802.

11 standards IEEE standards for wireless networking based on spread spectrum radio
transmission in the 2.4 GHz and 5 GHz bands. The standard, known as Wi-Fi, has six main iterations:
a, b, g, Wi-Fi 4 (n), Wi-Fi 5 (ac), and Wi-Fi 6 (ax). These specify different modulation techniques,
supported distances, and data rates, plus special features, such as channel bonding, MIMO, and MU-
MIMO.

802.1p IEEE standard defining a 3-bit (0 to 7) class of service priority field within the 802.1Q format.

802.1Q Trunking protocols enable switches to exchange data about VLAN configurations. The 802.1Q
protocol is often used to tag frames destined for different VLANs across trunk links.

802.1X Standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based
authentication. Also called port-based network access control, and IEEE 802.1X

acceptable use policy (AUP) Policy that governs employees' use of company equipment and Internet
services. ISPs may also apply AUPs to their customers. Also called fair use policy.

access control list (ACL) Collection of access control entries (ACEs) that determines which subjects
(user accounts, host IP addresses, and so on) are allowed or denied access to the object and the
privileges given (read only, read/write, and so on).

access control vestibule Secure entry system with two gateways, only one of which is open at any
one time. Previously known as mantrap, though this terminology is now deprecated.

access point (AP) Device that provides a connection between wireless devices and can connect to
wired networks, implementing an infrastructure mode WLAN. Also called wireless access point
(WAP).

access/edge layer Lowest tier in a hierarchical network topology acting as the attachment point for
end systems.

ad hoc network Type of wireless network where connected devices communicate directly with each
other instead of over an established medium. Also called Independent Basic Service Set (IBSS).

address resolution protocol (ARP) Broadcast mechanism by which the hardware MAC address of an
interface is matched to an IP address on a local network segment.
Addressing (Network) Unique identifier for a network node, such as a MAC address, IPv4 address, or
IPv6 address.

adjacent channel interference (ACI) Troubleshooting issue where access points within range of one
another are configured to use different but overlapping channels, causing increased noise. Also
called channel overlap.

administrative distance (AD) Metric determining the trustworthiness of routes derived from different
routing protocols.

angled physical contact (APC) Fiber optic connector finishing type that uses an angled polish for the
ferrule.

antenna cable attenuation Signal loss caused by an external antenna connected to an access point
over cabling.

antenna type Specially arranged metal wires that can send and receive radio signals, typically
implemented as either an omnidirectional or a unidirectional type.

anycast IP delivery mechanism whereby a packet is addressed to a single host from a group sharing
the same address.

Application Layer OSI model layer providing support to applications requiring network services (file
transfer, printing, email, databases, and so on). Also called layer 7.

application-specific integrated circuit (ASIC) Type of processor designed to perform a specific

function, such as switching.

arp command Utility to display and modify contents of host's cache of IP to MAC address mappings,
as resolved by address resolution protocol (ARP) replies.

asymmetrical routing Topology where the return path is different to the forward path.
auditing Detailed and specific evaluation of a process, procedure, organization, job function, or
system, in which results are gathered and reported to ensure that the target of the audit is in
compliance with the organization's policies, regulations, and legal responsibilities. Also called audit
report.

authentication header (AH) IPSec protocol that provides authentication for the origin of transmitted
data as well as integrity and protection against replay attacks.

authoritative name server DNS server designated by a name server record for the domain that holds
a complete copy of zone records.

auto MDI/MDIX Interface that can detect a connection type and configure as MDI or MDI-X as
appropriate.

automatic private IP addressing (APIPA) Mechanism for Windows hosts configured to obtain an
address automatically that cannot contact a DHCP server to revert to using an address from the
range 169.254.x.y. This is also called a link-local address.

automation Using scripts and APIs to provision and deprovision systems without manual
intervention.

autonomous system (AS) Group of network prefixes under the administrative control of a single
organization used to establish routing boundaries.

badge reader Authentication mechanism that allows a user to present a smartcard to operate an
entry system.

bandwidth Generally used to refer to the amount of data that can be transferred through a
connection over a given period. Bandwidth more properly means the range of frequencies supported
by transmission media, measured in Hertz.

bandwidth speed tester Hosted utility used to measure actual speed obtained by an Internet link to a
representative server or to measure the response times of websites from different locations on the
Internet.

Basic Service Set ID (BSSID) MAC address of an access point supporting a basic service area.
bidirectional wavelength division multiplexing (BWDM) System that allows bidirectional data transfer
over a single fiber strand by using separate wavelengths for transmit and receive streams. Also called
wavelength division multiplexing (WDM).

biometric authentication Authentication mechanism that allows a user to perform a biometric scan
to operate an entry or access system. Physical characteristics stored as a digital data template can be
used to authenticate a user. Typical features used include facial pattern, iris, retina, or fingerprint
pattern, and signature recognition.

border gateway protocol (BGP) Path vector exterior gateway routing protocol used principally by ISPs
to establish routing between autonomous systems.

botnet Group of hosts or devices that have been infected by a control program called a bot that
enables attackers to exploit the hosts to mount attacks. Also referred to as a zombie.

bottleneck Troubleshooting issue where performance for a whole network or system is constrained
by the performance of a single link, device, or subsystem.

bridge Intermediate system that isolates collision domains to separate segments while joining
segments within the same broadcast domain.

bring your own device (BYOD) Security framework and tools to facilitate use of personally-owned
devices to access corporate networks and data.

broadcast Packet or frame addressed to all hosts on a local network segment, subnet, or broadcast
domain. Routers do not ordinarily forward broadcast traffic. The broadcast address of IP is one where
the host bits are all set to 1; at the MAC layer it is the address [Link].

broadcast domain Network segment in which all nodes receive the same broadcast frames at layer 2.

broadcast storm Traffic that is recirculated and amplified by loops in a switching topology, causing
network slowdowns and crashing switches.

brute force attack Type of password attack where an attacker uses an application to exhaustively try
every possible alphanumeric combination to crack encrypted passwords.
bus topology A shared access media where all nodes attach directly to a single cable segment.

business continuity Collection of processes that enable an organization to maintain normal business
operations in the face of some adverse event.

business impact analysis (BIA) Systematic activity that identifies organizational risks and determines
their effect on ongoing, mission critical operations. Also called process assessment.

cable crimper Tool to join a network jack to the ends of network patch cable.

cable modem Cable Internet access digital modem that uses a coaxial connection to the service
provider's fiber optic core network. Also called Hybrid Fiber Coax (HFC).

cable stripper Tool for stripping the cable jacket or wire insulation.

cable tester Tool that reports physical characteristics of a network link such as signal strength, noise,
and crosstalk.

campus area network (CAN) Scope defining a network with direct connections between two or more
buildings within the same overall area.

canonical notation Format for representing IPv6 addresses using hex double-bytes with colon
delimitation and zero compression.

captive portal Web page or website to which a client is redirected before being granted full network
access.

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) Mechanism used by 802.11 Wi-Fi
standards to cope with contention over the shared access media.

cat cable standards ANSI/TIA/EIA cable category designations, with higher numbers representing
better support for higher data rates.
cellular radio Mobile telephony standards divided into 2G (GSM; up to about 14 Kbps), 2.5G (GPRS,
HSCSD, and EDGE; up to about 48 Kbps), and 3G (WCDMA; up to about 2 Mbps).

change management Process for approving, preparing, supporting, and managing new or updated
business processes or technologies.

channel Subdivision of frequency bands used by Wi-Fi products into smaller channels to allow
multiple networks to operate at the same location without interfering with one another.

channel bonding Capability to aggregate one or more adjacent channels to increase bandwidth.

Channel Service Unit/Data Service Unit (CSU/DSU) Appliance or WAN interface card providing
connectivity to a digital circuit. The DSU encodes the signal from Data Terminal Equipment (DTE)—a
PBX or router—to a signal that can be transported over the cable. The CSU is used to perform
diagnostic tests on the line.

CIA triad Three principles of security control and management: confidentiality, integrity, and
availability. Also known as the information security triad. Also referred to in reverse order as the AIC
triad.

classless interdomain routing (CIDR) Using network prefixes to aggregate routes to multiple network
blocks ("supernetting"). This replaced the old method of assigning class-based IP addresses based on
the network size.

client-server Administration paradigm where some host machines are designated as providing server
and services and other machines are designated as client devices that only consume server services.

cloud deployment model Classifying the ownership and management of a cloud as public, private,
community, or hybrid.

cloud responsibility matrix Documentation listing which security and management tasks are the
responsibility of the cloud provider and which are the responsibility of the cloud consumer.

clustering Load balancing technique where a group of servers are configured as a unit and work
together to provide network services.
co-channel interference (CCI) Troubleshooting issue where access points within range of one another
are configured to use the same channel, causing increased contention.

coarse wavelength division multiplexing (CWDM) Technology for multiplexing up to 16 signal

channels on a single fiber using different wavelengths.

Coaxial Cable Media type using two separate conductors that share a common axis categorized using
the Radio Grade (RG) specifications.

Code Division Multiple Access (CDMA) Method of multiplexing a communications channel using a
code to key the modulation of a particular signal. CDMA is associated with Sprint and Verizon cellular
phone networks.

cold site Predetermined alternate location where a network can be rebuilt after a disaster.

collision domain Nodes attached to the same shared access media, such as a bus network or
Ethernet hub.

colocation Deploying private servers, network appliances, and interconnects to a hosted datacenter
facility shared with other customers.

command and control (C&C) Infrastructure of hosts and services with which attackers direct,
distribute, and control malware over botnets. Also called C2.

Common Vulnerabilities and Exposures (CVE) Scheme for identifying vulnerabilities developed by
MITRE and adopted by NIST.

configuration baseline Settings for services and policy configuration for a network appliance or for a
server operating in a particular application role (web server, mail server, file/print server, and so on).

control plane policing Security methods to prevent DoS attacks against a route processor over control
or management plane protocols and packets.

convergence Process whereby routers agree on routes through the network to establish the same
network topology in their routing tables (steady state). The time taken to reach steady state is a
measure of a routing protocol’s convergence performance.
core layer Highest tier in a hierarchical network topology providing interconnections between blocks.

crossover cable Cabling where the transmit pair at one end is connected to the receive pair at the
other.

crosstalk Phenomenon whereby one wire causes interference in another as a result of their close
proximity.

cyclical redundancy check (CRC) Calculation of a checksum based on the contents of a frame used to
detect errors.

Data Link Layer OSI model layer responsible for transferring data between nodes. Also called Layer 2.

data loss (leak) prevention (DLP) Software solution that detects and prevents sensitive information
from being stored on unauthorized systems or transmitted over unauthorized networks.

data remnant Leftover information on a storage medium even after basic attempts have been made
to remove that data. Also called a remnant.

datacenter Facility dedicated to the provisioning of reliable power, environmental controls, and
network fabric to server computers.

deauthentication/disassociation attack Spoofing frames to disconnect a wireless station to try to

obtain authentication data to crack.

decibel loss (dB loss) Loss of signal strength between a transmitter and receiver due to attenuation
and interference measured in decibels. Also called insertion loss.

default gateway IP configuration parameter that identifies the address of a router on the local subnet
that the host can use to contact other networks.

default route Entry in the routing table to represent the forwarding path that will be used if no other
entries are matched.
default VLAN Default VLAN ID (1) for all unconfigured switch ports.

defense in depth Security strategy that positions the layers of network security as network traffic
roadblocks; each layer is intended to slow an attack's progress, rather than eliminating it outright.

demarcation point Location that represents the end of the access provider’s network (and therefore
their responsibility for maintaining it). The demarc point is usually at the Minimum Point of Entry
(MPOE). If routing equipment cannot be installed at this location, demarc extension cabling may
need to be laid.

denial of service attack (DoS) Any type of physical, application, or network attack that affects the
availability of a managed resource.

dense wavelength division multiplexing (DWDM) Technology for multiplexing 40 or 80 signal

channels on a single fiber using different wavelengths.

desktop as a service (DaaS) Cloud service model that provisions desktop OS and applications
software.

DHCP relay Configuration of a router to forward DHCP traffic where the client and server are in
different subnets.

DHCP snooping Switchport protection mechanism that blocks DHCP offers from unauthorized
sources.

dictionary attack Type of password attack that compares encrypted passwords against a
predetermined list of possible password values.

DiffServ Header field used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of
Service (QoS) or Class of Service (CoS) scheduling.

dig command Utility to query a DNS and return information about a particular domain name. Also
referred to as domain information groper.
digital certificate Identification and authentication information presented in the X.509 format and
issued by a Certificate Authority (CA) as a guarantee that a key pair (as identified by the public key
embedded in the certificate) is valid for a particular subject (user or host).

Digital Subscriber Line (DSL) Carrier technology to implement broadband Internet access for
subscribers by transferring data over voice-grade telephone lines. There are various "flavors" of DSL,
notably S(ymmetric)DSL, A(symmetric)DSL, and V(ery HIgh Bit Rate)DSL.

directly connected route Entry in the routing table representing a subnet in which the router has an
active interface.

disassociation Management frame handling process by which a station is disconnected from an

access point.

disaster recovery plan (DRP) Documented and resourced plan showing actions and responsibilities to
be used in response to critical incidents.

distance Attenuation, or degradation of a signal as it travels over media, determines the maximum
distance for a particular media type at a given bit rate.

distance vector Algorithm used by routing protocols that select a forwarding path based on the next
hop router with the lowest hop count to the destination network.

Distributed Denial of Service (DDoS) Attack that involves the use of infected Internet-connected
computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming
the target with traffic.

distribution/aggregation layer Intermediate tier in a hierarchical network topology providing

interconnections between the access layer and the core.

diverse paths Provisioning failover Internet access links that will not be affected by the same disaster
event.

DNS caching Data store on DNS clients and servers holding results of recent queries.
DNS poisoning Attack where a threat actor injects false resource records into a client or server cache
to redirect a domain name to an IP address of the attacker's choosing.

domain name system (DNS) Service that maps fully qualified domain name labels to IP addresses on
most TCP/IP networks, including the Internet.

dotted decimal notation Format for expressing IPv4 addresses using four decimal values from 0 to
255 for each octet.

dual stack Host operating multiple protocols simultaneously on the same interface. Most hosts are
capable of dual stack IPv4 and IPv6 operation for instance.

duplex Network link that allows interfaces to send and receive simultaneously.

dynamic host configuration protocol (DHCP) Protocol used to automatically assign IP addressing
information to hosts that have not been configured manually.

Dynamic Multipoint VPN (DMVPN) Software-based mechanism that allows VPNs to be built and
deleted dynamically.

dynamic route Entry in the routing table that has been learned from another router via a dynamic
routing protocol. Also called a learned route.

east-west traffic Design paradigm accounting for the fact that data center traffic between servers is
greater than that passing in and out (north-south).

effective isotropic radiated power (EIRP) Signal strength from a transmitter, measured as the sum of
transmit power, antenna cable/connector loss, and antenna gain.

elasticity Property by which a computing environment can instantly react to both increasing and
decreasing demands in workload.

electromagnetic interference (EMI) Noise that occurs when a magnetic field around one electrical
circuit or device interferes with the signal being carried on an adjacent circuit. Also called
interference.
Encapsulating Security Protocol (ESP) IPSec sub-protocol that enables encryption and authentication
of the header and payload of a data packet.

enhanced interior gateway routing protocol (EIGRP) Advanced distance vector dynamic routing
protocol using bandwidth and delay metrics to establish optimum forwarding paths.

enterprise authentication Wireless network authentication mode where the access point acts as
pass-through for credentials that are verified by an AAA server.

enumeration Attack that aims to list resources on the network, host, or system as a whole to identify
potential targets for further attack. Also referred to as footprinting and fingerprinting.

Ethernet Standards describing media types, access methods, data rates, and distance limitations at
layers 1 and 2 of the OSI model using xBASE-y designations. Also referred to 802.3.

Ethernet header Fields in a frame used to identify source and destination MAC addresses, protocol
type, and error detection.

evil twin Wireless access point that deceives users into believing that it is a legitimate network access
point.

explicit deny Firewall ACL rule configured manually to block any traffic not matched by previous
rules.

exploit Specific method by which malware code infects a target host, often via some vulnerability in a
software process. Also called exploit technique.

Extended Service Set ID (ESSID) Network name configured on multiple access points to form an
extended service area.

Extended Unique Identifier (EUI) IEEE's preferred term for a network interface's unique identifier. An
EUI-48 corresponds to a MAC address while an EUI-64 is one that uses a 64-bit address space.
Extensible Authentication Protocol (EAP) Framework for negotiating authentication methods that
enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card
readers, for authentication, and establish secure tunnels through which to submit credentials.

exterior gateway protocol (EGP) Dynamic routing protocol used to exchange information about
network paths in separate autonomous systems.

F-type connector Screw down connector used with coaxial cable.

factory reset Standard routine created by manufacturer that can be invoked to restore an appliance
to its shipped state, clearing any user customization, configuration, or modification.

fat AP Access point whose firmware contains enough processing logic to be able to function
autonomously and handle clients without the use of a wireless controller.

fiber distribution panel Type of distribution frame with pre-wired connectors used with fiber optic
cabling.

Fibre Channel (FC) High speed network communications protocol used to implement SANs.

Fibre Channel over Ethernet (FCoE) Standard allowing for a mixed use Ethernet network with both
ordinary data and storage network traffic.

File Transfer Protocol (FTP) Application protocol used to transfer files between network hosts.
Variants include S(ecure)FTP, FTP with SSL (FTPS and FTPES) and T(rivial)FTP. FTP utilizes ports 20 and
21.

firewall Software or hardware device that protects a system or network by blocking unwanted
network traffic.

first hop redundancy protocol (FHRP) Provisioning failover routers to serve as the default gateway for
a subnet. Also referred to as Virtual Router Redundancy Protocol (VRRP) and Hot Standby Router
Protocol (HSRP)

floor plan Documentation detailing site premises using an accurate scale.

flow control Mechanism defined in IEEE 802.3a that allows a server to instruct a switch to pause
traffic temporarily to avoid overwhelming its buffer and causing it to drop frames. Also called 802.3x.

fragmentation Mechanism for splitting a layer 3 datagram between multiple frames to fit the
maximum transmission unit (MTU) of the underlying Data Link network.

frame Common term for the protocol data unit for layer 2.

frequency band Portion of the radio frequency spectrum in which wireless products operate, such as
2.4 GHz band or 5 GHz band. Also called frequencies.

full tunnel VPN configuration where all traffic is routed via the VPN gateway.

fully qualified domain name (FQDN) Unique label specified in a DNS hierarchy to identify a particular
host within a subdomain within a top-level domain.

fusion splicer Tool for joining strands of fiber optic cable with minimal signal loss.

generator Standby power supply fueled by diesel or propane. In the event of a power outage, a UPS
must provide transitionary power, as a backup generator cannot be cut-in fast enough. Also called a
backup generator.

Generic Routing Encapsulation (GRE) Tunneling protocol allowing the transmission of encapsulated
frames or packets from different types of network protocol over an IP network.

geofencing Security control that can enforce a virtual boundary based on real-world geography.

Global System for Mobile Communication (GSM) Standard for cellular radio communications and
data transfer. GSM phones use a SIM card to identify the subscriber and network provider. 4G and
later data standards are developed for GSM.

hardening Process of making a host or app configuration secure by reducing its attack surface,
through running only necessary services, installing monitoring software to protect against malware
and intrusions, and establishing a maintenance schedule to ensure the system is patched to be
secure against software exploits.

hashing Function that converts an arbitrary length string input to a fixed length string output. A
cryptographic hash function does this in a way that reduces the chance of collisions, where two
different inputs produce the same output. Also called message digest or cryptographic hash.

heat map In a Wi-Fi site survey, a diagram showing signal strength and channel uitilization at
different locations.

heating, ventilation, air conditioning (HVAC) Control systems that maintain an optimum heating,
cooling, and humidity level working environment for different parts of the building.

high availability (HA) Metric that defines how closely systems approach the goal of providing data
availability 100 percent of the time while maintaining a high level of system performance.

honeypot Host, network, or file set up with the purpose of luring attackers away from assets of
actual value and/or discovering attack strategies and weaknesses in the security configuration. Also
called a honeynet or a honeyfile.

hop One link in the path from a host to a router or from router to router. Each time a packet passes
through a router, its hop count (or TTL) is decreased by one.

host name Label applied to a host computer that is unique on the local network.

hot site Fully configured alternate processing site that can be brought online either instantly or very
quickly after a disaster.

HTML5 VPN Using features of HTML5 to implement remote desktop/VPN connections via browser
software (clientless). Also called clientless VPN.

hub Layer 1 (Physical) network device used to implement a star network topology on legacy Ethernet
networks, working as a multiport repeater.

hub-and-spoke Network connectivity between multiple virtual private clouds where one virtual
private cloud (VPC) acts as a hub and the other VPCs are peered with it but not with each other.
hybrid topology A network that uses a combination of physical or logical topologies. In practice most
networks use hybrid topologies. For example, modern types of Ethernet are physically wired as stars
but logically operate as buses.

HyperText Transfer Protocol (HTTP) Application protocol used to provide web content to browsers.
HTTP uses port 80. HTTPS(ecure) provides for encrypted transfers, using SSL/TLS and port 443.

hypervisor Software or firmware that creates and manages virtual machines on the host hardware.

identity and access management (IAM) Security process that provides identification, authentication,
and authorization mechanisms for users, computers, and other entities to work with organizational
assets like networks, operating systems, and applications. Also referred to as identity management
(IdM), and access management.

ifconfig command Deprecated Linux command tool used to gather information about the IP
configuration of the network adapter or to configure the network adapter.

implicit deny Firewall ACL rule configured by default to block any traffic not matched by previous
rules.

incident response plan (IRP) Procedures and guidelines covering appropriate priorities, actions, and
responsibilities in the event of security incidents, divided into preparation, detection/analysis,
containment, eradication/recovery, and post-incident stages.

industrial control system (ICS) Network managing embedded devices (computer systems that are
designed to perform a specific, dedicated function).

Infrastructure as a Service (IaaS) Cloud service model that provisions virtual machines and network
infrastructure.

infrastructure as code (IaC) Provisioning architecture in which deployment of resources is performed

by scripted automation and orchestration.

instant secure erase (ISE) Media sanitization command built into HDDs and SSDs that are self-
encrypting that works by erasing the encryption key, leaving remnants unrecoverable.
insulation displacement connector (IDC) Block used to terminate twisted pair cabling at a wall plate
or patch panel available in different formats, such as 110, BIX, and Krone.

interface errors Troubleshooting issue where an interface reports packet errors due to frame
corruption and other factors.

interface statistics Metrics recorded by a host or switch that enable monitoring of link state, resets,
speed, duplex setting, utilization, and error rates.

interior gateway protocol (IGP) Dynamic routing protocol used to exchange path forwarding
information between routers in the same autonomous system.

intermediate distribution frame (IDF) Passive wiring panel providing a central termination point for
cabling. An IDF is an optional layer of distribution frame hierarchy that cross-connects "vertical"
backbone cabling to an MDF to "horizontal" wiring to wall ports on each floor of a building or each
building of a campus network.

internet control message protocol (ICMP) IP-level protocol for reporting errors and status information
supporting the function of troubleshooting utilities such as ping.

internet group management protocol (IGMP) Layer 3 protocol that allows hosts to join and leave
groups configured to receive multicast communications.

Internet Key Exchange (IKE) Framework for creating a Security Association (SA) used with IPSec. An
SA establishes that two hosts trust one another (authenticate) and agree secure protocols and cipher
suites to use to exchange data.

Internet Message Access Protocol (IMAP) Application protocol providing a means for a client to
access and manage email messages stored in a mailbox on a remote server. IMAP4 utilizes TCP port
number 143, while the secure version IMAPS uses TCP/993.

Internet of Things (IoT) Devices that can report state and configuration data and be remotely
managed over IP networks.
Internet Protocol header (IP header) Fields in a datagram used to identify source and destination IP
addresses, protocol type, and other layer 3 properties.

Internet Protocol Security (IPSec) Network protocol suite used to secure data through authentication
and encryption as the data travels across the network or the Internet.

Internet Service Provider (ISP) Provides Internet connectivity and web services to its customers.

Internet Small Computers Systems Interface (iSCSI) IP tunneling protocol that enables the transfer of
SCSI data over an IP-based network to create a SAN.

intrusion detection system (IDS) Security appliance or software that uses passive hardware sensors to
monitor traffic on a specific segment of the network. Also called a network intrusion detection
system (NIDS).

intrusion prevention system (IPS) Security appliance or software that combines detection capabilities
with functions that can actively block attacks.

ip command Linux command tool used to gather information about the IP configuration of the
network adapter or to configure the network adapter.

IP helper Command set in a router OS to support DHCP relay and other broadcast forwarding
functionality.

IP protocol type Identifier for a protocol working over the Internet Protocol, such as TCP, UDP, ICMP,
GRE, EIGRP, or OSPF.

IP scanner Utility that can probe a network to detect which IP addresses are in use by hosts. Also
called IP scanning.

ipconfig command Command tool used to gather information about the IP configuration of a
Windows host.

iperf Utility used to measure the bandwidth achievable over a network link.
iptables command Command-line utility for configuring the netfilter firewall implemented in the
Linux kernel.

iterative lookup DNS query type whereby a server responds with information from its own data store
only.

jitter Variation in the time it takes for a signal to reach the recipient. Jitter manifests itself as an
inconsistent rate of packet delivery. If packet loss or delay is excessive, then noticeable audio or
video problems (artifacts) are experienced by users.

jumbo frame Ethernet frame with a payload larger than 1500 bytes (up to about 9000 bytes).

Kerberos Single sign-on authentication and authorization service that is based on a time-sensitive
ticket-granting system.

latency The time it takes for a signal to reach the recipient. A video application can support a latency
of about 80 ms, while typical latency on the Internet can reach 1000 ms at peak times. Latency is a
particular problem for 2-way applications, such as VoIP (telephone) and online conferencing.

layer 3 capable switch Switch appliance capable of IP routing between virtual LAN (VLAN) subnets
using hardware-optimized path selection and forwarding.

least privilege Basic principle of security stating that something should be allocated the minimum
necessary rights, privileges, or information to perform its role. Also referred to as the principle of
least privilege.

LED status indicator Visual indicator of the status of various devices, including PC power supplies,
batteries, drive activity, and network activity. Network equipment LEDs usually show connection
speed and activity.

lifecycle roadmap Method to track the life cycle phases of one or more hardware, service, or
software systems in your organization. Also called the system lifecycle.

Lightweight Directory Access Protocol (LDAP) Network protocol used to access network directory
databases, which store information about authorized users and their privileges, as well as other
organizational information.
Link Aggregation Control Protocol (LACP) IEEE protocol governing the use of bonded Ethernet ports
(NIC teaming). Also referred to as 802.3ad and 802.1ax.

link local IP addressing scheme used within the scope of a single broadcast domain only.

link-state Algorithm used by routing protocols that build a complete network topology to use to
select optimum forwarding paths.

load balancer Type of switch, router, or software that distributes client requests between different
resources, such as communications links or similarly-configured servers. This provides fault tolerance
and improves throughput.

local area network (LAN) Network scope restricted to a single geographic location and
owned/managed by a single organization.

local authentication OS subsystem that authenticates users when they attempt to start a shell on the
host.

local connector (LC) Small form factor push-pull fiber optic connector; available in simplex and duplex
versions.

logging level Threshold for storing or forwarding an event message based on its severity index or
value. Also referred to as the severity level.

Long Term Evolution (LTE) Packet data communications specification providing an upgrade path for
both GSM and CDMA2000 cellular networks. LTE Advanced is designed to provide 4G standard
network access.

loopback adapter Used to verify the integrity of a network interface port by checking that it can
receive a signal generated by itself.

loopback address IP address by which a host can address itself over any available interface.
MAC address table Data store on a switch that keeps track of the MAC addresses associated with
each port. As the switch uses a type of memory called Content Addressable Memory (CAM), this is
sometimes called the CAM table.

Media Access Control filtering (MAC filtering) Applying an access control list to a switch or access
point so that only clients with approved MAC addresses can connect to it.

main distribution frame (MDF) Passive wiring panel providing a central termination point for cabling.
A MDF distributes backbone or "vertical" wiring through a building and connections to external
access provider networks.

malware Software that serves a malicious purpose, typically installed without the user's consent (or
knowledge).

maximum tolerable downtime (MTD) Longest period that a process can be inoperable without
causing irrevocable business failure.

maximum transmission unit (MTU) Maximum size in bytes of a frame's payload. If the payload
cannot be encapsulated within a single frame at the Data Link layer, it must be fragmented.

mean time between failures (MTBF) Metric for a device or component that predicts the expected
time between failures.

mean time to failure (MTTF) Metric indicating average time a device or component is expected to be
in operation.

mean time to repair/replace/recover (MTTR) Metric representing average time taken for a device or
component to be repaired, replaced, or otherwise recover from a failure.

mechanical transfer registered jack (MT-RJ) Small form factor duplex fiber optic connector with a
snap-in design.

Media Access Control address (MAC) Hardware address that uniquely identifies each network
interface at layer 2 (Data Link). A MAC address is 48 bits long with the first half representing the
manufacturer's Organizationally Unique Identifier (OUI). Also called a client identifier.
media converter Layer 1 (Physical) network device that translates signals received over one media
type for transmission over a different media type.

medium dependent interface/medium dependent interface crossover (MDI/MDI-X) System that

distinguishes transmit and receive pins on different interface types. The interface on an end system is
MDI while that on an intermediate system is MDI-X.

memorandum of understanding (MoU) Usually a preliminary or exploratory agreement to express an

intent to work together that is not legally binding and does not involve the exchange of money.

mesh topology A topology often used in WANs where each device has (in theory) a point-to-point
connection with every other device (fully connected); in practice, only the more important devices
are directly interconnected (partial mesh).

metro-optical City-wide fiber optic networks enabling Carrier Ethernet virtual private networks and
WAN links and "full fiber" Internet access. Also called Carrier Ethernet.

metropolitan area network (MAN) A class of network that covers the area of a city (that is, no more
than tens of kilometers). A MAN is larger than a LAN but smaller than a WAN but it can operate at
speeds that are comparable with LANs.

microsegmentation (switching) Function of an Ethernet switch whereby collision domains are

reduced to the scope of a single port only.

missing route Troubleshooting issue where a routing table does not contain a required entry due
either to manual misconfiguration or failure of a dynamic routing protocol update.

mission essential function (MEF) Business or organizational activity that is too critical to be deferred
for anything more than a few hours, if at all.

monitoring baseline Estimated performance or stability of a service based on historical information

or vendor guidance. Also called a performance baseline.

multicast A packet addressed to a selection of hosts (in IP, those belonging to a multicast group).
multifactor authentication (MFA) Authentication scheme that requires the user to present at least
two different factors as credentials, from something you know, something you have, something you
are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

multimeter Electrical meter capable of measuring voltage, resistance, and current. Voltage readings
can be used to determine whether, for example, a power supply unit is functioning correctly.
Resistance readings can be used to determine whether a fuse or network cable is functioning
correctly.

multimode fiber (MMF) Fiber optic cable type using LED or vertical cavity surface emitting laser
optics and graded using optical multimode types for core size and bandwidth.

multipath Overprovisioning controllers and cabling so that a host has failover connections to
networks and storage media. Also called multipathing.

Multiple Input Multiple Output (MIMO) Use of multiple reception and transmission antennas to
boost bandwidth via spatial multiplexing and to boost range and signal reliability via spatial diversity.

Multiprotocol Label Switching (MPLS) "Layer 2.5" network protocol used by service providers to
implement WAN access links and virtual private networks with traffic engineering (congestion
control), Class of Service, and Quality of Service.

multiuser MIMO (MU-MIMO) Use of spatial multiplexing to connect multiple MU-MIMO-capable

stations simultaneously, providing the stations are not on the same directional path.

native VLAN VLAN ID used for any untagged frames received on a trunk port. The same ID should be
used on both ends of the trunk and the ID should not be left as the default VLAN ID (1).

neighbor discovery protocol (ND) IPv6 protocol used to identify link local nodes.

Netflow Cisco-developed means of reporting network flow information to a structured database.

NetFlow allows better understanding of IP traffic flows as used by different network applications and
hosts.

netstat command Cross-platform command tool to show network information on a machine running
TCP/IP, notably active connections and the routing table.
network access control (NAC) General term for the collected protocols, policies, and hardware that
authenticate and authorize access to a network at the device level.

network address translation (NAT) Routing mechanism that conceals internal addressing schemes
from the public Internet by translating between a single public address on the external side of a
router and private, non-routable addresses internally.

network functions virtualization (NFV) Provisioning virtual network appliances, such as switches,
routers, and firewalls, via VMs and containers.

Network Layer OSI model layer responsible for logical network addressing and forwarding. Also
called Layer 3.

network mask Number of bits applied to an IP address to mask the network ID portion from the
host/interface ID portion. Also referred to as a netmask or subnet mask.

Network Separation Enforcing a security zone by separating a segment of the network from access by
the rest of the network. This could be accomplished using firewalls or VPNs or VLANs. A physically
separate network or host (with no cabling or wireless links to other networks) is referred to as air-
gapped. Also referred to as Segmentation or network segmentation enforcement.

Network Time Protocol (NTP) Application protocol allowing machines to synchronize to the same
time clock that runs over UDP port 123.

NIC teaming Two or more NIC aggregated into a single channel link for fault tolerance and increased
throughput. Also known as NIC bonding.

Nmap IP and port scanner used for topology, host, service, and OS discovery and enumeration.

non-disclosure agreement (NDA) Agreement that stipulates that entities will not share confidential
information, knowledge, or materials with unauthorized third parties.

nslookup command Cross-platform command tool for querying DNS resource records.
offboarding Process of ensuring that all HR and other requirements are covered when an employee
leaves an organization. Also called an exit interview.

on-path attack Attack where the threat actor makes an independent connection between two victims
and is able to read and possibly modify traffic. Formerly called a Man-in-the-Middle (MitM) attack.

onboarding Process of bringing in a new employee, contractor, or supplier.

open authentication Wireless network authentication mode where guest (unauthenticated) access is
permitted.

open shortest path first (OSPF) Dynamic routing protocol that uses a link-state algorithm and a
hierarchical topology.

operational technology (OT) Communications network designed to implement an industrial control

system rather than data networking.

optical link budget Assessment of allowable signal loss over a fiber optic link. Also referred to as low
optical link budget.

optical mode (OM) Classification system for multimode fiber designating core size and modal
bandwidth.

optical spectrum analyzer (OSA) Determines attenuation of different light wavelengths to establish
suitability of fiber optic cable for long-distance applications.

optical time domain reflectometer (OTDR) Used to measure the length of a fiber optic cable run and
are able to locate faults.

orchestration Automation of multiple coordinated steps in a deployment process.

Open Systems Interconnection reference model (OSI reference model) Assigns network and
hardware components and functions at seven discrete layers: Physical, Data Link, Network,
Transport, Session, Presentation, and Application.
out-of-band management (OOB) Accessing the administrative interface of a network appliance using
a separate network from the usual data network. This could use a separate VLAN or a different kind
of link, such as a dial-up modem.

overlay network Network protocols that use encapsulation to provision virtual tunnels and networks
without requiring reconfiguration of the underlying transport network.

packet sniffing Recording data from frames as they pass over network media, using methods such as
a mirror port or tap device.

passive optical network (PON) Technology based on DWDM to provision "near" fiber Internet access
solutions (FTTx - Fiber to the Home, Fiber to the Curb, and so on).

password policy Security policy that promotes user selection of strong passwords by specifying a
minimum password length, requiring complex passwords, requiring periodic password changes, and
placing limits on reuse of passwords.

patch panel Type of distribution frame used with twisted pair cabling with IDCs to terminate fixed
cabling on one side and modular jacks to make cross-connections to other equipment on the other.
Also called a patch bay.

peer-to-peer Administration paradigm whereby any computer device may be configured to operate
as both server and client.

penetration testing Test that uses active tools and security utilities to evaluate security by simulating
an attack on a system. A pen test will verify that a threat exists, then will actively test and bypass
security controls, and will finally exploit vulnerabilities on the system. Often abbreviated as pen test.

performance metric Measurement of a value affecting system performance, such as CPU or memory
utilization.

personal area network (PAN) Close range networking (usually based on Bluetooth or NFC) allowing
communications between personal devices, such as smartphones, laptops, and printers/peripheral
devices.

phishing Email-based social engineering attack, in which the attacker sends email from a supposedly
reputable source, such as a bank, to try to elicit private information from the victim.
physical access control system (PACS) Components and protocols that facilitate the centralized
configuration and monitoring of security mechanisms within offices and data centers.

Physical Layer (PHY) Lowest layer of the OSI model providing for the transmission and receipt of data
bits from node to node. This includes the network medium and mechanical and electrical
specifications for using the media. Also referred to as Layer 1.

piggybacking Allowing a threat actor to enter a site or controlled location without authorization.

ping command Cross-platform command tool for testing IP packet transmission.

plain old telephone system (POTS) Parts of telephone network "local loop" that use voice-grade
cabling. Analog data transfer over POTS using dial-up modems is slow (33.3Kbps).

Platform as a Service (PaaS) Cloud service model that provisions application and database services as
a platform for development of apps.

Plenum Cable for use in building voids designed to be fire resistant and to produce a minimal amount
of smoke if burned. Also called plenum cable.

Point to Point Protocol (PPP) Dial-up protocol working at layer 2 (Data Link) used to connect devices
remotely to networks.

point-to-point A point-to-point topology is one where two nodes have a dedicated connection to one
another.

polarization Orientation of the wave propagating from an antenna.

port (TCP/UDP) In TCP and UDP applications, a unique number assigned to a particular application
protocol. Server ports are typically assigned well known or registered numbers while client ports use
dynamic or ephemeral numbering.
port address translation (PAT) Maps private host IP addresses onto a single public IP address. Each
host is tracked by assigning it a random high TCP port for communications. Also called network
address port translation (NAPT) and NAT overloading.

port aggregation Combining the bandwidth of two or more switch ports into a single channel link.

port mirroring Copying ingress and/or egress communications from one or more switch ports to
another port. This is used to monitor communications passing over the switch. Also called a switched
port analyzer (SPAN)

port scanner Utility that can probe a host to enumerate the status of TCP and UDP ports.

port security Preventing a device attached to a switch port from communicating on the network
unless it matches a given MAC address or other protection profile.

port tagging On a switch with VLANs configured, a port with an end station host connected operates
in untagged mode (access port). A tagged port will normally be part of a trunk link.

Post Office Protocol (POP) Application protocol that enables a client to download email messages
from a server mailbox to a client over port TCP/110 or secure port TCP/995. Also called POP3.

posture assessment Process for verifying compliance with a health policy by using host health
checks.

power distribution unit (PDU) Advanced strip socket that provides filtered output voltage. A
managed unit supports remote administration.

Power over Ethernet (PoE) Specification allowing power to be supplied via switch ports and ordinary
data cabling to devices such as VoIP handsets and wireless access points. Devices can draw up to
about 13W (or 25W for PoE+).

pre-shared key (PSK) Wireless network authentication mode where a passphrase-based mechanism
is used to allow group authentication to a wireless network. The passphrase is used to derive an
encryption key.
Presentation Layer OSI model layer that transforms data between the formats used by the network
and applications. Also called Layer 6.

printer "Printer" is often used to mean "print device" but also refers to a term used to describe the
software components of a printing solution. The printer is the object that Windows sends output to.
It consists of a spool directory, a printer driver, and configuration information.

private branch exchange (PBX) Routes incoming calls to direct dial numbers and provides facilities
such as voice mail, Automatic Call Distribution (ACD), and Interactive Voice Response (IVR). A PBX can
also be implemented as software (virtual PBX). An IP-based PBX or hybrid PBX allows use of VoIP.

private key In asymmetric encryption, the private key is known only to the holder and is linked to, but
not derivable from, a public key distributed to those with which the holder wants to communicate
securely. A private key can be used to encrypt data that can be decrypted by the linked public key or
vice versa.

private VLAN (PVLAN) Method of isolating hosts to prevent hosts within the same VLAN from
communicating directly.

protocol analyzer Utility that can parse the header fields and payloads of protocols in captured
frames for display and analysis. Also called a packet analyzer.

Protocol Data Unit (PDU) Network packet encapsulating a data payload from an upper layer protocol
with header fields used at the current layer. Also referred to as Encapsulation.

proxy server Server that mediates the communications between a client and another server. It can
filter and often modify communications, as well as provide caching services to improve performance.
Also called a forward proxy.

public key During asymmetric encryption, this key is freely distributed and can be used to perform
the reverse encryption or decryption operation of the linked private key in the pair.

public key infrastructure (PKI) Framework of certificate authorities, digital certificates, software,
services, and other cryptographic components deployed for the purpose of validating subject
identities.
public switched telephone network (PSTN) Global network connecting national telecommunications
systems.

public versus private addressing Some IP address ranges are designated for use on private networks
only. Packets with source IP addresses in public ranges are permitted to be forwarded over the
Internet. Packets with source IP addresses from private ranges should be blocked at Internet
gateways or forwarded using some type of translation mechanism.

punchdown block Type of distribution frame that offers high density and available in different IDC
formats, such as 110, BIX, and Krone.

punchdown tool Tool used to terminate solid twisted pair copper cable to an Insulation Displacement
Connector.

quad small form factor pluggable/enhanced quad small form factor pluggable (QSFP/QSFP+) Fiber
optic transceiver module type supporting four individual duplex lanes at 1 Gbps (QSFP) or 10 Gbps
(QSFP+) that can be aggregated into a single 4 Gbps or 40 Gbps channel.

quality of service (QoS) Systems that differentiate data passing over the network that can reserve
bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth
is often described as Class of Service (CoS).

rack Storage solution for server and network equipment. Racks are designed to a standard width and
height (measured in multiples of 1U or 1.75"). Racks offer better density, cooling, and security than
ordinary office furniture.

radio frequency attenuation (RF attenuation) Loss of signal strength due to distance and
environmental factors. Also referred to as free space path loss.

Radio Frequency ID (RFID) Means of encoding information into passive tags, which can be easily
attached to devices, structures, clothing, or almost anything else.

ransomware Malware that tries to extort money from the victim by encrypting the victim’s files and
demanding payment.

received signal strength indicator (RSSI) Signal strength as measured at the receiver, using either
decibel units or an index value.
recovery point objective (RPO) Longest period that an organization can tolerate lost data being
unrecoverable.

recovery time objective (RTO) Maximum time allowed to restore a system after a failure event.

recursive lookup DNS query type whereby a server submits additional queries to other servers to
obtain the requested information.

registered jack connector (RJ) Series of jack/plug types used with twisted pair cabling, such as RJ-45
and RJ-11.

Remote Authentication Dial-in User Service (RADIUS) AAA protocol used to manage remote and
wireless authentication infrastructures.

Remote Desktop Protocol (RDP) Application protocol for operating remote connections to a host
using a graphical interface. The protocol sends screen data from the remote host to the client and
transfer mouse and keyboard input from the client to the remote host. It uses TCP port 3389.

repeater Layer 1 device that regenerates and retransmits signals to overcome media distance
limitations.

reservation (DHCP) DHCP configuration that assigns either a prereserved or persistent IP address to a
given host, based on its hardware address or other ID.

resource record (AAAA) Data file storing information about a DNS zone. The main records are as
follows: A (maps a host name to an IPv4 address), AAAA (maps to an IPv6 address), CNAME (an alias
for a host name), MX (the IP address of a mail server), and PTR (allows a host name to be identified
from an IP address).

reverse DNS DNS query type to resolve an IP address to a host name.

ring topology In a ring topology, all of the computers are connected in a circle. The ring comprises a
series of point-to-point links between each device. Signals pass from device to device in a single
direction with the signal regenerated at each device.
risk Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

roaming WLAN configured with multiple access points in an extended service set allowing clients to
remain connected to the network within an extended service area.

rogue access point Wireless access point that has been enabled on the network without
authorization.

role-based access control (RBAC) Access control model where resources are protected by ACLs that
are managed by administrators and that provide user permissions based on job functions.

rollover cable Cable used to connect the serial port on a host or modem to the console port on a
network appliance. Also called console table.

route command Cross-platform command tools used display and manage the routing table on a
Windows or Linux host.

router An intermediate system working at the Network layer capable of forwarding packets around
logical networks of different layer 1 and layer 2 types.

router advertisement (RA) Packet sent by an IPv6-capable router to notify hosts about prefixes and
autoconfiguration methods available on the local link.

Router Advertisement Guard (RA Guard) Switchport security feature to block router advertisement
packets from unauthorized sources.

routing information protocol (RIP) Distance vector-based routing protocol that uses a hop count to
determine the least-cost path to a destination network.

routing loop Troubleshooting issue where a packet is forwarded between routers in a loop until its
TTL expires.

routing table Data store on an IP host used to determine the interface over which to forward a
packet.
sanitization Process of thoroughly and completely removing data from a storage medium so that file
remnants cannot be recovered.

scalability Property by which a computing environment is able to gracefully fulfill its ever increasing
resource needs.

scope (DHCP) Range of consecutive IP addresses in the same subnet that a DHCP server can lease to
clients.

screened subnet Segment isolated from the rest of a private network by one or more firewalls that
accepts connections from the Internet over designated ports. Formerly referred to as a demilitarized
zone (DMZ), but this usage is now deprecated.

secure erase (SE) Method of sanitizing a drive using the ATA command set.

Secure Shell (SSH) Application protocol supporting secure tunneling and remote terminal emulation
and file copy. SSH runs over TCP port 22.

Secure Sockets Layer (SSL) Original, obsolete version of the security protocol now developed as TLS.

security information and event management (SIEM) Solution that provides real-time or near-real-
time analysis of security alerts generated by network hardware and applications.

sensor (device/chassis) Device that can report environmental conditions such as temperature or
chassis intrusion to a monitoring system.

separation of duties Security policy concept that states that duties and responsibilities should be
divided among individuals to prevent ethical conflicts or abuse of powers.

Server Message Block (SMB) Application protocol used for requesting files from Windows servers and
delivering them to clients. SMB allows machines to share files and printers, thus making them
available for other machines to use. SMB client software is available for UNIX-based systems. Samba
software allows UNIX and Linux servers or NAS appliances to run SMB services for Windows clients.
Also called Common Internet File System (CIFS).
service level agreement (SLA) Agreement that sets the service requirements and expectations
between a consumer and a provider.

service set identifier (SSID) Character string that identifies a particular wireless LAN (WLAN).

Session Initiation Protocol (SIP) Application protocol used to establish, disestablish, and manage VoIP
and conferencing communications sessions. It handles user discovery (locating a user on the
network), availability advertising (whether a user is prepared to receive calls), negotiating session
parameters (such as use of audio/ video), and session management and termination.

Session Layer OSI model layer that provides services for applications that need to exchange multiple
messages (dialog control). Also referred to as Layer 5.

shielded twisted pair (STP) Copper twisted pair cabling with screening and shielding elements for
individual wire pairs and/or the whole cable to reduce interference. Also referred to as a screened,
shielded, or foiled twisted pair.

shoulder surfing Social engineering tactic to obtain someone's password or PIN by observing him or
her as he or she types it in.

show commands Set of commands in a switch OS to report configuration or interface information.

show route command Command tools used in router operating systems to list the contents of
routing tables.

Simple Network Management Protocol (SNMP) Application protocol used for monitoring and
managing network devices. SNMP works over UDP ports 161 and 162 by default.

Simultaneous Authentication of Equals (SAE) Personal authentication mechanism for Wi-Fi networks
introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

single mode fiber (SMF) Fiber optic cable type that uses laser diodes and narrow core construction to
support high bandwidths over distances of over 5 km.

single sign-on (SSO) Authentication technology that enables a user to authenticate once and receive
authorizations for multiple services.
site survey Documentation about a location for the purposes of building an ideal wireless
infrastructure; it often contains optimum locations for wireless antenna and access point placement
to provide the required coverage for clients and identifying sources of interference.

small form factor pluggable/enhanced small form factor pluggable (SFP/SFP+) Fiber optic transceiver
module type supporting duplex 1 Gbps (SFP) or 10 Gbps (SFP+) links.

small office, home office (SOHO) Typically used to refer to network devices designed for small-scale
LANs.

smartjack Termination point for an access provider’s cabling, also referred to as the Network
Interface Unit (NIU).

Simple Mail Transfer Protocol (SMTP) Application protocol used to send mail between hosts on the
Internet. Messages are sent between servers over TCP port 25 or submitted by a mail client over
secure port TCP/587.

snips Electrician’s scissors that are sturdy enough to cut wire and notched to assist with stripping
insulation from wire.

social engineering Activity where the goal is to use deception and trickery to convince unsuspecting
users to provide sensitive data or to violate security guidelines.

socket Combination of a TCP/UDP port number and IP address. A client socket can form a connection
with a server socket to exchange data.

Software as a Service (SaaS) Cloud service model that provisions fully developed application services
to users.

software defined networking (SDN) APIs and compatible hardware/virtual appliances allowing for
programmable network appliances and systems.

software defined WAN (SD-WAN) Services that use software-defined mechanisms and routing
policies to implement virtual tunnels and overlay networks over multiple types of transport network.
spanning tree protocol (STP) Protocol that prevents layer 2 network loops by dynamically blocking
switch ports as needed.

spectrum analyzer Device that can detect the source of interference on a wireless network.

speed Amount of data that can be transferred over a network connection in a given amount of time,
typically measured in bits or bytes per second (or some more suitable multiple thereof). Transfer rate
is also described variously as data rate, bit rate, connection speed, transmission speed, or
bandwidth. Transfer rates are often quoted as the peak, maximum, theoretical value; sustained,
actual throughput is often considerably less.

speed (port configuration) Port setting that determines the speed of the link. The same setting must
be used on the connected device and is usually autonegotiated.

spine and leaf topology Topology commonly used in datacenters comprising a top tier of aggregation
switches forming a backbone for a leaf tier of top-of-rack switches.

split tunnel VPN configuration where only traffic for the private network is routed via the VPN
gateway.

spoofing Attack technique where the threat actor disguises their identity or impersonates another
user or resource.

standard operating procedure (SOP) Documentation of best practice and work instructions to use to
perform a common administrative task.

star topology In a star network, each node is connected to a central point, typically a switch or a
router. The central point mediates communications between the attached nodes. When a device
such as a hub is used, the hub receives signals from a node and repeats the signal to all other
connected nodes. Therefore the bandwidth is still shared between all nodes. When a device such as
a switch is used, point-to-point links are established between each node as required. The circuit
established between the two nodes can use the full bandwidth capacity of the network media.

stateless address autoconfiguration (SLAAC) Mechanism used in IPv6 for hosts to assign addresses to
interfaces without requiring manual intervention.

static route Entry in the routing table added manually by an administrator.

storage area network (SAN) Network dedicated to provisioning storage resources, typically consisting
of storage devices and servers connected to switches via host bus adapters.

straight tip connector (ST) Bayonet-style twist-and-lock connector for fiber optic cabling.

straight-through cable Cable designed to connect an end system MDI to an intermediate system MDI-
X, such as a host to a hub.

structured query language (SQL) Programming and query language common to many relational
database management systems.

subinterface Configuring a router's physical interface with multiple virtual interfaces connected to
separate virtual LAN (VLAN) IDs over a trunk.

subnet addressing Division of a single IP network into two or more smaller broadcast domains by
using longer netmasks within the boundaries of the network. Also called a subnet mask.

subscriber connector (SC) Push/pull connector used with fiber optic cabling.

Supervisory Control and Data Acquisition (SCADA) Type of industrial control system that manages
large-scale, multiple-site devices and equipment spread over geographically large areas from a host
computer.

switch Intermediate system used to establish contention-free network segments at layer 2 (Data
Link).

switching loop Troubleshooting issue where layer 2 frames are forwarded between switches or
bridges in an endless loop.

syslog Application protocol and event logging format enabling different appliances and software
applications to transmit logs or event records to a central server. Syslog works over UDP port 514 by
default.
T-carrier (T1) System was developed by Bell Labs to allow multiple calls to be placed on a single cable.
Each 64 Kbps channel provides enough bandwidth for a voice communication session and is known
as a DS0 or a Kilostream link. Channels can be multiplexed over a leased line to provide more
bandwidth (T1, T2, T3, and so on). Also called T3, E1, and DS.

T568A/T568B Twisted pair termination pinouts defined in the ANSI/TIA/EIA 568 Commercial Building
Telecommunications Standards.

test access port (TAP) Hardware device inserted into a cable to copy frames for analysis.

TCP flag Field in the header of a TCP segment designating the connection state, such as SYN, ACK, or
FIN.

tcpdump command Command-line packet sniffing utility.

telnet Application protocol supporting unsecure terminal emulation for remote host management.
Telnet runs over TCP port 23.

Terminal Access Controller Access Control System Plus (TACACS+) AAA protocol developed by Cisco
that is often used to authenticate to administrator accounts for network appliance management.

terminal emulator Software that reproduces text input and output for a given command shell or OS.

thin AP Access point that requires a wireless controller in order to function.

threat Potential for an entity to exercise a vulnerability (that is, to breach security).

three-tiered hierarchy Paradigm to simplify network design by separating switch and router
functionality and placement into three tiers each with a separate role, performance requirements,
and physical topology.

throughput Amount of data transfer supported by a link in typical conditions. This can be measured
in various ways with different software applications. Goodput is typically used to refer to the actual
"useful" data rate at the application layer (less overhead from headers and lost packets).
time domain reflectometer (TDR) Used to measure the length of a cable run and are able to locate
open and short circuits, kinks/sharp bends, and other imperfections in cables that could affect
performance.

time to live (DNS) (TTL) Amount of time that the record returned by a DNS query should be cached
before discarding it.

time to live (IP) (TTL) Counter field in the IP header recording the number of hops a packet can make
before being dropped.

tone generator Used to identify one cable within a bundle by applying an audible signal. Also called
fox and hound.

top-of-rack switch (ToR) High-performance switch model designed to implement the leaf tier in a
spine and leaf topology.

topology Network specification that determines the network's overall layout, signaling, and dataflow
patterns.

traceroute/tracert command Diagnostic utilities that trace the route taken by a packet as it "hops" to
the destination host on a remote network. tracert is the Windows implementation, while traceroute
runs on Linux.

traffic shaper Appliances and/or software that enable administrators to closely monitor network
traffic and to manage that network traffic. The primary function of a traffic shaper is to optimize
network media throughput to get the most from the available bandwidth. Also called a bandwidth
shaper.

transceiver Component in a network interface that converts data to and from the media signalling
type. Modular transceivers are designed to plug into switches and routers.

transmission control protocol (TCP) Protocol in the TCP/IP suite operating at the transport layer to
provide connection-oriented, guaranteed delivery of packets.

Transport Layer OSI model layer responsible for ensuring reliable data delivery. Also called Layer 4.
Transport Layer Security (TLS) Security protocol that uses certificates for authentication and
encryption to protect web communications and other application protocols.

Trivial File Transfer Protocol (TFTP) Simplified form of FTP supporting only file copying. TFTP works
over UDP port 69.

troubleshooting methodology Structured approach to problem solving using identification, theory of

cause, testing, planning, implementation, verification, and documentation steps.

trunk Backbone link established between switches and routers to transport frames for multiple
virtual LANs (VLANs).

tunneling Encapsulating data from a local protocol within another protocol's PDU to transport it to a
remote network over an intermediate network. Tunneling protocols are used in many contexts,
including virtual private networks (VPNs) and transport IPv6 packets over IPv4 networks.

twinaxial Media type similar to coax but with two inner conductors to improve performance.

ultra physical contact (UPC) Fiber optic connector finishing type that uses a flat polish for the ferrule.

unicast A packet addressed to a single host. If the host is not on the local subnet, the packet must be
sent via one or more routers.

Uninterruptible Power Supply (UPS) Battery-powered device that supplies AC power that an
electronic device can use in the event of power failure.

unshielded twisted pair Media type that uses copper conductors arranged in pairs that are twisted to
reduce interference. Typically cables are 4-pair or 2-pair.

user datagram protocol (UDP) Protocol in the TCP/IP suite operating at the transport layer to provide
connectionless, non-guaranteed communication.

variable length subnet masking (VSLM) Using network prefixes of different lengths within an IP
network to create subnets of different sizes.
vendor management Policies and procedures to identify vulnerabilities and ensure security of the
supply chain.

virtual IP Public address of a load balanced cluster that is shared by the devices implementing the
cluster.

virtual local area network (VLAN) A logically separate network, created by using switching
technology. Even though hosts on two VLANs may be physically connected to the same cabling, local
traffic is isolated to each VLAN so they must use a router to communicate.

Virtual Network Computing (VNC) Remote access tool and protocol. VNC is the basis of macOS
screen sharing.

virtual private network (VPN) Secure tunnel created between two endpoints connected via an
unsecure transport network (typically the Internet).

VLAN Hopping Exploiting a misconfiguration to direct traffic to a different VLAN without

authorization.

voice gateway Means of translating between a VoIP system and legacy voice equipment and
networks.

Voice over Internet Protocol (VoIP) Generic name for protocols that carry voice traffic over data
networks.

voice virtual local area network (voice VLAN) Feature of VoIP handsets and switches to segregate
data and voice traffic while using a single network wall port to attach the handset and the computer.
Also called auxiliary VLAN.

VoIP phone Handset or software client that implements a type of voice over Internet Protocol (VoIP)
to allow a user to place and receive calls.

VPN headend Appliance that incorporates advanced encryption and authentication methods in order
to handle a large number of VPN tunnels, often in hub and spoke site-to-site VPN topologies. Also
called a VPN concentrator.
vulnerability Weakness that could be triggered accidentally or exploited intentionally to cause a
security breach.

vulnerability assessment Evaluation of a system's security and ability to meet compliance

requirements based on the configuration state of the system, as represented by information
collected from the system. Also called vulnerability testing.

warm site Alternate processing location that is dormant or performs noncritical functions under
normal conditions, but which can be rapidly converted to a key operations site if needed.

Wi-Fi analyzer Device or software that can report characteristics of a WLAN, such as signal strength
and channel utilization.

Wi-Fi Protected Access (WPA) Standards for authenticating and encrypting access to Wi-Fi networks.
Also called WPA2 and WPA3.

Wide Area Network (WAN) Network scope that spans a large geographical area, incorporating more
than one site and often a mix of different media types and protocols plus the use of public
telecommunications networks.

wire map tester Tool to verify termination/pinouts of cable.

wireless LAN controller Device that provides wireless LAN management for multiple APs.

wireless local area network (WLAN) A network using wireless radio communications based on some
variant of the 802.11 standard series.

Wireshark Widely-used protocol analyzer.

wiring diagram Documentation of connector pinouts and/or cable runs.

work recovery time (WRT) In disaster recovery, time additional to the RTO of individual systems to
perform reintegration and testing of a restored or upgraded system following an event.
YAML Ain't Markup Language (YAML) Language for configuration files and applications such as
Netplan and Ansible.

Z-Wave Low-power wireless communications protocol used primarily for home automation. Z-Wave
uses radio frequencies in the high 800 to low 900 MHz and a mesh topology.

zero trust Security design paradigm where any request (host-to-host or container-to-container) must
be authenticated before being allowed.

zero-day Vulnerability in software that is unpatched by the developer or an attack that exploits such
a vulnerability.

ZigBee Low-power wireless communications open source protocol used primarily for home
automation. ZigBee uses radio frequencies in the 2.4 GHz band and a mesh topology.

zone index Parameter assigned by a host to distinguish ambiguous interface addresses within a link
local scope.

zone transfer Mechanism by which a secondary name server obtains a read-only copy of zone
records from the primary server.