Glossary of Terms
3DES
Triple-DES or Triple Data Encryption Standard
A block cipher formed from the DES cipher. It was
developed by Walter Tuchman (the leader of the DES development team at IBM)
and is specified in FIPS Pub 46-3. There are several ways to use DES three
times; not all are Triple-DES and not all are as secure.
It takes three 64-bit keys, for an overall key length of 192 bits. The procedure
for encryption is exactly the same as regular
DES, but it is repeated three times. The data is
encrypted with the first key, decrypted with the second key, and finally encrypted
again with the third key.
802.11
802.11 is a group of specifications for wireless networking developed by
the IEEE.
The 802.11 family of standards
are based on packet radio technology.
The IEEE 802.11 Committee sets the specifications for 802.11 devices.
current standards:
IEEE Standard Max.link rate Approx.data
throughput frequency access method
802.11a 54
Mbps 25
Mbps 5
GHz OFDM
802.11b 11
Mbps 6 Mbps 2.4
GHz CCK
802.11g 54
Mbps 25
Mbps 2.4
GHz OFDM
future standards:
IEEE
Standard Max.link rate Approx.data throughput frequency access
method
802.11n 540
Mbps expected approval 11/2006 OFDM
MIMO
802.11e ratified and approved, not yet published as of
11/2005
802.11k
802.11v
802.11b (1999) was
available first, then 802.11a (1999).
802.11g (2003)
Wi-Fi networks operate in a range between 18 m (about 60 feet)
and 500 m (about .3 miles)
ADSL
Asynchronous Digital Subscriber Line
AES
Advanced Encryption Standard
A block cipher adopted bu the U.S. as an encryption standard in NIST US FIPS
PUB 197 in Nov 2001. Developed by Belgian cryptographers Joan Daemen and
Vincent Rijmen, AES uses a fixed 128-bit block size and keys or either 128,
192, or 256 bits.
ARP
Address Resolution Protocol
ASCII
American Standard Code for Information Interchange
BIA
Business Impact Assessment
Blowfish
A symmetric block cypher which uses a variable length (32 to 448 bits) key,
developed by Bruce Schneier. Blowfish is open source code.
BWA
Broadband Wireless Access
A technology to deliver high data rates wirelessly, aimed at competing with
DSL and/or cable modems.
Cable Modem
Comcast's "hi-speed internet" service:
up to 6 Mbps download / 384 Kbps upload
$42.95/month plus $3.00/month modem rental (+
$10.00/month if not a Comcast Cable TV subscriber)
end user is limited to 5 computers/printers/etc...
CDMA
Code Division Multiple Access
CTS
Clear To Send.
When using DCE (a modem is a
common example), the CTS indicates that the DCE is ready to accept data.
DCE
Data Communications Equipment
DES
Data Encryption Standard
A widely-used method of data encryption using a private (secret) key.
There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption
keys that can be used. For each given message, the
key is chosen at random from among this enormous number of keys. The algorithm
is a sixteen round block cipher which uses a 64bit block and a 56bit key. DES
takes
a 64bit block of plaintext and transforms it into a 64bit block of ciphertext.
The data is processed in 16 rounds, or steps, using 16 subkeys that are created
from an original 56bit DES key. If each 64bit block in the message is encrypted
independently of other blocks, the mode is called electronic code book (ECB).
Two other modes, called cipher-block chaining (CBC) and cipher-feedback (CFB)
make the encryption of the current block dependent on past blocks.
DDoS
Distributed Denial of Service
DDS
Dedicated Digital Service
a hardwired, point-to-point digital circuit with guaranteed bandwidth
also Digital Data Storage = 4mm DAT tape format, used as a backup medium
(DDS-1, DDS-2, DDS-3 & DDS-4)
Sony and HP introduced DDS in 1989
DrDoS
Distributed Reflective Denial of Service
DSL
Digital Subscriber Line
A technology for enabling high speed information transfer to end users over
ordinary copper telephone lines. xDSL refers to different variations of DSL,
such as ADSL, HDSL, iDSL and RADSL.
A DSL line can carry both data and voice signals simultaneously, and the data
part
of
the
line
is continuously connected.
DSL's data rate is dependant on the distance from the nearest
DSL service provider's exchange to the end user. Distance limitations are generally
around
the
4 mile mark and apply to the actual cable length from
the exchange to the end user premises.
DSLAM
Digital Subscriber Line Access Multiplexer
A network device, usually at a telephone company central office, that receives
signals from multiple customer DSL connections and
puts the signals on a high-speed backbone line using multiplexing techniques.
Depending on the product, DSLAM multiplexers connect DSL lines
with some combination of ATM, frame relay, or Internet
Protocol networks.
EAP
Extensible Authentication Protocol
EV-DO
Evolution-Data Only
A method to send data at a high speed over CDMA cellular networks (i.e. Verizon
Wireless Broadband Service). EV-DO has been built into routers, such as the Kyocera
KR1, to create mobile hotspots.
Frame
Relay
A fast packet switching protocol based on the LAPD protocol of ISDN that performs
routing and transfer with less overhead processing than X.25.
HIDS
Host-based Intrusion Detection System.
IDS software that will monitor the system
for suspicious activity.
ICMP
Internet Control Message Protocol
A method for communicating error messages and other transmission information.
Supports packets containing error, control, and informational messages. The
PING command,
for example, uses ICMP to test an Internet connection.
IDS
Intrusion Detection System
Detects unauthorized or malicious traffic on the internal network that either
got past the firewall and antivirus defenses, or originated from within the
internal network. Does not respond to the attack, but does log information
about it. A page or email alert can be generated. See NIDS, and HIDS.
IEEE
Institute of Electrical
and Electronics Engineers
IMAP4
An application layer Internet protocol used for accessing email on a remote
server from a local client. It enables efficient
operation such as downloading only essential data by first acquisitioning the
e-mail header prior to actual e-mail download. This feature makes the protocol
well suited to remote environments. IMAP and POP3 are
the two most prevalent Internet standard protocols for email retrieval.
IPS
Intrusion Prevention System
Detects unauthorized or malicious traffic on the internal network that either
got past the firewall and antivirus defenses, or originated from within the
internal network, as an IDS would do. However, it responds to the attack
by initiating an automatic response to stop the suspicious activity.
IPsec / IPSec
Internet Protocol Security
ISDN
Integrated Services Digital Network
An international standard for end-to-end
digital transmission of voice, data, and signaling.
L2TP
Layer 2 Tunneling Protocol
LMCS
Local Multipoint Communication System
Data rates can be as high as 155 Mbps
compared to 64 Kbps cell phones and, depending on jurisdiction, may operate between
2-GHz and 42-GHz with up to 3-GHz of spectrum available.
LMDS
Local Multipoint Distribution Service
Located in the 28 GHz and 31 GHz bands,
LMDS is a point-to-multipoint broadband radio service designed to provide two-way
transmission
of voice, high-speed data and video (wireless cable TV).
MAC / MAC Address
Media Access Control / Media Access Control Address
A hardware address.
MAN
Metropolitan Area Network
A data network designed for a town or city. In
terms of geographic breadth, MANs are larger than LANs,
but smaller than WANs.
MANs are usually characterized by very high-speed connections using fiber
optical cable or other digital
media.
MIB
Management Information Base
MIB I, MIB II
MIMO
Multiple Input, Multiple Output
NAT
Network Address Translation
NFC
Near Field Communication
Low range wireless operating at 13.56MHz. With a range of only 10cm (4 inches),
NFC is ideal for data exchange between devices such as waving a card over a terminal
to make purchases.
NIDS
Network Intrusion Detection System
An IDS system that tries to detect
malicious activity such as DoS attacks, port-scans or even
attempts to crack into computers by monitoring network traffic.
NNV
Network Node Validation
The checking of a system's Posture and Authentication
before allowing it on to the network.
Posture - OS version, patch level, applications and their patch levels,
Authentication - who is using the node
OFDM
Orthogonal Frequency-Division Multiplexing
A single transmitter transmits on many different orthogonal (independent) frequencies
(typically dozens to thousands),
resulting in a signal with high resistance to interference. An OFDM carrier
signal is the sum of a number of orthogonal
sub-carriers.
PGP
Pretty Good Privacy
A protocol used for encrypting messages developed by Phil Zimmermann and made
public in 1991. Widely used to encrypt email messages. PGP employs an asymmetric
key encryption algorithm, which uses a public and private key to establish the
encryption between messages.
PoE
Power Over Ethernet
Ethernet devices, such as an access point or camera, which gets its operating
power from the ethernet network cable rather than from an AC electric outlet.
POP3
Post Office Protocol version 3
POTS
Plain Old Telephone Service
Traditional phone service that is found in most homes and businesses. POTS is
in contrast to advanced services such as ISDN and DSL, which are digital and
provide greater bandwidth.
PPTP
Point-to-Point Tunneling Protocol
VPN superceded by L2TP
PSTN
Public Switched Telephone Network
The worldwide set of interconnected switched voice telephone networks that
deliver fixed telephone services to the general public and are usually accessed
by telephones, key telephone systems, private branch exchange trunks, and certain
data arrangements, transmitting voice, other audio, video, and data signals.
Radio Monitor Mode / Raw
Monitor Mode
When a Wi-Fi card is configured to receive only, and not transmit.
RADIUS
Remote Access Dial-up User Service
RAID
Redundant Array of Independent Disks
By managing several separate disks instead of one large one, advantages in
cost and performance characteristics such as increased speed and fault tolerance
can be realized.
RAID level 0 = RAID0 = disk stripping
RAID level 1 = RAID1 = mirrored disks
RAID level 5 = RAID5 = disk stripping with parity
RC4
Used in popular protocols
such as SSL (to protect Internet traffic) and WEP (to
secure wireless networks).
RC4 falls short of the high standards of security set by cryptographers, and
some ways of using RC4 lead to very insecure cryptosystems (including WEP).
Not recommended for use in new systems. Some systems based on
RC4 are secure enough for practical use.
RFID
Radio Frequency Identification
A method of identification using radio frequency. The tags emit a signal which
a device called a reader picks up.
RMON
Remote Monitoring
A standard used in telecommunications
equipment (e.g. in routers), which implement a MIB which
allows for remote monitoring and management of network equipment.
RMON
uses an agent running on the device being monitored to supply information over
SNMP to a management workstation (or some other system).
SME
Small to Midsized Enterprise
SMTP
Simple Mail Transfer Protocol
SNMP
Simple Network Management Protocol
SNMPv2, SNMPv3,
see RMON
SOHO
Small Office/Home Office
SOHO could be considered a network marketing term, referring to the type of network
that you would find in a small office or home office. Typically 1-10 users.
SSID
Service Set Identifier
A code that is attached to all packets on a wireless network to identify them
as being on that network. Consisting of up to 32 alphanumeric characters, all
wireless devices that attempt to communicate with one another must share a
common SSID.
TCP
Transmission Control Protocol
TCP/IP
Transmission Control Protocol/Internet Protocol
Communication protocols used for all Internet-connected machines.
TDMA
Time-Division Multiple Access
TFN
Tribal Flood Network
A network DoS tool.
Also called trin00, Trinoo,
TKIP
Temporal Key Integrity Protocol
A security protocol defined in IEEE 802.11i specifications for Wi-Fi networks
to replace WEP. TKIP was designed to replace WEP without
replacing legacy hardware.
This was necessary because the breaking of WEP left
Wi-Fi networks without viable link-layer security. The solution to this problem
could not wait on the replacement
of deployed hardware. ...
UDP
User Datagram Protocol
An Internet Protocol which transmits data packets without error checking.
Unlike TCP, UDP is connectionless and does not guarantee reliable communication;
the application itself must process any errors and check for reliable delivery.
VoWLAN
Voice over Wireless Local Area Network
VLAN
Virtual Local Area Network
VPN
Virtual Private Network
A private data network that is constructed using the public telecommunications
infrastructure to connect nodes.
Using secure "tunnels", the data is encrypted, allowing users to access private
information
over
a
public
network (the internet). VPNs can be Client-to-LAN or LAN-to-LAN.
Wardriving
Finding and recording the existence of open Wi-Fi networks.
WCDMA
Wideband Code-Division Multiple Access "CDMA"
WDS
Wireless Distribution System
WECA
Wireless Ethernet Compatibility Alliance
WEP
Wired Equivalent Privacy
A wireless security protocol for nnnnnn
Either 40-bit or 128-bit key:
• WEP64 24-bit
initialization vector & a
40-bit WEP key (the
initialization vector is WEP's weakness)
• WEP128 24-bit
initialization vector & a 104-bit WEP key (the
initialization vector is WEP's weakness)
• WEP152 24-bit
initialization vector & a 104-bit WEP key (the
initialization vector is WEP's weakness)
Wi-Fi
Wireless Fidelity
Another name for IEEE 802.11. It is a
term coined by WECA. Products certified
as Wi-Fi by WECA are interoperable
with each other even if they are from different manufacturers. A user with
a Wi-Fi product can use any brand of access point with any other brand of
client hardware that is built to the Wi-Fi standard.
WiMAX
Worldwide Interoperability for Microwave Access
Based on IEEE 802.16 BWA standards, supports bandwidth of up to 70Mbps over
distances of up to 30 miles.
WLAN
Wireless Local Area Network
WPA
Wi-Fi Protected Access
There are two types of WPA - personal, and enterprise
Personal -
WPA-Enterprise -
uses encryption and authentication to prevent unauthorized access to a network.
authentication is done via a corporate identity server. (i.e. Windows Active
Directory)
WPA2
Wi-Fi Protected Access 2
An enhanced version of WPA. It is the
official 802.11i standard that was ratified by the IEEE in June 2004. It
uses AES instead of TKIP.
AES supports 128-bit, 192-bit and 256-bit keys.
WPA-PSK
Wi-Fi Protected Access with Preshared Keys