Unfamiliar Acronyms Flashcards
APT
Advanced Persistent Threat / Advanced Persistent Tool
An unauthorized person in a network, undetected, for an exceedingly long period of time. (e.g. Russia in our infrastructure after SolarWinds hack)
ASIC
Application Specific Integrated Circuit
A specialized microchip designed to provide customized features to a specific application.
[Apparently used by Layer 3 Switches]
ASP
Application Service Provider
A business that provides software services (e.g. CRM, credit card processing) over a network (and the Internet) using standard protocol like HTTP. Has generally been replaced by SaaS, and differs from SaaS in the following ways:
- ASPs try to focus on managing and hosting 3rd-party software, while SaaS vendors manage the software they have developed on their own.
- ASPs provide more traditional client-server apps, requiring installation of “thin client” software on users’ PCs. On the other hand, SaaS rely solely on the Web and can be accessed via a web browser.
- ASPs’ software architecture requires that, for each business, whereas SaaS solutions use multi-tenant architecture in which they serves multiple users and businesses.
- ASPs don’t provide the same scalability and cost-saving as SaaS
- ASP is basically a failed model [says one site]
BCP
Business Continuity Plan
A document that details how an organization intends to maintain business operations during a disaster.
i.e. The strategy for addressing potential threats to a company and creation of systems to aid in the prevention of threats and recovery from problems.
BERT
Bit-Error Rate Test
A test to see the percentage of received bits of a data stream that has changed due to noise, interference, or other distortion.
BERT contains both a stress pattern generator (which can generate a variety of bit patterns) and an error detector (which is synchronized with the pattern generator and can determine the number of bit errors).
Unlike many other forms of testing, bit error rate, BER measures the full end to end performance of a system including the transmitter, receiver and the medium between the two.
[Pretty sure this is for Layer 1 testing]
BLE
Bluetooth Low Energy (or Bluetooth LE)
Also called Bluetooth Smart, a new version of Bluetooth that provides a range comparable to the earlier version of Bluetooth, but that consumes less power.
A Bluetooth variant designed for use in IoT networks by battery-powered devices.
BSSID
Basic Service Set Identifier
Identifier for a particular access point within a wireless LAN (WLAN). The MAC address of the AP is used as this identifier.
While an SSID (i.e. network name like ‘Mouse’) is sufficient for a WLAN with only one access point, when a WLAN contains multiple access points, the network needs a way to associate client traffic with a particular AP.
[See also ESSID]
Good overview: https://www.juniper.net/documentation/en_US/junos-space-apps/network-director3.7/topics/concept/wireless-ssid-bssid-essid.html
CaaS
Communication as a Service
A service model in which communication services are provided virtually, such as VoIP or video conferencing.
e.g. Skype, Zoom, FaceTime, Facebook Messenger, Discord, Slack
[Ugh. Apparently also being used for Containers as a Service, like Kubernetes]
[See also DaaS, MaaS, and SECaaS]
CAM
Content Addressable Memory
A special kind of high-speed computer memory optimized for searching (rather than random access) often used in routers and switches for table lookup functions. (e.g. A switch stores its MAC address table in CAM.)
[Remember MAC / CAM related. In fact, MAC table often referred to as CAM table]
Also remember CAM v. RAM]
CARP
Common Address Redundancy Protocol
A protocol that enables multiple hosts on the same network to share a set of IP addresses and thus provides failover redundancy. It is commonly used with routers and firewalls and can provide load balancing.
A redundancy protocol that allows a number of devices to be grouped together to use a single virtual network interface among them.
[Remember Address Redundancy Protocol… but don’t get confused with ARP]
In some cases, you might have a set of IP addresses to share among multiple hosts. For example, if you have multiple routers that support multiple interfaces, and you want to interlace those routers as a fault-tolerant cluster, you would have a list of several IP addresses pointing to the cluster as a group. This is accomplished with CARP (Common Address Redundancy Protocol), which allows a pool of computers or interfaces to share
one or more IP addresses. This pool is known as a group of redundancy or redundancy group. When using CARP, one device, acting as the group master, receives requests for an IP address, then parcels out the requests to one of several devices in the group.
CARP is a free alternative to VRRP (Virtual Router Redundancy Protocol), or Cisco’s propriety version called HSRP (Hot Standby Routing Protocol). Although VRRP and HSRP function somewhat differently than CARP and are used solely for routers, the general idea is the same.
[See also: VRRP and HSRP]
[See also: GLBP]
CHAP
Challenge Handshake Authentication Protocol
A protocol that challenges a system to verify identity. CHAP is an improvement over Password Authentication Protocol (PAP) in which one-way hashing is incorporated into a three-way handshake. RFC 1334 applies to both PAP and CHAP.
An authentication protocol that operates over PPP and also encrypts usernames and passwords for transmission.
A remote-access authentication protocol used by PPP. [Sounds more like CHAP uses PPP??]
[Related to EAP, WiFi authentication]
[See also PAP and MS-CHAP]
CRAM-MD5
Challenge-Response Authentication Mechanism-Message Digest 5
An authentication mechanism built on the MD5 algorithm that provides some additional security when communicating over an unencrypted connection.
A challenge-response authentication mechanism.
N+ material is pretty vague on this, if even mentions at all. From website:
CRAM-MD5 is a widely used challenge-response mechanism that transfers hashed passwords instead of clear text passwords. It is official deprecated, initially in favor of first DIGEST-MD5 but today SCRAM-SHA-1. For insecure channels (e.g., when TLS is not used), it is has better properties than PLAIN since the unhashed password is not leaked. The disadvantage with hashed passwords is that the server cannot use normal authentication infrastructures such as PAM, because the server must have access to the unhashed password in order to validate every authentication attempt.
CVE
Common Vulnerabilities and Exposure
Website that catalogs / indexes cybersecurity vulnerabilities. May be incorporated into security tools, etc.
https://cve.mitre.org/
[This was in Messer’s section on zero-day attacks, but I ignored it, thinking it wouldn’t be on test]
CVW
Collaborative Virtual Workspace
A software tool designed to support teams working across geographical distances.
–
An environment used for collaboration and interaction of participants that may be spread over large distances.
[May be set up as metaphorical “room” or “building” or “world.” You can access resources, chat room, etc. Was used by US military. MOOCs maybe?]
CWDM
Coarse Wave Division Multiplexing
One of the three types of multiplexing technologies used with fiber-optic cable (the other two being WDM and CWDM.)
[Note: Original WDM carries multiple light signals simultaneously by dividing a light beam into different wavelengths, or colors, on a single fiber. Like a prism. Originally only provided two wavelengths / channels per strand of fiber]
CWDM lowers cost by spacing frequency bands wider apart to allow for cheaper transceiver equipment. Coarse WDM multiplexers typically can support 4, 8, 16, or 18 channels per fiber. The effective distance of CWDM is more limited than DWDM because signal is not amplified.
An alternative to DWDM that is commonly used with television cable networks. The main thing to know about it is that it has relaxed stabilization requirements; thus, you can have vastly different speeds for download than upload.
[See also DWDM]
[Good write-up of these in Jill West book]
DaaS
Desktop as a Service
A service model in which desktop services, such as VDI, are provided virtually from a third-party provider, eliminating the need to build and manage your own infrastructure. [So basically, it’s operating system as a service?]
e.g. Citrix, Microsoft, Amazon, VMWare
VDI - Virtual desktop infrastructure (VDI) is a desktop virtualization technology wherein a desktop operating system, typically Microsoft Windows, runs and is managed in a data center. The virtual desktop image is delivered over a network to an endpoint device, which allows the user to interact with the operating system and its applications as if they were running locally. The endpoint may be a traditional PC, thin client device or a mobile device.
[Apparently also used for Data as a Service]
[See also CaaS, MaaS, and SECaaS]
DCS
Distributed Computer System or Distributed Control System
A computerized control system for a process or plant usually with many control loops, in which autonomous controllers are distributed throughout the system, but there is no central operator supervisory control. This is in contrast to systems that use centralized controllers; either discrete controllers located at a central control room or within a central computer. The DCS concept increases reliability and reduces installation costs by localizing control functions near the process plant, with remote monitoring and supervision.
Distributed control systems first emerged in large, high value, safety critical process industries, and were attractive because the DCS manufacturer would supply both the local control level and central supervisory equipment as an integrated package, thus reducing design integration risk. Today the functionality of SCADA and DCS systems are very similar, but DCS tends to be used on large continuous process plants where high reliability and security is important, and the control room is not geographically remote.
[See ICS and SCADA]
DLR
Device Level Ring
A protocol that provides a means of detecting, managing, and recovering from faults in a ring-based topology network. If a failure occurs in the ring, the communication essentially turns around and starts traveling around the ring in the opposite direction, reaching their destination like nothing ever happened.
In short, it allows a system to tolerate a disconnect or failure without any consequences to performance and recover before the system even notices.
(‘Ring topology’ here does not refer to a backbone network ring of switches, but rather a ring that you would find inside of a cabinet with daisy-chained devices leveraging the dual Ethernet ports found on some pieces of hardware.)
DPI
Deep Packet Inspection
A type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used to baseline application behavior, analyze network usage, troubleshoot network performance, ensure that data is in the correct format, check for malicious code, eavesdropping, and internet censorship.
WireShark offers DPI. So do NGFW. Wiki says could be at Layer 2 and 3. Or could be Layers 2 to 7. One of my books emphasizes Layer 7.
DR
Designated Router
An OSPF router intended to reduce network traffic by maintaining the complete routing database and then sending updates to the other routers on the shared network segment.
OR: In the context of OSPF, a router normally selected automatically to serve as a central collection point for routing information on a network.
[Is this really not in Messer notes?]
DSSS v. FHSS
Direct Sequence Spread Spectrum v.
Frequency Hopping Spread Spectrum
[For short definitions, see bottom]
Two variations in the initial 802.11 wireless standard. These original standards are far too slow for modern networking needs and are no longer deployed.
Spread spectrum refers to the manner in which data signals travel through a radio frequency. With spread spectrum, data does not travel straight through a single RF band; this type of transmission is known as narrowband transmission. Spread spectrum, however, requires that data signals either alternate between carrier frequencies or constantly change their data pattern. Although the shortest distance between two points is a straight line (narrowband), spread spectrum is designed to trade bandwidth efficiency for reliability, integrity, and security. Spread-spectrum signal strategies use more bandwidth than in the case of narrowband transmission, but the trade-off is a data signal that is clearer and easier to detect.
Frequency-hopping spread-spectrum (FHSS) requires the use of narrowband signals that change frequencies in a predictable pattern. The term frequency hopping refers to data signals hopping between narrow channels. For example, consider the 2.4 GHz frequency band used by 802.11b/g. This range is divided into 70 narrow channels of 1 MHz each. Somewhere between 20 and several hundred milliseconds, the signal hops to a new channel following a predetermined cyclical pattern.
Because data signals using FHSS switch between RF bands, they have a strong resistance to interference and environmental factors. The FHSS signal strategy makes it well suited for installations designed to cover a large geographic area and where using directional antennas to minimize the influence of environmental factors is not possible.
FHSS is not the preferred spread-spectrum technology for today’s wireless standards. However, FHSS is used for some lesser-used standards and for cellular deployments for fixed broadband wireless access (BWA), where the use of DSSS (discussed next) is virtually impossible because of its limitations.
With DSSS transmissions, the signal is spread over a full transmission frequency spectrum. For every bit of data sent, a redundant bit pattern is also sent. This 32-bit pattern is called a chip. These redundant bits of data provide both security and delivery assurance. The reason transmissions are so safe and reliable is because the system sends so many redundant copies of the data, and only a single copy is required to have complete transmission of the data or information. DSSS can minimize the effects of interference and background noise.
As for a comparison between the two, DSSS has the advantage of providing better security and signal delivery than FHSS, but it is a sensitive technology, affected by many environmental factors.
SUMMARIES:
DSSS:
A modulation technique that, like other spread-spectrum technologies, distributes lower-level signals over several frequencies simultaneously.
Or:
A modulation technique in which the transmitted signal takes up more than the information signal that modulates the carrier or broadcast frequency. [Huh?]
-
FHSS:
A wireless signaling technique in which a signal jumps
between several different frequencies within a band
in a synchronization pattern known to the channel’s
receiver and transmitter.
OR
A multiple access method of transferring radio signals in the frequency-hopping code division multiple access (FH-CDMA) scheme. [Huh?
DWDM
Dense Wavelength Division Multiplexing
One of the three types of multiplexing technologies used with fiber-optic cable (the other two being WDM and CWDM.)
[Note: Original WDM carries multiple light signals simultaneously by dividing a light beam into different wavelengths, or colors, on a single fiber. Like a prism. Originally only provided two wavelengths / channels per strand of fiber]
Increases the number of channels provided by normal WDM to between 80 and 320 channels. Dense WDM can be amplified en route and is typically used on high-bandwidth or long-distance WAN links, such as the connection between a large ISP and its (even larger) NSP (network service provider). [HOW??]
A form of multiplexing optical signals that replaces SONET/SDH regenerators with erbium doped fiber amplifiers (EDFAs) and can also amplify the signal and enable it to travel a greater distance. The main components of a DWDM system include the following:
Terminal multiplexer
Line repeaters
Terminal demultiplexer
[Huh??]
[Book says make you understand that DWDM works with SONET/SDH. So doesn’t replace them. Replaces something they used previously?]
[See also CWDM]
[Messer does mention this in passing. He said it’s a topology that may run under ethernet inside a provider’s network (Metropolitan-area Network). Not sure it made it into flashcards.
EBCDIC
Extended Binary Coded Decimal Interchange Code
A data format used by IBM mainframes? Makes no sense why this is included on text. Not mentioned in most of the books. Only place I see it mentioned is in references of it being converted to and from ASCII as an example of something that occurs that OSI Layer 6 (Presentation Layer.)
EDNS
Extension Mechanism for DNS
As specified by the Internet Engineering Task Force as RFC 2671, EDNS increases the size of the flags fields, return codes, and label types available in basic DNS
[Okay. But what’s the context / point??]
A mechanism that expands DNS parameters, thereby
increasing the protocol’s functionality.
From Meyers:
If you think about what DNS does, you can appreciate that it can be a big security issue. Simply querying a DNS server gives you a list of every computer name and IP address that it serves. This isn’t the kind of
information we want bad guys to have. The big fix is called DNS Security Extensions (DNSSEC). DNSSEC is an authorization and integrity protocol designed to prevent bad guys from impersonating legitimate DNS servers. It’s implemented through extension mechanisms for DNS (EDNS), a specification that expanded several parameter sizes but maintained backward compatibility with earlier DNS servers.
[Funny, because I was actually reading that EDNS opened door for amplified attacks?]
ESD
Electrostatic Discharge
Commonly known as “static electricity.” The transfer of electrical charge between two bodies, such as when a technician touches a computer component.
Computer components are grounded inside a case, and computer power cables use three-prong plug (third prong is grounded).
Use ESD strap on wrist, or at least touch case before any component. Store sensitive components in antistatic bags.
[Not to be confused with EMI - Electromagnetic Interference]
ESP
Encapsulated Security Payload
One of the two protocols used by IPSec. The other protocol is Authentication Header (AH).
AH provides authentication, integrity, and replay protection (but not confidentiality). Unlike ESP, AH also secures parts of the IP header of the packet (such as source / destination addresses).
ESP provides confidentiality, integrity, authentication. (Known as the “CIA Triad”). Also protect against replay attacks.
[Didn’t include AH in these flashcards, but probably should have. They’re also on the objectives]
[See also: SA, Security Associations]
[See also: Internet Key Exchange (IKE)]
ESSID
Extended Service Set Identifier
Consists of all of the BSSIDs on a wireless LAN (WLAN). For all practical purposes, the ESSID identifies the same network as the SSID does. The term SSID is used most often.
[See also BSSID, which is just a unique identifier (i.e. MAC address) for individual access points]
FDM
Frequency Division Multiplexing
One of the three common types of multiplexing used on copper lines (along with TDM and STDM).
Assigns different frequencies to create multiple frequency bands, each used by a subchannel, so that multiple signals can transmit on the line at the same time. Signals are modulated into different frequencies, then multiplexed to simultaneously travel over a single channel, and demultiplexed at the other end. Telephone companies once used FDM for all phone lines and now still use multiplex signals on residential phone lines for the last leg before entering a residence.
[Remember that multiplexing is a form of transmission that allows multiple signals to travel simultaneously over one medium. You put the streams together, and then have to separate them out again. i.e. demuxing]
[See also: TDM]
GLBP
Gateway Load Balancing Protocol
A proprietary Cisco protocol that allows a pool of interfaces to share one or more IP addresses and also provides load balancing services.
A proprietary Cisco protocol that adds basic load-balancing functionality in an attempt to overcome the limitations of existing redundant router protocols.
[See also CARP]
[And maybe see also: VRRP and HSRP]
[Jesus Christ. What is the difference between all of these??]
GPG
GNU Privacy Guard
An encryption software program that provides an alternative to PGP.
An IETF RFC 4880-compliant alternative to the PGP suite of cryptographic software.
If a Linux source file has been signed, you need to use the publisher’s public key and the gpg utility to verify the signature.
[Another one of those weird ones that are on acronym objectives, but aren’t really mentioned by any of the study material, and the context isn’t super clear]
[See also PGP
GRE
Generic Routing Encapsulation
A Layer 3 protocol developed by Cisco that is used to transmit PPP, IP, and other kinds of messages through a tunnel. Like L2TP, GRE is used in conjunction with IPsec to increase the security of the transmissions.
A tunneling protocol developed by Cisco that is used to transmit PPP data frames through a VPN tunnel.
A routing encapsulation method that comes in a plain wrapper.
A common VPN tunneling protocol. See also:
PPTP, L2TP, OpenVPN, IKEv2
HDLC
High-Level Data Link Control
A protocol that is widely used to transfer data over a serial digital line, such as T1 or ISDN. It performs the same framing and error detection functions as Ethernet but on a point-to-point link between two routers, rather than a shared access medium.
The Point-to-Point Protocol (PPP) is an adaptation of HDLC and forms the cornerstone of subscriber dial-up and broadband Internet access methods. It is defined by RFC 1661. PPP was developed for dial-up networking, but is still used over a variety of communications links, including DSL, SONET, and cellular.
A group of Layer 2 protocols that can provide either connection oriented or connectionless service for data transfer between nodes.
–
An ISO developed bit-oriented synchronous data link layer protocol used for point-to-point or point-to-multipoint connections. [Huh?]
[See also: PPP. Actually, it’s on acronym objectives but didn’t include it here. But maybe I should. It’s referenced repeatedly among these acronyms.]
HSPA+
High-Speed Packet Access
A 3G mobile wireless technology released in 2008
that uses MIMO and sophisticated encoding techniques to achieve a maximum 168-Mbps downlink
throughput and 22-Mbps uplink throughput in its
current release.
Began as a 3G technology released in 2008 that uses MIMO and sophisticated encoding techniques to achieve a maximum 168 Mbps downlink throughput and 22 Mbps uplink throughput in its current release. To achieve such speeds, HSPA1 uses limited channels more efficiently and incorporates more antennas in MIMO transmission. However, faster and more flexible technologies, such as LTE, are overtaking HSPA+ in popularity. (LTE can theoretically acheive downlink data rates of up to 1 Gbps and uplink rates up to 100 Mbps. LTE currently fastest wireless broadband service in US.)
[The acronym objectives mention HSPA, but the books mention HSPA+. Sooo….]
[Compares to LTE (Long-Term Evolution), a 4G technology that uses a different access method than HSPA+.
HSRP
Hot Standby Router Protocol
Cisco’s proprietary standard that assigns a virtual IP address to a group of routers. (CARP is a free alternative.)
While it is possible to configure hosts with multiple default gateways for fault tolerance, this does not work well in practice, as it requires a greater degree of complexity in the hosts’ routing algorithms than is typically implemented on an end system host.
To address this problem, Cisco developed the proprietary Hot Standby Router Protocol (HSRP), standardized in 1998 as RFC 2281. HSRP allows for multiple physical routers to serve as a single default gateway for a subnet. To do this, each router must
have an interface connected to the subnet, with its own unique MAC address and IP address. In addition, they also need to be configured to share a common virtual IP address and a common MAC address. The group of routers configured in this way is known as a standby group. They communicate among themselves using IP multicasts and choose an active router based on priorities configured by an administrator. The active router responds to any traffic sent to the virtual IP address. Of the remaining routers in the standby group, the router with the next highest priority is chosen as the
standby router. The standby router monitors the status of the active router and takes over the role if the active router becomes unavailable, also triggering the selection of a new standby router from the remaining routers in the group.
–
A Cisco proprietary protocol used for establishing redundant gateways.
[See also CARP and VRRP]
HT
High Throughput
A feature of 802.11n for increased throughput on the network. The newer Very High Throughput (VHT) 802.11ac standard further increases network throughput.
Hz
Hertz
Equivalent to cycles per second, hertz is the unit of frequency defined as the number of cycles per second of a periodic phenomenon.
ARIN v. IANA v. ICANN v. InterNIC
Jesus Christ. I still need to work on this. Not clear at all. Maybe look at Messer again
https://www.reddit.com/r/dns/comments/3eutoj/
stupid_question_what_is_the_difference_between/
ARIN - Regional Internet registry responsible for managing IPv4 and IPv6 IP number distribution for North American region, including US and Canada.
ICANN - Organization responsible for coordinating domain names and addresses.
The nonprofit corporation currently designated by the U.S. government to maintain and assign IP addresses.
IANA - Organization responsible for IP addresses, domain names, and protocol parameters. Some functions of IANA, such as domain name assignment, have been devolved into other organizations.
A nonprofit, U.S. government-funded group
that was established at the University of Southern
California and charged with managing IP address allocation and the Domain Name System. The
oversight for many of IANA’s functions was given
to ICANN in 1998; however, IANA continues to perform
Internet addressing and Domain Name System
administration.
InterNIC - Now known just as NIC (Network Information Center), this is the organization that was primarily responsible for domain name allocation.
More recently known as the NIC (Network
Information Center), a predecessor to ARIN in the
oversight and management of multiple Internet
resources, such as IP address allocation in North
America. [Looks like nowadays it mostly just provides reference docs and info about domain name registration]
[ICANN apparently operates InterNIC and IANA?]
ICA
Independent Computer Architecture or Independent Computing Architecture
Citrix’s alternative to Microsoft Remote Desktop Protocol (RDP).
[See also: VNC. Not actually listed here]
ICS
Internet Connection Sharing
The use of one device’s Internet connection to provide Internet connectivity to one or more other devices.
-
Also known simply as Internet sharing, the technique of enabling more than one computer to access the Internet simultaneously using a single Internet connection. When you use Internet sharing, you connect an entire LAN to the Internet using a single
public IP address.
ALTERNATE MEANING:
Industrial Control System
A general term used to describe industrial control systems such as supervisory control and data acquisition (SCADA) systems.
-
A group of networked computers used to manage a physical system of industrial processes.
-
The overall system that monitors and controls machines today is called an industrial control system (ICS).
An ICS has three basic components: input/output (I/O) functions on the machine, a controller, and the interface for the operator. Input and output work through sensors and actuators. Sensors monitor things like temperature,
for example, and the actuator makes changes that modify that temperature. The controller, some sort of computer, knows enough to manage the process,
such as “keep the temperature between 50 and 55 degrees Fahrenheit.” The operator watches some kind of monitor—the interface—and intervenes if necessary (Figure 17-11). Let’s scale this up to a factory and add a little more complexity…
As computing power went up and costs when down, it made much more sense to put smaller controllers directly on each machine, to distribute the computing load. This is a distributed control system (DCS). In a modern DCS, each of the local controllers connects (eventually) to a centralized controller—called the ICS server—where global changes can be made managed
[Meyers has great stuff on ICS v. DCS]
[See DCS and SCADA]
IGMP
Internet Group Message Protocol
A Network layer protocol used on IPv4 networks to manage multicast transmissions.
–
A protocol in the TCP/IP suite that supports multicasting in a routed environment.
–
A protocol used for communication between devices within the same multicast group. IGMP provides a mechanism for systems to detect and make themselves aware of other systems in the same group.
[Not to be confused with ICMP]
IKE
Internet Key Exchange
An IPsec protocol that uses X.509 certificates for authentication.
The Internet Key Exchange (IKE) protocol is the part of the IPSec protocol suite that handles authentication and key exchange, referred to as Security Associations (SA). IKE is also referred to as Internet Security Association and Key Management Protocol (ISAKMP). IKE negotiations use UDP port 500. The negotiations take place over two phases…
[Pengelly book has good stuff on this, and discusses IKE versus IKEv2]
–
IKEv2 - A component of the IPsec protocol suite, offers fast throughput and good stability when moving between wireless hotspots. It’s compatible with a wide variety of devices and is often recommended by VPN providers as the most secure option among the VPN protocols they support.
A common VPN tunneling protocol. See also:
PPTP, GRE, L2TP, OpenVPN, IKEv2
ISAKMP
Internet Security Association and Key Management Protocol
Defined by RFC 2408, ISAKMP is a protocol typically used by IKE for key exchange.
–
One of two services in the key management phase of creating a secure IPsec connection. ISAKMP works within the IKE process to establish policies for managing the keys.
–
Pengelly says ISAKMP is synonym for IKE. Other books don’t seem to agree.
[See also: IKE]
IS-IS
Intermediate System to Intermediate System
A link-state protocol that discovers the shortest path for data to travel using the shortest path first (SPF) algorithm. IS-IS routers distribute topology information to other routers, allowing them to make the best path decisions.
A link-state routing protocol that uses a bestpath
algorithm. IS-IS was originally codified by ISO,
which referred to routers as “intermediate systems,”
thus the protocol’s name.
ITS
Intelligent Transportation System
A traffic management system intended for use in creating smart transportation networks.
[WTH. Only in one book, w/ a lame definition. What does this have to do with anything?]
IV
Initialization Vector
A fixed-size input used in cryptography. The larger initialization vector, the more it increases the difficulty in cracking and minimizes the risk of replay.
–
The initial, arbitrary number used to randomize the encryption process.
–
WEP is subject to many types of WEP attacks. Hackers can easily crack WEP, for two reasons: the size of the encryption key and the way the key is updated. First, the WEP keys were never really 64- and 128-bit. WEP uses an encryption cipher called RC4. There’s nothing inherently wrong with RC4, but RC4 is a stream cipher and needs a little code to start the encryption
process, just like a water pump needs some water in the pump before it works. This extra code is stored in the key in the form of what’s called an initialization vector (IV). The IV with WEP is 24 bits, which means the encryption part of a WEP key is only 40-bit or 104-bit.
[Messer mentions in passing when discussing WPA replacing WEP. But not clear what it is.]
KVM
Keyboard Video Mouse
A device that connects the equipment in a rack to a
single console to provide a central control portal for
all devices on the rack.
[Ahhh… now it makes sense. Jesus Christ, some of these books are almost useless in their definitions]
A device that allows one keyboard, one mouse, and one monitor to be used with multiple devices.
[By the way, these are the three things RDP lets you access remotely]
L2TP
Layer 2 Tunneling Protocol
A VPN tunneling protocol based on technology developed by Cisco and standardized by the IETF. L2TP encapsulates PPP data in a similar manner to PPTP, but differs in a few key ways. Unlike PPTP,
L2TP is a standard accepted and used by multiple vendors, so it can connect a VPN that uses a mix of equipment types—for example, a Juniper router, a Cisco router, and a NETGEAR router. Also, L2TP can connect two routers, a router and a remote access server, or a client and a remote access server. Typically, L2TP is implemented with IPsec for security, and this L2TP/IPsec combination is considered secure and acceptable for most situations.
A common VPN tunneling protocol. See also:
PPTP, GRE, OpenVPN, IKEv2
LACP
Link Aggregation Control Protocol
An IEEE specification that provides a control method of bundling several physical ports into one single channel.
A protocol currently defined by IEEE’s 802.1AX standard
that dynamically coordinates communications
between two hosts on aggregated connections.
Link aggregation means combining two or more separate cabled links into a single logical channel, referred to as an EtherChannel. From the host end, this can also be called NIC teaming; at the switch end, it can be called port aggregation. The term bonding is also widely substituted for aggregation. For example, a single network adapter and cable segment might support 1 Gbps; bonding this with another adapter
and cable segment gives a link of 2 Gbps. Link aggregation can also provide redundancy; if one link is broken, the connection is still maintained by the other (failover).
…802.3ad also defines the Link Aggregation Control Protocol (LACP), which can be used to detect configuration errors and recover from the failure of one of the physical links.
LEC
Local Exchange Carrier
A term in the US for a local telephone company.
A regulatory term used in telephony to represent the local telephone provider.
LLC
Logical Link Control
A sublayer of Layer 2 that is primarily concerned with multiplexing, flow and error control, and reliability.
(The other Layer 2 sublayer is the Media Access Control, or MAC, sublayer, which defines how multiple network interfaces share a single transmission medium. Handles logical topology (bus or ring); addressing, frame format, error checking.)
A division of the Data Link layer described by the IEEE.
It is responsible for establishing and maintaining a link between communicating devices for the transmission of frames.
A sublayer of the data link layer of the OSI model. The LLC layer provides an interface for network layer protocols and the MAC sublayer.
LLDP
Link Layer Discovery Protocol
A Layer 2 protocol used by nodes on a network to advertise their identity and capabilities.
–
A protocol used by network devices for advertising on an IEEE 802 local area network.
