Comptia Certmaster Practice For Network+

The Ethernet-type networks can be subdivided into several types of network. The IEEE 802.3 standard uses the following notation to indicate Ethernet type: x-BASE-y, where "x" indicates the data rate (in Mbps), "BASE" denotes that baseband transmission is used and "y" either describes the maximum media distance or the cable type. More recent standards define gigabit (1000BASE-Y) and 10 Gigabit (10GBASE-Y) speeds.

Punch-down cross-connect format offering high density (supporting up to 300 pairs). 110 wiring blocks are used for various applications. The 110 IDC format is used in most patch panels and wall jacks.

Transmits IPv6 traffic over IPv4 networks by mapping IPv4 addresses onto a special range of IPv6 prefixes.

is an authentication standard, developed to allow remote, wireless, and wired authentication to be centrally managed. A client device such as an access point passes authentication information to a RADIUS server on the wired network for validation. The authentication information could be a username and password or could employ smart cards or tokens.

A set of standards, published by the LAN/MAN Standards Committee of the Institute of Electrical and Electronics Engineers (IEEE), define technologies working at the physical and data link layers of the OSI model. These layers are subdivided into two sub-layers. The Logical Link Control (LLC) sub-layer is used with other, such as 802.3 and 802.11, which are conceived as operating at a Media Access Control (MAC) sublayer and the physical (PHY) layer.

This resource record performs the same function as an A record but for resolving a host name to an IPv6 address.

The principal stages of security control. A resource should be protected by all three types of controls.

A resource record used to resolve a host name to an IPv4 address. This is the most common type of record in a DNS zone.

In terms of network hierarchy, this layer allows end-user devices, such as computers, printers, and smartphones to connect to the network. It also prevents the attachment of unauthorized devices.

Some user accounts may be created to allow only temporary access (for guest users, contractors, temporary staff, and so on).

The permissions attached to or configured on a network resource, such as folder, file, or firewall. This list specifies which subjects (user accounts, host IP addresses, and so on) are allowed or denied access and the privileges given over the object (read only, read/write, and so on).

This sets out the steps you take to solve a problem.

The database that contains the users, groups, and computer accounts in a Windows Server domain.

The ability for new or changed services and applications to be accommodated with minimum disruption to the existing physical and logical topology. For example, if the customer wants to switch from a traditional telephone system to Voice-over-IP, the network will be able to accommodate this without requiring the installation of new cable.

In order to communicate on a network, each host must have an . Different protocols use different methods of addressing. For example, IPv4 uses a 32-bit binary number, typically expressed as a 4-part decimal number (dotted decimal notation) while IPv6 uses a 128-bit binary number expressed in hexadecimal. A routable scheme such as IP also provides identification for distinct networks as well as hosts.

Metric determining the trustworthiness of routes derived from different routing protocols.

Modern encryption suite providing symmetric encryption (the same key is used to encrypt and decrypt). is a very strong cipher with many applications, including being part of the WPA2 Wi-Fi encryption scheme.

A notification that is sent to an administrator if a network threshold is exceeded. These could be a low priority stating that something has been recorded in a log, or high priority notification via SMS or email or physical alarm.

Any defined method of performing a process but in encryption, the term specifically refers to the technique used to encrypt a message. The strength of an algorithm depends to a large extent on the size of its key (the code that enables a message to be encrypted or decrypted). A minimum key size of 2048 bits is considered secure by NIST. There are a number of in use for different types of encryption. Some of the main technologies are SHA-1 and MD5 (hash functions), 3DES, AES, RC (Rivest Cipher), IDEA, Blowfish/Twofish, and CAST (used for symmetric encryption [where the same key is used to encrypt and decrypt]), and Diffie-Hellman, RSA, ElGamal, and ECC (used for asymmetric encryption, where two linked keys are used).

A signal can be either or digital. An signal is characterized by a continually changing wave, while a digital signal has discrete states (for example, 1 or 0). Some devices still use signaling, as the wave form requires less capacity and can travel farther. However, most new technologies use digital signaling, to eliminate the need for conversion and to reduce the errors introduced by signaling.

The process of applying a subnet mask by converting both the IP address and subnet mask to binary, then combinging the two binary numbers, thus yielding the network number of that address.

Specially arranged metal wires that can send and receive radio signals. These are used for radio-based wireless networking. For WLANs, are small and short-range (~45m [150 feet] indoor range) and generally send and receive in all directions (omni-directional).

A pad used for standing or working on and designed to dissipate electrical charge in order to avoid damanging equipment.

A device worn around an individual's wrist and attached to a ground point to dissipate static charges more effectively and avoid equipment damage.

A low-power connectivity standard working in the 2.4 GHz range closely associated with fitness monitors and sensor equipment.

A transmission method in which data is sent from a server to the nearest host within a group.

Device that provides connectivity between wireless devices and a cabled network. with Internet connectivity located in public buildings (cafes, libraries, airports for instance) are often referred to as hotspots.

A library of programming utilities used, for example, to enable software developers to access functions of the TCP/IP network stack under a particular operating system.

was developed as a means for Windows clients configured to obtain an address automatically that could not contact a DHCP server to communicate on the local subnet. The host randomly selects an address from the range 169.254.0.1 - 169.254.254.255. This is also called a link-local address.

A stand-alone hardware firewall that performs the function of a firewall only. The functions of the firewall are implemented on the appliance firmware.

Software designed to run on a server to protect a particular application only (a web server firewall, for instance, or a firewall designed to protect an SQL Server database). This is a type of host-based firewall and would typically be deployed in addition to a network firewall.

OSI model layer providing support to applications requiring network services (file transfer, printing, email, databases, and so on).

If a user outlines multiple, separate issues during a single troubleshooting session, treat them each as separate problems and tackle on at a time. This may include filling out a separate support ticket.

When two systems communicate using TCP/IP, an IP address is used to identify the destination machine. The IP address must be mapped to a device (the network adapter's MAC address). This protocol performs the task of resolving an IP address to a hardware address. Each host caches known mappings in a table for a few minutes. It is also the name of a utility used to manage the cache.

The Address Resolution Protocol (ARP) maps IP addresses to network interfaces (MAC addresses). This is the process of injecting a false IP:MAC lookup into the victim's ARP cache. This can be used to perform a variety of attacks, including DoS, spoofing, and man-in-the-middle.

uses different keys (public and private; the keys are linked but the private key is not derivable from the public one). The most popular type of asymmetric cryptography (RSA) is based on the fact that factoring large numbers to discover whether they are prime (a number that is only divisible by itself and 1) is difficult. If there were a breakthrough in mathematics that made factoring large numbers less computationally intensive, the security of these cryptographic products would be broken. Elliptic Curve Cryptography (ECC) is a different means of creating key pairs such that it is easy to determine that the keys are linked but very difficult to determine one key from the other. The other advantage of ECC is that the algorithm is more efficient, allowing smaller keys to give the same level of security as larger RSA keys.

A WAN transfer protocol. The small size of the cells and their fixed length mean delays can be predictable so that time-sensitive data is readily accommodated

The degree of exposure a network or piece of software has to attack. For example, the more ports a server has open or the more features installed under an OS, the greater the likelihood of an attacker finding a vulnerability.

Degradation of a signal as it travels over media. This determines the maximum distance for a particular media type at a given bit rate.

This policy governs employees' use of company equipment

A means for a user to prove their identity to a computer system. is implemented as either something you know (a username and password), something you have (a smart card or key fob), or something you are (biometric information). Often, more than one method is employed (2- factor ).

A name server that holds complete records for a particular domain. This means that a record in the zone identifies the server as a name server for the domain.

Refers to an address that is leased permanently to a client. This is distinct from static allocation as the administrator does not pre-determine which particular IP address will be leased.

A fast link that connects the various segments of a network.

A remote administration utility providing a means of configuring a computer. Remote admin software may be installed intentionally, in which case it must be properly secured. These may also be installed by malware.

Recovery of data can be provided through the use of a backup system. Most systems provide support for tape devices. This provides a reasonably reliable and quick mechanism for copying critical data. Different types (full, incremental, or differential) balance media capacity, time required to , and time required to restore.

Generally used to refer to the amount of data that can be transferred through a connection over a given period. It more properly means the range of frequencies supported by transmission media, measured in Hertz.

Uses speed test sites, which are a web service that measures the bandwidth and latency of a visitor's Internet connection. Tests typically measure the data rate for the downloads and the upload data rate. These sites allow you to test your connection bandwidth and latency in a real world setting to see what the actual performance is.

This form of transmission uses the complete bandwidth of the media as a single transmission path. LAN signaling normally uses this transmission method.

The point from which something varies. A configuration is the original or recommended settings for a device while a performance is the originally measured throughput.

Also known as the symbol rate, this means the number of symbols per second transmitted in an analog signal (a symbol being some characteristic of the signal, such as a change in frequency or amplitude).

A means for a network node to advertise its presence and establish a link with other nodes, such as the management frame sent by an AP. Legitimate software and appliances do this but it is also associated with Remote Access Trojans (RAT) communicating with a Command & Control server.

Conserving IP addresses, improving network performance, and providing a more secure network environment.

designed to be used between routing domains, or Autonomous Systems (AS), and as such is used as the routing protocol on the Internet, primarily between ISPs. Autonomous systems are designed to hide the complexity of private networks from the public internet. Border (or edge) routers for each AS exchange only as much route information as is required to access other autonomous systems, rather than hosts within each AS. Autonomous System Numbers (ASN) are allocated to ISPs by IANA via the various regional registries.

A risk assessment will identify a range of threats and for each significant threat perform a to determine the likelihood of the threat exploiting a vulnerability and the cost to the business should a vulnerability be exposed.

a number system of base 2 where a digit can take any one of two different values (0 and 1). This is used whenever an on/off state is needed

Identifying features stored as digital data can be used to authenticate a user. Typical features used include facial pattern, iris, retina, or fingerprint pattern, and signature recognition. This requires the relevant scanning device, such as a fingerprint reader, and a database of information (template).

A means of mitigating DoS or intrusion attacks by dropping (discarding) traffic.

Short-range radio-based technology, the most used version of this working at up to 10m (30 feet) at up to 1 Mbps and used to connect peripherals (such as mice, keyboards, and printers) and for communication between two devices (such as a laptop and smartphone). The advantage of radio-based signals is that devices do not need line-of-sight, though the signals can still be blocked by thick walls and metal and can suffer from interference from other radio sources operating at the same frequency (2.4 GHz). A low energy version of this is designed for small battery-powered devices that transmit small amounts of data infrequently.

Twist and lock connector for coaxial cable

Using multiple network adapters for a single link for fault tolerance and load balancing. For Ethernet, this type of "adapter teaming" is defined in 802.3ad. 802.11n/ac Wi-Fi channels can also be to improve bandwidth.

TCP/IP protocol enabling a host to acquire IP configuration information from a server or download a configuration program using TFTP. is an earlier, simpler form of DHCP and also works over UDP port 67. Unlike DHCP, the configuration settings for each host must be manually configured on the server

A network of computers that have been compromised by Trojan/rootkit/worm malware. Providing this network can also subvert any firewalls between the controller (or herder) and the compromised computers (zombies) they can be remotely controlled and monitored using covert channels.

A point of poor performance that reduces the productivity of the whole network. This can occur because a device is underpowered or faulty, or because of a user behavior.

is used to describe data transfer speed - the higher the number, the higher the transmission speed.

A hardware device used to divide an overloaded network into separate segments. Intrasegment traffic (traffic between devices on the same segment) remains within this segment and cannot affect the other segments. This device works most efficiently if the amount of intersegment traffic (traffic between devices on different segments) is kept low. Segments on either side of the hardware are in separate collision domains but the same broadcast domain. The function of these devices is now typically performed by switches.

In a technical ense, a transmission that divides the available media bandwidth into a number of transmission paths or channels. WAN signaling generally uses this form of transmission and consequently the term is used generally to refer to 1 MBps+ Internet links such as DSL or cable.

A network or segment where any node connected to the network can directly transmit to any other node in the area without a central routing device. Microsegmentation does not stop broadcasts.

A packet sent to all hosts on the local network (or subnet). Routers do not ordinarily forward broadcast traffic. The address of IP is one where the host bits are all set to 1; at the MAC layer it is the address ff:ff:ff:ff:ff:ff.

frames that circulate the network perpetually, but at the data link layer. This issue may quickly consume all link bandwidth and crash network appliances.

This plan is designed to ensure that critical business functions demonstrate high availability and fault tolerance. Typically, this is achieved by allowing for redundancy in specifying resources. Examples include cluster services, RAID disk arrays, UPS. should not be limited to technical elements however; they should also consider employees, utilities, suppliers, and customers. Associated with business continuity is the disaster recovery plan, which sets out actions and responsibilities for foreseen and unforeseen critical incidents.

A linear network with all nodes attached directly to the main cable. The ends of themust be terminated so that the signal is absorbed once it has passed all of the connected devices. Signal transmission normally occurs in both directions from the source.

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data

A Internet connection is usually available along with a telephone/television service (Cable Access TV [CATV]). These networks are often described as as they combine a fiber optic core network with coax links to consumer premises equipment but are more simply just described as "cable". Consumers interface with the service via a cable "modem" (actually functioning more like a bridge).

Tool for stripping the cable jacket or wire insulation. Specialist tools are required to strip the various layers from fiber optic cable.

Troubleshooting devices designed to locate breaks in cable runs, faults in cable, and other problems with an installation (crosstalk, attenuation, noise, EMI, resistance, and so on). A is pre-programmed with the criteria of a particular wiring standard (TIA/EIA Cat 6 for example) and can test links against these criteria.

A name server that doesn't maintain a zone (primary or secondary). They often rely on forwarding to resolve queries for client resolvers.

A special type of memory optimized for searching rather than random access. The MAC address table is often also referred to as the table

A LAN that spreads over several buildings within the same overall area.

A web page or website to which a client is redirected before being granted full network access. This might allow limited network browsing, provide an authentication me

twisted pair cabling is rated by the ANSI/TIA/EIA "cat" standards for different Ethernet applications. Cat3 is rated for 10 Mbps applications at up to 100m, Cat5 for 100 Mbps and Cat5e and Cat6 for 1 Gbps. Cat6 and Cat6a are also rated for 10 Gbps at 55m and 100m respectively.

Method of multiplexing a communications channel using a code to key the modulation of a particular signal. This method is associated with Sprint and Verizon cellular phone networks.

Mobile telephony works through a series of base station transmitters (cells) that connect to the cellular and telephone networks. This network can be used for voice and data communications. Data communications are divided into 2G (GSM; up to about 14 Kbps), 2.5G (GPRS, HSCSD, and EDGE; up to about 48 Kbps), and 3G (WCDMA; up to about 2 Mbps).

A public key that has been certified by some agency, validating that the owner of the key is really who he or she says he or she is. This allows a sender to encrypt a message using the public key in the knowledge that only the recipient will be able to read it (using their linked private key). can also be used as proof of identity (for authentication or signing documents). Most are based on the X.509 standard though PGP web of trust are also popular.

This process ensures that planned changes are introduced effectively. A large part of this is documenting changes and informing users.will generally spark a new risk assessment process as the impact of the changes on the current security configuration needs to be assessed. Two key concepts are the submission of a Request for Change (RFC) and the Change Advisory Board (CAB), responsible for authorizing change. When a system or procedure is changed, it is vital to document the change, explaining who authorized and actioned it, why it was made, details of what was changed, and the date that the change was made.

Wi-Fi frequency bands are divided into multiple smaller to allow multiple networks to operate at the same location without interfering with one another.

Authentication scheme developed for dial-up networks that uses an encrypted three-way handshake to authenticate the client to the server. The challenge-response is repeated throughout the connection (though transparently to the user) to guard against replay attacks.

Confidentiality, Integrity, and Availability - the goals for providing a secure information management system.

Using network prefixes to aggregate routes to multiple network blocks ("supernetting"). This replaced the old method of assigning class-based IP addresses based on the network size.

A form of switching that establishes a temporary dedicated path between nodes. The telephone network (PSTN) uses this form of switching.

This class of addressses provides a small number of network addresses for networks with a large number of hosts per network. Originally designed for use only by extremely large networks, this class of addresses is too expensive for most organizations. The technical definition of this class of addresses is any address where the first octet (on the left) begins with a binary 0.

This class of addresses provides a balance between the number of network addresses and the number of hosts per network. Most organizations lease this class of addresses for use on networks that connect to the Internet. The technical definition of this class of addresses is any address where the first octet (on the left) begins with binary 10.

This class of addresses provides a large number of network addresses for networks with a small number of hosts per network. The technical definition of this class of addresses is any address where the first octet (on the left) begins with binary 110.

This class of addresses are set aside to support multicast transmissions. Any network can use them, regardless of the base network ID. The technical definition of this class of addresses is any address where the first octet (on the left) begins with binary 1110.

This class of addresses are set aside for research and experimentation. The technical definition of this class of addresses is any address where the first octet (on the left) begins with binary 1111.

In the early days of IP addressing, the network ID was determined automatically from the first octet of the address. When subnet masks were introduced, the "default" masks (255.0.0.0, 255.255.0.0, and 255.255.255.0) that corresponded to treating the first octet as classful were commonly described as "class A", "class B", and "class C" masks. The Internet no longer uses classful addressing but many LANs use the private IP address ranges and the default masks.

an addressing scheme whereby the concept of address classes and default masks is abandoned in favor of representing the address with an appropriately sized network prefix.

A network provides connectivity to file servers. Server is a model for providing network resources from a centrally controlled location. The server computer or application hosts the resource. A computer or application requests the resource from the server. You will require a for each type of server to which you have a connection - for example, Windows, NetWare, or Linux.

A TCP or UDP port number that rejects connections or ignores all packets directed at it.

Any environment where software (Software as a Service and Platform as a Service) or computer/network resources (Infrastructure as a Service and Network as a Service) are provided to an end user who has no knowledge of or responsibility for how the service is provided. These services provide elasticity of resources and pay-per-use charging models. These service access arrangements can be public, hosted private, or private (this type of cloud could be onsite or offsite relative to the other business units).

This resource record is used to represent an alias for a host (A or AAAA)

This type of cable is formed from two separate conductors that share a common axis. The outer conductor, a wire mesh, is isolated from the inner conductor, a copper wire, by plastic insulation

A device used to provide remote access to the command-line interface of multiple switch and/or router appliances.

A software application or gateway that filters client requests for various types of internet content (web, FTP, IM, and so on). The software can work on the basis of keywords, URLs, time of day/total browsing time, and so on.

a system, each network device competes with the other connected devices for use of the transmission media. based systems require a set of protocols that reduce the possibility of data collisions, since if the devices compete and simultaneously send data packets, neither packet will reach its intended destination.

The process whereby routers agree on routes through the network. As the network changes constantly (what with router failures, addressing changes, and unforeseen events), routers must be capable of adapting to these changes and communicating them quickly to other routers to avoid loops

In terms of network hierarchy, this provides a highly available network backbone. Its purpose should be kept simple: provide redundant traffic paths for data to continue to flow around the access and distribution layers of the network.

algorithm treats a block of transmitted data as a single large binary number and divides this by a 16- or 32-bit number (called the polynomial). The remainder of this division is termed the checksum. This is transmitted with the data and is compared to the checksum generated by the receiving modem. If the two are not the same, the data block is rejected and a request for data re-transmission is sent to the source.

A tool to join a network jack to the ends of network patch cable.

A distribution frame providing a central termination point for cabling. Horizontal cross-connects distribute wiring to user work areas. On a data network, these are usually implemented as patch panels.

Cabling where the transmit pair at one end is connected to the receive pair at the other. This enables two hosts to communicate directly without a hub (or the connection of two hubs).

A phenomenon whereby one wire causes interference in another as a result of their close proximity. the wires ensures the emitted signals from one wire are cancelled out by the emitted signals from the other and it also protects the wires from external interference.

This is a mathematical function that transforms plaintext into ciphertext in such a way that the plaintext cannot be recovered without knowledge of the appropriate key.

a group of individuals at a company with extensive decision making and technical skills required to deal with incidents.

Appliance providing connectivity to a digital circuit. The encodes the signal from Data Terminal Equipment (DTE) - that is, a PBX or router - to a signal that can be transported over the cable. is used to perform diagnostic tests on the line.

A collection of IP addresses that are divided into smaller groups to serve a network's needs.

The techniques used to consolidate multiple copies of the same file in a single location.

OSI model layer responsible for transferring data between nodes. This layer is split into two sublayers: Media Access Control (MAC) and Logical Link. Devices operating at this layer include network adapters, bridges, switches, and wireless access points.

A method of optimizing logs by summarizing them over a certain period of time through averaging out individual sample values.

A number system of base 10 where a digit can take any one of ten different values (0 - 9).

Default administrative and guest accounts configured on servers and network devices are possible points of unauthorized access

is a TCP/IP address parameter that identifies the location of a router on the local subnet that the host can use to contact other networks.

A special type of static route that identifies the next hop router for an unknown destination. This route is only used if there are no matches for the destination in the rest of the routing table.

This uses the value of eight 1s in binary, or 255 in decimal, to mask an entire octet of the IP address.

A configuration utility that enables you to configure and manage DHCP settings on the network interfaces of a computer. Supported on Linux and UNIX.

The last step in the DHCP client initialization where, assuming the DHCPOFFER is still valid, the server will respond to a DHCPREQUEST from the client with an acknowledgement packet.

The first step in DHCP client initialization where it broadcasts to find a DHCP server. All communications are sent using UDP, with the server listening on port 67 and the client on port 68.

The range of IP addresses that a DHCP server can allocate to clients on a particular subnet. Microsoft refers to this as a scope.

A broadcast sent by a node when it is ready to communicate with a DHCP server.

A service that captures a BOOTP broadcast and forwards it through the router as a unicast transmission to a DHCP server on a remote subnet.

A message returned to a DHCP server by a client that asks to lease an IP address from the DHCP server.

DHCP lease assignments that enable you to configure a permanent IP address for a client.

the IP addresses that a DHCP server is configured with and can assign to clients.

A TCP/IP networking service that allows a client to request an appropriate IP configuration from a server. The server is configured with a range of addresses to lease. Hosts can be configured to acquire an IP address dynamically or be assigned a static IP address, based on the host's MAC address. The server can also provide other TCP/IP configuration information, such as the location of DNS servers. utilizes UDP ports 67 and 68. It is important to monitor the network to ensure that only valid DHCP servers are running on the network.

When a DHCP server responds to the client with an IP address and other configuration information after a DHCPDISCOVER broadcast from the client. The IP addressing information is offered for a period of time.

The packet sent when the client accepts the DHCPOFFER from the server.

The IPv6 equivalent of DHCP for IPv4 networks. It is used to configure IPv6 hosts with IP addresses, IP prefixes, and other configuration data required to operate in an IPv6 network.

Used by Internet Service Providers (ISP) to provide routable address prefixes to a SOHO router, installed as Customer Premises Equipment (CPE).

A remote network access method that utilizes the local telephone line (Plain Old Telephone System [POTS]) to establish a connection between two computers fitted with modems.

The Differentiated Services Code Point (DSCP) field is used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of Service (QoS) or Class of Service (CoS) scheduling.

Utility to query a DNS and return information about a particular domain name.

An X.509 digital certificate is issued by a Certificate Authority (CA) as a guarantee that a public key it has issued to an organization to encrypt messages sent to it genuinely belongs to that organization

This form of signaling using discrete states to represent simple values, such as 1 or

Once a router has received a packet, it goes through the same process that the source host did to calculate whether the packet needs to be routed to another router or whether the packet can be delivered locally to another interface

These provide general and security information (permissions) for network users and objects.

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

refers to both information security and environmental damage issues when decommissioning out-of-date or used systems

this layer provides fault-tolerant interconnections between different access blocks and either the core or other distribution blocks. This layer is often used to implement traffic policies, such as routing boundaries, filtering, or Quality of Service (QoS).

An enterprise network will feature multiple switch appliances arranged in a fault-tolerant hierarchy and often centrally managed and automated using Software Defined Networking (SDN)

An approach to troubleshooting in which, rather than starting at the top or bottom, you start with the layer of the OSI Mdel most likely to be causing the problem and then working either down or up depending on what your tests revea.

Software that can identify data that has been classified and apply "fine-grained" user privileges to it to prevent copying it or forwarding by email, for instance.

A software-based mechanism that allows VPNs to be built and deleted dynamically.

A private network connected to the Internet must be protected against intrusion from the Internet.

This industry standard name resolution system provides name to IP address mapping services on the Internet and large intranets. is a hierarchical, distributed database.

A name server that has been configured to provide forwarding, transmitting a client query to another DNS server and routing the replies it gets back to the client.

DNS servers store information about resources in different types of records

The top of the DNS hierarchy, which is often represented by a period (.).

Once an issue has been resolved, this is the process of recording what happened during the troubleshooting practice and the outcomes in order to effectively inform future issues and ensure troubleshooting efficiency.

A group of computers which share a common accounts database, referred to as the directory.

A network attack that aims to disrupt a service, usually by overloading it.

In IPv4, a way of writing each octet so that it is converted to a decimal value. The decimal numbers are separated using a period.

Software that provides an interface between the operating system and the device.

A technology for transferring data over voice-grade telephone lines. This technology uses the higher frequencies available in a copper telephone line as a communications channel. The use of a filter prevents this from contaminating voice traffic with noise. The use of advanced modulation and echo cancelling techniques enable high bandwidth, full-duplex transmissions.

Transport Layer Security (TLS) is usually used with TCP-based protocol. This is UDP that is secured with TLS. This is often used for VPNs.

A host operating multiple protocols simultaneously on the same interface. Most hosts are capable of dual stack IPv4 and IPv6 operation for instance.

A DNS server that allows clients to update their records automatically when their IP addresses change (if they are assigned by DHCP for instance). The main issue is ensuring that updates are secure.

Ports that fall between 49,152 and 65,535 that are set aside for use by unregistered services and services (typically, client applications) needing a temporary connection.

Routers that perform route discovery operations to build and update routing tables themselves by using specially designed software

A protocol running on a router that can automatically detect network traffic congestion or device failures and calculate a different routing path.

Framework for negotiating authentication methods, supporting a range of authentication devices. EAP-TLS uses PKI certificates, Protected EAP (PEAP) creates a TLS-protected tunnel between the supplicant and authenticator to secure the user authentication method, and Lightweight EAP (LEAP) is a password-based mechanism used by Cisco.

Some transmission media are susceptible to listening in on communications sent over the media.

A protocol that can perform routing between autonomous systems.

is a distance vector-based routing protocol using a metric composed of several administrator weighted elements including reliability, bandwidth, delay, and load. , the version now in use, supports classless addressing and more efficient route selection.

A benefit or capability of the cloud allowing it to scale to meet peak demand.

An electronic store and forward messaging system.

EMI sources (such as fluorescent lights, air conditioning, and power cables) can corrupt signals.

Scrambling the characters used in a message so that the message can be seen but not understood or modified unless it can be deciphered.

A larger network with hundreds or thousands of servers and clients.

means ensuring stable supply of essential utilities (communications links, power, heating, water, transportation), protection against disaster (such as fire or flood), and shielding for communications systems (wired and wireless) to prevent eavesdropping.

The process of referring a problem to a senior technician, manager, or third party with either more or more specific skills, or due to a unique problem that another individual specializes in.

The charging of a metal object due to it being in close proximity to electrical sources or if they are brushed against.

Hosts with no capacity to forward packets to other IP networks.

Taken after you establish a probably cause, you'll create an action plan to resolve the issues, which could be to repair, replace, or ignore an issue.

Taken after you identify the problem, you use the answers to your initial questioning to establish a rough idea of where to look, what to look for, and what to diagnose.

A popular Local Area Networking technology defining media access and signaling methods.

IEEE's preferred term for a network interface's unique identifier. An EUI-48 corresponds to a MAC address while an EUI-64 is one that uses a 64-bit address space. There is an IPv6 translation mechanism to convert EUI-48 addresses to EUI-64 ones.

an attack where the attacker creates a malicious wireless access point masquerading as a genuine one, enabling the attacker to harvest confidential information as users connect via the AP.

A host computer running IPv6 can use this IEEE standard to self-assign its interface addresses. With this standard, the MAC address is padded in the center with FFFE, extending it to 64 bits in length.

A network of semi-trusted hosts, typically representing business partners, suppliers, or customers. Hosts must authenticate to join this network.

Error in monitoring or identification technology that either reports an event as an incident when it is not (false positive) or does not report an event as an incident (false negative).

Protection against system failure by providing extra (redundant) capacity.

High-speed network communications protocol used to implement SANs.

Standard allowing for a mixed use Ethernet network with both ordinary data and storage network traffic.

cable employs light signals as the basis for data transmission as opposed to the electrical signals that are used by the other main cable types.

These systems are mandatory in most public and private commercial premises. They can be water-based, dry pipe, or gas-based systems

Hardware or software that filters traffic passing into or out of a network (for example, between a private network and the Internet). A basic packetfiltering works at Layers 3 and 4 (Network and Transport) of the OSI model.

This refers to software instructions stored semi-permanently (embedded) on a hardware device (BIOS instructions stored in a ROM chip on the motherboard for instance).

the first individuals on a scene who take the critical first steps when a security incident is discovered

A routing system where all routers can inter-communicate with one another. Each network ID requires a separate entry in the routing table, which can be problematic in very large internetworks.

A network transmission state in which data arrives at a receiving node too quickly to be processed.

A firewall or IPS that prevents DDoD attacks where multiple compromised "bots" attempt to deny network connectivity by flooding it with malicious packets.

An important function of TCP which handles the flow of packets to ensure the sender does not inundate the receiver with packets.

a name in DNS specifying a particular host within a subdomain within a top-level domain.

The basic "unit" of data transmitted at layer 2. These contain several components - the source and target MAC (hardware) addresses as well as the data and error checking regions. Start and stop signals signify the beginning and the end of the frame respectively.

Packet switched WAN protocol running over T-carrier or ISDN. Frame Relay is no longer widely deployed.

A protocol used to transfer files across the Internet. Variants include S(ecure)FTP, FTP with SSL (FTPS and FTPES) and T(rivial)FTP. FTP utilizes ports 20 and 21.

A type of FTP using SSL for confidentiality.

Two-way communications taking place simultaneously.

A computer or other device that acts as a translator between two completely dissimilar computer systems.

Means of determining a receiver's position on the Earth based on information received from satellites. The receiver must have line-of-sight to such satellites.

A tunneling protocol allowing the transmission of encapsulated frames or packets from different types of network protocol over an IP network.

This safety feature ensures that, if an electrical connection short circuits into a metal chassis, the current flows to the earth rather than electrocuting someone handling a faulty device.

2G cellular data standard, capable of links of up to about 14.4 Kbps.

Session control protocol for VoIP and messaging networks running over TCP port 1720.

Two-way communications not taking place simultaneously.

A fault in a physical electronic components of a computer system, cable, or other component. These often require that a component or system be partially or completely replaced.

In a Wi-Fi site survey, a diagram showing signal strength at different locations.

A number system of base 16 where a digit can take any one of 16 different values, 0-9 and A-F representing values greater than 9.

A routing system where certain routers form a routing backbone and other routers are grouped into logical collections, sometimes called areas or domains.

Email, instant messaging, and website pop-ups are commonly used to spread false information, such as false virus or spyware alerts.

A computer setup to entice attackers with the purpose of discovering attack strategies and weaknesses in the security configuration.

One link in the path from a host to a router or from router to router. Each time a packet passes through a router, the count of these (or TTL) is decreased by one.

Of an IP address, the unique number that identifies a host on an IP network.

A name assigned to a computer by an administrator. This name consists of letters, numbers, and hyphens.

In TCP/IP networking terminology, this is a device that can directly communicate on a network.

The first method for resolving host names to IP addresses before DNS was available, which was a text file of host name to IP address mappings.

Users are usually seen as the weak point of any security system. Other security considerations for the department are coordinating secure recruitment and termination procedures. This means screening new employees through background checks, ensuring employees are set up with the correct privileges when they join or change job roles, and ensuring that privileges are revoked if the employee is fired or retires.

is one of a number of data access standards over cellular networks (3GPP). It is usually described as a 3.5G standard as it provides significantly better bandwidth than technologies it replaces (168 Mbps downstream and 22 Mbps upstream).

used to provide web content to browsers. uses port 80

An OSI layer 1 network device used to implement a star network topology on legacy Ethernet networks. These devices may also be known as "multiport repeaters" or concentrators. They are the central points of connection for segments and act like repeaters so that every segment receives signals sent from any other segment.

A network that uses a combination of physical or logical topologies. In practice most networks use hybrid topologies

A means of provisioning IT resources such as servers, load balancers, and Storage Area Network (SAN) components quickly. Rather than purchase these components and the Internet links they require, you rent them on an as-needed basis from the service provider's data center

the organization that organizes, maintains, and key elements of the Internet, including assigning processes to port numbers 0 through 1023.

This class of message indicates that a local host or a host on a remote network (or a protocol or port on a host) cannot be contacted. might be caused by some sort of configuration error or by a host or router not being available.

these are used for testing a connection with the ping utility. If a request message reaches the destination host, it generates a reply and sends it back to the source. If the request message does not reach its destination, an appropriate error message is generated.

IP-level protocol for reporting errors and status information supporting the function of troubleshooting utilities such as ping.

This is used when the Time to Live (TTL) of a packet reaches zero. The TTL field in a packet has a maximum value of 255 and this value is reduced by one every time the packet crosses a router. The TTL is eventually reduced to zero if the packet is looping (because of a corrupted routing table) or when congestion causes considerable delays. The router then discards the packet and a warning packet is sent back to the source host.

An updated version of ICMP for IPv6 that supports error messaging and informational messaging.

Block used to terminate twisted pair cabling. The main formats are 110 and Krone.

The first step in the troubleshooting process, used to establish what the best source of information about the problem may be. In this step, you gather information, question users, identify symtoms, duplicate the problem, and determine if anything has changed.

Software or security appliance designed to monitor network traffic (NIDS) or configuration files and logs on a host (HIDS) to record and detect unusual activity. Many systems can automatically take preventive action (Intrusion Prevention System [IPS]). Detection is either signature-based or anomaly- based (or both). IDS software typically requires a lengthy period of configuration and "training" to recognize baseline "normal" activity.

Formed as a professional body to oversee the development and registration of electronic standards.

A utility providing information about the IP configuration of a UNIX/Linux-based workstation.

TCP/IP suite network protocol supporting multicast operations.

A protocol that performs routing within a network under the administrative control of a single owner, also referred to as an Autonomous System (AS).

TCP/IP application protocol providing a means for a client to access email messages stored in a mailbox on a remote server. supports mailbox management functions, such as creating subfolders and access to the same mailbox by more than one client at the same time. IMAP4 utilizes TCP port number 143.

A default firewall rule used to block any traffic that has not matched a rule.

Procedures and guidelines covering appropriate priorities, actions, and responsibilities in the event of security incident

A high-speed switching fabric used in SANs and data center networks.

The global network of personal devices, such as phones, tablets, and fitness trackers), home appliances, home control systems, vehicles, and other items that have been equipped with sensors, software, and network connectivity. This is a term generally used to refer to Internet-enabled devices and appliances.

a worldwide network of networks based on the TCP/IP protocol.

A network designed for information processing within a company or organization. This network uses the same technologies as the Internet but is owned and managed by a company or organization.

a list of things, usually stored in a database. are usually compiled for assets.

A unique address given to each IP host. This can be manually assigned or dynamically allocated (using a DHCP server).

Software consolidating management of multiple DHCP and DNS services to provide oversight into IP address allocation across an enterprise network.

A utility providing information about the IP configuration of a Windows workstation.

In DHCP, the ability to configure a range of IP addresses (or a single IP address) to be excluded from those being offered for automatic assigning to DHCP clients. These addresses are often reserved for mission critical devices.

Network (internet) layer protocol in the TCP/IP suite providing packet addressing and routing for all higher level protocols in the suite.

A utility providing information about the IP configuration of a UNIX/Linux-based workstation

Layer 3 protocol suite providing security for TCP/IP. It can be used in two modes (transport, where only the data payload is encrypted, and tunnel, where the entire IP packet is encrypted and a new IP header added).

A command line utility provided by many Linux distributions that allows administrators to edit the rules enforced by the Linux kernel firewall.

The process of shortening the IPv6 addresses (which is a series of eight 16-bit numbers expressed as hexadecimal digits) by omitting leading zeros and replacing consecutive fields of zeros with a double colon.

A long-term solution to the problem of address space exhaustion by using a 128-bit addressing scheme assigned to a computer on a TCP/IP network.

Globally routable public addresses. Also known as aggregatable global unicast addresses, they are designed such that they can be summarized for efficient routing. These are the equivalent of the entire IPv4 public address space.

Addresses that are used to communicate and automatically assigned on private network segments with no router. These addresses usually begin with FE80, but can range from FE80 to FCFF. They are the equivalent of self-assigned IPv4 automatic private IP addressing (APIPA) addresses.

the leftmost bits of the address that are used for routing IPv6 packets.

The 0000::/8 block (that is, IPv6 addresses where the first bits are 0000 0000) is reserved for special functions. These include two special addresses: unspecified address and loopback address

Addresses used on mixed networks to support routing of IPv6 data across IPv4 networks. This class will be phased out when all routers convert to IPv6

Infrared Data Association (IrDA) was a wireless networking standard supporting speeds up to about 4 Mbps. These types of sensors are used in mobile devices and with IR blasters to control appliances.

Most commonly referred to as part of the Internet Key Exchange (IKE) protocol as used in IPsec. This is a framework for creating a Security Association (SA). An SA establishes that two hosts trust one another (authenticate) and agree secure protocols and cipher suites to use to exchange data.

IP tunneling protocol that enables the transfer of SCSI data over an IP-based network to create a SAN.

A digital phone/fax/data service, often used to provide Internet connectivity. There are two classes of this service: Basic Rate Interface (BRI) provides two 64 Kbps (B channels) for data and one 16 Kbps (D channel) for link management control signals; Primary Rate Interface (PRI) provides either T1 or E1 capacity levels (23B or 30B) channels, depending on location in the world and one 64 Kbps D channel.

Routers that interconnect IP networks and can perform packet forwarding on behalf of hosts that cannot do so themselves.

provides a connection to the Internet and other web- and email-related services. A connection to these organizations' Internet routing equipment can be made using a variety of methods.

Faults in the way that WEP implements the stream cipher used to encrypt traffic mean that the key can be recovered using cryptanalysis tools such as Aircrack given sufficient packets to analyze. Such tools can typically crack both 64-bit and 128-bit WEP encryption in a matter of minutes. WPA is not vulnerable to this attack (though weak passwords are still vulnerable to dictionary cracking).

A variation in the time it takes for a signal to reach the recipient.

An Ethernet frame with a payload larger than 1500 bytes (up to about 9000 bytes). are often used on Storage Area Networks.

this is an authentication standard and protocol. Windows networks use this protocol for client and server authentication. This provides a Single Sign-On (SSO) authentication scheme where clients authenticate once to a Key Distribution Center and are granted service tickets to use particular applications without having to log on to each application separately.

Small, efficient IP headers, stateless auto-reconfiguration of hosts, a new field in the header to guarantee network resource allocation, and network-layer encryption and authentication with IPSec.

IEEE protocol governing the use of bonded Ethernet ports (NIC teaming).

A type of network covering various different sizes but generally considered to be restricted to a single geographic location and owned/managed by a single organization.

The time it takes for a signal to reach the recipient.

Small Form Factor (SFF) version of the SC push-pull fiber optic connector; available in simplex and duplex versions.

Standard for accessing and updating information in an X.500-style network resource directory. This protocol uses port 389.

A route that was communicated to the router by another router using a dynamic routing protocol. use these dynamic protocols to exchange information about connected networks periodically and select the best available route to a particular destination.

Terms governing the installation and use of operating system and application software.

This is a division of the data link layer described by the IEEE. It is responsible for establishing and maintaining a link between communicating devices for the transmission of frames. This process occurs at a service level (that is, whether the network is connection-oriented or connectionless) and at the flow and error control levels.

A modified form of DNS that allows clients to perform name resolution on a local link without needing a server.

A type of switch or router that distributes client requests between different resources, such as communications links or similarly-configured servers. This provides fault tolerance and improves throughput.

Also called stress testing, this is when a network administrator tests their systems under load to simulate working conditions or for assessing likely future problems under higher loads.

A malicious program or script that is set to run under particular circumstances or in response to a defined event.

A list of events that contains metadata on those events and serves as a valuable information in understanding and aiding performance, troublshooting, and security (auditing).

Part of a Class A IP address range used to configure a special address typically used to check that TCP/IP is correctly installed on the local host.

used to verify the integrity of a port. To perform the test, a signal is generated by test software and sent to a loopback plug, connected to the port. The signal passes around the bus, network, or circuit and returns back to the plug. The plug compares what was sent to what was received, to evaluate whether the signal has degraded.

if broadcast traffic is allowed to continually loop around a network, the number of broadcast packets increases exponentially, crashing the network.

Cellular provider (3GPP) upgrade to 3G technologies such as W-CDMA and HSPA. The advanced version of this is designed to provide 4G standard network access.

The table on a switch keeping track of MAC addresses associated with each port.

Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it.

A unique hardware address that is hard-coded into a network card by the manufacturer

part of a message store designed to receive emails for a particular recipient.

A switch that must be set up via a web interface or command line to effectively use and includes configuring settings for each of the switch port interfaces.

An IP address or FQDN used to access the management interface of a network appliance

Where the attacker intercepts communications between two hosts.

A network that covers the area of a city (that is, no more than tens of kilometers). the network is larger than a LAN and smaller than a WAN, but it can operate at speeds that are comparable with LANs.

A cryptographic hash function designed in 1990 by Ronald Rivest and uses a 128-bit hash value. It is now known to have extensive vulnerabilities.

Device to convert one media type to another (such as fiber optic to UTP).

A topology often used in WANs where each device has (in theory) a point-to-point connection with every other device (fully connected); in practice, only the more important devices are directly interconnected (partial mesh).

A Metropolitan Area Network (MAN) using Ethernet standards and switching fabric.

The process of dividing up a network by using switches so that only two nodes exist in each collision domain.

Wireless technology used in 802.11n and 4G standards. is the use of multiple reception and transmission antennas to boost bandwidth.

This protocol allows nodes to join a multicast group and discover whether members of a group are present on a local subnet.

Category of fiber optic cable. is cheaper (using LED optics rather than lasers) but supports shorter distances (up to about 500m).

This device is used to interface a computer with the telephone network for data and fax communications.

Developed by Cisco from ATM as a means of providing traffic engineering (congestion control), Class of Service, and Quality of Service within a packet switched, rather than circuit switched, network.

Information sheet accompanying hazardous products or substances explaining the proper procedures for handling and disposal.

Small Form Factor duplex fiber optic connector with a snap-in design; used for multimode networks.

Utility combining the ping and traceroute commands.

Mean Time to Failure (MTTF) and Mean Time Between Failures (MTBF) represent the expected lifetime of a product or system. Mean Time to Repair (MTTR) is a measure of the time taken to correct a fault so that the system is restored to full operation.

The maximum size in bytes of a packet's payload. If the payload cannot be encapsulated within a single packet of the transporting layer, it must be fragmented.

A packet sent to a selection of hosts (in IP, those belonging to a multicast group)

A strong authentication method that requires multiple forms of authentication schemes, including something you know, something you have, or something you are (for example, protecting use of a smart card certification [something you have] with a PIN [something you know]).

A switch that can route based on the contents of packets at layers 3 and up. A layer 3 switch is used to route more effectively in a VLAN environment.

An electrical meter capable of measuring voltage, resistance, and current

A resource record used to identify an email server for the domain.

A means of ensuring endpoint security; that is, ensuring that all devices connecting to the network conform to a "health" policy (patch level, antivirus/firewall configuration, and so on).

The process a client goes through when attempting to resolve a name, for example, starting with checking the DNS cache to quering DNS to using LLMNR to using NetBIOS.

The process of resolving a host name or FQDN to its IP address, as well as ensuring the names are unique.

this maps private host IP addresses onto a single public IP address. Each host is tracked by assigning it a random high TCP port for communications.

A storage device with an embedded OS that supports typical network file access protocols (TCP/IP and SMB for instance).

to map the private address to one or more publicly accessible IP addresses

The legal basis for protecting information assets.

the process of using Internet Control Message Protocol (ICMPv6) messages and solicited-host multicast addresses to determine the link-layer address of a host on the local link, verify that a neighbor host can be reached, and track neighboring devices.

This protocol replaces some functions of ARP and ICMP on IPv6 networks, and is used to perform address resolution while greatly reducing the number of hosts that are likely to receive network discovery messages, thus making it more efficient than ARP.

Another node on the same link.

A proprietary Microsoft network transport protocol typically found in non-routed networks. is a session management protocol used to provide name registration and resolution services on legacy Microsoft networks.

Utility to show network information on a machine running TCP/IP, notably active connections and the routing table.

This hardware componenet allows a physical connection between the host and the transmission media. It can address other cards and can recognize data that is destined for it, using a unique address known as the Media Access Control (MAC) address. The card also performs error checking.

Of an IP address, the number common to all hosts on the same IP network.

Software that can scan a network and identify hosts, addresses, protocols, network interconnections, and so on.

Auditing software that collects status and configuration information from network devices. Many products are based on the Simple Network Management Protocol (SNMP).

A software-based firewall running under a network server OS, such as Windows or Linux. The server would function as a gateway or proxy (see below) for a network segment.

Enforcing a security zone by separating a segment of the network from access by the rest of the network. This could be accomplished using firewalls or VPNs or VLANs. A physically separate network or host (with no cabling or wireless links to other networks) is referred to as air-gapped.

tandard for peer-to-peer (2-way) radio communications over very short (around 4") distances, facilitating contactless payment and similar technologies. This technology is based on RFID.

A Next Generation Firewall (NGFW) is capable of parsing application layer protocol headers and data (such as HTTP or SMTP) so that sophisticated,content-sensitive ACLs can be developed.

Also known as a Layer 7 Firewall or Application Layer Gateway, this firewall can inspect and parse (interpret) the contents of packets at the application layer.

Versatile port scanner used for topology, host, service, and OS discovery and enumeration.

A tool for querying DNS server records.

A resource record that identifies authoritative DNS name servers for the zone.

TCP/IP application protocol allowing machines to synchronize to the same time clock. NTP runs over UDP port 123.

In IPv4 address structure, the 32 bits that are subdivided into four groups of 8 bits (1 byte).

Alternative designation for SONET bandwidth service levels.

Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.

A TCP or UDP port number that is configured to accept packets. These ports can be considered a potential security vulnerability if abused by hackers.

Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans

The process of making the OS (or Network OS) configuration secure.

created by the ISO to aid the understanding of how a network system functions in terms of both software and hardware components. The model divides the actions of hardware and software into seven separate sub-tasks: Physical, Data Link, Network, Transport, Session, Presentation, and Application, each with a separate function. The model serves as a functional reference for network communication. It does not represent any individual standard although many protocols do comply with its guidelines.

A hierarchical link-state interior gateway routing protocol, this is well suited to large organizations with multiple redundant paths between various networks. It has high convergence performance.

Used to measure the length of a fiber optic cable run and are able to locate faults

Provides resources somewhere between SaaS and IaaS.

this is software that decodes a network traffic capture (obtained via a packet sniffer) and displays the captured packets for analysis, allowing inspection of the packet headers and payload (unless the communications are encrypted).

A basic type and feature of firewall that inspects the headers of IP packets and, based on a set of rules, can filter or manage packets.

Using statistics or metadata about network traffic to identify routes, applications, and interfaces that might be over-utilized or that are creating bottlenecks.

refers to packets that do not reach their destination due to transmission errors, congestion, or security policies.

A network troubleshoting application that provides a comprehensive view of an organization's network. As data flows across a network, this application can monitor the packet flow by intercepting it, logging it, and analyzing the information according to baseline specifications.

Recording data from frames as they pass over network media.

A circuit switched network (such as the PSTN) establishes a dedicated channel between two communicating devices. This is a way to make more efficient use of the available bandwidth by splitting data into small packets and routing them via any available path.

Close range networking (usually based on Bluetooth or NFC) allowing communications between personal devices, such as smartphones, laptops, and printers/peripheral devices.

guessing software can attempt to crack user passwords by running through all possible combinations (brute force

A weakness of password-based authentication systems is when users demonstrate poor password practice.

identifying, testing, and deploying OS and application updates.

A type of wiring cross-connect with IDCs to terminate fixed cabling on one side and modular jacks to make cross-connections to other equipment on the other. Patch panels simplify Moves, Adds, and Changes (MACs) in network administration.

a feature of cloud usage that allows end users to pay only for services they use as they scale to meet various demands (elasticity).

A device used to route incoming calls to direct dial numbers and provide facilities such as voice mail, Automatic Call Distribution (ACD), and Interactive Voice Response (IVR)

Each network protocol working at a particular network layer encapsulates data using fields in a header plus a payload containing the PDU from the upper layer. At layer 2, PDUs are called frames, at layer 3 they are called datagrams or packets, and at layer 4 they are called segments if they use TCP or datagrams if they use UDP.

A network in which there is no dedicated server, but instead, each computer connected to the network acts as both a server and client (each computer is a peer of the other computers).

White hat hacking to try to discover and exploit any weaknesses in network security.

Tool for viewing CPU, memory, and pagefile utilization, accessible through the Performance and Reliability Monitor

Obtaining user authentication or financial information through a fraudulent request for information

Lowest layer of the OSI model providing for the transmission and receipt of data bits from node to node

Physical access to premises and equipment should not be overlooked in designing security. Barriers can be physical and/or psychological. Entry control mechanisms range from ID badges and simple key locks to certificate-based (physical tokens) or biometric access control.

Data that can be used to identify or contact an individual (or in the case of identity theft, to impersonate them).

This utility sends a configurable number and size of ICMP packets to a destination host.

solves the issue of making a link between a particular public-private key pair and a specific user. Under this system, keys are issued as digital certificates by a Certificate Authority (CA). The CA acts as a guarantor that the user is who he or she says he or she is. Under this model, it is necessary to establish trust relationships between users and CAs. In order to build trust, CAs must publish and comply with Certificate Policies and Certificate Practice Statements.

designed to be fire resistant and uses Teflon coatings for the jacket material so it produces a minimal amount of smoke

specification allowing power to be supplied via switch ports and ordinary data cabling to devices such as VoIP handsets and wireless access points. Devices can draw up to about 13W (or 25W for PoE+).

A topology where two nodes have a dedicated connection to one another. In a point-to-multipoint topology, a central node mediates links between remote nodes

This technology underpins some "near" fiber solutions (FTTx - Fiber to the Home, Fiber to the Curb, and so on). Cheap, unpowered optical repeaters (Optical Network Units [ONU]) process signals to and from Optical Line Termination (OLT) units at the exchange.

TCP/IP application protocol providing a means for a client to access email messages stored in a mailbox on a remote server. The server usually deletes messages once the client has downloaded them. POP3 utilizes TCP port 110.

means that a router takes requests from the Internet for a particular application (say, HTTP/port 80) and sends them to a designated host on the LAN.

Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch.

in tcp/udp apps its a unique number assigned to a particular application protocol (such as HTTP or SMTP). The number (with the IP address) forms a socket between client and server.

Software that enumerates the status of TCP and UDP ports on a target system. can be blocked by some firewalls and IDS.

Preventing a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.

Parts of telephone network "local loop" using voice-grade cabling. Data transfer over this network is slow (33.3Kbps) and requires dial-up modems.

Surges and spikes in electrical power that can damage devices, cause very brief power outages (brown outs) or can cause systems to lockup or reboot.

Blackouts that put systems and infrastructure offline.

Enterprise-class wireless access points and adapters support configurable power level controls. In some circumstances, increasing power can increase range and overcome local interference.

Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks. Often used to connect to an ISP's routers and out to the Internet.

developed by Cisco and Microsoft to support VPNs over PPP and TCP/IP. uses TCP port 1723. Encryption can be provided by Microsoft Point-to-Point Encryption.

OSI model layer that transforms data between the formats used by the network and applications.

Symmetric encryption technologies, require both parties to use the same private key. This key must be kept secret, which means that making the key known to both parties securely is a significant security problem. A pre-shared key is normally generated from a passphrase. A passphrase should be longer than a password and contain a mixture of characters.

The concept of implementing resolutions that not only solve an immediate problem but also eliminating the factors that cause the problem or creating solutions that prevent the problem from occurring again.

Assigning a protocol to a network interface card (NIC).

A set of rules enabling systems to communicate (exchange data). A single network will involve the use of many of these. In general terms, this defines header fields to describe each packet, a maximum length for the payload, and methods of processing information from the headers.

A server that mediates the communications between a client and another server. can filter and often modify communications as well as providing caching services to improve performance.

a global communications network that is capable of carrying more than simply voice-call services. The basis of this network is circuit-switched, but the infrastructure can also carry packet-switched data services.

The rules of behavior for privileged users, i.e. ones who are given rights to administer resources.

Classful IP addresses are divided into blocks representing different network sizes. Public IPs are allocated to companies through ISPs. Certain address blocks are designated private and can be used on a LAN without registering them. Such addresses are not routable over the Internet though.

Systems that differentiate data passing over the network that can reserve bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth is often described as Class of Service (CoS).

is used by ISPs to authenticate and audit internet access by account holders. also widely used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server, which processes the request.

multiple hard disks can be configured to provide improved performance and/or protection for data (fault tolerance). Several levels of backup are suggested by this system, ranging from level 0 to level 6, each level representing a particular type of fault tolerance (note that 0 provides no fault tolerance).

A type of malware that tries to extort money from the victim, by appearing to lock their computer or by encrypting their files for instance.

A now obsolete autoconfiguration mechanisms, this allows a host to obtain an IP address from a server configured with a list of MAC:IP address mappings. However, it can only be used to obtain an IP address, which is inadequate for most implementations of IP. It has been replaced by BOOTP.

A server configured to process remote connections

Microsoft's protocol for operating remote connections to a Windows machine (Terminal Services), allowing specified users to log onto the Windows computer over the network and work remotely. The protocol sends screen data from the remote host to the client and transfer mouse and keyboard input from the client to the remote host. It uses TCP port 3389

You may need to escalate an issue if the problem is beyond your knowledge, would better be dealt with by a supplier or other third party, a customer becomes difficult, or the scope is very large, among other reasons

Ports that fall between 1024 and 49,151 that are registered to software makers for use by specific applications and services that are not as well-known as the services in the "well-known" range.

A layer 1 device that takes a signal and repeats it to the devices that are connected to it. These can be used to maintain signal integrity and amplitude across a connection or a network

Having multiple paths in a network so that if one link fails, the network can remain operational by forwarding frames over a different path.

Allows the DNS server to resolve requests that arrive from other network hosts into IP addresses. DNS zones contain numerous of these, including SOA, NS, A, AAAA, etc.

A chip allowing data to be read wirelessly. These types of wireless tags are used in barcodes and smart cards and can be powered or unpowered

The frequency in which network or other communications take place. These waves propagate at different frequencies and wavelengths. Wi-Fi network products typically work at 2.4 GHz or 5 GHz

A network topology in which all of the computers are connected in a circle. This topology comprises a series of point-to-point links between each device. Signals pass from device to device in a single direction with the signal regenerated at each device.

A distance vector-based routing protocol that uses a hop count to determine the distance to the destination network.

Connector used for twisted pair cabling.

The process of reverting to a previous version of software or firmware for some reason, such as if a newly-applied software update interferes with system functionality.

This cable is used to connect the serial port on a host or modem to the console port on a network appliance

the bridge at the top of the hierarchy when bridges are organized for spanning tree. The switch with the lowest bridge ID (comprised of a priority value and the MAC address) will be selected as the root

Command utility to configure and manage the routing table on a Windows or Linux host

are able to link dissimilar networks and can support multiple alternate paths between locations based upon the parameters of speed, traffic loads, and cost. works at layer 3 (Network) of the OSI model. form the basic connections of the Internet. They allow data to take multiple paths to reach a destination (reducing the likelihood of transmission failure). can access source and destination addresses within packets and can keep track of multiple active paths within a given source and destination network.

A database created manually or by a route-discovery protocol that contains network addresses as perceived by a specific router.

Opens a data stream for video and voice applications over UDP. The data is packetized and tagged with control information (sequence numbering and time-stamping).

A different model of provisioning software applications. Rather than purchasing software licenses for a given number of seats, a business would access software hosted on a supplier's servers on a pay-as-you-go or lease arrangement (on-demand).

A network dedicated to data storage, typically consisting of storage devices and servers connected to switches via Host Bus Adapters.

System of microwave transmissions where orbital satellites relay signals between terrestrial receivers or other orbital satellites. This type of connectivity is enabled through a reception antenna connected to the PC or network through a DVB-S modem

The ability for additional users or devices to be added to the network without having to significantly re-design or re-engineer the existing infrastructure

Push/pull connector used with fiber optic cabling.

Application Programming Interfaces (API) and compatible hardware allowing for programmable network appliances and systems

A means of establishing checks and balances against the possibility that critical systems or procedures can be compromised by rogue use of access permissions. It includes least privilege, SOPs, shared authority, auditing, mandatory vacations, and other policies.

Asynchronous serial transmission (RS-232) is one of the oldest PC bus standards. The serial port is now little used but does provide an "out-of-band" means of configuring network appliances such as switches and routers. Updated serial signaling technologies include USB and Firewire, which can be used for home networking.

OSI model layer that provides services for applications that need to exchange multiple messages (dialog control).

A type of FTP using SSH for confidentiality.

A cryptographic hashing algorithm created to address possible weaknesses in MDA

can counteract the risk of media leak signals to some extent . Twisted pair cabling can be shielded or screened; whole rooms can be shielded using metal paint or wire mesh

Social engineering tactic to obtain someone's password or PIN by observing him or her as he or she types it in.

Software designed to assist with security logging and alerting. provides correlation between observables and indicators and usually includes graphing tools to assist analysis of trends

Software that monitors a system for malware infection, intrusion detection, or performance may be configured to recognize threat signatures or definitions based on known malware or attack patterns. This sort of system is quite simple to install but cannot provide any defense against unknown threats (zero day exploits) and requires its signature database to be kept up to date

A small chip card that identifies the user and phone number of a mobile device, via an International Mobile Subscriber Identity (ISMI). This card also provides a limited amount of local storage, for contacts

A protocol used to establish, disestablish, and manage VoIP and conferencing communications sessions. It handles user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/video), and session management and termination

Planning a wireless deployment by identifying optimum locations for antenna and access point placement to provide the required coverage for clients and identifying sources of interference

Operating procedures and standards for a service contract

Prior to the emergence of PPP, this protocol provided dial-up TCP/IP support

The termination point for a telecoms access provider's cabling, also referred to as the Network Interface Unit (NIU).

A mobile device that provides both phone and SMS text messaging functionality and general purpose computing functionality, such as web browsing and email plus running software apps. These devices typically have screen sizes of between 4 and 5.5 inches.

This protocol is used for requesting files from Windows servers and delivering them to clients. It allows machines to share files and printers, thus making them available for other machines to use.

Category of fiber optic cable. is more expensive supports much longer distances (up to about 70 km).

system for sending text messages between cell phones

The protocol used to send mail between hosts on the Internet. Messages are sent over TCP port 25.

is a widely used framework for management and monitoring remote devices. It is part of the TCP/IP protocol suite (operating at the Application layer of the OSI model)

A hacking technique, widely publicized by Kevin Mitnick in his book "The Art of Deception," whereby the hacker gains useful information about an organization by deceiving its users or by exploiting their unsecure working practices. Typical methods include impersonation, domination, and charm.

Typically used to refer to network devices designed for small-scale LANs (up to 10 users).

High-speed fiber optic network used for the new generation of telecommunications backbones. Service levels are defined in multiple of the original bandwidth (51.84 Mbps) and are variously titled STS, OCx, or SDH.

A component or system that would cause a complete interruption of a service if it failed. These are mitigated by providing redundant parts, connections, or services that either provide failover (the replacement is automatically switched in) or swift replacement.

Where the attacker disguises their identity. Some examples include IP spoofing, where the attacker changes their IP address, or phishing, where the attacker sets up a false website

A remote administration and file copy program that is flexible enough to support VPNs too (using port forwarding). This runs on TCP port 22.

Identifies a particular Wireless LAN (WLAN). This "network name" can be used to connect to the correct network. When multiple APs are configured with the same network name, this is referred to as an E(xtended) SSID.

This was developed by Netscape to provide privacy and authentication over the Internet. It is application independent (working at layer 5 [Session]) and can be used with a variety of protocols, such as HTTP or FTP.

Any authentication technology that allows a user to authenticate once and receive authorizations for multiple services. Kerberos is a typical example of an authentication technology providing this.

Policy sets the overall tone for how something should be done and is usually intended for a general audience. More detailed guidance and standards may be produced for different audiences, such as end users and technical staff. In addition to internal standards, many job tasks may be guided by external standards, legislation, and "best practice" guidance. External standards may come from industry practice, professional organizations, or legislation.

A network topology in which each node is connected to a central point, typically a switch or a router. The central point mediates communications between the attached nodes. When a device such as a hub is used, the hub receives signals from a node and repeats the signal to all other connected nodes. Therefore the bandwidth is still shared between all nodes. When a device such as a switch is used, point-to-point links are established between each node as required. The circuit established between the two nodes can use the full bandwidth capacity of the network media.

A firewall that maintains stateful information about the session established between two hosts (including malicious attempts to start a bogus session). Information about each session is stored in a dynamically updated state table.

The process of manually configuring TCP/IP parameters for all devices on a network. This was the original method for configuration, though static IP addressing still has uses today.

A manually-defined route created by adding routing entries in the router's memory. These routes will only change if you manually edit them

Light Emitting Diodes (LED) are used to indicate the status of various devices, including PC power supplies, batteries, drive activity, and network activity. Network equipment LEDs usually show connection speed and activity

Protocol allowing multiple bridges/switches to arrange themselves in such a way as to enable loop-free broadcast communications when redundant links are present between the devices. The frames exchanged are called Bridge Protocol Data Units (BPDU).

Ethernet cables and connectors carry data over Transmit (Tx) and Receive (Rx) pairs. Normally, a host would be linked to a connectivity device such as a hub or a switch using _____ and connectors. The hub receives the Tx signal from the host on its Tx pair, performs a crossover, and broadcasts it to the destination host on the Rx pair

Bayonet-style twist-and-lock connector for fiber optic cabling.

An IP address consists of a Network ID and a Host ID. This mask is used to distinguish these two components within a single IP address. It is used to "mask" the host ID portion of the IP address and thereby reveal the network ID portion. The typical format for a mask is 255.255.0.0. Classless network addresses can also be expressed in the format 169.254.0.0/16, where /16 is the number of bits in the mask. IPv6 uses the same /nn notation to indicate the length of the network prefix.

Causes broadcast frames to circulate the network perpetually. Such loops at the data link layer can cause what are often called broadcast storms.

These devices perform the functions of a specialized bridge: the device receives incoming data into a buffer, then the destination MAC address is compared with an address table. The data is then only sent out to the port with the corresponding MAC address

A protocol enabling different appliances and software applications to transmit logs or event records to a central server.

Termination standards defined in the ANSI/TIA/EIA 568 Commercial Building Telecommunications Standards. 568A is mandated by the US government and for US residential wiring but the only commercial rule is not to mix the two on the same network. Wiring a cable with both 568A and 568B termination creates a crossover cable.

An alternative to RADIUS developed by Cisco. The version in current use is TACACS+; TACACS and XTACACS are legacy protocols

On a switch with VLANs configured, a port with an end station host connected operates in untagged mode (access port). A tagged port will normally be part of a trunk link

A device used to eavesdrop on communications at the physical layer. In Ethernet, this can be inserted between a switch and a node while a passive form of this can intercept emanations from unshielded cable.

Developed by Bell Labs to allow multiple calls to be placed on a single cable. Each channel provides enough bandwidth for a voice communication session and is known as a DS0 or a Kilostream link.

A command-line packet sniffer

This protocol suite maps to a four-layer conceptual model: Application, Transport, Internet, and Link (or Network Interface). This model is referred to as the Internet Protocol Suite or the DoD (Department of Defense) model or the ARPA model. Each layer in the Internet Protocol Suite corresponds to one or more layers of the OSI model.

The network protocol suite used by most operating systems and the Internet. It is widely adopted, industry standard, vendor independent and open. It uses a 4-layer network model that corresponds roughly to the OSI model as follows: Network Interface (Physical/Data Link), Internet (Network), Transport (Transport), Application (Session, Presentation, Application).

Protocol in the TCP/IP suite operating at the transport layer to provide connection-oriented, guaranteed delivery of packets. Hosts establish a session to exchange data and confirm delivery of packets using acknowledgements. This overhead means the system is relatively slow.

Method of multiplexing a communications channel using time slots. GSM uses this method whereby groups of phone calls are bundled with each call getting assigned a channel and time slot. The receiving device only listens to the assigned channel and time slot to assemble the call.

Used to measure the length of a cable run and are able to locate open and short circuits, kinks/sharp bends, and other imperfections in cables that could affect performance

TCP/IP application protocol supporting remote command-line administration of a host (terminal emulation). This is unauthenticated and has therefore been superseded by SSH or graphical remote configuration utilities. This protocol runs over TCP port 23.

A simplified form of FTP supporting only file copying (FTP can also enumerate directory contents, create directories, remove files and directories, and so on). TFTP works over UDP port 69.

The act of having another organization be responsible for hosting your DNS records. Typically, this would be for Internet-accessible resources rather than local network ones. The DNS hosting provider must ensure the reliability and availability of services. A hosting provider might use cloud-based servers to do this, replicating the DNS information to multiple physical servers accessible using different Internet routes

Points of reduced or poor performance that generate an administrative alert, such as packet loss or link bandwidth drop

The process of measuring the amount of data that the network can transfer in typical conditions via a software application. Goodput is typically used to refer to the actual "useful" data rate at the application layer (less overhead from headers and lost packets).

Mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard

In DNS hierarchy, the domains immediately below the root, including .com, .org, .net, and more.

This contains some sort of authentication data.

A network tone generator and probe are used to trace a cable from one end to the other. This may be necessary when the cables are bundled and have not been labeled properly.

The shape or structure of a network. These may be either physical (the actual appearance of the network layout) or logical (the flow of data across the network).

An approach to troubleshooting that follows working your way up or down the OSI Model to methodically diagnose and resolve an issue.

This TCP/IP utility is used to trace the route taken by a packet as it "hops" to the destination host on a remote network.

These applications enable administrators to closely monitor network traffic and to manage that network traffic. The primary function of a this application is to optimize network media throughput to get the most from the available bandwidth.

Converts the signal from the computer to a signal that can be sent over the network medium (and vice versa - that is, it transmits and receives). These are usually incorporated onto the network adapter and are specific to a particular media type. There are also modular versions of these, such as Small Form Factor Pluggable (SFP/SFP+/QSFP/QSFP+) and Gigabit Interface Converter (GBIC), designed to plug into switches and other network equipment.

The amount of data that can be sent over a network connection in a given amount of time, typically measured in bits or bytes per second (or some more suitable multiple thereof).

OSI model layer responsible for ensuring reliable data delivery. In TCP/IP, this service is provided by the TCP protocol.

An organized set of information describing the issue, information gathered, possible causes you isolated, corrections formulated, results, and any external resources. This could be within a support ticket system.

a standardized step-by-step approach to the troubleshooting process. The model serves as a framework for correcting a problem on a network without introducing further problems or making unnecessary modifications to the network.

The process of applying a methodical approach to resolving issues. Having ensured that any data has been backed up, the first step is to gather information. The next is to analyze the problem, again consulting documentation, web resources, or manufacturer's help resources if necessary. The next step is to choose and apply the most suitable solution. Having applied a solution, the next step is to test the system and related systems to verify functionality. The last step is to document the problem, steps taken, and the outcome. If the problem cannot be solved, it may be necessary to escalate it to another technician or manager.

Backbone links between switches and routers. Trunking protocols enable switches to exchange data about VLAN configurations. The 802.1q protocol is often used to tag frames destined for different VLANs across trunk links.

Of an IP packet, this field is nominally the number of seconds a packet is allowed to stay on the network before being discarded; otherwise packets could endlessly loop around an internet.

Also called encapsulation, this is the act of wrapping up data from one protocol for transfer over a different type of network.

is two insulated copper wires twisted about each other; a cable is made up of a number of pairs (usually four in data networking). The twisting of the wires acts to reduce interference and crosstalk. Each pair of wires is twisted at a different rate to ensure that the pairs do not interfere with each other. Drawbacks of twisted pair cabling are its sensitivity to EMI and eavesdropping and its attenuation (it cannot be used for long-distance transmission). Cabling is categorized according to EIA/TIA standards; Cat3 cable was specified for 10 Mbps Ethernet and Cat5 for 100 Mbps (Fast Ethernet). Cabling is now either Cat5e or Cat6, both of which support Gigabit Ethernet. Most cabling is unshielded (UTP) though in continental Europe, foil screened cabling is commonly used (Foil Twisted Pair [FTP] or Screened Twisted Pair [ScTP]). Screened cable is less susceptible to EMI and eavesdropping but is more complex to install and consequently more expensive.

A hypervisor that is installed directly onto the computer and manages access to the host hardware without going through a host OS.