Glossary of Network Terms
Access control - Limiting the data flow from the resources of a system to only authorized persons, programs, processes, or other systems in a network. Access control rule sets in Cisco routers are referred to as access control lists or ACLs.
Agent - Refers to the software in the managed element (the router, hub, other device) that can report on or change the behavior of the element.
ASN 1 - Abstract Syntax Notation One is a formal language developed and standardized by the CCITT that SNMP uses to query nodes for information about data in another node.
Attack signature - A system of flagging malicious activity on the network by carefully examining incoming information packets for similar logarithmic patterns.
- Authentication: The act of validating the identity of an end user or a device such as a host, server, switch, or router.
- Authorization: The means of granting network access rights to a user, groups of users, system, or program.
- Accounting: The process by which one can establish who or what performed a certain action, such as tracking a user's data connection and logging system users.
Authentication header - The IPsec header used to verify that the contents of a packet have not been altered in transit.
Backbone - The primary connectivity mechanism of a hierarchical distributed system. All systems that have connectivity to the backbone are assured of connectivity to each other. This does not prevent systems from setting up private arrangements with each other to bypass the backbone for reasons of cost, performance, or security.
Backward Explicit Congestion Notification (BECN) - A BECN is sent to the sender of Frame Relay traffic to indicate that congestion was detected. It is the sender's responsibility to implement congestion avoidance procedures.
Boundary Routers - Routers deployed around the "periphery" of a network to take care of connecting small sites without getting involved in global routing issues.
Broadband - A method of transmission in which data flows from source to destination in a different form that existed at the source.
Broadcast - A specially addressed packet that is received by all stations in the same domain.
Burst Rate - Some frame relay offerings include both a committed rate and the ability to "burst" over that rate for a certain amount of time. The telecommunications carrier does not guarantee this circuit rate but will attempt to use it if possible, letting the customer gain extra performance.
CCITT - English translation of the original French acronym: International Consultative Committee for Telegraphy and Telephony. A unit of the International Telecommunications Union, the CCITT produces technical standards or "recommendations" for all public carriers.
Cells - Similar to packets, they contain control and addressing information. The major difference is that all cells are the same length for ATM it is 53 bytes. Fixed-length cells have a constant delay when transmitting network devices, making it easier to prioritize traffic.
Certificate - A message, signed digitally with the private key of a trusted third party (see certificate authority), declaring that a specific public key belongs to someone or something with a specified name and set of attributes.
Certificate Authority (CA) - An entity trusted to sign digital certificates and, therefore, attest to the identity of other authorized users.
Challenge Handshake Authentication Protocol (CHAP) - An authentication protocol that prevents unauthorized access. CHAP authenticates and identifies the remote end. The router or access server then determines whether the user is allowed access.
Channels - Virtual circuits inside "paths". The objective behind paths and channels is to "gang" channels together and get quick switching at lower cost.
Committed Information Rate (CIR) - you can buy virtual circuits with a guaranteed CIR. Your provider guarantees that this rate will be available as needed. Common CIRs include: 32 Kbps, 64 Kbps, 128 kbps, and 256 Kbps. If you transmit over this speed, you're in danger of losing packets and data. If the carrier's service is not working well, it may show congestion and packet loss, even if you are under your CIR.
Collision - Occurs when more than one station attempts to access an Ethernet LAN simultaneously.
Compromise - In the context of security, to assault or strike at a network by getting around its security procedures.
Computer Emergency Response Team (CERT) - A formal organization of system administrators whose members provide services that address issues related primarily to computer and network security.
Console - The user interface to a reporting/analysis package that allows you to control the elements you're polling, rate of polling, and frequency of reporting.
Context - Based Access Control (CBAC) This feature, built into the Cisco IOS software, allows advanced packet session filtering to all routable traffic. By configuring ACLs, traffic can be permitted or denied from being processed and forwarded.
Core Routers - Routers deployed as part of the network backbone.
Cyclic Redundancy Check (CRC) - A mathematical calculation on a frame or cell that is used for error detection. It is added to the traffic, and the receiver performs the same calculation. If the two CRCs do not match, an error has occurred.
Cryptographic Key - A digital code that can be used to encrypt, decrypt, and sign information.
Cryptography - The science of writing or reading coded messages.
Cut-through - An approach that minimizes queuing delay by starting the forwarding decision while the traffic is still being received.
Data Confidentiality - The means of ensuring that only the entities allowed to see the information packets can see it in an easily accessible format.
Data Encryption Standard (DES) - A secret key cryptographic design standardized by the National Institute of Standards and Technology (See NIST and Triple DES).
Data Integrity - The process of guaranteeing data has not been modified or destroyed during transit through the network.
Data Privacy - The process of protecting network data from eavesdropping or tampering. In some cases, data separation using tunneling technologies, such as generic routing encapsulation (GRE) or Layer 2 Tunneling Protocol (L2TP), provides effective data privacy. Often, however, additional privacy requirements call for the use of digital encryption technology and protocols such as IPsec-especially when implementing VPNs.
Denial-of-Service (DoS) - Attack Any malicious action that prevents any part of a network or host system from functioning in accordance with its intended purpose. This can be compared to someone continually dialing in and tying up phone lines.
Dynamic Host Configuration Protocol (DHCP) - A technology allowing TCP/IP address, subnet mask, gateway and other parameters to be assigned to a workstation automatically.
Diffie Hellman - A public key-based management system that allows two users or network devices to exchange public keys over an unsecured medium.
Digital Signature - A string of bits affixed to an electronic message (encrypted hash) that provides authentication and data integrity.
Digital Signature Standard (DSS) - A digital signature algorithm developed by the National Security Agency (see NSA).
Disk Fragmentation - Frequent file modifications cause fragmentation, which is when the file is spread across many disk areas. This degrades performance. Tools to consolidate disk space improve performance.
Disk Thrashing - When a lot of disk I/O (reads and writes to the disk) is taking place without any real work occurring as a result. For example, a poorly designed file system could require lots of access to directories before the data is retrieved.
DNS (Domain Name Server) - The DNS is a general purpose distributed, replicated, data query service. The principal use is the lookup of host IP addresses based on host names. The style of host names now used in the Internet is called "domain name", because they are the style of names used to look up anything in the DNS. Some important domains are: .COM (commercial), .EDU (educational), .NET (network operations), .GOV (U.S. government), and .MIL (U.S. military). Most countries also have a domain. For example, .US (United States), .UK (United Kingdom), .AU (Australia). It is defined in STD 13, RFCs 1034 and 1035.
DSU/CSU - Digital Service Unit that is a component of customer premise equipment used to interface to a digital circuit such as a T1. Combined with a Channel Service Unit, it converts a customer's data stream into the format for transmission.
DSL (Digital Subscriber Line) - A method for moving data over regular phone lines. A DSL circuit is much faster than a regular phone connection, and the wires coming into the subscriber's premises are the same (copper) wires used for regular phone service. A DSL circuit must be configured to connect two specific locations, similar to a leased line. A commonly discussed configuration of DSL allows downloads at speeds of up to 1.544 megabits (not megabytes) per second, and uploads at speeds of 128 kilobits per second. This arrangement is called ADSL: "Asymmetric" Digital Subscriber Line. Another common configuration is symmetrical: 384 Kilobits per second in both directions. In theory ADSL allows download speeds of up to 9 megabits per second and upload speeds of up to 640 kilobits per second.
DSL is now a popular alternative to Leased Lines and ISDN, being faster than ISDN and less costly than traditional Leased Lines.
Encryption - The process of scrambling data in such a way that it is not readable by anyone except the intended recipient and only after it has been properly decrypted. The means of ensuring that only the entities allowed to see the information packets can see it in an easily accessible format.
Exceptions - Events or occurrences that are not considered normal and require further attention.
Fast Ethernet - 100 Megabit Ethernet system, newly deployed.
Filtering - A process for screening network traffic for certain characteristics, such as source address, destination address, or protocol, and determining whether to forward or discard that traffic based on the established criteria.
Firewall - A system, based on either hardware or software, used to govern traffic between two networks.
(FECN) Forward Explicit Congestion Notification - a FECN is added to a received frame, letting the receiver know that congestion is occurring. Although it is the sender's responsibility, the receiver can inform the sender to implement congestion avoidance procedures. See also BECN, discard eligible.
Frame - Used interchangeably with "packet".
Full Duplex - Ability to send traffic in both directions at the same time. WAN links and extended Ethernet can operate this way.
Generic Routing Encapsulation (GRE) - Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork.
Giant - An Ethernet packet greater than 1,512 bytes.
Gigabit Ethernet - 1,000 Megabit Ethernet system, next generation.
Grouping - Setting up "views" with a related set of elements such as core routers, all the servers in a department, and so forth. Extremely useful in performance reporting to enable you to better match reports to your existing business processes.
Hack - The process of gaining illegal, unauthorized access to a network to misappropriate confidential material, or merely for self-gratification.
Half Duplex - Communicating in only one direction at a time.
Hop - Each time a packet or cell is relayed, it undergoes a hop. More hops between sender and receiver may increase delays.
Hot Standby Router Protocol (HSRP) - Provides a way for IP workstations to keep communicating on the internetwork even if their default routers become unavailable, thereby providing high network availability and transparent topology changes.
IPsec - A set of security standards used to provide privacy and authentication services at the Internet Protocol (IP) layer.
Identity - The accurate and positive identification of network users, hosts, applications, services, and resources. New technologies such as digital certificates, smart cards, and directory services are beginning to play increasingly important roles in identity solutions.
Index - A pointer within a MIB to data relating to a particular interface.
Installation & Configuration - MC Info engineers are certified by the manufacturers of products we provide to install, configure and implement their hardware and software. Training is a never ending mission at MC Info, which assures that we are fully aware of changes in technology and products.
Integrity - The means of ensuring that the data has not been altered except by people who are explicitly intended to modify it. When used as "network integrity," it can be considered as the means of ensuring that the network is not permitting services or activities that are against its policies.
Internet - The worldwide network of networks connected to each other using the TCP/IP protocol suite.
Internet Protocol (IP) - A packet-based protocol used to exchange data over computer networks.
Internet Security Association and Key Management Protocol (ISAKMP) - A key management protocol for IPsec that is a required part of the complete IPsec implementation; also referred to as the Internet Key Management Protocol (IKE).
Intrusion Detection System (IDS) - A real-time security sentry (like a motion sensor) that protects the network perimeter, extranets, and the increasingly vulnerable internal network. IDS systems analyze the network datastream in search of attack or activity signatures that have been deemed unauthorized, and then alarm and react to the activity. Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork.
ISDN (Integrated Services Digital Network) - Integrated Services Digital Network. A system that provides simultaneous voice and high-speed data transmission through a single channel to the user's premises. ISDN is an international standard for end-to-end digital transmission of voice, data, and signaling.
Kerberos - A secret key network authentication protocol developed at the Massachusetts Institute of Technology (MIT), using the DES cryptographic algorithm for encryption and a centralized key database for authentication.
LAN - A network system that provides a relatively small area with high-speed data transmission at a low error rate. May include PCs, printers, minicomputers, and mainframes linked by a transmission medium such as a coaxial cable or twisted pair wiring.
LAN Emulation - A means of interconnecting LANs using ATM as a "bridge". Requires creating virtual circuits across the ATM backbone.
Layer 2 Forwarding Protocol (L2F) - A protocol that supports the creation of secure virtual private dialup networks over the Internet.
Layer 2 Tunneling Protocol (L2TP) - An IETF standard that combines aspects of Cisco Layer 2 Forwarding Protocol (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP) for implementing VPNs.
Layer 2 Tunneling Protocol over IPsec (L2TP/IPsec) - Windows 2000 VPN protocol combining remote access (L2TP) and security (IPsec).
MAN Metropolitan Area Network - network that extends over a wider area than a LAN, typically 10-100 Km on a fiber ring.
Map - Visual representation of the network topology. Different platforms display maps in different levels of detail.
MIB-Walker/browser - A GUI that allows you to visually look at a MIB and pick the variables you want to collect data on, poll at a specified rate, and use the data for diagnostic purposes.
Message Digest 5 (MD5) - A hash algorithm used for data authentication and to verify integrity of the communication.
Mid-level Manager - A network management platform that improves scalability by collecting information from a set of agents and passing the results to a central manager.
Memory Thrashing - High rates of page or process swapping without productive work resulting - a problem of memory capacity or management.
Mirroring - Process by which data is duplicated on separate disk systems. Benefits include faster access and fault tolerance in case of a disk system failure.
(MPOA) Multi-Protocol Over ATM - Interconnects LANs using ATM backbones as a virtual router. Provides more control and uses quality of Service of ATM.
National Institute of Standards and Technology (NIST) - A United States government agency that establishes national technical standards.
National Security Agency (NSA) - A United States government agency reportedly responsible for monitoring and decoding all foreign communications of interest to the security of the United States.
Network Address Translation (NAT) - The method of converting one IP address to another IP address; primarily used to connect a network which has an internal address space that is on a different standard than another network, such as the Internet.
Network Analysis - The next step following the network audit is the analysis. Data gathered from the audit is thoroughly analyzed utilizing various methodologies. In addition, MC Info will perform a complete future needs analysis to determine the best direction for the customer.
Network Audit - MC Info's team of trained network engineers can be your one-stop network mechanics. Using the latest in diagnostic equipment, they are capable of performing high-level network audits. Able to examine every node attached to your network, MC Info can pinpoint any performance bottleneck. In addition, the company is able to identify peak users, CPU utilization, peak usage times and a can perform a variety of other useful tests. With the worlds best equipment and network expertise, MC Info is your solution for network audits.
Network Design - MC Info will assist in the design of unbiased networks that focus on maximizing performance, helping the client achieve their goal, and includes the cutting edge in technology. MC Info's network design begins with a thorough requirements study which includes a current and future needs assessment as well as forecasting. MC Info will then recommend a backbone technology (topology) and specific products. Research is conducted with a senior engineering team at the client site. The net result is a network design that will meet your needs as you expand your business.
Node - An addressable device attached to a computer network; also a station, device, or system is used to mean the same thing.
Nonrepudiation - A property of a cryptographic system that prevents a sender from denying later that he or she sent a message or performed a certain action.
Novell Directory Services (NDS) - A global naming system for Novell environments containing information about a network, including the objects in that network.
(OIDs) Object Identifiers - Used in SNMP to identify specific elements by type and vendor. Used to gather more detailed information.
Packet - Also known as a "frame," each packet contains addressing and control information. Packets are variable length, up to a maximum size. Packets for different technologies usually have a minimum and maximum size allowed. For example, Ethernet has a minimum of 64 bytes and a maximum length of 1,500 Bytes. The variable length of frames also means variable delays when traversing a network device.
Packet Discards - Occur when a received packet has transmission or format errors or when the device does not have any storage for it.
Packet Filtering - The capability of performing a packet-by-packet inspection of all routable traffic.
Paging - A method of managing virtual memory. When a requested page is not found in main memory, an interrupt occurs. The paging device machine then transfers the requested inactive page to memory. High rates of page swapping can degrade performance.
Partitions - Breaking the disk space into areas that are assigned and managed independently. Each application may have appropriate space assigned.
Password Authentication Protocol (PAP) - An authentication protocol that allows PPP peers to authenticate one another. The remote router attempting to connect to the local router is required to send an authentication request. Unlike CHAP, PAP passes the password and host name or username in the clear (unencrypted). PAP determines whether a password is valid.
Paths - Within an ATM network you have paths that are virtual pipes from one location to another and carry a number of channels.
Ping - A command used to determine the presence and operational nature of another device.
Ping of Death - A denial-of-service attack where an attacker sends an oversized ping packet intended to cause the receiving machines to crash when they attempt to reassemble the large data packet.
Point-to-Point Protocol (PPP) - A standardized Internet encapsulation of IP over point-to-point links.
Point-to-Point Tunneling Protocol (PPTP) - A Microsoft-sponsored IETF draft standard for implementing VPNs from the Windows 95/98 operating system to a VPN gateway.
Poller - A piece of software that sends a periodic request to an agent for management data. For example, the poller sends a message to a router agent asking it to send back particular variables. The agent sends the variables back to the poller.
Port Several usages - (1) The identifier used by protocols to distinguish among multiple, simultaneous connections to a single destination host. Some applications are identified by "well-known" port numbers, for example. (2) A physical connection on a network device.
Private Key - A digital code used to decrypt data and verify digital signatures. This key is kept secret, and is known only to its owner.
Problem Isolation - Today there are dozens of manufacturers of networking related products. Setting up a network may require a combination of products which are sometimes incompatible or require modifications to work within the entire system. It is not uncommon for major network designs to create problems such as driver incompatibility, protocol problems and user errors that often cause finger pointing among manufacturers. MC Info brings a one-stop solution to these types of issues. With an expertise in all major manufactured networking products and advanced testing equipment, MC Info will isolate the source of your problem and suggest corrective action.
Project Management - MC Info's staff is skilled in relocation, new building networking and the design of new networks. Able to lead massive development projects or serve as a liaison between the customer, contractors and subcontractors, MC Info will take responsibility for your network projects' life cycle. MC Info's team of engineers have the leadership skills to manage projects that may last for a weekend or for many years.
Protocol - A formal description of message formats and the rules two or more systems must follow to exchange those messages. Protocols define procedures for negotiating connections, recovering from errors, and controlling traffic volumes. All protocols recognize that network errors occur, and they have means to recover from them. Some will use an "acknowledgment" to indicate properly received messages. Others send a "negative" to indicate the need for retransmission, while others depend on a time-out to trigger corrective action.
Protocol Analyzers - Special tools that break captured packets or cells into their fields for troubleshooting and statistics collection.
Proxy - A device that performs a function on behalf of another device. When referring to firewalls, proxy is a process used to run a number of application checks on the incoming traffic. This process can negatively impact firewall performance.
PSTN (Public Switched Telephone Network) - The international telephone system based on copper wires carrying analog voice data. This is in contrast to newer telephone networks base on digital technologies, such as ISDN and FDDI. Telephone service carried by the PSTN is often called plain old telephone service or POTS.
Public Key - A digital code used to decrypt data and verify digital signatures, and it can be made widely available.
Public Key Infrastructure (PKI) - A trusted and efficient key and certificate management system.
Quality of Service (QoS) - A guaranteed level of performance, often part of a service level agreement between a network service provider and end user.
(RAID) Redundant Array of Inexpensive Drives - RAID technology turns several inexpensive drives into one, big drive to address the gap between processor performance and input/output rates. The RAID controller manipulates drives to share the work on file reads and writes for large files or performing multiple, simultaneous reads or writes of small files.
Redundancy - Having additional elements, devices, servers, links, and others so that single failures do not cause a complete loss of service.
Remote Access - Whether you require remote control, remote access or a remote node, MC Info can provide you with the complete remote solution. In addition, MC Info specializes in connecting business to business, branch to home office, branch to corporate office or tele-workers to the office. Furthermore, MC Info offers complete Internet Service Provider (ISP) design and set-up. With expertise in dial-up (digital or analog) and leased line solutions, MC Info can handle all of your remote needs.
Remote Access Dial-In User Service (RADIUS) - A network protocol developed by Livingston Enterprises, Inc., as an access server authentication and accounting protocol.
Request for Comments (RFCs) - See IETF
Risk Analysis - The process of identifying security risks, determining their impact, and identifying areas requiring protection.
Rivest, Shamir, Adelman (RSA) - A public key cryptographic algorithm that can encrypt or decrypt data and can apply or verify a digital signature.
Router & Switching Configuration - MC Info is fully equipped to provide all of your LAN and WAN needs with an expertise in current and emerging router and switching technology. MC Info's technicians are fully trained in all router protocols, subneting and masking, manufacturer differences and platform compatibility issues. In addition, MC Info is capable of designing and installing networks with Ethernet, FDDI, ATM, Fast Ethernet, Gigabit Ethernet and/or Fibre Channel.
SNMP Trap - A message from an agent indicating a situation that requires immediate attention. Also known as an alarm or an alert. Administrators select a threshold that determines when a trap will be sent.
Scanner - An enterprise-class software application that allows the user to identify and fix network security holes before the hacker finds them.
Security - The dramatic growth of the Internet has expanded revenue through on-line commerce and has created the need for much more stringent security. More than ever, companies are establishing Intra and Extranets that are critical to their efficient operation. The threat of loss of valuable data is a paramount issue to any company. In response to the demand for greater network security, MC Info has established a group of network security experts who's sole purpose is to provide solutions to minimize the threat of such a loss. With expertise in user authentication, resource authorization, encryption, firewalls, penetration testing, security audits, training and security policies, MC Info can help protect your most valuable resource -- your data.
Secure Hash Algorithm (SHA) - A hash algorithm used for data authentication and to verify integrity of the communication.
Security Monitoring - The process of securing the network by regular tests and Security Posture Assessments (SPAs).
Security Perimeter - The boundary at which security controls are placed to protect network assets.
Security Policy - A set of high-level directives that control the deployment of network services along with the ongoing maintenance and auditing of these security policies.
Shunning - The act of a Cisco router dynamically reconfiguring its ACLs to terminate a detected attack and to block the attacking IP address from future transmissions through the router for a set period of time.
SMURF Attack - A malicious attack where the hacker sends a large number of spoofed ping packets to broadcast addresses, with the intent that these packets will be magnified and sent to the spoofed addresses. This has exponential possibilities, depending on how many hosts respond.
Spoofing - An attempt to gain access to a networked device by posing as an authorized user, device, or program.
Store and Forward - The normal means for forwarding traffic through a network device. The received traffic is stored until it can be forwarded. See queuing delays.
Swap Device - A storage device, typically a hard drive that accommodates the virtual memory process of swapping and paging.
Swapping - Another method of managing memory. Entire processes are swapped as needed to keep the active processes in memory. Swapping can add delays if large processes are swapped frequently.
System & Network Management - Understanding the needs of each user and their specific devices is a very complex process that can be overcome through outsourcing such responsibilities to MC Info. MC Info can manage your network through the design,installation, setup stages and will utilize platform independent network management applications.
T1 - A type of digital carrier/system transmitting voice or data at 1.5 Mbps. A T1 carrier can handle up to 24 multiplexed 64 Kbps digital voice or data channels.
TCP Reset - A potential response to a hacking attack by a Cisco Secure IDS Sensor or Cisco IOS Firewall-loaded router in which the device issues a command to terminate the connection that is acting as a conduit to the attack, forcing the attacker to reestablish the connection.
TCP/IP - The internetworking protocols developed by the U.S. government's Advanced Research Project Agency (ARPA). Widely adopted and supported by computer and software manufacturers as a standard computer networking protocol.
Terminal Access Controller Access Control System Plus (TACACS+) - The AAA protocol used primarily for dialup connection management.
Token - A specially formatted message that gives the receiving node permission to use the network.
Training - Fully certified with a broad range of network manufacturers, MC Info offers on-site training for groups of 1 to one hundred. Training area's include SNMP, ATM, HP Openview, Network Associates, Sniffer, routing, switching and security.
Trend - A pattern over time. Used to project future loads and potential problem areas.
Triple DES - An algorithm that uses DES and either one, two, or three keys to encrypt/decrypt/encrypt packets of information.
Tunnel - A secure encrypted connection between two points through a public or third-party network.
Unicast - Transmission across a network addressed to a single node.
Uplink - A high-speed connection for aggregating traffic. For example, a work group switch with several 10 Mbps ports usually will have a 100 Mbps uplink to a backbone switch or a server.
VPN Concentrator - A purpose-built hardware platform used to establish secure, end-to-end private network connections over a public networking infrastructure for remote access or site-to-site connectivity.
VPN-Enabled Router - A router for the customer premises that incorporates VPN functionality and is tuned for optimal VPN performance across a range of media types and port densities.
Virtual Circuit - A connection that acts (and appears to the end user) as a dedicated point-to-point circuit, though an indirect physical path might be used. Generally faster and cheaper than dedicated lines.
Virtual Memory - A way to provide large memory spaces to processes. Virtual memory usually exceeds the actual memory capacity. Virtual memory is broken into pages for ease of management. Active pages are in memory, while the rest are on a disk.
Virtual Private Network (VPN) - Enables IP traffic to possess and ensure secure connectivity over a public TCP/IP network by encrypting all traffic from one network to another. A VPN uses tunneling to encrypt all information at the IP level.
VPN Virtual Router Redundancy Protocol (VRRP) - Manages automatic switchover from one platform to another in a redundant installation.
Vulnerability - A weakness in security procedures, network design, or implementation, that can be exploited to violate a corporate security policy.