Hotfixes are leased for browsers, for example, but Microsoft blurs the line between the operating system and the Internet Explorer browser.

An OSI Layer 1 (Physical layer) device used as a simple interconnect for a network's physical topology.

Used on a system-by-system basis to restrict the information communicated between the Internet and your system.

A message control and error-reporting protocol defined by RFC 792 that can be used between different hosts or between a host and a gateway or router. ICMP is used by utilities such as PING and TRACERT .

Used to connect one or more systems on a small network to the Internet through the NIC configured with ICS on one system. This allows the one system to have a direct connection to the Internet, and all the other systems can access the Internet via this one system.

The IEEE standard Logical Link Control provides Data Link layer support for NetBIOS when frames are being carried "on the wire" instead of being encapsulated in another protocol. When NetBIOS is used on token ring topologies, NetBIOS frames are mapped directly to the 802.2 frames, and the NetBIOS frame is contained in the information field of the 802.2 frame.

The IEEE standard Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications is a set of rules for determining how network devices respond when two devices have caused a collision by trying to use a single data channel at the same time. After a collision on the line has been detected , an IEEE 802.3 compatible device waits a random amount of time and then attempts to retransmit the message. If the node detects a collision again, it waits twice as long before trying to transmit the message again.

The IEEE standard Token-Passing Bus Access Method specifies an implementation of the Physical layer and the MAC sublayer of the Data Link layer. Token passing, based on the token bus LAN architecture, is used instead of a bus topology.

The IEEE standard Token Ring Access Method and Physical Layer Specifications. Token ring networks are widely used on a LAN (second only to ethernet); all computers are connected in a ring topology and use a token-passing scheme to prevent data collisions between nodes. The IEEE 802.5 token ring technology provides for data transfer rates of 4Mbps or 16Mbps. The token is an empty frame that continuously circulates on the ring until a node has a message to send. The node then inserts a token and the data and destination information in the empty frame. The frame is checked at each node. If a node sees that it is not the intended recipient, it simply ignores the data. If a node sees that it is the destination for the message, it copies the message from the frame and changes the token back to 0 to show that it has been accessed. When the frame gets back to the originating node, it sees that the token has been changed to 0 and the message has been copied and received. The originating node then removes the message from the frame.

The IEEE standard Wireless LAN Medium Access (MAC) and Physical Layer (PHY) Specifications details the standard method of wireless networked communications using the 2.4GHz microwave band designated for low-power unlicensed use by the FCC. Under the current specification, there are two different and incompatible methods of encoding: FHSS (Frequency Hopping Spread Spectrum) and DSSS (Direct Sequence Spread Spectrum), which allows Wired Equivalent Privacy encryption at the MAC (Media Access Control) layer. FHSS spreads the conversation across 75 1MHz subchannels , continually skipping between them. DSSS breaks the band into 14 overlapping 22MHz channels and uses one at a time.

IETF is a large, open , international community of network architects , operators, vendors , and researchers concerned with the architecture, evolution, and smooth operation of the global Internet. The IETF provides a forum for these working groups to coordinate technical development and selection of the Internet protocol suite (a collection of de facto standards). It was originally organized in 1986 as a forum for technical coordination by U.S. Department of Defense (DoD) contractors working on ARPANET and related DoD networks.

An Internet protocol that allows computers to report their multicast group membership status to local routers.

This backup option is normally used to back up only selected files and folders with an archive bit set; only the data that has changed is backed up. During an incremental backup, the archive bit is reset (turned off). When data is edited or changed after being backed up, the archive bit is turned on. This backup option makes nightly backups of incrementally changed data from the previous day faster, but it does data restores slightly longer.

All computer systems and servers interconnected on the public network infrastructure. Originally part of the U.S. government network of interconnected systems called Advanced Research Projects Agency Network (ARPANET), the original intention was to create a network of linked computer systems that could allow different research facilities to use available resources. The original design of the network still in place today was configured so that it could continue to operate (at a potentially reduced capacity) if parts of it were inaccessible because of a military attack or natural disaster.

A private network of LANs and WANs within an enterprise that is almost identical in nature and design to the public Internet, except that it's intended only for internal organizational use.

Defines the format of packets (datagrams) and how they are moved from one system to another. It also handles packet addressing so that data is sent to the correct host. IP is a connectionless protocol, responsible only for delivering data. A higher level protocol, such as TCP, is responsible for the connection between two systems and for reassembling the data on the receiving system in the correct order. IP functions at Layer 3 (Network layer) of the OSI model.

Command-line utility used to get the local system's basic IP configuration information, including the IP address, subnet mask, and default gateway. The IPCONFIG/all switch produces a detailed configuration report for all interfaces, including any configured remote access adapters.

A set of protocols that supports secure exchange of packets at the IP layer. IPSec in Transport mode ensures end-to-end security by authenticating and encrypting data flowing between two computers to enforce IPSec policies for traffic between systems. Transport mode, which is the default IPSec mode, can potentially support a secure connection with more than one other computer. Using IPSec in Tunnel mode authenticates and encrypts data flowing within an IP tunnel created between two routers. IPSec requires an IP address for each end of the tunnel, but this allows all traffic flowing through the tunnel to be encrypted, regardless of where it originated.

Connectionless networking protocol that functions at the Network layer of the OSI stack and relies on SPX for packet acknowledgment. IPX confirms that all packets have been received and requests retransmission when they haven't.

A DNS client query made to DNS servers. The server returns the best answer it can provide based on its cache or zone data. If that DNS server does not have an exact match for the client request, it provides a pointer to an authoritative server in another level of the domain namespace that can assist in answering the query.

The default authentication protocol on Windows operating systems (Windows 2000 runs on TCP port 88 and uses secret keys for encryption and authentication) used to authenticate requests for network resources. Kerberos verifies the user's identity and the integrity of the session data. The Kerberos service is installed on each domain controller, and a Kerberos client is installed on all computers running Windows 2000.

A network protocol that encapsulates PPP frames to be sent over IP, X.25, frame relay, or Asynchronous Transfer Mode (ATM) networks. L2TP can function as a tunneling protocol over the Internet when using IP, or it can be used in private LAN-to-LAN networking.

A local network of host systems and other network nodes that share a common local network communications line or other private network, such as a wireless setup. LANs are usually limited to privately owned network structures, such as locally owned ethernet or fiber networks, and can encompass many floors of a building or a number of buildings at a site.

An Internet standard protocol that identifies Directory Information Tree objects based on the X.500 naming convention. This convention uses the object class and the object's actual name.

A single-cable network design that terminates at both ends. A linear bus topology requires less cable than most other network topology deployments, and connecting devices is easy with this design.

A manually updated text file on a local system used to map NetBIOS names to their IP addresses.

A unique hardware-level network address that each network device has on its network card. A MAC address is also referred to as a Data Link Control (DLC) address.

A security hashing algorithm, in which a 128-bit key is used to encrypt passwords.

In this network design, devices are connected with multiple redundant interconnections between network nodes. In full mesh topologies, every node is connected to every other node in the network. In partial mesh topologies, some nodes are deployed as full mesh, but others are connected to only one or two other nodes in the network.

The term "metric" has many different uses. In network routing, it's a measure of cost used to calculate the next best route for packet delivery.

IETF standards RFC 1521 and 1522 spell out how an electronic message is organized.

Encrypts data in PPP and PPTP dial-up connections VPN connections.

Sometimes referred to as MS-CHAP version 1, MS-CHAP is a one-way, encrypted password authentication protocol. Servers using MS-CHAP as the authentication protocol can use MPPE to encrypt data to the client or server. MS-CHAP is enabled by default on Windows 2000 remote access servers.

Uses stronger initial data encryption keys and different encryption keys for sending and receiving. Windows 2000 dial-up and VPN connections can use MS-CHAP v2. Systems running Windows NT 4.0 and Windows 98 can use MS-CHAP v2 authentication for VPN connections only.

A special type of hub used in token ring networks that physically connects network nodes in a star topology, while retaining the logical ring structure required on a token ring network. One of the major problems with token ring topologies is that any single point of failure on the network can break the entire ring. The MSAU solves this problem because it can short out nonoperating nodes and maintain the ring structure.

Multicast communications are designed to facilitate sending data and information between a single host to any number of recipients on a specified network. Multicast traffic is often used for online virtual meetings, where content is streamed from one server to a number of connected host systems requesting the data.

The process of mapping external public IP addresses to internal private IP addresses. This mapping preserves the limited pool of publicly available IP addresses and protects the internal IP address scheme from public view.

NetBT Statistics ( NBTSTAT.exe ) is a command-line utility for troubleshooting network NetBIOS names over TCP/IP (NetBT) resolution problems from the command line. It displays protocol statistics and current TCP/IP connections that are using NetBT.

Used to access Novell NetWare file and print service functions via the underlying IPX or IP transport protocol.

NETSTAT.exe is a command-line utility used to display TCP/IP statistics and active connections to and from your computer. It includes an option to display the number of bytes sent and received and the number of network packets dropped (if any).

Responsible for a packet's complete journey from the system that created it to its final destination. This layer translates logical network addresses and names to their physical addresses. It is responsible for addressing, determining routes for sending, and managing network problems, such as packet switching, data congestion, and routing. If a router can't send data frames as large as the source node sends, the Network layer compensates by dividing the data into smaller units on the outgoing system. The Network layer on the receiving node reassembles the data. Protocols normally found at the Network layer are IP, ARP, RARP, ICMP, RIP, OSFP, IGMP, IPX, NWLink, NetBEUI, OSI, DDP, and DECnet.

The process by which the sender of data is given proof of delivery, and the receiver is assured of the sender's identity. Neither party can deny sending or receiving the data in question. Using digital signatures is one process that aims to ensure a message's authenticity and integrity and to provide nonrepudiation for that message.

Sometimes referred to as full backups, normal backups back up all selected files and folders. This backup type does not rely on the archive bit to determine which files to back up. It simply backs up everything selected, regardless of the archive setting. A normal backup clears any existing archive bits it finds and marks all backed up files as having been backed up. Normal backups are most efficient during the restoration process because the backed up files are the most current, and you do not need to restore multiple backup jobs. Their main drawback is the time it takes to perform the initial backup.

An ISO worldwide standard for communications that outlines a networking framework in seven layers. Sometimes referred to as the OSI Reference Model, the seven layers are listed in this order: Layer 1 is the Physical layer, Layer 2 is the Data Link layer, Layer 3 is the Network layer, Layer 4 is the Transport layer, Layer 5 is the Session layer, Layer 6 is the Presentation layer, and Layer 7 is the Application layer.

This link-state protocol is based on an algorithm that computes the shortest path between one host and the other hosts. OSPF is typically used in networks with more than 50 routers and multiple redundant paths and in networks where destinations might be farther than 14 hops away. When an OSPF router receives changes to known routes, it multicasts the updated information only to other hosts in the network so that all have the same routing table information. OSPF sends only updated routing information and communicates to other routers only when a change has taken place.

This container object is used in Active Directory to organize objects within a domain. An OU can contain objects such as user accounts, groups, computers, printers, applications, file shares, and other OUs from the same domain. The OU hierarchy within a domain is independent of the OU hierarchy structure of other domains. The OU is also the smallest unit in Active Directory to which permissions can be assigned.

A segment of data, broken down from a larger segment of data so that it can be successfully handled on a switched network and delivered properly. Sometimes referred to as a "datagram."

Enables inspection of all packets passed between systems in and out of a network at the router, gateway, or firewall. This filtering increases network security and limits the type of traffic allowed to pass in either direction. Packet-filtering firewalls are the easiest way to make use of this network security enhancement in most environments. These firewalls are installed at the gateway to the external network (normally the Internet). Network administrators can configure packet-filtering rules in the firewall so that protocols and IP addresses you want to keep out of the network can be filtered.

Uses clear-text passwords and provides almost no protection against unauthorized access. If the passwords match, the server grants access to the remote access client. This protocol, the least secure authentication protocol, is often used only when clients and servers cannot negotiate a more secure confirmation.

An attempt to obtain or crack the password key of a user account to compromise a system. This attack often uses password dictionaries, cracking programs, and password sniffers.

Uses a sniffer to capture passwords as they pass across a network. The type of network makes no difference ”it can be a LAN, a WAN, or the Internet itself. The sniffer could be a hardware device or a software package intentionally deployed or installed onto a LAN via a Trojan horse program.

This command-line utility can be used to show the route taken to reach a remote system. TRACERT can be used for the same purpose, but PATHPING offers more detail and functionality.

This MMC console has two preinstalled snap-ins: System Monitor, which collects real-time data about memory, disk, processor, network, and other activity in graph, histogram, or report form, and Performance Logs and Alerts, which collects performance data from local or remote systems. Administrators can configure these logs to record performance data and set system alerts to notify them when a specific counter indicates a value above or below a configurable threshold.

This command-line tool can be used to test your TCP/IP connection by sending a message to the remote node or gateway from a local system. (It can also be used to test the loopback locally to see whether it is working correctly.) If the remote node or gateway receives the message, it responds with a reply message. The reply consists of the remote node or gateway's IP address, the number of bytes in the message, how long it took to reply (given in milliseconds ), and the length of Time To Live (TTL) in seconds. The reply also shows any packet loss in terms of percentages.

A system of digital certificates, normally assigned by Certificate Authorities (CAs), that verify and authenticate the validity of each party involved in an Internet transaction. The best example is Internet commerce. When you buy from Company.com on its Internet site, the certificate assigned by a CA (normally a third party) is what verifies that the company is who it claims to be.

Used with split-horizon processing in an effort to improve RIP convergence by advertising all network IDs.

An extension of PPP that encapsulates PPP frames into IP datagrams for transmission over an IP internetwork, such as the Internet. PPTP uses a TCP connection for tunnel maintenance and encapsulated PPP frames for tunneled data that can be encrypted and compressed.

This principle means that users are given only the minimum level of access to network resources they need to perform their jobs.

A specification for transmitting data between two devices that defines error checking for the data and the type of compression to be used, if any. Protocols in use between two hosts also define the termination of an established connection after all the data has been sent.

Enables inspection of all protocols passed between systems in and out of a network at the router, gateway, or firewall. This inspection increases network security and limits the type of traffic allowed to pass in either direction.

This authentication service checks whether the supplied information (such as a username and password) is correct. After this information is verified, RADIUS normally allows access to the network.

A drive configuration of three or more drives in which data is written to all drives in equal amounts to spread the workload. For fault tolerance, parity information is added to the written data to allow for drive failure recovery. There are two different types of RAID: software and hardware. Hardware RAID is deployed on a computer system and controlled at a hardware level; it can be a controller card or other device that is independent of the operating system. With a software-based RAID solution, the operating system creates and stores the logical structure of drives in the array.

A service primarily associated with enabling users to log in to a LAN from a WAN or the Internet.

This command-line utility can be used to copy files to and from computers running the Remote Shell Daemon (RSHD) service. RCP uses TCP for connected, reliable delivery of data between the client and the host. It can be scripted in a batch file and does not require a password. The remote host must be running the RSHD service, and the user's username must be configured in the remote host's .rhosts file. RCP is one of the r-commands available on all Unix systems.

A DNS client makes a recursive DNS query to a DNS server, and the DNS server assumes the full workload and responsibility for providing a complete answer to the query. The server performs separate iterative queries to other servers (on behalf of the client) to assist in answering the recursive query.

An IP address resolution to a name request that is used when you want to find the domain name associated with an IP address. Reverse DNS lookup zones are not required to be configured on DNS servers that are authoritative for a zone.

This command-line utility is used to issue commands on remote hosts running the REXEC service. It authenticates the username on the remote host before carrying out the specified command.

A LAN topology in which all network nodes are connected to each other. Each device is connected directly to two other devices, until a closed loop is formed . Ring topology networks are commonly used in token ring environments.

Network routers use this protocol exchange routing information on IP or IPX networks. RIP routers maintain routing tables by using a distance vector routing algorithm to dynamically calculate the cost (metric) of each possible path and send that information in the form of announcements to other RIP routers. RIP version 1 uses IP broadcast packets for its announcement; RIP version 2 uses IP multicast packets for its announcements. In both versions, routers using RIP send all their current routing information, not just changes to the routes.

This command-line utility is used to define and configure network routing tables. Routes are specific paths that packets can use to travel from source to destination in an effort to establish communications on LANs and WANs.

This TCP/IP utility that runs from the command line enables clients to issue commands directly on remote hosts running the RSH service without having to log on to the remote host. RSH is one of the Unix r-commands available on all Unix systems.

An IPX protocol that network resources, such as file servers and print servers, use to advertise their addresses and the services they provide. Advertisements are sent via SAP every 60 seconds. Services are identified by a hexadecimal number, which is called a SAP identifier.

A host with a direct connection between a border router and the intranet. Screened hosts are often more flexible than a dual-homed gateway firewall.

A system of checks and balances in a security structure that ensures no one user can have sole control of anything in the system. For example, responsibilities can be divided so that one person orders equipment and another person authorizes purchases.

Data translation between the computer and the network format takes place at the Session layer, which establishes, maintains, and ends sessions across the network and manages who can transmit data at a certain time and for how long. Protocols found at the Session layer include NetBIOS, named pipes, mail slots, and RPC.

A high-security hashing algorithm, in which a 160-bit key is used to encrypt passwords.

A security protocol that works with HTTP to provide secure user authentication and data encryption services to Web client/server transactions.

One or more highly available, well-connected IP subnets created for replication traffic optimization and to make it easier for users to connect to a local domain controller for network connection, logon, and authentication functions, whenever possible.

Secure method of sending email that uses the Rivest-Shamir-Adleman encryption system.

A network management protocol used to gather information about network components with remote programs ( agents ) and Management Information Bases (MIBs). The resulting information is transmitted to a central network management console. SNMP operates by default on TCP port 161. (SNMP TRAP messages operate on TCP port 162.)

Unsolicited email or messages sent via the Internet.

An older, hardware-based, proprietary, two-way reversible encryption mechanism originally designed by Shiva Corporation ( acquired by Intel in February 1999). SPAP encrypts the password data sent between the client and server.

This route-advertising method prevents advertising routes in the same direction in which they were learned, which prevents routing loop situations.

A Unix-based command interface and protocol for securely accessing a remote computer. SSH is actually a suite of three utilities ” slogan , ssh , and scp ”that are secure versions of the earlier Unix utilities rlogin , rsh , and rcp . SSH commands are encrypted at both ends of the client/server connection. They are authenticated by using a digital certificate, and passwords are protected by being encrypted.

This protocol controls the security of a message transmission on an untrusted network, such as the Internet. TLS is the successor to the SSL, and although TLS and SSL do not work with each other, clients that support SSL can handle data sent with TLS.

In this physical network topology, data is passed through a hub or other routing device (such as a switch or router) before continuing to its intended destination. Each device is connected directly to the networked hardware device, not directly to one another on the cable. Star topologies are most common with twisted-pair cabling, but they can also be found in coaxial cable and fiber-optic cable networks. Token ring networks sometimes use a similar topology, called a "star-wired ring."

A numerical designation used to differentiate the network address portion of an IP address from the host portion. A standard Class C IP address is 200.111.35.7, and it uses a subnet mask of 255.255.255.0. The section of the subnet-masked information, designated by turning the bits "on" for the mask, is designed to hide the address portion that belongs to the network name. In this example, 255.255.255 is hiding 200.111.35; that means the host designation from the IP address is 7 and the network designation is 200.111.35.

Switches are found at two layers of the OSI model, depending on their make. Layer 2 switches work at the Data Link layer, that form the borders of a collision domain. Layer 3 switches work at the Network layer, which forms the borders of a broadcast domain. Generically, a switch is a network device that directly forwards incoming data to a specific output port that takes the data to its intended destination.

This system tool displays current summary information about programs currently running on the local system and some real-time performance information. It can also indicate the current status of programs that appear to have stopped responding to the system so that you can end those programs if needed.

This connection-oriented protocol is responsible for establishing network connections between hosts and for guaranteeing the delivery of data packets in the correct order. TCP, found at Layer 4 (Transport layer) of the OSI model, is responsible for breaking data down on the sending system so that it can be sent to a recipient system. On the receiving system, TCP is responsible for reassembling the data into the correct order.

TCP/IP is the communication protocol of the Internet and is the most often used communications protocol on private networks. It's primarily a point-to-point, client/server model of communication. Protocols related to TCP/IP include ICMP, Interior Gateway Protocol (IGP), Exterior Gateway Protocol (EGP), Border Gateway Protocol (BGP), HTTP, FTP, Telnet, and SMTP.

Made of up four 8-bit fields (octets), this address is 32 bits total. There are five IPv4 address types: A, B, C, D, and E. Class A ranges from 1 to 126 (127 is reserved for loopback testing and interprocess communication on the local computer; it is not a valid network address). Class B ranges from 128 to 191 (169.254.0.0 to 169.254.255.255 is reserved for APIPA). Class C ranges from 192 to 223. Class D ranges from 224 to 239. Class D addresses are used for multicast purposes and should not be assigned to hosts on a network. Class E ranges from 240 to 255. Class E addresses are reserved for special use and should not be assigned to hosts on a network.

Telnet is a terminal emulation program that enables user to perform commands on a remote computer from a command window.

A low-overhead version of FTP that can be used to transfer files between TCP/IP systems across a network.

Used in some authentication protocols (most commonly, Kerberos) that allow using cryptography with a secret key for client/server applications.

This protocol ensures privacy between systems over an untrusted network, such as the Internet. TLS ensures that no third party can eavesdrop, tamper with, or intercept data in transit. TLS is the successor to the SSL, and although TLS and SSL do not work with each other, clients that support SSL can handle data sent with TLS.

These devices store information about a user's level of access. Users then supply a password (something the user knows) along with the tokens to grant them their defined level of access.

This command-line diagnostic utility determines the route taken to a specific destination IP address by using ICMP Echo Request and Echo Reply messages. By using varying Time To Live (TTL) values in the IP header, packets time out at each successive router on the way to the destination. TRACERT uses the timeout error messages to display a list of the routers forming the path to the destination address.

This layer is responsible for packet handling as well as error and flow control. It helps manage the flow control of data between network nodes by dividing data into packets on the outgoing system. The Transport layer of the receiving node reassembles the message from packets and provides error checking to guarantee error-free data delivery and acknowledge successful transmissions. Protocols normally found at the Transport layer include TCP, SPX, NWLink, NetBIOS, NetBEUI, and ATP.

A connectionless communications protocol used to send data from one host to another. Unlike TCP, UDP does not divide the message into packets and reassemble them at the other end, and it doesn't provide packet sequencing.

A type of cable that consists of two unshielded wires twisted around each other. Because it's a very affordable cable type, UTP cabling is used extensively for networking.

VLANs are logical segmentations of LANs that allow network administrators to section off parts of networks without having to physically rewire them. This is most often done with networking equipment, such as ethernet switches that support VLAN technologies. Network administrators use the switches to create virtual network segments with a logical topology that's totally independent of the physical network topology.

A VLSM allows you to use different subnet address lengths so that a single IP address class can be divided outside the "normal" subnet mask range. The standard subnet mask for a Class C address is 255.255.255.0; however, you can also use 255.255.255.248 to create 32 subnets with 6 hosts per subnet.

VPNs are an extension of a private internal network over a public network, such as the Internet. The public network is used as the connection route, and data in transit is secured by using a tunneling protocol and encryption. Two common examples of tunneling protocols used with encryption are L2TP using IPSec encryption and PPTP using built-in MPPE encryption.

WANs are used to connect geographically dispersed LANs by way of public networks, such as leased lines (although these lines might be wholly owned by a company).

This specification for a set of communication protocols standardizes the way that wireless devices can be used for different levels of access to the Internet. The different WAP layers are Wireless Application Environment (WAE), Wireless Session Layer (WSL), Wireless Transport Layer Security (WTLS), and Wireless Transport Layer (WTP).

Previously assigned by Internet Assigned Numbers Authority (IANA) in the range of 0 to 1023. This task is now handled by Internet Corporation for Assigned Names and Numbers (ICANN). Well-known ports are those from 0 through 1023. Registered ports are those from 1024 through 49151. Dynamic and/or private ports are those from 49152 through 65535.

Used to create pages that can be delivered using WAP, in the same manner that HTML is used to create pages that can be delivered to your Web browser. Sometimes called Handheld Devices Markup Languages (HDML), WML allows the text portions of Web pages to be displayed on cell phones and personal digital assistants (PDAs) via wireless access.

This security layer for WAP was developed to address security issues for mobile network devices and wireless devices to provide authentication, data integrity, and privacy protection mechanisms.