856 terms

comptia network plus and security plus

Personal collection of notes for the Comptia N+ Cert. A comprehensive study guide is strongly recommended. Chapter 1 - An introduction to Networking Chapter 2 - Networking Standards and the OSI model Chapter 3 - Transmission Basics and Networking Media Feedback can be sent to genterist@gmail.com Good luck with your exam. Tam N. Nguyen

Terms in this set (...)

The part of a network to which segments and significant shared devices (such as routers, switches, and servers) connect.
The use of data networks to carry voice (or telephone), video, and other communications services in addition to data.
data packet
A discrete unit of information sent from one node on a network to another.
file server
A specialized server that enables clients to share applications and data across
the network.
A computer that enables resource sharing by other computers on the same network
A complex WAN that connects LANs and clients around the globe
(local area network) A network of computers and other devices that is confined to a relatively small space, such as one building or even one office.
license tracking
The process of determining the number of copies of a single application
that are currently in use on the network and whether the number in use exceeds the
authorized number of licenses
load balancing
The process of distributing data transfer activity evenly across a network so that no single device is overwhelmed.
MAN (metropolitan area network)
A network that is larger than a LAN, typically connecting clients and servers from multiple buildings, but within a limited geographic area
network interface card
network operating system
A computer or other device connected to a network, which has a unique address and is capable of sending or receiving data
peer-to-peer network
A network in which every computer can communicate directly with every other computer.
A standard method or format for communication between network devices.
Protocols ensure that data are transferred whole, in sequence, and without error from one node on the network to another.
remote access server
A server that runs communications services that enable remote users to log on to a network. Also known as an access server.
remote user
A person working on a computer on a different network or in a different geographical location from the LAN's server.
The devices, data, and data storage space provided by a computer, whether stand-alone or shared.
soft skills
The skills such as customer relations, leadership ability, and dependability
stand-alone computer
A computer that uses applications and data only from its local disks and that is not connected to a network.
The physical layout of computers on a network.
The data transmission and processing activity taking place on a computer network at any given time.
transmission media
The means through which data are transmitted and received.
unified communications
The centralized management of multiple types of network-based communications, such as voice, video, fax, and messaging services.
WAN (wide area network)
A network that spans a long distance and connects two or more LANs.
Web server
A computer that manages Web site services, such as supplying a Web page to multiple users on demand.
A computer that runs a desktop operating system and connects to a network.
The IEEE standard for error and flow control in data frames.
The IEEE standard for token ring
The IEEE standard for wireless networking.
The IEEE standard for broadband wireless metropolitan area networking (also known as WiMAX).
ACK (acknowledgment)
A response generated at the Transport layer of the OSI model that confirms to a sender that its frame was received. The ACK packet is the third of three in the three-step process of establishing a connection.
American National Standards Institute
application program interface - A set of routines
Application layer
The seventh layer of the OSI model. This layer's protocols enable software programs to negotiate formatting, procedural, security, synchronization, and other requirements with the network.
block ID
The first set of six characters that make up the MAC address and that are unique to a particular manufacturer.
A method of error checking that determines if the contents of an arriving data unit match the contents of the data unit sent by the source.
connection oriented
A type of Transport layer protocol that requires the establishment of a connection between communicating nodes before it will transmit data.
A type of Transport layer protocol that services a request without requiring a verified session and without guaranteeing delivery of data.
CRC (cyclic redundancy check)
An algorithm (or mathematical routine) used to verify the accuracy of data contained in a data frame.
Data Link layer
The second layer in the OSI model. This layer bridges the networking media with the Network layer. Its primary function is to divide the data it receives from the Network layer into frames that can then be transmitted by the Physical layer.
device ID
The second set of six characters that make up a network device's MAC address - contains the device's model and manufacture date.
Electronic Industries Alliance
The process of wrapping one layer's PDU with protocol information so that it can be interpreted by a lower layer.
FCS (frame check sequence)
The field in a frame responsible for ensuring that data carried by the frame arrives intact. It uses an algorithm, such as CRC, to accomplish this verification.
flow control
A method of gauging the appropriate rate of data transmission based on how fast the recipient can accept data.
A Network layer service that subdivides segments it receives from the Transport layer into smaller packets.
A package for data that includes not only the raw data, or "payload," but also the sender's and recipient's addressing and control information. Frames are generated at the Data Link layer of the OSI model and are issued to the network at the Physical layer.
HTTP (Hypertext Transfer Protocol)
An Application layer protocol that formulates and interprets requests between Web clients and servers.
Internet Architecture Board
Internet Assigned Numbers Authority
Internet Corporation for Assigned Names and Numbers
Internet Engineering Task Force.
Internet Protocol A core protocol in the TCP/IP suite that operates in the Network layer of the OSI model and provides information about how and where data should be delivered. IP is the subprotocol that enables TCP/IP to internetwork.
IP address (Internet Protocol address)
The Network layer address assigned to nodes to uniquely identify them on a TCP/IP network. IP addresses consist of 32 bits divided into four octets, or bytes.
ISO (International Organization for Standardization)
A collection of standards organizations representing 157 countries with headquarters located in Geneva, Switzerland.
ISOC (Internet Society)
A professional organization with members from 90 chapters around the world that helps to establish technical standards for the Internet.
Internet service provider A business that provides organizations and individuals with Internet access and often, other services, such as e-mail and Web hosting.
International Telecommunication Union - A United Nations agency that regulates international telecommunications and provides developing countries with technical expertise and equipment to advance their technological bases.
Logical Link Control Sublayer - The upper sublayer in the Data Link layer. The LLC provides a common interface and supplies reliability and flow control services.
MAC address
A 12-character string that uniquely identifies a network node. The manufacturer hard codes the MAC address into the NIC. This address is composed of the block ID and device ID.
MAC (Media Access Control) sublayer
The lower sublayer of the Data Link layer. The MAC appends the physical address of the destination computer onto the frame.
maximum transmission unit - The largest data unit a network (for example, Ethernet or token ring) will accept for transmission.
network address
A unique identifying number for a network node that follows a hierarchical addressing scheme and can be assigned through operating system software.
Network layer
The third layer in the OSI model. Protocols in this layer translate network addresses into their physical counterparts and decide how to route data from the sender to the receiver.
OSI (Open Systems Interconnection) model
A model for understanding and developing computer-to-computer communication developed in the 1980s by ISO. It divides networking functions among seven layers: Physical, Data Link, Network, Transport, Session,Presentation, and Application.
PDU (protocol data unit)
A unit of data at any layer of the OSI model.
Physical layer
The lowest, or first, layer of the OSI model. Protocols in this layer generate and detect signals so as to transmit and receive data over a network medium. These protocols also set the data transmission rate and monitor data error rates, but do not provide error correction.
Presentation layer
The sixth layer of the OSI model. Protocols in this layer translate between the application and the network. Here, data are formatted in a schema that the network can understand, with the format varying according to the type of network used. This layer also manages data encryption and decryption.
The process of reconstructing data units that have been segmented.
RIR (Regional Internet Registry)
A not-for-profit agency that manages the distribution of IP addresses to private and public entities.
A device that connects network segments and directs data based on information contained in the data packet.
The process of decreasing the size of data units when moving data from a network that can handle larger data units to a network that can handle only smaller data units.
The process of assigning a placeholder to each piece of a data block to allow the receiving node's Transport layer to reassemble the data in the correct order.
A connection for data exchange between two parties. The term session may be used in the context of Web, remote access, or terminal and mainframe communications, for example.
Session layer
The fifth layer in the OSI model. This layer establishes and maintains communication between two nodes on the network. It can be considered the "traffic cop" for network communications.
SYN (synchronization)
The packet one node sends to request a connection with another node on the network. This packet is the first of three in the three-step process of establishing a connection.
SYN-ACK (synchronization-acknowledgment)
The packet a node sends to acknowledge to another node that it has received a SYN request for connection. This packet is the second of three in the three-step process of establishing a connection.
A device with little (if any) of its own processing or disk capacity that depends on a host to supply it with applications and data-processing services.
TIA (Telecommunications Industry Association)
A subgroup of the EIA that focuses on standards for information technology, wireless, satellite, fiber optics, and telephone equipment.
A special control frame that indicates to the rest of the network that a particular node has the right to transmit data.
token ring
A networking technology developed by IBM in the 1980s. It relies upon direct links between nodes and a ring topology, using tokens to allow nodes to transmit data.
Transport layer
The fourth layer of the OSI model. In this layer protocols ensure that data are transferred from point A to point B reliably and without errors. this layer services include flow control, acknowledgment, error correction, segmentation, reassembly, and sequencing.
1 gigabit per second (Gbps)
1,000,000,000 bits per second.
100 block
Part of an organization's cross-connect facilities, a type of punch-down block designed to terminate Cat 5 or better twisted pair wires.
66 block
Part of an organization's cross-connect facilities, a type of punch-down block
used for many years to terminate telephone circuits. It does not meet Cat 5 or better
standards, and so it is infrequently used on data networks.
alien cross talk
EMI interference induced on one cable by signals traveling over a nearby
AM (amplitude modulation)
A modulation technique in which the amplitude of the carrier
signal is modified by the application of a data signal.
A measure of a signal's strength.
A signal that uses variable voltage to create continuous waves, resulting in an
inexact transmission.
The extent to which a signal has weakened after traveling a given distance.
AWG (American Wire Gauge)
A standard rating that indicates the diameter of a wire, such
as the conducting core of a coaxial cable.
A measure of the difference between the highest and lowest frequencies that a
medium can transmit.
A form of transmission in which digital signals are sent through direct current
pulses applied to a wire. This direct current requires exclusive use of the wire's capacity, so
this systems can transmit only one signal, or one channel, at a time.
bend radius
The radius of the maximum arc into which you can loop a cable before you
will cause data transmission errors.
A system founded on using 1s and 0s to encode information.
bit (binary digit)
a single pulse in the digital encoding system. It may have
only one of two values: 0 or 1.
BNC (Bayonet Neill-Concelman, or British Naval Connector)
A standard for coaxial cable
connectors named after its coupling method and its inventors.
BNC connector
A coaxial cable connector type that uses a twist-and-lock (or bayonet) style
of coupling.
A braided metal shielding used to insulate some types of coaxial cable.
A form of transmission in which signals are modulated as radiofrequency
analog pulses with different frequency ranges.
Abbreviation for the word category when describing a type of twisted pair cable.
Cat 3 (Category 3)
A form of UTP that contains four wire pairs and can carry up to 10
Mbps, with a possible bandwidth of 16 MHz.
Cat 4 (Category 4)
A form of UTP that contains four wire pairs and can support up to 16-
Mbps throughput. It may be used for 16-Mbps token ring or 10-Mbps Ethernet
Cat 5 (Category 5)
A form of UTP that contains four wire pairs and supports up to 100-
Mbps throughput and a 100-MHz signal rate.
Cat 5e (Enhanced Category 5)
A higher-grade version of wiring that contains highquality
copper, offers a high twist ratio, and uses advanced methods for reducing cross talk.
It can support a signaling rate of up to 350 MHz
Cat 6 (Category 6)
A twisted pair cable that contains four wire pairs, each wrapped in foil
insulation. Additional foil insulation covers the bundle of wire pairs, and a fire-resistant
plastic sheath covers the second foil layer. The foil insulation provides excellent resistance to
cross talk and enables it to support a signaling rate of 250 MHz.
Cat 6e (Enhanced Category 6)
capable of a 550-MHz signaling rate and can reliably transmit data
at multi-gigabit per second rates.
Cat 7 (Category 7)
A twisted pair cable that contains multiple wire pairs, each separately
shielded then surrounded by another layer of shielding within the jacket. It can support
up to a 1-GHz signal rate. But because of its extra layers, it is less flexible than other forms
of twisted pair wiring.
A distinct communication path between two or more nodes, much like a lane is a
distinct transportation path on a freeway. may be separated either logically (as in
multiplexing) or physically (as when they are carried by separate wires).
The glass or plastic shield around the core of a fiber-optic cable. It
reflects light back to the core in patterns that vary depending on the transmission mode.
This reflection allows fiber to bend around corners without impairing the light-based
coaxial cable
A type of cable that consists of a central metal conducting core, which might
be solid or stranded and is often made of copper, surrounded by an insulator, a braided
metal shielding, called braiding, and an outer cover, called the sheath or jacket.
The pipeline used to contain and protect cabling. It is usually made from metal.
The pieces of hardware that connect the wire to the network device, be it a file
server, workstation, switch, or printer.
The central component of a cable designed to carry a signal.
crossover cable
A twisted pair patch cable in which the termination locations of the
transmit and receive wires on one end of the cable are reversed.
cross talk
A type of interference caused by signals traveling on nearby wire pairs infringing
on another pair's signal.
DB-9 connector
A type of connector with nine pins that's commonly used in serial
communication that conforms to the RS-232 standard.
connector A type of connector with 25 pins that's commonly used in serial
communication that conforms to the RS-232 standard.
DCE (data circuit-terminating equipment)
A device, such as a multiplexer or modem, that
processes signals. It supplies a clock signal to synchronize transmission between DTE
and DCE.
demarcation point (demarc)
The point of division between a telecommunications service
carrier's network and a building's internal network.
demultiplexer (demux)
A device that separates multiplexed signals once they are received
and regenerates them in their original form.
DTE (data terminal equipment)
Any end-user device, such as a workstation, terminal
(essentially a monitor with little or no independent data-processing capability), or a console
(for example, the user interface for a router).
DWDM (dense wavelength division multiplexing)
A multiplexing technique used over
single-mode or multimode fiber-optic cable in which each signal is assigned a different
wavelength for its carrier wave.
EMI (electromagnetic interference)
A type of interference that may be caused by motors,
power lines, televisions, copiers, fluorescent lights, or other sources of electrical activity.
F-type connector
A connector used to terminate coaxial cable used for transmitting
television and broadband cable signals.
FDM (frequency division multiplexing)
A type of multiplexing that assigns a unique
frequency band to each communications subchannel. Signals are modulated with different
carrier frequencies, then multiplexed to simultaneously travel over a single channel.
A short tube within a fiber-optic cable connector that encircles the fiber strand and
keeps it properly aligned.
fiber-optic cable
A form of cable that contains one or several glass or plastic fibers in its
core. Data is transmitted via pulsing light sent from a laser or light-emitting diode (LED)
through the central fiber (or fibers).
FM (frequency modulation)
A method of data modulation in which the frequency of the
carrier signal is modified by the application of the data signal.
The number of times that a signal's amplitude changes over a fixed period of
time, expressed in cycles per second, or hertz (Hz).
A type of transmission in which signals may travel in both directions over a
medium simultaneously.
A type of transmission in which signals may travel in both directions over a
medium, but in only one direction at a time.
hertz (Hz)
A measure of frequency equivalent to the number of amplitude cycles per second.
IDF (intermediate distribution frame)
A junction point between the MDF and
concentrations of fewer connections—for example, those that terminate in a
telecommunications closet.
The resistance that contributes to controlling an electrical signal. It is
measured in ohms.
The delay between the transmission of a signal and its receipt.
LC (local connector)
A connector used with single-mode or multimode fiber-optic cable.
MDF (main distribution frame)
Also known as the main cross-connect, the first point of
interconnection between an organization's LAN or WAN and a service provider's facility.
media converter
A device that enables networks or segments using different media to
interconnect and exchange signals.
MMF (multimode fiber)
A type of fiber-optic cable that contains a core with a diameter
between 50 and 100 microns, through which many pulses of light generated by a lightemitting
diode (LED) travel at different angles.
A device that modulates analog signals into digital signals at the transmitting end
for transmission over telephone lines, and demodulates digital signals into analog signals at
the receiving end.
A technique for formatting signals in which one property of a simple carrier
wave is modified by the addition of a data signal during transmission.
MT-RJ (mechanical transfer-registered jack)
A connector used with single-mode or
multimode fiber-optic cable.
multiplexer (mux)
A device that separates a medium into multiple channels and issues
signals to each of those subchannels.
A form of transmission that allows multiple signals to travel simultaneously
over one medium.
NEXT (near end cross talk)
Cross talk, or the impingement of the signal carried by one wire
onto a nearby wire, that occurs between wire pairs near the source of a signal.
The unwanted signals, or interference, from sources near network cabling, such as
electrical motors, power lines, and radar.
nonbroadcast point-to-multipoint transmission
A communications arrangement in which
a single transmitter issues signals to multiple, defined recipients.
optical loss
The degradation of a light signal on a fiber-optic network.
The nondata information that must accompany data in order for a signal to be
properly routed and interpreted by the network.
patch cable
A relatively short section (usually between 3 and 25 feet) of cabling with
connectors on both ends.
patch panel
A wall-mounted panel of data receptors into which cross-connect patch cables
from the punch-down block are inserted.
A point or stage in a wave's progress over time.
The area above the ceiling tile or below the subfloor in a building.
A data transmission that involves one transmitter and one receiver.
A communications arrangement in which one transmitter issues signals
to multiple receivers. The receivers may be undefined, as in a broadcast transmission, or
defined, as in a nonbroadcast transmission.
populated segment
A network segment that contains end nodes, such as workstations.
punch-down block A panel of data receptors into which twisted pair wire is inserted, or
punched down, to complete a circuit.
The process of retransmitting a digital signal.
RFI (radiofrequency interference)
A kind of interference that may be generated by
broadcast signals from radio or TV towers.
A type of coaxial cable with an impedance of 75 ohms and that contains an 18 AWG
core conductor. It is used for television, satellite, and broadband cable connections.
A type of coaxial cable characterized by a 50-ohm impedance and a 10 AWG core.
A type of coaxial cable characterized by a 50-ohm impedance and a 24 AWG core.
A type of coaxial cable characterized by a 75-ohm impedance and a 20 or 22 AWG
core, usually made of braided copper. Less expensive but suffering greater attenuation than
the more common RG-6 coax, it is used for relatively short connections.
RJ-11 (registered jack 11)
The standard connector used with unshielded twisted pair
cabling (usually Cat 3 or Level 1) to connect analog telephones.
RJ-45 (registered jack 45)
The standard connector used with shielded twisted pair and
unshielded twisted pair cabling.
rollover cable
A type of cable in which the terminations on one end are exactly the reverse
of the terminations on the other end. It is used for serial connections between routers and
consoles or other interfaces.
RS-232 (Recommended Standard 232)
A Physical layer standard for serial communications,
as defined by EIA/TIA.
RTT (round trip time)
The length of time it takes for a packet to go from sender to receiver,
then back from receiver to sender. It is usually measured in milliseconds.
SC (subscriber connector or standard connector)
A connector used with single-mode or
multimode fiber-optic cable.
A style of data transmission in which the pulses that represent bits follow one another
along a single transmission line. In other words, they are issued sequentially, not simultaneously.
The outer cover, or jacket, of a cable.
A type of transmission in which signals may travel in only one direction over a
SMF (single-mode fiber)
A type of fiber-optic cable with a narrow core that carries light
pulses along a single path data from one end of the cable to the other end. Data can be
transmitted faster and for longer distances. However, it is expensive.
ST (straight tip)
A connector used with single-mode or multimode fiber-optic cable.
statistical multiplexing
A method of multiplexing in which each node on a network is
assigned a separate time slot for transmission, based on the node's priority and need.
STP (shielded twisted pair)
A type of cable containing twisted-wire pairs that are not only
individually insulated, but also surrounded by a shielding made of a metallic substance such
as foil.
straight-through cable
A twisted pair patch cable in which the wire terminations in both
connectors follow the same scheme.
TDM (time division multiplexing)
A method of multiplexing that assigns a time slot in the
flow of communications to every node on the network and, in that time slot, carries data
from that node.
telecommunications closet Also known as a "telco room,"
the space that contains
connectivity for groups of workstations in a defined area, plus cross-connections to IDFs or,
in smaller organizations, an MDF. Large organizations may have several
of it per floor, but the TIA/EIA standard specifies at least one per
An IEEE Physical layer standard for achieving a maximum of 10-Mbps
throughput over coaxial copper cable. It is also known as 10Base-5. Its maximum
segment length is 500 meters, and it relies on a bus topology.
An IEEE Physical layer standard for achieving 10-Mbps throughput over coaxial
copper cable. It is also known as 10Base-2. Its maximum segment length is 185
meters, and it relies on a bus topology.
The amount of data that a medium can transmit during a given period of time.
A device that transmits and receives signals.
In networking, the application of data signals to a medium or the progress of
data signals over a medium from one point to another.
twist ratio
The number of twists per meter or foot in a twisted pair cable.
twisted pair
A type of cable similar to telephone wiring that consists of color-coded pairs
of insulated copper wires, each with a diameter of 0.4 to 0.8 mm, twisted around each other
and encased in plastic coating.
unpopulated segment
A network segment that does not contain end nodes, such as
workstations. Also called link segments.
UTP (unshielded twisted pair)
A type of cabling that consists of one or more insulated wire
pairs encased in a plastic sheath. It does not contain additional
shielding for the twisted pairs.
The measurement used to describe the degree of pressure an electrical current exerts
on a conductor.
The distance between corresponding points on a wave's cycle. It is
inversely proportional to frequency.
WDM (wavelength division multiplexing)
A multiplexing technique in which each signal
on a fiber-optic cable is assigned a different wavelength, which equates to its own
subchannel. Each wavelength is modulated with a data signal. In this manner, multiple
signals can be simultaneously transmitted in the same direction over a length of fiber.
10 tape rotation
A backup rotation scheme in which ten backup tapes are used over the course of two weeks.
An authentication technology used to connect devices to a LAN or WLAN. It is an example of port-based NAC.
acceptable use
Acceptable usage policies define the rules that restrict how a computer, network, or other system may be used.
access control list (ACL)
A list of permissions attached to an object. They specify what level of access a user, users, or groups have to an object. When dealing with firewalls, an ACL is a set of rules that apply to a list of network names, IP addresses. and port numbers.
access control model
Methodologies in which admission to physical areas, and more important computer systems, is managed and organized.
account expiration
The date when users' accounts they use to log on to the network expires.
The tracking of data, computer usage, and network resources. Often it means logging, auditing, and monitoring of the data and resources.
active interception
Also known as active inception in the CompTIA 2008 Security+ objectives; normally includes a computer placed between the sender and the receiver in an effort to capture and possibly modify information.
ad filtering
Ways of blocking and filtering out unwanted advertisement; popup blockers and content filters are considered to be ad filtering methods.
Advanced Encryption Standard (AES)
An encryption standard used with WPA and WPA2. The successor to DES/3DES and is another symmetric key encryption standard composed of three different block ciphers: AES-128, AES-192, and AES-256.
Type of spyware that pops up advertisements based on what it has learned about the user.
Well-defined instructions that describe computations from their initial state to their final state.
anomaly based monitoring
Also known as statistical anomaly based; establishes a performance baseline based on a set of normal network traffic evaluations.
AP isolation
Each client connected to the AP will not be able to communicate with each other, but they can each still access the Internet.
application firewall
A firewall that can control the traffic associated with specific applications. Works all the way up to the Application Layer of the OSI model.
application-level gateway (ALG)
Applies security mechanisms to specific applications, such as FTP and/or BitTorrent. It supports address and port translation and checks whether the type of application traffic is allowed.
ARP poisoning
asymmetric key algorithm
This type of cipher uses a pair of different keys to encrypt and decrypt data.
audit trails
Records or logs that show the tracked actions of users, whether the user was successful in the attempt.
When a person's identity is confirmed. Authentication is the verification of a person's identity.
When a user is granted access to specific resources when authentication is complete.
Data is obtainable regardless of how information is stored, accessed, or protected.
Used in computer programs to bypass normal authentication and other security mechanisms in place.
back-to-back perimeter
A type of DMZ where the DMZ is located between the LAN and the Internet.
backup generator
Part of an emergency power system used when there is an outage of regular electric grid power.
When a malicious individual leaves malware-infected removable media, such as a USB drive or optical disc, lying around in plain view.
baseline reporting
Identification of the security posture of an application, system, or network.
The process of measuring changes in networking, hardware, software, and so on.
behavior-based monitoring
A monitoring system that looks at the previous behavior of applications, executables, and/or the operating system and compares that to current activity on the system.
The science of recognizing humans based on one or more physical characteristics.
birthday attack
An attack on a hashing system that attempts to send two different messages with the same hash function, causing a collision.
When a total loss of power for a prolonged period occurs.
block cipher
A type of algorithm that encrypts a number of bits as individual units known as blocks.
The sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and PDAs.
The unauthorized access of information from a wireless device through a Bluetooth connection.
A group of compromised computers used to distribute malware across the Internet; the members are usually zombies.
broadcast storm
When there is an accumulation of broadcast and multicast packet traffic on the LAN coming from one or more network interfaces.
When the voltage drops to such an extent that it typically causes the lights to dim and causes computers to shut off.
brute force attack
A password attack where every possible password is attempted.
buffer overflow
When a process stores data outside the memory that the developer intended. This could cause erratic behavior in the application, especially if the memory already had other data in it.
business impact analysis
The examination of critical versus noncritical functions, it is part of a business continuity plan (BCP).
butt set (or lineman's handset)
A device that looks similar to a phone but has alligator clips that can connect to the various terminals used by phone equipment, enabling a person to listen in to a conversation.
CAM table
The Content Addressable Memory table, a table that is in a switch's memory that contains ports and their corresponding MAC addresses.
certificate authority
The entity (usually a server) that issues digital certificates to users.
certificate revocation list (CRL)
A list of certificates no longer valid or that have been revoked by the issuer.
Digitally signed electronic documents that bind a public key with a user identity.
chain of custody
Documents who had custody of evidence all the way up to litigation or a court trial (if necessary) and verifies that the evidence has not been modified.
Challenge-Handshake Authentication Protocol (CHAP)
An authentication scheme used by the Point-to-Point Protocol (PPP) that is the standard for dial-up connections.
change management
A structured way of changing the state of a computer system, network, or IT procedure.
chromatic dispersion
The refraction of light as in a rainbow. If light is refracted in such a manner on fiber optic cables, the signal cannot be read by the receiver.
An algorithm that can perform encryption or decryption.
circuit-level gateway
Works at the Session Layer of the OSI model and applies security mechanisms when a TCP or UDP connection is established; they act as a go-between for the Transport and Application Layers in TCP/IP.
Cloud computing
A way of offering on-demand services that extend the capabilities of a person's computer or an organization's network.
Two or more servers that work with each other.
cold site
This has tables, chairs, bathrooms, and possibly some technical setup, for example, basic phone, data, and electric lines, but will require days if not weeks to set up properly.
computer security audits
Technical assessments made of applications, systems, or networks.
Preventing the disclosure of information to unauthorized persons.
content filters
Individual computer programs that block external files that use JavaScript or images from loading into the browser.
Text files placed on the client computer that store information about it, which could include your computer's browsing habits and credentials. Tracking cookies are used by spyware to collect information about a web user's activities. Session cookies are used by attackers in an attempt to hijack a session.
cross-site request forgery (XSRF)
An attack that exploits the trust a website has in a user's browser in an attempt to transmit unauthorized commands to the website.
cross-site scripting (XSS)
A type of vulnerability found in web applications used with session hijacking.
When a signal transmitted on one copper wire creates an undesired effect on another wire; the signal "bleeds" over, so to speak.
cryptanalysis attack
A password attack uses a considerable set of precalculated encrypted passwords located in a lookup table.
cryptographic hash functions
Hash functions based on block ciphers.
The practice and study of hiding information.
data emanation (or signal emanation)
The electromagnetic field generated by a network cable or network device, which can be manipulated to eavesdrop on conversations or to steal data.
Data Encryption Standard (DES)
An older type of block cipher selected by the United States federal government back in the 1970s as its encryption standard; due to its weak key, it is now considered deprecated.
data loss prevention (DLP)
Systems that are designed to protect data by way of content inspection. They are meant to stop the leakage of confidential data, often concentrating on communications.
default account
An account installed by default on a device or within an operating system with a default set of user credentials that are usually insecure.
Defense in depth
The building up and layering of security measures that protect data from inception, on through storage and network transfer, and lastly to final disposal.
demilitarized zone (DMZ)
A special area of the network (sometimes referred to as a subnetwork) that houses servers that host information accessed by clients or other networks on the Internet.
Denial of Service (DoS)
A broad term given to many different types of network attacks that attempt to make computer resources unavailable.
dictionary attack
differential backup
Type of backup that backs up only the contents of a folder that have changed since the last full backup.
Diffie-Hellman key exchange
Invented in the 1970s, it was the first practical method for establishing a shared secret key over an unprotected communications channel.
digital signature
A signature that authenticates a document through math, letting the recipient know that the document was created and sent by the actual sender and not someone else.
directory traversal
Also known as the ../ (dot dot slash) attack is a method of accessing unauthorized parent directories.
disaster recovery plan
A plan that details the policies and procedures concerning the recovery and/or continuation of an organization's technology infrastructure.
discretionary access control (DAC)
An access control policy generally determined by the owner.
disk duplexing
When each disk is connected to a separate controller.
Distributed Denial of Service (DDoS)
An attack in which a group of compromised systems attack a single target, causing a DoS to occur at that host, usually using a botnet.
diversion theft
When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.
DNS poisoning
The modification of name resolution information that should be in a DNS server's cache.
domain name kiting
The process of deleting a domain name during the five-day grace period (known as the add grace period or AGP) and immediately reregistering it for another five-day period to keep a domain name indefinitely and for free.
due care
The mitigation action that an organization takes to defend against the risks that have been uncovered during due diligence.
due diligence
Ensuring that IT infrastructure risks are known and managed.
due process
The principle that an organization must respect and safeguard personnel's rights.
dumpster diving
When a person literally scavenges for private information in garbage and recycling containers.
Easter egg
A platonic extra added to an OS or application as a sort of joke; the harmless cousin of the logic bomb.
When a person uses direct observation to "listen" in to a conversation.
electromagnetic interference (EMI)
A disturbance that can affect electrical circuits,devices, and cables due to electromagnetic conduction or radiation.
elliptic curve cryptography (ECC)
A type of public key cryptography based on thestructure of an elliptic curve.
The process of changing information using an algorithm (or cipher) into another form that is unreadable by others—unless they possess the key to that data.
ethical hacker
an expert at breaking into systems and can attack systems on behalf of the system's owner and with the owner's consent.
explicit allow
When an administrator sets a rule that allows a specific type of traffic through a firewall, often within an ACL.
explicit deny
When an administrator sets a rule that denies a specific type of traffic access through a firewall, often within an ACL.
Extensible Authentication Protocol (EAP)
Not an authentication mechanism in itself but instead defines message formats. 802.1X would be the authentication mechanism and defines how EAP is encapsulated within messages.
failopen mode
When a switch broadcasts data on all ports the way a hub does.
failover clusters
Also known as high-availability clusters, these are designed so that a secondary server can take over in the case that the primary one fails, with limited or no downtime.
false negative
When a system denies a user who actually should be allowed access to the system. For example, when an IDS/IPS fails to block an attack, thinking it is legitimate traffic.
false positive
When a system authenticates a user who should not be allowed access to the system. For example, when an IDS/IPS blocks legitimate traffic from passing on to the network.
false rejection
When a biometric system fails to recognize an authorized person and doesn't allow that person access.
Faraday cage
An enclosure formed by conducting material or by a mesh of such material; it blocks out external static electric fields and can stop emanations from cell phones and other devices within the cage from leaking out.
fire suppression
The process of controlling and/or extinguishing fires to protect people and an organization's data and equipment.
A part of a computer system or network designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit or deny computer applications based on a set of rules and other criteria.
first responders
People who perform preliminary analysis of the incident data and determine whether the incident is an incident or just an event, and the criticality of the incident.
fork bomb
An attack that works by creating a large number of processes quickly to saturate the available processing space in the computer's operating system. It is a type of wabbit.
A type of DoS similar to the Smurf attack, but the traffic sent is UDP echo traffic as opposed to ICMP echo traffic.
full backup
Type of backup where all the contents of a folder are backed up.
fuzz testing (fuzzing)
When random data is inputted into a computer program in an attempt to find vulnerabilities
A backup rotation scheme in which three sets of backup tapes must be defined—usually they are daily, weekly, and monthly, which correspond to son, father, and grandfather.
A general term used to describe applications that are behaving improperly but without serious consequences; often describes types of spyware.
group policy
Used in Microsoft environments to govern user and computer accounts through a set of rules.
Hardening of the operating system is the act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services.
hardware security module (HSM)
A physical device that deals with the encryption of authentication processes, digital signings, and payment processes.
A summary of a file or message. It is generated to verify the integrity of the file or message.
hash function
A mathematical procedure that converts a variable-sized amount of data into a smaller block of data.
The attempt at deceiving people into believing something that is false.
One or more computers, servers, or an area of a network, used to attract and trap potential attackers to counteract any attempts at unauthorized access of the network.
Generally is a single computer but could also be a file, group of files, or an area of unused IP address space used to attract and trap potential attackers to counteract any attempts at unauthorized access of the network.
host-based intrusion detection system (HIDS)
A type of system loaded on an individual computer; it analyzes and monitors what happens inside that computer, for example, if any changes have been made to file integrity.
hot and cold aisles
The aisles in a server room or data center that circulate cold air into the systems and hot air out of them. Usually, the systems and cabinets are supported by a raised floor.
Originally, a hotfix was defined as a single problem fixing patch to an individual OS or application that was installed live while the system was up and running, and without a reboot necessary. However, this term has changed over time and varies from vendor to vendor.
hot site
A near duplicate of the original site of the organization, complete with phones, computers, networking devices, and full backups.
HTTP proxy (web proxy)
The HTTP proxy, also known as a web proxy, which caches web pages from servers on the Internet for a set amount of time.
The portion of virtual machine software that allows multiple virtual operating systems (guests) to run at the same time on a single computer.
incident management
The monitoring and detection of security events on a computer network and the execution of proper responses to those security events.
incident response
A set of procedures that an investigator goes by when examining a computer security incident.
When a person is in a state of being identified. It can also be described as something that identifies a person such as an ID card.
identity proofing
An initial validation of an identity.
implicit deny
Denies all traffic to a resource unless the users generating that traffic are specifically granted access to the resource. For example, when a device denies all traffic unless a rule is made to open the port associated with the type of traffic desired to be let through.
incremental backup
Type of backup that backs up only the contents of a folder that have changed since the last full backup or the last incremental backup.
information assurance
The practice of managing risks that are related to computer hardware and software systems.
information security
The act of protecting information from unauthorized access. It usually includes an in-depth plan on how to secure data, computers, and networks.
Infrastructure as a Service (IaaS)
A cloud computing service that offers computer networking, storage, load balancing, routing, and VM hosting.
input validation
Input validation or data validation is a process that ensures the correct usage of data.
This means that authorization is necessary before data can be modified.
Internet content filter
An Internet content filter, or simply a content filter, is usually applied as software at the Application Layer and can filter out various types of Internet activities such as websites accessed, e-mail, instant messaging, and more. It is used most often to disallow access to inappropriate web material.
Internet Protocol Security (IPsec)
A TCP/IP protocol that authenticates and encrypts IP packets, effectively securing communications between computers and devices using the protocol.
IP proxy
Secures a network by keeping machines behind it anonymous; it does this through the use of NAT.
IV attack
A type of related-key attack, which is when an attacker observes the operation of a cipher using several different keys, and finding a mathematical relationship between them, allowing the attacker to ultimately decipher data.
job rotation
When users are cycled through various assignments.
An authentication protocol that enables computers to prove their identity to each other in a secure manner.
The essential piece of information that determines the output of a cipher.
key escrow
When certificate keys are held in case third parties, such as government or other organizations, need access to encrypted communications.
The original hash used to store Windows passwords, known as LM hash, based off the DES algorithm.
Layer 2 Tunneling Protocol (L2TP)
A tunneling protocol used to connect virtual private networks. It does not include confidentiality or encryption on its own. It uses port 1701 and can be more secure than PPTP if used in conjunction with IPsec.
least privilege
When a user is given only the amount of privileges needed to do his job.
Lightweight Directory Access Protocol (LDAP)
An Application Layer protocol used for accessing and modifying directory services data.
load-balancing clusters
When multiple computers are connected in an attempt to share resources such as CPU, RAM, and hard disks.
logic bomb
Code that has, in some way, been inserted into software; it is meant to initiate some type of malicious function when specific criteria are met.
MAC filtering
A method used to filter out which computers can access the wireless network; the WAP does this by consulting a list of MAC addresses that have been previously entered.
MAC flooding
An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch. If this is successful, the switch will change state to failopen mode.
Software designed to infiltrate a computer system and possibly damage it without the user's knowledge or consent.
mandatory access control (MAC)
An access control policy determined by a computer system, not by a user or owner, as it is in DAC.
mandatory vacations
When an organization requires that an employee take a certain amount of days of vacation consecutively.
man-in-the-middle (MITM) attack
A form of eavesdropping that intercepts all data between a client and a server, relaying that information back and forth.
An area between two doorways, meant to hold people until they are identified and authenticated.
many-to-one mapping
When multiple certificates are mapped to a single recipient.
Message-Digest Algorithm 5 (MD5)
A 128-bit key hash used to provide integrity of files and messages.
multifactor authentication
When two or more types of authentication are used when dealing with user access control.
mutual authentication
When two computers, for example a client and a server, both verify each other's identity.
Network Access Control (NAC)
Sets the rules by which connections to a network are governed.
network address translation (NAT)
The process of changing an IP address while it is in transit across a router. This is usually so one larger address space (private) can be remapped to another address space, or single IP address (public).
network intrusion detection system (NIDS)
A type of IDS that attempts to detect malicious network activities—for example, port scans and DoS attacks—by constantly monitoring network traffic.
network intrusion prevention system (NIPS)
Designed to inspect traffic, and based on its configuration or security policy, the system can remove, detain, or redirect malicious traffic.
Network Management System (NMS)
The software run on one or more servers that controls the monitoring of network attached devices and computers.
network mapping
The study of physical and logical connectivity of networks.
network perimeter
The border of a computer network, commonly secured by devices such as firewalls and NIDS/NIPS solutions.
A random number issued by an authentication protocol that can only be used once.
nonpromiscuous mode
When a network adapter captures only the packets that are addressed to it.
The idea of ensuring that a person or group cannot refute the validity of your proof against them.
NTLM hash
Successor to the LM hash. A more advanced hash used to store Windows passwords, based off the RC4 algorithm.
NTLM2 hash
Successor to the NTLM hash. Based off the MD5 hashing algorithm.
null session
When used by an attacker, a malicious connection to the Windows interprocess communications share (IPC$).
one-time pad
A cipher that encrypts plaintext with a secret random key that is the same length as the plaintext.
one-to-one mapping
When an individual certificate is mapped to a single recipient.
open mail relay
Also known as an SMTP open relay; it enables anyone on the Internet to send e-mail through an SMTP server.
Open Vulnerability and Assessment Language (OVAL)
A standard and a programming language designed to standardize the transfer of secure public information across networks and the Internet utilizing any security tools and services available.
packet filtering
Packet filtering as it applies to firewalls inspects each packet passing through the firewall and accepts or rejects it based on rules. Two types of packet filtering include stateless packet filters and stateful packet inspection (SPI).
password cracker
Software tool used to recover passwords from hosts or to discover weak passwords.
An update to a system. Patches generally carry the connotation of a small fix in the mind of the user or system administrator, so larger patches often are referred to as software updates, service packs. or something similar.
patch management
The planning, testing, implementing, and auditing of patches.
penetration testing
A method of evaluating the security of a system by simulating one or more attacks on that system.
permanent DoS (PDoS) attack
Generally consists of an attacker exploiting security flaws in routers and other networking hardware by flashing the firmware of the device and replacing it with a modified image.
File system permissions control what resources a person can access on the network.
personal firewall
Applications that protect an individual computer from unwanted Internet traffic; they do so by way of a set of rules and policies.
personally identifiable information (PII)
Information used to uniquely identify, contact, or locate a person.
When an attacker redirects one website's traffic to another bogus and possibly malicious website by modifying a DNS server or hosts file.
When an unauthorized person tags along with an authorized person to gain entry to a restricted area.
ping flood
A ping flood, also known as an ICMP flood attack, is when an attacker attempts to send many ICMP echo request packets (pings) to a host in an attempt to use up all available bandwidth.
Ping of Death (POD)
A type of DoS that sends an oversized and/or malformed packet to another computer.
Platform as a Service (PaaS)
A cloud computing service that provides various software solutions to organizations especially the ability to develop applications without the cost or administration of a physical platform.
Point-to-Point Tunneling Protocol (PPTP)
A tunneling protocol used to support VPNs. Generally includes security mechanisms, and no additional software or protocols need to be loaded. A VPN device or server must have inbound port 1723 open to enable incoming PPTP connections.
Rules or guidelines used to guide decisions and achieve outcomes. They can be written or configured on a computer.
pop-up blocker
An application or add-on to a web browser that blocks pop-up windows that usually contain advertisements.
port address translation (PAT)
Like NAT, but it translates both IP addresses and port numbers.
port scanner
Software used to decipher which ports are open on a host.
pre-action sprinkler system
Similar to a dry pipe system, but there are requirements for it to be set off such as heat or smoke.
When a person invents a scenario, or pretext, in the hope of persuading a victim to divulge information.
Pretty Good Privacy (PGP)
An encryption program used primarily for signing, encrypting, and decrypting e-mails in an attempt to increase the security of e-mail communications.
private key
A type of key that is known only to a specific user or users who keep the key a secret.
privilege escalation
The act of exploiting a bug or design flaw in a software or firmware application to gain access to resources that normally would've been protected from an application or user.
promiscuous mode
In a network adapter, this passes all traffic to the CPU, not just the frames addressed to it. When the network adapter captures all packets that it has access to regardless of the destination for those packets.
protocol analyzer
Software tool used to capture and analyze packets.
proxy server
Acts as an intermediary for clients usually located on a LAN and the servers that they want to access that are usually located on the Internet.
public key
A type of key that is known to all parties involved in encrypted transactions within a given group.
public key cryptography
Uses asymmetric keys alone or in addition to symmetric keys. The asymmetric key algorithm creates a secret private key and a published public key.
Public Key Infrastructure
An entire system of hardware and software, policies and procedures, and people, used to create, distribute, manage, store, and revoke digital certificates.
qualitative risk assessment
An assessment that assigns numeric values to the probability of a risk and the impact it can have on the system or network.
quantitative risk assessment
An assessment that measures risk by using exact monetary values.
radio frequency interference (RFI)
Interference that can come from AM/FM transmissions and cell towers.
Mirroring. Data is copied to two identical disks. If one disk fails, the other continues to operate.
Striping with Parity. Data is striped across multiple disks; fault tolerant parity data is also written to each disk.
Rainbow Tables
In password cracking, a set of precalculated encrypted passwords located in a lookup table.
recovery point objectives (RPO)
In business impact analysis, the acceptable latency of data.
recovery time objectives (RTO)
In business impact analysis, the acceptable amount of time to restore a function.
redundant ISP
Secondary connections to another ISP; for example, a backup T-1 line.
redundant power supply
An enclosure that contains two complete power supplies, the second of which turns on when the first fails.
Remote Access Service (RAS)
A networking service that allows incoming connections from remote dial-in clients. It is also used with VPNs.
Remote Authentication Dial-In User Service (RADIUS)
Used to provide centralized administration of dial-up, VPN, and wireless authentication.
replay attack
An attack in which valid data transmission is maliciously or fraudulently repeated or delayed.
residual risk
The risk that is left over after a security and disaster recovery plan have been implemented.
The possibility of a malicious attack or other threat causing damage or downtime to a computer system.
risk acceptance
The amount of risk an organization is willing to accept. Also known as risk retention.
risk assessment
The attempt to determine the amount of threats or hazards that could possibly occur in a given amount of time to your computers and networks.
risk avoidance
When an organization avoids risk because the risk factor is too great.
risk management
The identification, assessment, and prioritization of risks, and the mitigating and monitoring of those risks.
risk mitigation
When a risk is reduced or eliminated altogether.
risk reduction
When an organization mitigates risk to an acceptable level.
risk transference
The transfer or outsourcing of risk to a third party. Also known as risk sharing.
role-based access control (RBAC)
An access model that works with sets of permissions, instead of individual permissions that are label-based. So roles are created for various job functions in an organization.
A type of software designed to gain administrator-level control over a computer system without being detected.
A public key cryptography algorithm created by Rivest, Shamir, Adleman. It is commonly used in e-commerce.
An IETF standard that provides cryptographic security for electronic messaging such as e-mail.
An unexpected decrease in the amount of voltage provided.
The randomization of the hashing process to defend against cryptanalysis password attacks and Rainbow Tables.
When a web script runs in its own environment for the express purpose of not interfering with other processes, possibly for testing.
secure code review
An in-depth code inspection procedure.
secure coding concepts
The best practices used during the life cycle of software development.
Secure Hash Algorithm (SHA)
A group of hash functions designed by the NSA and published by the NIST, widely used in government. The most common currently is SHA-1.
Secure Shell (SSH)
A protocol that can create a secure channel between two computers or network devices.
Secure Sockets Layer (SSL)
A cryptographic protocol that provides secure Internet communications such as web browsing, instant messaging, e-mail, and VoIP.
security log files
Files that log activity of users. They show who did what and when, plus whether they succeeded or failed in their attempt.
security posture
The risk level to which a system, or other technology element, is exposed.
Security Posture Assessments (SPA)
Assessments that use baseline reporting and other analyses to discover vulnerabilities and weaknesses in systems and networks.
security template
Groups of policies that can be loaded in one procedure.
security tokens
Physical devices given to authorized users to help with authentication. These devices might be attached to a keychain or are part of a card system.
Separation of Duties (SoD)
This is when more than one person is required to complete a particular task or operation.
service level agreement (SLA)
Part of a service contract where the level of service is formally defined.
service pack (SP)
A group of updates, bug fixes, updated drivers, and security fixes that are installed from one downloadable package or from one disc.
service set identifier (SSID)
The name of a wireless access point (or network) to which network clients will connect; it is broadcast through the air.
shoulder surfing
When a person uses direct observation to find out a target's password, PIN, or other such authentication information.
signature-based monitoring
Frames and packets of network traffic are analyzed for predetermined attack patterns. These attack patterns are known as signatures.
Simple Network Management Protocol (SNMP)
A TCP/IP protocol that monitors network-attached devices and computers. It's usually incorporated as part of a network management system.
single point of failure
An element, object, or part of a system that, if it fails, will cause the whole system to fail.
single sign-on (SSO)
When a user can log in once but gain access to multiple systems without being asked to log in again.
Smurf attack
A type of DoS that sends large amounts of ICMP echoes, broadcasting the ICMP echo requests to every computer on its network or subnetwork. The header of the ICMP echo requests will have a spoofed IP address. That IP address is the target of the Smurf attack. Every computer that replies to the ICMP echo requests will do so to the spoofed IP.
SNMP agent
Software deployed by the network management system that is loaded on managed devices. The software redirects the information that the NMS needs to monitor the remote managed devices.
Software as a Service (SaaS)
A cloud computing service where users access applications over the Internet that are provided by a third party.
The abuse of electronic messaging systems such as e-mail, broadcast media, and instant messaging.
spear phishing
A type of phishing attack that targets particular individuals.
special hazard protection system
A clean agent sprinkler system such as FM-200 used in server rooms.
A short transient in voltage that can be due to a short circuit, tripped circuit breaker, power outage, or lightning strike.
The abuse of instant messaging systems, a derivative of spam.
When an attacker masquerades as another person by falsifying information.
A type of malicious software either downloaded unwittingly from a website or installed along with some other third-party software.
standby generator
Systems that turn on automatically within seconds of a power outage.
stateful packet inspection
Type of packet inspection that keeps track of network connections by examining the header in each packet, also known as SPI.
static NAT
When a single private IP address translates to a single public IP address. This is also called one-to-one mapping.
The science (and art) of writing hidden messages; it is a form of security through obscurity.
stream cipher
A type of algorithm that encrypts each byte in a message on at a time.
Means that there is an unexpected increase in the amount of voltage provided.
symmetric key algorithm
A class of cipher that uses identical or closely related keys for encryption and decryption.
SYN flood
A type of DoS where an attacker sends a large amount of SYN request packets to a server in an attempt to deny service.
Systems Development Life Cycle (SDLC)
The process of creating systems and applications, and the methodologies used to do so.
A type of piggybacking where an unauthorized person follows an authorized person into a secure area, without the authorized person's consent.
TCP reset attack
Sets the reset flag in a TCP header to 1, telling the respective computer to kill the TCP session immediately.
TCP/IP hijacking
When a hacker takes over a TCP session between two computers without the need of a cookie or any other type of host access.
teardrop attack
A type of DoS that sends mangled IP fragments with overlapping and oversized payloads to the target machine.
Refers to the investigations of conducted emissions from electrical and mechanical devices, which could be compromising to an organization.
Temporal Key Integrity Protocol (TKIP)
An algorithm used to secure wireless computer networks; meant as a replacement for WEP.
Terminal Access Controller Access-Control System (TACACS)
A remote authentication protocol similar to RADIUS used more often in UNIX networks.
3-leg perimeter
A type of DMZ where a firewall has three legs that connect to the LAN, Internet, and the DMZ.
Part of the authentication process used by Kerberos.
time bomb
Trojans set off on a certain date.
time of day restriction
When a user's logon hours are configured to restrict access to the network during certain times of the day and week.
Towers of Hanoi
A backup rotation scheme based on the mathematics of the Towers of Hanoi puzzle. Uses three backup sets. For example, the first tape is used every second day, the second tape is used every fourth day, and the third tape is used every eighth day.
Transport Layer Security (TLS)
The successor to SSL. Provides secure Internet communications. This is shown in a browser as HTTPS.
Triple DES (3DES)
Similar to DES but applies the cipher algorithm three times to each cipher block.
Trojan horse
Applications that appear to perform desired functions but are actually performing malicious functions behind the scenes.
Trusted Computer System Evaluation Criteria (TCSEC)
A DoD standard that sets basic requirements for assessing the effectiveness of computer security access policies. Also known as The Orange Book.
UDP flood attack
A similar attack to the Fraggle. It uses the connectionless User Datagram Protocol. It is enticing to attackers because it does not require a synchronization process.
uninterruptible power supply (UPS)
Takes the functionality of a surge suppressor and combines that with a battery backup, protecting computers not only from surges and spikes, but also from sags, brownouts, and blackouts.
User Account Control (UAC)
A security component of Windows Vista that keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights—even if they are a member of the administrators group.
vampire tap
A device used to add computers to a 10BASE5 network. It pierces the copper conductor of a coaxial cable and can also be used for malicious purposes.
A type of phishing attack that makes use of telephones and VoIP.
virtual machine (VM)
Created by virtual software; they are images of operating systems or individual applications.
virtual private network (VPN)
A connection between two or more computers or devices that are not on the same private network.
The creation of a virtual entity, as opposed to a true or actual entity.
Code that runs on a computer without the user's knowledge; it infects the computer when the code is accessed and executed.
VLAN hopping
The act of gaining access to traffic on other VLANs that would not normally be accessible by jumping from one VLAN to another.
VPN concentrator
A hardware appliance that allows hundreds of users to connect to the network from remote locations via a VPN.
Weaknesses in your computer network design and individual host configuration.
vulnerability assessment
Baselining of the network to assess the current security state of computers, servers, network devices, and the entire network in general.
vulnerability management
The practice of finding and mitigating software vulnerabilities in computers and networks.
vulnerability scanning
The act of scanning for weaknesses and susceptibilities in the network and on individual systems.
The act of scanning telephone numbers by dialing them one at a time and adding them to a list, in an attempt to gain access to computer networks.
The act of searching for wireless networks by a person in a vehicle through the use of a device with a wireless antenna, often a particularly strong antenna.
warm site
This will have computers, phones, and servers, but they might require some configuration before users can start working on them.
web of trust
A decentralized model used for sharing certificates without the need for a centralized CA.
wet pipe sprinkler system
Consists of a pressurized water supply system that can deliver a high quantity of water to an entire building via a piping distribution system.
A phishing attack that targets senior executives.
Wi-Fi Protected Access (WPA)
A security protocol created by the Wi-Fi Alliance to secure wireless computer networks, more secure than WEP.
Wired Equivalent Privacy (WEP)
A deprecated wireless network security standard, less secure than WPA.
Tapping into a network cable in an attempt to eavesdrop on a conversation or steal data.
Code that runs on a computer without the user's knowledge; they self-replicate, whereas a virus does not.
A common PKI standard developed by the ITU-T that incorporates the single sign-on authentication method.
zero day attack
An attack that is executed on a vulnerability in software before that vulnerability is known to the creator of the software.
The individual compromised computers in a botnet.
SC Connector
- Type of connector used in fiber optic cabling.
- Snap-in with 2.5 mm ferrule.
ST Connector
- Type of connector used in fiber optic cabling.
- Uses bayonet connector with 2.5 mm ceramic or polymer ferrule.
LC Connector
- Type of connector used in fiber optic cabling.
- Uses a connector likened to RJ-45. It has a smaller form factor and uses 1.25 mm ferrule.
- Preferred for single mode.
- Networking cable with extra protection against EMI.
- Copper used as grounding material around the internal wires.
- Most commonly used networking cable.
- Lower cost since it doesn't have the extra protection layer of copper grounding material.
- Networking twisted pair cabling standard to support 10 Mbps Ethernet connection speeds.
- Networking twisted pair cabling standard used to support 100 Mbps and 2 Gbps Ethernet connection speeds.
- Networking twisted pair cabling standard used to support 100 Mbps and 2 Gbps Ethernet connection speeds.
- Provides additional protection from EMI.
- Networking twisted pair cabling standard used to support 10 Gbps connection speeds.
- Material used to surround twisted pair cabling, especially when wiring above ceiling tiles.
- Normal material used to surround twisted pair cabling.
- Can be toxic when burned, therefore is not permitted for use when wiring above ceiling tiles.
- Most commonly used twisted pair connector for telephone lines and modems.
- Twisted pair connector used for network cabling.
- Uses either T568A or T568B wiring configurations.
- Wiring standards used for configuring twisted pair networking cable with RJ-45 connections based on a specified color order of the individual wires.
- The color order for this standard is as follows: green-white, green, orange-white, blue, blue-white, orange, brown-white, brown
- Wiring standards used for configuring twisted pair networking cable with RJ-45 connections based on a specified color order of the individual wires.
- The color order for this standard is as follows: orange-white, orange, green-white, blue, blue-white, green, brown-white, brown
- This particular scheme is the accepted standard.
Crossover Cable
- Networking cable which is configured to use the T568A standard at one end and T568B at the other.
Coaxial Connectors
BNC connector
Bayonet style coaxial cabling connector generally made of nickel plated brass
F-type connector
Most common coaxial cable connector which features a screw on attaching mechanism.
IP Class A
Specified IP classing standard within the range of to with the subnet mask of
IP Class B
Specified IP classing standard within the range of to subnet mask of
IP Class C
Specified IP classing standard within the range of to subnet mask of
- 32-bit decimal network addressing standard
- Separated by decimal into 4 octets (8-bits).
- OSI Layer 3 address
- 128-bit hexidecimal network addressing standard
- Designed as a backup system when we've run out of traditional IP addresses.
Public IP
- An IP address issued by a network provider used to communication with hosts across the world wide web.
- This is the IP address used for remote users to access a private network.
Private IP
- An internal IP address assigned to each device on a network for communication between one another.
- This IP address must be within a specified group of available addresses in order to operate.
- If enabled, this feature will assign a default IP address when the DHCP server is not responding.
- The IP address will be assigned between to
Static IP
- Manually assigned IP address
Dynamic IP
- IP address assigned by DHCP server.
- This method insures there are no overlapping IP addresses within a network.
Client-side DNS
- Compiles a list of frequently used domain name and IP destinations to quickly pull up a destination upon request.
- a server dedicated to assigning network settings to devices upon request.
- The assigned settings are provided within specified parameters
Subnet Mask
- This network setting dictates which portion of the IP address is available within a network addressing schematic.
- The point on a network that connects all of the devices together at a central point.
- This address is required for a private network to access a public network.
- Typically the first or last IP address assigned within an available range.
- TCP Port 21 (data port 20)
- Uses TCP to connect one host directly to another in order to transfer files.
- Typical usage is to upload files to a web server.
- It uses a separate port for data and communications.
- TCP/UDP Port 23
- Network protocol to connect to a server and operate it as a native user in terminal mode.
- This method of server control, though it has username and password as security, is unencrypted and not the most secure method.
- TCP Port 25
- Protocol used to transfer mail between network destinations.
- TCP Port 53
- Translates real name network commands to associated IP destinations.
- TCP Port 80
- Protocol used to access websites on the world wide web.
- TCP Port 110
- Protocol used to retrieve emails from a mail server.
- This protocol typically downloads the email and removes it from the server. It is not preferred if you plan to access the email from multiple devices.
-TCP Port 143
- Protocol used to retrieve emails from a mail server.
- This protocol allows you to synchronize with the mail server and have updated access from multiple devices.
- Port 443
- Protocol used to access websites on the world wide web with added SSL protection.
- Any website cannot be automatically accesses with this protocol, it is authorized by certificate.
- TCP/UDP Port 3389
- Used to access, view and control one computer from another while connecting through a network and/or internet connection.
- TCP/UDP port 389 (secure port 636)
- Protocol used to build and share information within a network.
- Generally used as a directory of contacts.
- UDP 161, 162
- Part of the TCP/IP suite, this protocol shares information devices on a network for management purposes.
- TCP Port 445, UDP Port 137, 138, 139
- Protocol implemented in Microsoft Windows.
- This system allows users to share resources across the network remotely. (ie. shared folders/files, printers)
- TCP Port 445, UDP Port 137, 138, 139
- Dialect of Server Message Block (SMB) protocol.
- Enables the sharing of folders/files, printers and ports over a network.
- TCP/UDP Port 22
- A secured protocol used to access and control remote systems.
- Generally used in terminal mode.
- TCP/UDP Port 22
- Used to access and transfer server files from a host system with a secure shell protocol.
- Protocol for data transmission which requires a return receipt on every delivery to ensure the information reached the intended destination.
- Packets that are lost or dropped are re-sent.
- This system ensures a reliable transfer.
- Connection-oriented protocol.
- Protocol for quicker transmission of data since there is no requirement of receipt.
- Dropped or lost packets are not re-transmitted.
- More reliable method to deliver audio or video due to the increased rate of transmission.
- Connectionless protocol.
802.11 a
- Wireless networking standard which operates at 5.75 Ghz
- 54 Mbps
- 150 ft maximum range
- 23 total operating channels, 12 non overlapped
802.11 b
- Wireless networking standing which operates at 2.4 Ghz
- 11 Mbps
- 300 ft maximum range
- 11 total operating channels, 3 non-overlapped
802.11 g
- Wireless networking standard which operates at 2.4 Ghz
- 54 Mbps
- 300 ft maximum range
- 11 total operating channels, 3 non-overlapped
- Compatible with other wireless networking standard which also operates at the same frequency.
802.11 n
- Wireless networking standard which operates at 2.4 Ghz and/or 5.75 Ghz
- 150, 300 or 600 Mbps depending on network configuration
- 1200 ft maximum range
- Compatible with other wireless networking standards operating at 2.4 Ghz and 5.75 Ghz depending on specifications of the hardware
- Original wireless network encrypted security associated with 802.11 in 1997.
- It is designed to emulate the same security as a wired network infrastructure.
- Uses the same pre-shared key on the network and connecting devices as its form of securing a connection.
- The pre-shared key is also used for encryption.
- Not the most secure or recommended method.
- Wireless network security that replaced WEP.
- Provides encryption via TKIP.
- Can use both pre-shared key or 802.1x for authenticating connection.
- Wireless network security which is the current highest standard used in most setups.
- Provides encryption similar to TKIP while proving more secure via AES.
- Requires compatible hardware to implement.
- Encryption method utilized in WPA
- Encryption method utilized in WPA2
- Requires compatible hardware to encrypt
MAC Filtering
- Feature of a wireless router which permits access based upon hardware address provided.
- Can be set to allow/block specified systems.
Router Channels
- Specifies portion of wireless frequencies used for a specific router in order to avoid overlapping and causing connectivity issues, especially when dealing with multiple access points.
Port Forwarding
- Settings of the router which designates ports to be open for specific services, which then sends it on the the destination.
- It allows remote computer to connect to a private computer.
Port Triggering
- A setting of a router which would open a specific port only on request from a local host, to which that host is the designated recipient of communication through that port.
- Ports remain closed when there is no activity.
- Specified name of a wireless access point.
- Required to connect to a wireless network.
- Security in a router which blocks unwanted and unrequested traffic from passing into the local network.
- Subnetwork used to separate a private sector of a network from the public portion allotted to give access to its services to an untrusted network.
- An internet standard which connects the internet to a private network while maintaining privacy.
- This is used to translate one IP addressing system with another that is not necessarily compatible.
- A method of connecting to a wireless network devised to make it easier to those with less knowledge of network security.
- It involves pressing of a button on the router in relation to the computer or other compatible network device, and they will securely connect the computer to the wireless network without the need of a passcode or pre-shared key.
Basic QoS
- This is simply the measured quality of an internet connection.
Cable Internet
- Type of internet service that runs over a cable TV network.
- The accepted standard for most internet connections today, as it is reliable and fast.
- Internet service which transmits broadband digital data along a telephone line.
- A breakthrough from dial-up connection because it allows use of the telephone and internet simultaneously depending on your implementation.
- Splits the phone line into multiple channels for transmission, allotting one for the telephone.
- A filter is placed to separate the analog voice from the digital data.
- Not as fast as cable internet can be due to its strict limitation to transmit through phone lines.
- Connects a phone line to a modem to provide a rather slow internet connection.
- Data transfer rates can be 28.8, 33.3, 56 Kbps based on compression rates.
- Compression standards: V.24, V.32bis, V.34, V.42, V.44, V.90, and V.92.
- Can be used over any telephone line, but not simultaneous to phone usage.
Fiber Optic Internet
- A modern internet delivery variation from cable companies upgrading their networks with the use of high speed fiber optic cabling.
- Since the data is literally delivered on beams of light it is able to travel extremely fast and far distances.
Satellite Internet
- Not known as the fastest, yet reliability from anywhere in the world and not limited by wiring.
- This sends and receives radio signal from satellite it is susceptible to interference from weather conditions.
- Requires satellite dish setup, to send and receive signals, with a clear line of sight setup.
- Can be used as a portable option and available in remote regions.
- Expect latency due to distance of travel.
- This internet connection provides digital service over a switched network.
- The BRI variation splits the telephone line into 3 channels: 2 64 Kbps B (bearer) channels, 1 16 Kbps D (delta) channel.
- B channels are used for data simultaneous transmission, except in the case of a phone call, in which case it utilizes only one channel.
- D channel is used to control the connection.
- The PRI variation provides for faster service and require upgraded wiring. The cable is divided into 23 B channels and 1 D channel at 64 Kbps each.
Cellular/Mobile Hotspot
- Internet connection shared from a device receiving a connection from mobile network towers.
- This device can be used as an access point to allow those nearby with internet access.
- Mobile phone tethering is also a way to share your phone connection as an access point.
- Depending on the level of service this can prove to be a very fast internet connection: EDGE (400-1000 kbps), 3G (2 Mbps+), 4G (3-100+ Mbps), etc.
Line of sight wireless internet service
- Type of internet service that would require a device to point directly to an internet providers tower without anything blocking its path.
- Could be susceptible to interference due to disturbance of path by weather conditions.
- High speed internet access provided through wireless signals to a larger area of subscribers.
- Would require a device or antennae which would receive the signal.
- Could potentially eliminate the use of cable internet due to simpler setup.
- A small network that connects local machines to be in communication or share resources.
- Generally a home or office network.
- A network that consists of multiple LANs and covers a larger geographic area such as a town, city or county.
- This is a small network setup that is generally between two devices.
- Typically by Bluetooth or infrared.
- Much like a WAN, this is a network that covers a geographic area such as a city.
- It interconnects multiple LANs for the purpose of shared network throughout the region.
Mesh Topology
- Network topology which connects each device with one another.
- This type has fault tolerance because if a path is down it can reroute through many others.
Ring Topology
- Network topology which connects one computer to another in a continuous loop.
- The signal travels in one direction as each device repeats the signal until it reaches the intended destination.
- If there is a missing connection in a loop the network connection is down from that point in the setup.
Bus Topology
- Network topology with a trunk cable that runs the full length with a terminator at both ends to prevent repeated signals. The devices are connected with a drop cable along the trunk cable.
- Broken cables prevent communication with any device on the network.
Star Topology
- Network topology which requires each computer to connect to a central point such as a hub or switch.
- The typical setup for LANs due to the ease of adding and removing connections.
Hybrid Topology
- Network topology which combines the use of multiple topology methods.
- A central network device to connect devices on the same subnet.
- Information sent from one port will be sent out to every other port.
- Operates strictly in half-duplex mode due to the limitation of only one send request permitted at a time.
- A central network device to connect devices on the same subnet.
- Due to a system of logging MAC addresses for devices along the network, information sent from one port will only be forwarded to the receiving port.
- Operates in full duplex mode since it has separate channels for sending and receiving.
Power over Ethernet
- A option in some devices to provide power to a device through the twisted pair CAT5 connection or higher.
- Generally found on a switch based on hardware specifications.
- Network device used to connect two network that have different subnets.
- Destination addresses are compiled by IP so it keeps track of where to forward requests.
Access Point
- A device on a network which creates a position to provide access to incoming connections.
- A device to connect two network segments with the same subnet.
- Compiles a list of devices by MAC address in order to know where to forward requests.
- A device that acts to convert digital information to analog to send information over telephone lines.
- On the receiving end it converts the analog data back into digital.
- Storage device shared over a LAN in order to provide a central location of data.
VoIP Phones
- Telephone service that operates over an internet connection rather than through an analog signal.
Internet appliance
- A device with an alternate primary purpose yet has the ability to use internet services.
- This could be a smart TV, PDA, camera, etc.
- Tool used to attach RJ-45 or RJ-11 connections to ethernet cabling by use of closing force.
- Tool used to measure the electric currents of various components of a computer.
- Can be used to measure voltage (AC and DC), current (amps), resistance (ohms), capacitance and frequency.
Toner probe
- This tools is used to send an analog audio signal through a cable. After generating the tone you would use a listening device which can follow the sound to find where that cable is going.
Cable tester
- A tool that validates the usability of a network cable.
-It is connected to the network cable at both ends of a cable and will verify that the signals are being sent successfully and that the wiring in the connectors are in thecorrect position.
Loopback plug
- A simple plug use to test the outgoing and incoming communication on a port.
- It routes the transmit portto the receive porton the same device.
Punchdown tool
- The required tool used to attach network wiring to a punchdown block.
defines the device an end-user uses to access a network.
(ie: a workstation, laptop, smartphone, with wireless capabilities, a tablet, or a variety of other end-user terminal devices.)
serves up resources to a network. For example, E-mail access provided by an E-mail server, web pages provided by a web server, or data files available on a file server.
Known as an Ethernet hub, it is an older technology used to interconnect network components, such as clients and servers. The available ports on a hub vary, It DOES NOT perform any inspection of the traffic it passes, instead it just receives traffic in a port and repeats that same traffic out all of its other ports.
an Ethernet switch interconnects network components.It is available with a variety of port densities. A switch learns which devices reside off of which ports. As a result, the switch learns where the traffic is destined and forwards the traffic out only the appropriate port, not out all of the other ports.
a Layer 3 device, it makes forwarding decisions based on logical network addresses. Most modern networks use an IP address for routing.
a way to interconnect devices on a network. For example, copper cabling, fiber-optic cable or wireless connections.
WAN Link
An interconnection between two devices in a WAN.
Local-area network - interconnects network components within a local region. (ie: within a building.)
Wide-area network - interconnects network components that are geographically separated.
Campus -area network - an interconnection of networks located in nearby buildings. (ie: buildings on a college campus)
Metropolitan-area network - Interconnects locations scattered throughout a metropolitan area. (ie: Chicago Public Schools)
Personal-area network - a network whose scale is smaller than a LAN. (ie: a connection between a PC and a digital camera via a USB cable.
Logical Topology
The actual traffic flow of a network determines the network's Logical topology.
Physical Topology
The way a network's components are physically interconnected determines the network's physical topology.
Bus Topology
Typically a main cable runs through the area, all devices requiring connectivity tap into or are connected to this main cable.
Ring Topology
Traffic flows in a circular fashion around a closed network loop (ring). This topology sends data in a single direction to each connected device in the ring, until the intended destination receives the data.
Star Topology
A Network that has a central point (Switch) from which all attached devices radiate.
Hub-and-Spoke Topology
Used when interconnecting multiple sites (ie: multiple corporate locations) via WAN links, a hub-and-spoke topology has a WAN link from each remote site (a spoke site) to the main site (the hub site).
Full-mesh Topology
directly connects every site to every other site in the network.
Parttial-mesh Topology
A hybrid of a hub-and-spoke topology and a full-mesh topology. A partial-mesh can be designed to provide an optimal route between selected sites, while avoiding the expense of interconnecting every site to every other site.
client-server network
In this type of network a dedicated server (ie: file server or a print server) provides shared access to a resources (ie: files or a printer). Clients (ie: a PCs) on the network with appropriate privilege levels can gain access to those shared resources.
peer-to-peer network
allows interconnected devices (ie: PCs) to share their resources with one another. These resources could be for example, files or printers.
trouble ticket
A problem report explaining the details of an issue being experienced in a network.
A broken strand of copper that prevents current from flowing through a
occurs when two copper connectors touch each other, resulting in
current flowing through that short rather than the attached electrical circuit, because the short has lower resistance.
decibel (dB) loss
A loss of signal power. If a transmission's dB loss is too great, the transmission cannot be properly interpreted by the intended recipient.
(maximum transmission unit) The largest packet size supported on an
interface through the media of air .
black-hole router
A router that drops packets that cannot be fragmented and are exceeding the MTU size of an interface without notifying the sender.
symmetric encryption
both the sender and receiver of a packet use the same key (a shared key ) for encryption and decryption.
asymmetric encryption
the sender and receiver of a packet use different keys.
(Advanced Encryption Standard) Released in 2001, this typically considered the preferred symmetric encryption algorithm. It is available in 128-bit key, 192-bit key, and 256-bit key versions.
A popular and widely deployed asymmetric encryption algorithm.
(pretty good privacy) is a widely deployed asymmetric encryption algorithm and is often used to encrypt e-mail traffic.
(GNU privacy guard) A free variant of pretty good privacy (PGP), which is an asymmetric encryption algorithm.
(public key infrastructure) uses digital certificates and a certificate authority to allow secure communication across a public network.
(Challenge-Response Authentication Mechanism Message Digest 5) A common variant of HMAC frequently used in e-mail systems. Like CHAP, this only performs one-way authentication (the server authenticates the client).
(denial of service) this attack floods a system with an excessive amount of traffic or requests, which consumes the system's processing resources and prevents the system from responding to many legitimate requests.
social engineering
Attackers sometimes use social techniques (which often leverage people's desire to be helpful) to obtain confidential information. For example, an attacker might pose as a member of an IT department and ask a company employ for their login credentials in order for the "IT staff to test the connection." This type of attack is called social engineering.
FTP bounce
This bounce attack uses the FTP
(distributed denial of service) These attacks can increase the amount of traffic flooded to a target system. Specifically, an attacker compromises multiple systems, and those compromised systems, called zombies , can be instructed by the attacker to simultaneously launch a DDoS attack against a target system.
buffer overflow
This attack occurs when an attacker leverages a vulnerability in
an application, causing data to be written to a memory area (that is, a buffer) that's being used by a different application.
security policy
A continually changing document that dictates a set of guidelines for network use. These guidelines complement organizational objectives by specifying rules for how a network is used
(acceptable use policy) Identifies what users of a network are and are not allowed to do on that network. For example, retrieving sports scores during working hours via an organization's Internet connection might be deemed inappropriate by an AUP.
A network-vulnerability scanner.
honey pot
Acts as a distracter. Specifically, a system designated as a honey pot appears to be an attractive attack target. One school of thought on the use of a honey pot is to place one or more honey-pot systems in a network to entice attackers into thinking the system is real. The attackers then use their resources attacking the honey pot, resulting in their leaving the real servers alone.
honey net
A network containing more than one honey pot.
(access control list) Rules typically applied to router interfaces, which specify permitted and denied traffic.
A client-server authentication protocol that supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party (a key distribution center ) that hands out tickets to be used instead of a username and password combination.
(Remote Authentication Dial-In User Service) A UDP-based protocol used to communicate with a AAA server. does not encrypt an entire authentication packet, but only the password. However, offers more robust accounting features than TACACS+. This is a standards-based protocol, while TACACS+ is a Cisco-proprietary protocol.
(Terminal Access Controller Access-Control System Plus) A TCP-based protocol used to communicate with a AAA server. encrypts an entire authentication packet rather than just the password. offers authentication features, but they are not as robust as the accounting features found in RADIUS. is a Cisco-proprietary protocol.
(two-factor authentication) Requires two types of authentication from a user seeking admission to a network. For example, a user might need to know something (for example, a password) and have something (for example, a specific fingerprint that can be checked with a biometric authentication device).
multifactor authentication
Similar to two-factor authentication, it requires two or more types of successful authentication before granting access to a network.
(single sign-on) Allows a user to authenticate once to gain access to multiple systems, without requiring the user to independently authenticate with each system.
software firewall
A computer running firewall software. For example, the software firewall could protect the computer itself (for example, preventing incoming connections to the computer). Alternately, a software firewall could be a computer with more than one network interface card that runs firewall software to filter traffic flowing through the computer.
hardware firewall
A network appliance dedicated to the purpose of acting as a
firewall. This appliance can have multiple interfaces for connecting to areas of a network requiring varying levels of security.
stateful firewall
Inspects traffic leaving the inside network as it goes out to the
Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, the stateful firewall permits that traffic. The process of inspecting traffic to identify unique sessions is called stateful inspection .
(demilitarized zone) Often contains servers that should be accessible from the Internet. This approach would, for example, allow users on the Internet to initiate an e-mail or a web session coming into an organization's e-mail or web server. However, other protocols would be blocked.
(virtual private network) Some VPNs can support secure communication between two sites over an untrusted network (for example, the Internet).
site-to-site VPN
Interconnects two sites, as an alternative to a leased line, at a
reduced cost.
client-to-site VPN
Also known as a remote access VPN, a client-to-site VPN
interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost.
remote access VPN
See client-to-site VPN . Also known as a remote access VPN, a client-to-site VPN interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost.
(IP security (IPsec) A type of VPN that provides confidentiality, integrity, and authentication.
(Internet Key Exchange) A protocol used to set up an IPsec session.
(Internet Security Association and Key Management Protocol) Negotiates parameters for an IPsec session.
(Security Association) An agreement between the two IPsec peers about the cryptographic parameters to be used in an ISAKMP session.
(Authentication Header) An IPsec protocol that provides authentication and integrity services. However, it does not provide encryption services.
(Encapsulating Security Payload) An IPsec protocol that provides authentication, integrity, and encryption services.
(Secure Sockets Layer) Provides cryptography and reliability for upper
layers (Layers 5-7) of the OSI model. introduced in 1995, it has largely been replaced by Transport Layer Security (TLS). However, recent versions of SSL (for example, SSL 3.3) have been enhanced to be more comparable with TLS. Both SSL and TLS are able to provide secure web browsing via HTTPS.
(Layer 2 Tunneling Protocol) A VPN protocol that lacks security
features, such as encryption. However, it can still be used for a secure VPN connection if it is combined with another protocol that provides encryption.
(Layer 2 Forwarding) A VPN protocol designed (by Cisco Systems ® ) with the intent of providing a tunneling protocol for PPP. Like L2TP, L2F lacks native security features.
(Point-to-Point Tunneling Protocol) An older VPN protocol (that supported the dial-up networking feature in older versions of Microsoft Windows ® ). Like L2TP and L2F, PPTP lacks native security features. However, Microsoft's versions of PPTP bundled with various versions of Microsoft Windows ® were enhanced to offer security features.
(Intrusion Detection System) can recognize the signature of a well-known attack and respond to stop the attack. However, this sensor does not reside in-line with the traffic flow. Therefore, one or more malicious packets might reach an intended victim before the traffic flow is stopped by this sensor.
(Intrusion Prevention System) can recognize the signature of a well-known attack and respond to stop the attack. This device resides in-line with the traffic flow, unlike an IDS sensor.
(Network-Based IDS) a network appliance dedicated to the purpose of acting as an IDS sensor.
(Network-Based IPS) a network appliance dedicated to
the purpose of acting as an IPS sensor.
(Host-Based IPS) - a computer running intrusion prevention software for the purpose of protecting the computer from attacks.
(bit-error rate tester) When troubleshooting a link where you suspect a high bit-error rate (BER), you can use a piece of test equipment called a bit-error rate tester (BERT), which contains both a pattern generator (which can generate a variety of bit patterns) and an error detector (which is synchronized with the pattern generator and can determine the number of bit errors) and can calculate a BER for the tested transmission link.
butt set
A piece of test equipment typically used by telephone technicians. The clips on a butt set can connect to the tip and ring wires on a punch-down block (for example, a 66 block or a 110 block) connecting to a telephone. This allows the technician to check the line (for example, to determine if dial tone is present on the line and determine if a call can be placed from the line).
cable certifier
If you are working with existing cable and want to determine its
category, or if you simply want to test the supported frequency range (and therefore data throughput) of the cable, you can use a cable certifier.
cable tester
A cable tester can test the conductors in an Ethernet cable. It contains two parts. By connecting these parts of the cable tester to each end of a cable under test, you can check the wires in the cable for continuity (that is, check to make sure there are no opens, or breaks, in a conductor). Additionally, you can verify an RJ-45 connector's pinouts (which are wires connected to the appropriate pins on an RJ-45 connector).
(electrostatic discharge (ESD) wrist strap) To prevent static electricity in your body from damaging electrical components on a circuit board, you can wear an ESD wrist strap. The strap is equipped with a clip that you can attach to something with a ground potential (for example, a large metal desk). While wearing the wrist strap, if you have any static buildup in your body, the static flows to the object with a ground potential to which your strap is clipped, thus avoiding damage to any electrical components that you might touch.
punch-down tool
When terminating wires on a punch-down block (for example,
a 110 block), you should use a punch-down tool, which is designed to properly insert an insulated wire between two contact blades in a punch down block, without damaging the blades.
(time domain reflectometer) Detects the location of a fault in a copper cable by sending an electric signal down the copper cable and measuring the time required for the signal to bounce back from the cable fault. A TDM can then mathematically calculate the location of the fault.
(optical time domain reflectometer) Detects the location of a fault in a fiber cable by sending light down the fiber-optic cable and measuring the time required for the light to bounce back from the cable fault. The OTDM can then mathematically calculate the location of the fault.
toner probe
Sometimes called a fox and hound , a toner probe allows you to place a tone generator at one end of the connection (for example, in someone's office), and use a probe on the punch-down block to audibly detect to which pair of wires the tone generator is connected.
fox and hound
See toner probe. a toner probe allows you to place a tone generator at one end of the connection (for example, in someone's office), and use a probe on the punch-down block to audibly detect to which pair of wires the tone generator is connected.
asset management
As related to networks, this is a formalized system of tracking network components and managing the lifecycle of those components.
A collection of data portraying the characteristics of a network under normal operating conditions. Data collected while troubleshooting can then be contrasted against baseline data.
(Simple Network Management Protocol) A protocol used to monitor and manage network devices, such as routers, switches, and servers.
A syslog-logging solution consists of two primary components: syslog servers, which receive and store log messages sent from syslog clients, and syslog clients, which can be a variety of network devices that send logging information to a syslog server.
ARP command
Can be used in either the Microsoft Windows ® or UNIX environment to see what a Layer 2 MAC address corresponds to a Layer 3 IP address.
ipconfig command
A Microsoft Windows ® command that can be used to display IP address configuration parameters on a PC. Additionally, if DHCP is used by the PC, the ipconfig command can be used to release and renew a DHCP lease, which is often useful during troubleshooting.
nbtstat command
Displays NetBIOS information for IP-based networks. The
nbt prefix of the nbtstat command refers to NetBIOS over TCP/IP, which is called NBT (or NetBT ). This command can, for example, display a listing of NetBIOS device names learned by a Microsoft Windows ® -based PC. Nessus ® A network-vulnerability scanner available from Tenable Network
Security. ®
netstat command
Can display a variety of information about IP-based connections on a Windows or UNIX host.
nslookup command
Can resolve a FQDN to an IP address on Microsoft Windows ® and UNIX hosts.
ping command
One of the most commonly used command-line commands. It can check IP connectivity between two network devices. Multiple platforms (for example, routers, switches, and hosts) support the ping command.
route command
Can add, modify, or delete routes in the IP routing table of Microsoft Windows ® and UNIX hosts. Additionally, the route command can be used to view the IP routing table of Microsoft Windows ® hosts.
tracert command
A Microsoft Windows ® -based command that displays every
router hop along the path from a source host to a destination host on an IP network. Information about a router hop can include such information as the IP address of the router hop and the round-trip delay of that router hop.
dig command
Can resolve a FQDN to an IP address on UNIX hosts.
host command
Can resolve a FQDN to an IP address on hosts.
traceroute command
A UNIX command that display every router hop along the
path from a source host to a destination host on an IP network. Information about the router hop can include the IP address of the router hop and the round-trip delay of that router hop.
The measure of a network's uptime.
The measure of how error-free a network transmits packets.
(Common Address Redundancy Protocol) An open-standard variant of HSRP, which provides first-hop router redundancy.
(Uninterruptable Power Supply) An appliance that provides power to networking equipment in the event of a power outage.
The measure of delay in a network.
The uneven arrival of packets.
(Integrated Services) Often referred to as hard QoS, because IntServ can make strict bandwidth reservations. IntServ uses signaling among network devices to provide bandwidth reservations. Resource Reservation Protocol (RSVP) is an example of an IntServ approach to QoS. Because IntServ must be configured on every router along a packet's path, a primary drawback of IntServ is its lack of scalability.
(Differentiated Services) As its name suggests, DiffServ differentiates between multiple traffic flows. Specifically, packets are marked, and routers and switches can then make decisions (for example, dropping or forwarding decisions) based on those markings.
is the process of placing traffic into different categories.
Alters bits within a frame, cell, or packet to indicate how a network should treat that traffic. Marking alone does not change how a network treats a packet. Other tools (such as queuing tools) can, however, reference markings and make decisions (for example, forwarding decisions or dropping decisions) based on those markings.
congestion management
When a device, such as a switch or router, receives traffic faster than it can be transmitted, the device attempts to buffer (or store) the extra traffic until bandwidth becomes available. This buffering process is called queuing or congestion management.
congestion avoidance
If an interface's output queue fills to capacity, newly arriving packet are discarded (or tail dropped ). Congestion avoidance can prevent this behavior. RED is an example of a congestion-avoidance mechanism.
Instead of making a minimum amount of bandwidth available for specific traffic types, you might want to limit available bandwidth. Both policing and trafficshaping tools can accomplish this objective. Collectively, these tools are called traffic conditioners . Policing can drop exceeding traffic, as opposed to buffering it.
traffic shaping
Instead of making a minimum amount of bandwidth available for specific traffic types, you might want to limit available bandwidth. Both policing and shaping tools can accomplish this objective. Collectively, these tools are called traffic conditioners . Traffic shaping delays excess traffic by buffering it as opposed to dropping the excess traffic.
(committed information rate) The CIR of an interface is the average traffic rate over the period of a second.
link efficiency
To make the most of the limited bandwidth available on slower
speed links, you might choose to implement compression or link fragmentation and interleaving (LFI). These QoS mechanisms are examples of link efficiency
(Wireless Access Point) A device that connects to a wired network and provides access to that wired network for clients that wirelessly attach to the (AP) access point.
Wireless router
Attaches to a wired network and provides access to that wired network for wirelessly attached clients, like a wireless AP(access point). However, a wireless router is configured such that the wired interface that connects to the rest of the network (or to the Internet) is on a different IP network than the wireless clients. Typically, a wireless router performs NATing (network address translation) between these two IP address spaces.
(decibel (dB)) A ratio of radiated power to a reference value. In the case of dBi, the reference value is the signal strength (that is, the power) radiated from an isotropic antenna, which represents a theoretical antenna that radiates an equal amount of power in all directions (in a spherical pattern). An isotropic antenna is considered to have gain of 0 dBi.
omnidirectional antenna
radiates power at relatively equal power levels in all
directions (somewhat similar to the theoretical isotropic antenna). Omnidirectional antennas are popular in residential WLANs and SOHO (small office/home office) locations.
unidirectional antenna
can focus their power in a specific direction, thus avoiding potential interference with other wireless devices and perhaps reaching greater distances than those possible with omnidirectional antennas. One application for unidirectional antennas is interconnecting two nearby buildings.
(Carrier Sense Multiple Access Collision Avoidance) is needed for WLAN connections, because of their half-duplex operation. A WLAN device listens for a transmission on a wireless channel to determine if it is safe to transmit. Additionally, the collision-avoidance part of the CSMA/CA algorithm causes wireless devices to wait for a random back-off time before transmitting.
(Direct Sequence Spread Spectrum) Modulates data over an entire range of frequencies using a series symbols called chips . A chip is shorter in duration than a bit, meaning that chips are transmitted at a higher rate than the actual data. These chips not only represent encoded data to be transmitted, but also what appears to be random data. Because both parties involved in a DSSS communication know which chips represent actual data and which chips do not, if a third-party intercepted a DSSS transmission, it would be difficult for that party to eavesdrop on the data, because he would not easily know which chips represented valid bits. DSSS is more subject to environmental factors, as opposed to FHSS and OFDN, because it uses of an entire frequency spectrum.
(Frequency-Hopping Spread Spectrum) Allows the participants in a communication to hop between predetermined frequencies. Security is enhanced, because the participants can predict the next frequency to be used while a third party cannot easily predict the next frequency. FHSS can also provision extra bandwidth by simultaneously using more than one frequency.
(Orthogonal Frequency Division Multiplexing) While DSSS used a
high modulation rate for the symbols it sends, OFDM uses a relatively slow modulation rate for symbols. This slower modulation rate, combined with the simultaneous transmission of data over 52 data streams, helps OFDM support high data rates while resisting crosstalk between the various data streams.
Ratified in 1999, this standard supports speeds as high as 54 Mbps.
Other supported data rates (which can be used if conditions are not suitable for
the 54 Mbps rate) include 6, 9, 12, 18, 24, 36, and 48 Mbps. The 802.11a standard uses the 5-GHz band and the OFDM transmission method.
Ratified in 1999, this standard supports speeds as high as 11 Mbps.
However, 5.5 Mbps is another supported data rate. The 802.11b standard uses the 2.4-GHz band and the DSSS transmission method.
Ratified in 2003, this standard supports speeds as high as 54 Mbps.
Like 802.11a, other supported data rates include 6, 9, 12, 18, 24, 36, and 48Mbps. However, like 802.11b, 802.11g operates in the 2.4-GHz band, which allows it to offer backwards compatibility to 802.11b devices. 802.11g can use either the OFDM or DSSS transmission method.
Ratified in 2009, this standard supports a variety of speeds, depending
on its implementation. Although the speed of an 802.11n network could approach 300 Mbps (through the use of channel bonding), many 802.11n devices on the market have speed ratings in the 130-150 Mbps range. Interestingly, an 802.11n WLAN can operate in the 2.4-GHz band, the 5-GHz band, or both simultaneously. 802.11n uses the OFDM transmission method.
(Multiple Input Multiple Output) uses multiple antennas for transmission and reception. These antennas do not interfere with one another, thanks to MIMO's use of spatial multiplexing, which encodes data based on the antenna from which the data will be transmitted. Both reliability and throughput can be increased with MIMO's simultaneous use of multiple antennas.
channel bonding
two wireless bands can be logically bonded together, forming a band with twice the bandwidth of an individual band. Some literature refers to channel bonding as 40 MHz mode , which refers to the bonding of two adjacent 20-MHz bands into a 40-MHz band.
(Independent Basic Service Set) A WLAN can be created without the use of an AP. Such a configuration, called an IBSS, is said to work in an ad-hoc fashion. An ad-hoc WLAN is useful for temporary connections between wireless devices. For example, you might temporarily interconnect two laptop computers to transfer a few files.
(Basic Service Set) WLANs that have just one AP are called BSS WLANs.
BSS WLANs are said to run in infrastructure mode, because wireless clients connect to an AP, which is typically connected to a wired network infrastructure. A BSS network is often used in residential and SOHO locations, where the signal strength provided by a single AP is sufficient to service all of the WLAN's wireless clients.
(Extended Service Set) WLANs containing more than one AP are called ESS WLANs. Like BSS WLANs, ESS WLANs operate in infrastructure mode. When you have more than one AP, take care to prevent one AP from interfering with another. Specifically, nonoverlapping channels (that is, channels 1, 6, and 11 for the 2.4-GHz band) should be selected for adjacent wireless coverage areas.
If an open WLAN (or a WLAN whose SSID and authentication
credentials are known) is found in a public place, a user might write a symbol on a wall (or some other nearby structure) to let others know the characteristics of the discovered network. This practice, which is a variant of the decades-old practice of hobos leaving symbols as messages to fellow hobos, is called warchalking.
(Service Set Identifier) A string of characters that identify a WLAN. APs
participating in the same WLAN can be configured with identical SSIDs. An SSID shared among multiple APs is called an extended service set identifier (ESSID).
(Wired Equivalent Privacy) A security standard for WLANs. With WEP,
an AP is configured with a static WEP key. Wireless clients needing to associate with an AP are configured with an identical key (making this a preshared key [PSK] approach to security). The IEEE 802.11 standard specifies a 40-bit WEP key, which is considered to be a relatively weak security measure.
(Wi-Fi Protected Access) developed its own security standard to address the weaknesses of Wired Equivalent Privacy (WEP). This new security standard was called Wi-Fi Protected Access (WPA) version 1.
(Wi-Fi Protected Access version 2) Uses Counter Mode with Cipher
Block Chaining Message Authentication Code Protocol (CCMP) for integrity checking and Advanced Encryption Standard (AES) for encryption. These algorithms enhance the security offered by WPA.
dedicated leased line
dedicated leased line A logical connection interconnecting two sites. This logical connection might physically connect through a service provider's facility or a telephone company's central office. The expense of this line is typically higher than other WAN technologies offering similar data rates, because with this line, a customer does not have to share bandwidth with other customers.
circuit-switched connection
A connection that is brought up on an as-needed basis. This connection is analogous to phone call, where you pick up a phone, dial a number, and a connection is established based on the number you dial.
packet-switched connection
Similar to a dedicated leased line, because this is an always on network. However, unlike a dedicated leased line, this connection allows multiple customers to share a service provider's bandwidth.
(optical carrier) Optical networks often use OC levels to indicate bandwidth. As a base reference point, the speed of an OC-1 link is 51.84 Mbps. Other OC levels are multiples of an OC-1. For example, an OC-3 link has three times the bandwidth of an OC-1 link (that is, 3 * 51.84 Mbps = 155.52 Mbps).
This circuit were originally used in telephony networks, with the intent of one voice conversation being carried in a single channel (that is, a single DS0). This circuit is comprised of 24 DS0s, and the bandwidth of this circuit type is 1.544 Mbps.
This circuit contains 32 channels, in contrast to the 24 channels on a T1
circuit. Only 30 of those 32 channels, however, can transmit data (or voice or video).Specifically, the first of those 32 channels is reserved for framing and synchronization, and the 17th channel is reserved for signaling (that is, to set up, maintain, and tear down a session).
(channel service unit/data service unit) Acts as a digital modem,
which terminates a digital circuit (for example, a T1 or an E1 circuit).
In the same T-carrier family of standards as a T1, a T3 circuit offers an
increased bandwidth capacity. Although a T1 circuit combines 24 DS0s into a single physical connection to offer 1.544 Mbps of bandwidth, a T3 circuit combines 672 DS0s into a single physical connection, with a resulting bandwidth capacity of 44.7 Mbps.
A digital circuit in the same E-carrier family of standards as an E1. An E3
circuit's available bandwidth is 34.4 Mbps.
(Point-to-Point Protocol) ) A common Layer 2 protocol offering features
such as multilink interface, looped link detection, error detection, and authentication.
(Password Authentication Protocol) Performs one-way authentication
(that is, a client authenticates with a server). However, a significant drawback to PPP, other than its unidirectional authentication, is its clear-text transmission of credentials, which could permit an eavesdropper to learn authentication credentials.
(Challenge-Handshake Authentication Protocol) Like PAP, CHAP
performs one-way authentication. However, authentication is performed through a three-way handshake (challenge, response, and acceptance messages) between a server and a client. The three-way handshake allows a client to be authenticated without sending credential information across a network.
(Microsoft Challenge-Handshake Authentication Protocol) A Microsoft-enhanced version of CHAP, offering a collection of additional features not present with PAP or CHAP, including two-way authentication.
(Point-to-Point Protocol over Ethernet) Commonly used between a
DSL modem in a home (or business) and a service provider. Specifically, PPPoE encapsulates PPP frames within Ethernet frames. PPP is used to leverage its features, such as authentication.
(Microsoft Routing and Remote Access Server) A Microsoft Windows
Server ® feature that allows Microsoft Windows ® clients to remotely access a Microsoft Windows network.
(digital subscriber line) A group of technologies that provide high-speed
data transmission over existing telephone wiring. DSL has several variants, which vary in data rates and distance limitations. Three of the more popular DSL variants include asymmetric DSL (ADSL), symmetric DSL (DSL), and very high bit-rate DSL (VDSL).
cable modem
Attaches to the same coaxial cable (typically in a residence) that
provides television programming. A cable modem can use predetermined frequency ranges to transmit and receive data over that coaxial cable.
(Synchronous Optical Network) A Layer 1 technology that uses fiber-optic cabling as its media. Because SONET is a Layer 1 technology, it an be used to transport various Layer 2 encapsulation types, such as TM. Also, because SONET uses fiber-optic cabling, it offers high data rates, typically in the 155 Mbps-10 Gbps range, and long-distance limitations, typically in the 20 km-250 km range.
satellite (WAN technology)
Provides WAN access to sites where terrestrial WAN solutions are unavailable. Satellite WAN connections can suffer from long round-trip delay (which can be unacceptable for latency-sensitive applications) and are susceptible to poor weather conditions.
(public switched telephone network) The worldwide telephony network
comprised of multiple telephone carriers.
(plain old telephone service) A POTS connection connects a customer
device (such as a telephone) to the public switched telephone network (PSTN).
A telephone company. Some countries have government-maintained telcos, while other countries have multiple telcos that compete with one another.
local loop
A connection between a customer premise and a local telephone
company's central office.
(central office) A building containing a telephone company's telephone switching equipment is referred to as a central office (CO). COs are categorized into five hierarchical classes. A Class 1 CO is a long-distance office serving a regional area. A Class 2 CO is a second-level long-distance office (that is, it is subordinate to a Class 1 office). A Class 3 CO is a third-level long-distance office. A Class 4 CO is a fourth-level long-distance office, which provides telephone subscribers access to a live operator. A Class 5 CO is at the bottom of the five-layer hierarchy and physically connects to customer devices in a local area.
tip and ring
The red and green wires found in an RJ-11 wall jacks, which carry voice, ringing voltage, and signaling information between an analog device (for example, a phone or a modem) and an RJ-11 wall jack.
Also known as demarcation point or a demarc extension , this is the point in a telephone network where the maintenance responsibility passes from a telephone company to a subscriber (unless the subscriber purchased an inside wiring plan). This demarc is typically a box mounted to the outside of a customer's building (for example, a residence).
(Integrated Services Digital Network) A digital telephony technology
that supports multiple 64-kbps channels (known as bearer channels or B channels ) on a single connection. ISDN was popular back in the 1980s for connecting PBXs, which are telephone switches owned and operated by a company, to a telephone company's central office. ISDN has the ability to carry voice, video, or data over its B channels. ISDN also offers a robust set of signaling protocols: Q.921 for Layer 2 signaling and Q.931 for Layer 3 signaling. These signaling protocols run on a separate channel in an ISDN circuit (known as the delta channel , data channel , or D channel ).
(Basic Rate Interface) A BRI circuit contains two 64-kbps B channels and
one 16-kbps D channel. Although such a circuit can carry two simultaneous voice conversations, the two B channels can be logically bonded together into a single virtual circuit (by using PPP's multilink interface feature) to offer a 128-kbps data path.
(primary rate interface) A PRI circuit is an ISDN circuit built on a T1 or E1
circuit. Recall that a T1 circuit has 24 channels. Therefore, if a PRI circuit is built on aT1 circuit, the ISDN circuit has 23 B channels and a one 64 kbps D channel. The24th channel in the T1 circuit is used as the ISDN D channel (that is, the channel used to carry the Q.921 and Q.931 signaling protocols, which are used to set up, maintain, and tear down connections).
Frame Relay
A Layer 2 WAN technology that interconnects sites using virtual
circuits. These virtual circuits are identified by locally significant data-link connection identifiers (DLCI).
(Asynchronous Transfer Mode) A Layer 2 WAN technology that interconnects sites using virtual circuits. These virtual circuits are identified by a pair of numbers, called the VPI/VCI pair. A virtual path identifier (VPI) identifies a logical path, which can contain multiple virtual circuits. A virtual circuit identifier (VCI) identifies the unique logical circuit within a virtual path.
(Multiprotocol Label Switching) A WAN technology popular among
service providers. MPLS performs labels switching to forward traffic within an MPLS cloud by inserting a 32-bit header (which contains a 20-bit label) between a frame's Layer 2 and Layer 3 headers and making forwarding decisions based on the label within an MPLS header.
(customer premise equipment) This device resides at a customer site. A
router, as an example, can be a CPE that connects a customer with an MPLS service provider.
(edge label switch router) Resides at the edge of an MPLS service
provider's cloud and interconnects a service provider to one or more customers.
(label switch router) Resides inside a service provider's MPLS cloud and
makes frame forwarding decisions based on labels applied to frames.
stack frame
the area of the stack set aside for passed arguments, subroutine return address, local variables, and saved registers. (aka activation record)
stack frame use
* passed arguments, if any, are pushed on the stack.
* the subroutine is called, causing the subroutine return address to be pushed on the stack.
* as the subroutine begins to execute, EBP is pushed on the stack
* EBP is set equal to ESP. From this point on, EBP acts as a base reference for all of the subroutine parameters
* If there are local variables, ESP is decremented to reserve space for the variables on the stack
* If any registers need to be saved, they are pushed on the stack
(this method is used frequently with API)
value arguments
values of variables and constants
reference arguments
addresses of variables
by value
passing an argument using a copy of the value pushed on the stack.
by reference
passing an argument that consists of the address (OFFSET) of an object.
the beginning of a function consisting of statements that save the EBP register and point EBP to the top of the stack, OR push certain registers on the stack whose values will be restored when the function returns.
the ending of a function consisting of restoring the EBP register and returning to the caller
C calling convention
add a value to ESP equal to the combined sizes of the parameters. Then, ESP will point to the stack location that contains the subroutine's return address.

Example1 PROC
push 6
push 5
call AddTwo
add esp, 8 ;remove arguments from the stack
Example1 ENDP
STDCALL calling convention
supply an integer parameter to the RET instruction, which in turn adds to EBP after returning to the calling procedure. Integer must equal the number of bytes of stack space consumed by the subroutine parameters.

Example2 PROC
push ebp
mov ebp, esp ; base of stack frame
mov eax, [ebp + 12] ; second parameter
add eax, [ebp + 8] ; first parameter
pop ebp
ret 8 ; clean up the stack
Example2 ENDP

NOTE: requires 32-bit operands, smaller operands must be pushed with zero extend
constant OFFSETS
[ebp + 8] or [ebp + 12]

NOTE: do not use with the PROC USES operator
local variables
variables created, used, and destroyed within a single subroutine

* only statements within a local variable's enclosing subroutine can view or modify the variable, preventing program bugs caused by modifying variables
* storage space used by local variables is released when the subroutine ends
* local variables from different subroutines can have the same name without a name clash
* essential when writing recursive subroutines, as well as subroutines executed by multiple execution threads.
local variable use (C calling convention)
push ebp
mov ebp, esp
sub esp, 8 ; create locals
mov DWORD PTR [ebp - 4], 10 ; x
mov DWORD PTR [ebp - 8], 20; y
mov esp, ebp ; remove locals from stack
pop ebp
symbol variables
X_local EQU DWORD PTR [ebp - 4]
Y_local EQU DWORD PTR [ebp - 8]

mySub PROC
push ebp
mov ebp, esp
sub esp, 8 ; reserve space for locals
mov X_local, 10 ; x
mov Y_local, 20 ; y
mov esp, ebp ; remove locals from stack
pop ebp
mySub ENDP
instruction that returns the effective address of an indirect operand.
instruction that automatically creates a stack frame for a called procedure. It reserves stack space for local variables and saves EBP on the stack. Specifically, it performs three actions:

* Pushes EBP on the stack (puch ebp)
* Sets EBP to the base of the stack frame (mov ebp, esp)
* Reserves space for local variables (sub esp, numbytes)
ENTER syntax
ENTER numbytes, nestinglevel
immediate value, always rounded up to a multiple of 4 to keep EXP on a doubleword boundary
determines the number of stack fram pointers copied into the current stack frame from the stack frame of the calling procedure.
mySub PROC
enter 0, 0
declare a procedure with no local variables using the ENTER instruction similar to:

mySub PROC
push ebp
mov ebp, esp
mySub PROC
enter 8, 0
declare a procedure that reserves 8 bytes of stack space for local variables using the ENTER instruction similar to:

mySub PROC
push ebp
mov ebp, esp
sub esp, 8
instruction that terminates the stack frame for a procedure. It reverses the action of a previous ENTER instruction by restoring ESP and EBP to the values they were assigned when the procedure was called
mySub PROC
enter 8, 0
mySub ENDP
declare a procedure that reserves 8 bytes of stack space for local variables using the ENTER instruction and returns to the caller similar to:

mySub PROC
push ebp
mov ebp, esp
sub esp, 8
mov esp, ebp
pop ebp
mySub ENDP
directive to substitute for the ENTER instruction. Declares one or more local variables by name, assigning them size attributes. If used, must appear on the line immediately following the PROC directive.
LOCAL syntax
LOCAL varlist
a list of variable definitions, separated by commas, optionally spanning multiple lines
varlist form
label: type (used with the LOCAL directive)
any valid identifier (used with the LOCAL directive)
either a standard type or a user-defined type (used with the LOCAL directive)

*standard types are WORD, DWORD.....
*user-defined types are Structures .....
mySub PROC
declare a procedure named mySUb that contains a local variable named var1 of type BYTE using the LOCAL directive
bubbleSort PROC
LOCAL temp: DWORD, swapFlag: BYTE
declare a procedure named bubbleSort that contains two local variables, temp and swapFlag, of types, DWORD and BYTE, using the LOCAL directive
merge PROC
declare a procedure named merge that contains a local variable, pArray, of type PTR WORD using the LOCAL directive
merge PROC
LOCAL tempArray[10]: DWORD
declare a procedure named merge that contains a local variable, tempArray, of type DWORD using the LOCAL directive
Example3 PROC
mov eax, temp
Example3 ENDP
declare a procedure named example3 using the LOCAL directive and dword variable named temp similar to:

Example3 PROC
push ebp
mov ebp, esp
add esp, OFFFFFFFCh ; add -4 to ESP
mov eax, [ebp - 5]
Example3 ENDP
directive used to reserve space for the runtime stack (Irvine32.inc library file)
recursive subroutine
a subroutine that calls itself, either directly or indirectly
the practice of calling recursive subroutines.

* linked lists
* connected graphs
* careful not to create endless loop
terminating condition
condition that terminates a recursive routine when it becomes true
directive that pushes arguments on the stack (in the order specified by the MODEL directive's language specifier) and calls a procedure. Replaces the call instructions and allows you to pass multiple arguments using a single line of code.

* passing arguments smaller than 32 bits to frequently causes the assembler to overwrite EAX and EDX when it widens the arguments before pushing them on the stack.
* avoid proceeding behavior by saving and restoring EAX and EDX before and after the procedure call.
INVOKE syntax
INVOKE procedureName [, argumentList]
optional comma-deliminated list of arguments passed to a procedure
INVOKE DumpArray, OFFSET array, LENGTHOF array, TYPE array
define an INVOKE instruction to replace the following lines of code:

push TYPE array
push LENGTHOF array
push OFFSET array
call DumpArray
argument types used with INVOKE
immediate value, integer expression, variable, address expression, register, ADDR name, OFFSET name
operator that can be used to pass a pointer argument when calling a procedure using INVOKE

* must be assembly time constant
* call only be used in conjunction with INVOKE
INVOKE swap,
ADDR array,
ADDR [array + 4]
define an INVOKE instruction to replace the following lines of code:

push OFFSET array+4
push OFFSET array
call swap
PROC syntax
label PROC [attributes] [USES reglist], parameter_list
is a user-defined label following the rules for identifiers (used with the PROC directive)
refers to distance, langType, visibility, prologue (used with the PROC directive)
NEAR or FAR. Attribute that indicates the type of RET instruction (RET or RETF) generated by the assembler. (used with the PROC directive)
Attribute that specifies the calling convention (parameter passing convention) such as C, PASCAL, or STDCALL. Overrides the language specified in the .MODEL directive. (used with the PROC directive)
Attribute that indicates the procedure's visibility to other modules. Choices are PRIVATE, PUBLIC (default), and EXPORT. If the visibility is EXPORT, the linker places the procedure's name in the export table for segmented executables. EXPORT also enables PUBLIC visibility. (used with the PROC directive)
Attribute that specifies arguments affecting generation of prologue and epilogue code. (used with the PROC directive)
parameterList syntax
paramName:type (used with the PROC directive)
arbitrary name you assign to the parameter . It's scope is current and local. (used with the PROC directive, parameterList)
read_File PROC USES eax ebx,
pBuffer:PTR BYTE
LOCAL fileHandle:DWORD

mov esi, pBuffer
mov fileHandle, eax
read_File ENDP
declare a procedure the simplifies the following code (there may be more than one way to perform this task, only one can be exampled here):

read_File PROC
push ebp
mov ebp, esp
add esp, 0FFFFFFCh ; create fileHandle
push eax ; save EAX
push ebx ; save EBX
mov esi, dword ptr [ebp+8] ; pBuffer
mov dword ptr [ebp-4], eax ; fileHandle
pop ebx
pop eax
ret 4
read_File ENDP
directive that creates a prototype for an existing procedure. Declares a procedure's name and parameter list. It allows you to call a procedure before defining it and to verify that the number and types of arguments match the procedure definition. Must be used to utilize the INVOKE directive.

* use the PROC statement to create
* Change the word PROC
* Remove the USES operator if any, along with its register list.
ArraySum PROTO,
ptrArray:PTR DWORD,
declare the PROTO statement for the following PROC statement:

ArraySum PROC USES esi ecx,
ptrArray: PTR DWORD,
szArray: DWORD
input parameter
data passed by a calling program to a procedure. The called procedure is not expected to modify the corresponding parameter variable, and even if it does, the modification is confined to the procedure itself.
output parameter
created when a calling program passes the address of a variable to a procedure. The procedure uses the address to locate and assign data to the variable.
input-output parameter
identical to an output parameter, with one exception: The called procedure expects the variable referenced by the parameter to contain some data. The procedure is also expected to modify the variable via the pointer.
link library procedure that displays the contents of the current procedure's stack frame. It shows the procedure's stack parameters, return address, local variables, and saved registers.
similar to WriteStackFrame procedure, except includes additional parameter that holds the name of the procedure owning the stack frame
assembled units of divided up programming. Each is assembled independently, so a change to one's source code only requires reassembly the single file.

Flickr Creative Commons Images

Some images used in this set are licensed under the Creative Commons through Flickr.com.
Click to see the original works with their full license.