|
|
BSI Glossary
|
| Category | Name | Description |
| 1 | Cat 1 | Unshielded twisted pair suitable for audio speakers and door bells but not data. |
| 2 | Cat 2 | Unshielded twisted pair (UTP) supporting 1.5 Mhz, suitable for telephones. |
| 3 | Cat 3 | UTP with 100 ohm impedance supporting frequencies up to 16 Mhz. |
| 4 | Cat 4 | UTP with 100 ohm impedance supporting frequencies up to 20 Mhz. |
| 5 | Cat 5 | UTP with 100 ohm impedance supporting frequencies up to 100 Mhz. |
| 5e | Cat 5e | Enhanced Cat 5, UTP with 100 ohm impedance supporting frequencies up to 100 Mhz plus has improved specifications for Near End Cross Talk (NEXT), Far End Cross Talk (PSELFEXT), and Attenuation. |
| 6 | Cat 6 | Proposed standard to support 250 Mhz over 100 ohm UTP. |
| 7 | Cat 7 | Proposed standard to support 600 Mhz over 100 ohm UTP. |
CHAP - Challenge Handshake Authentication Protocol - a protocol for password authentication. To prevent security risks, the password itself is not sent over the network. Instead, the authenticating server sends a random challenge string, and the system requesting authentication processes the string with an algorithm that depends on the password. The result is sent back to the authenticating system.
CIDF - Common Intrusion Detection Framework - is a set of standard protocols and application progrmming enterfaces for Intrusion Detection research projects. Uses CISL.
CISL - Common Intrusion Specification Language - is the mechanism for CIDF projects to communicate with each other.
CLEC - Competitive Local Exchange Carrier. A telephone company that competes with the incumbent telephone carrier. See LEC.
CNC - Computer Numerically Controlled. An old term, still used, to mean "computer controlled." These days almost all newer computer controlled machines have a Windows interface. This is often Windows 98 due to the MS-DOS heritage of some of the software. The Windows PC provides both a friendly operator interface and a way to communicate to any underlying PLC's that may drive or directly control the machine's components.
CO - Central Office. The location of the telephone company's switching equipment. The connection between the customer local loop and the global phone system is made at the CO.
CPE - Customer Premise Equipment. Telephone or networking equipment that belongs to the carrier but physically is kept at the customer's premises.
CSMA/CD - Carrier Sense Multiple Access Carrier Detection. The physical protocol used by Ethernet whereby the line is sensed for activity and if none, the network adaptor sends a packet. It next listens for a collision, i.e. for a scrambled signal caused by another sender sending a packet simultaneously. If a collision occurs, each party waits a random amount of time, and then tries again.
CVE - Common Vulnerabilities and Exposures - a standard for naming vulnerabilities and exposures that is maintained by MITRE. See www.cve.mitre.org.
D 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
DES - Data Encryption Standard - a widely-used 56-bit symmetrical data encryption algorithm. DES is considered to be near the end of its useful life as the state of the art for secure communications has moved on to 128-bit encryption schemes. Applying the DES algorithm three times to the same data gives "Triple DES" encoding, which is equivalent to 168 bit encryption, but it is three times slower than DES.
DHCP - Dynamic Host Configuration Protocol - a network protocol that automatically configures workstations to communicate on a network, eliminating the need for manual configuration of parameters such as IP address, DNS server address, and Gateway address. These parameters are automatically supplied to the workstation by a DHCP server.
Downtime - The time during which a system is not fully functional.
DMZ - Demilitarized Zone. The region in Korea established in 1953 as a demilitarized buffer between North and South Korea. The portion of a network that consists of bastion servers - usually additionally protected with firewalls and intrusion detection systems.
DNS - Domain Name Service - a protocol used on the Internet to translate between domain names (e.g. BristolSystems.com) and IP addresses (e.g. 192.168.1.1). Systems that provide DNS services are referred to as Domain Name Servers or DNS Servers.
DSL - Digital Subscriber Line - a technology that provides high-speed dedicated access to the internet at an affordable price. DSL can provide data rates as high as 1.5 megabits per second.
DSLAM - Digital Subscriber Line Access Multiplexer. DSL interface equipment that connects the customer premises via the local loop to the public switched telephone network and the wide area network system (via Frame Relay or ATM).
DUN - Dial-up Networking, usually refers to remote access through a modem.
E 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
EAP - Extensible Authentication Protocol - an emerging authentication standard that allows for easy integration of other types of authentication besides passwords, such as smart cards, thumb print readers, etc.
EIA - Electronic Industry Association.
EMI - Electro-Magnetic-Interference. Interference in communications equipment caused by magnetic forces.
Ethernet - A physical transmission protocol that uses CSMA/CD. IEEE standard 802.3.
Expectation - Expected Value - The sum of the possible values times the probability of the value occurring. Sometimes the terms "weighted average" (i.e. weighted by probability) or simply "average" are used.
F 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Firewall - a security device that resides in the path between a company's internal network and the Internet. A firewall allows necessary access to the Internet, while protecting against inappropriate internet communications occurring from either external sources (attempts to gain unauthorized access to the network) or internal sources (employees misusing the Internet).
Fragmentation - the mechanism to break up a packet into smaller packets. Fragmentation is used when the maximum sized packet on one network is larger than the maximum on a network to which the packet is being sent.
G 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Gateway - a device that enables communications between two networks, or between a network and the Internet. Gateways often also contain firewalls.
Gigabit - 1K (1024) Megabits.
H 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
HDSL - High speed Digital Subscriber Line. A form of DSL the uses two pair of copper wires to attain additional throughput.
HTML - Hyper-Text Markup Language - the hyper-text format that is used for storing web pages on the World Wide Web.
HTTP - Hyper-Text Transfer Protocol - an Internet communications protocol used for transferring HTML files on the World Wide Web.
Honeypot - a sacrificial server that looks to the outside world as an attractive target for hackers. Intrusion Detection Systems monitor attacks on the honeypot to learn about hacker techniques and weaknesses in the security system that is supposed to protect the honeypot. A honeypot also serves to slow down an attack giving security personnel time to react before the attack causes damage elsewhere.
Hypertext - text that contains embedded hyper-links. Clicking on a hyper-link allows the reader to jump to a related text page, or elsewhere on the current text page. Hyper-links are fundamental to the operation of the World Wide Web.
I 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
IDSL - ISDN Digital Subscriber Line. DSL that uses older ISDN equipment.
IETF - Internet Engineering Task Force - the body that is responsible for the development and ratification of standards related to the Internet.
Intranet - the application of Internet technology to create a private Internet-like communications environment within a private network. Many companies are finding this to be a good tool for corporate communications.
IP Address - a 16-bit logical address that is used to route packets on the Internet and on private networks that use the TCP/IP protocol. By convention, IP addresses are expressed as four decimal values from 0 to 255 (e.g. 192.168.1.1). IP addresses are ultimately translated into physical hardware addresses (MAC addresses) in order to route packets to their proper destination.
IP Masquerading - a technique used by an Internet gateway to allow a computer that does not have an Internet IP address to access the Internet. The gateway performs an address translation between the system's IP address on the local network and the gateway's Internet IP address (plus a unique port number). Similar to NAT.
IPSEC - IP Security - an emerging standard for data encryption on the internet. IPSEC encrypts data at layer 3 in the network protocol stack (the routing layer).
ISDN - Integrated Services Digital Network. A digital telephone line that can be used for voice, fax, and data and can operate at about 128 Kbs. Controlled by the telephone companies that charge by the usage minute, ISDN is expensive relative to DSL. It has some nice telephony features and will continue to exist despite its low speed and high cost.
J K 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
K = 1024
Kbs = The data rate of K bits per second of data transfer.
Kilobit - 1024 bits.
L 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
L2TP - Layer 2 Tunneling Protocol - an emerging standard for creating Virtual Private Networks (VPNs). L2TP takes PPP data packets from a direct point-to-point session and encapsulates them into IP packets for transmission over the Internet.
LAN - Local Area Network. A LAN is a collection of computers at a single site networked together to share information and resources.
LEC - Local Exchange Carrier. The local telephone company.
Local Loop - The pair of copper wires that runs from the local telephone company's CO to the customer premises.
M 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
MAC Address - the unique 48-bit physical address that is hard-wired into every network adapter. The MAC address of an adapter is unique over the entire planet. IP addresses are translated to MAC addresses as part of the packet routing process.
Mbs - Mega Bits per Second; sometimes written Mbps. The rate of approximately one million bits of data transferred every second. Actually equals 1024Kbs.
Megabit - 1K (1024) Kilobits.
MODEM - A combination of the words "modulate" and "demodulate". A modem modulates when it accepts a digital signal and converts it into an analog signal. It demodulates an analog signal converting it to a digital signal.
MPPE - Microsoft Point-to-Point Encryption
MTBF - Mean Time Between Failures. Often used instead of MTTF for repairable components to indicate that the component gets repaired rather than replaced. In high availability systems, components are usually swapped out for another component. At the component level, at least, this blurs the distinction between MTBF and MTTF. At BSI we simply treat MTTF and MTBF as synonymous. We tend to use the term MTTF, because we feel it is more intuitively accurate.
MTTF - Mean Time To Failure. The mean or average of the times between the beginning of full functionality and the point of failure when the device or component being considered loses full functionality. See MTBF.
N 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
NAT - Network Address Translation - a technique used by some routers and gateways to allow a computer that does not have an Internet IP address to access the Internet. Similar to IP Masquerading.
NetBEUI - The NetBIOS Extended User Interface Protocol. A non-routable network communications protocol used primarily by Microsoft operating systems. It extends the earlier NetBIOS.
NetBIOS - The original IBM PC Network Basic Input Output System. Extended many times to become NetBEUI.
O 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
OSEC - Open Security Evaluation Criteria - a framework for the evaluation of security products sponsored by Neohapsis, Inc.
Optical Carrier (OC) - A series of physical protocols for SONET optical signal transmissions. The base rate is 51.84 Mbps (OC1) and each subsequent level OC2, OC3, is a multiple of that rate. For example, OC3 is 3×51.84 = 155.52 Mbps.
P 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Packet Filtering or IP Filtering - a common security technique used in firewalls to allow some packets to travel between a network and the Internet while denying or rejecting other packets based on their source or destination addresses, port numbers, packet type, or other factors.
PAP - Password Authentication Protocol - a protocol for authenticating passwords over a network. PAP has the shortcoming that it transfers the password over the network in clear text (unencrypted), which represents a security risk. Other protocols, such as CHAP, are more secure than PAP.
PLC - Programmable Logic Controller. A simple computer optimized to control machines.
PPP - Point-to-Point Protocol - a standard protocol used for point to point communications, in particular for dial-up connections over a modem.
PPTP - Point-to-Point Tunneling Protocol - a layer 2 tunneling protocol, similar to L2TP, that was developed by Microsoft and is supported by MS Windows Servers.
Q R 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
RAID - An acronym for Redundant Array of Inexpensive Disks. There are several types of RAID storage systems. All are designed to improve performance and/or reliability. Performance is improved by dividing every write to and read from the storage system into smaller writes or reads executing concurrently on each of the disks in the array. Reliability is improved by writing enough additional information into the storage system on every write so that no data is lost if one or more of the disks in the array fails.
RAS - Remote Access Session - a standard feature of NT Servers for supporting dial-up sessions by remote users.
Redundant Components - Two or more essentially identical components in a system that is designed to continue at full functionality if one of these components fails.
Reliability - The average time to failure or between failures of a device, a component or a system. Equals MTTF.
Reparability - The average time from the point a device, component or system stops providing full functionality to the time when all repairs are done and the system (and the people using it) are operating normally at full functionality. Equals MTTR. Note that the time to repair must include the time to repair any data lost or destroyed.
RFC - Request For Comment - the format in which the Internet Engineering Task Force (IETF) publishes Internet standards.
RJ11 - A connector used for analog telephone wires. It has 6 pin slots in the head, but usually only two or four are used.
RJ45 - A connector somewhat larger than the RJ11 with 8 pin slots. It is used for ISDN and for 10 and 100 Base T Ethernet cables.
S 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SDLC - Systems (or Software or Synchronous) Development Lifecycle. A generic term for a project management methodology that manages system development from conception to retirement. Some companies define a "phase review" process to define checkpoints, with an associated list of completion criteria, that end various phases of their SDLC. For example, requirements, design, development, manufacturing, deployment, and retirement might be six such phases. Totally linear or sequential SDLC processes, often dubbed "waterfall" processes, proceed through the phases one at a time without returning to an earlier phase. These only worked for the smallest systems (if ever), have fallen out of style, and even have been outlawed(!) for US military projects in favor of more synchronous processes. Synchronous processes try to address at least three facts of life: 1. The knowledge generated throughout all phases creates a need, or at least a desire, to change the conclusions made in earlier phases. 2. As time passes during the system lifecycle, the real world changes the requirements and the possible technology to be used. 3. Trade-offs between time-to-deployment and functionality define multiple versions of the system that must be developed with overlapping or iterative phases. Synchronous processes have been given fanciful names such as: rapid prototyping, rapid application development, spiral development, build and fix, synchronize and stabilize, etc.
STP - Shielded Twisted Pair. Twisted copper wires surrounded with a metal shielding to protect the signals on the wire from EMI.
Subnet Mask - a method for dividing an IP address space into network numbers and system numbers. A subnet mask of 255.255.0.0 causes the upper 16 bits of an IP address to be treated as a network address, identifying a particular network or subnetwork, while the lower 16 bits identify the system on that network. A subnet mask of 255.255.255.0 causes the upper 24 bits to be treated as network address while the lower 8 bits identify the system.
Symmetrical Encryption - a class of encryption algorithms that use the same private key for both encryption and decryption (as opposed to asymmetrical encryption). Sometimes called secret key encryption.
T 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
T1 - A four wire (2 for sending and 2 for receiving) full-duplex communications capability that consists of 24 64-kbps multiplexed channels for a data throughput rate of 1.544 Mbps. A T1 connection can be "fractionalized" whereby some of the channels are used for voice and some for data. Same as DS1.
T3 - 28 T1 lines with a total capacity of 44.736 Mbps. Same as DS3.
TAP - Test Access Port - either a port on a switch or router that reflects all traffic to the port. Useful for testing, sniffing, and for Intrusion Detection Systems. Sometimes called a Network TAP.
Tarpit - A server that accepts connections to unused IP addresses on the network, does not transmit data, and holds the connection open as long as possible. Used to trap worms and to slow their propagation to other nodes.
TCP - Transmission Control Protocol - a session-oriented Internet communications protocol that offers guaranteed delivery and acknowledgement of a stream of data packets. TCP is heavily used in Internet communications.
Terabit = 1K (1024) Gigabits.
TIA - Telecommunications Industry Association.
Transaction - A set of operations on a database that passes the ACID test. A database is Transactional if every operation on it is part of a transaction.
Tunneling - A technique for taking PPP data packets from a point-to-point communications session, encapsulating them inside IP data packets, and transmitting them over the Internet in a secure fashion..
U 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
U - See 1U.
UDP - User Datagram Protocol - a commonly used Internet communications protocol. Unlike TCP, UDP is not session oriented and does not guarantee packet delivery.
UTP - Unshielded Twisted Pair. Unshielded wiring that is used for networking. The only protection from EMI that UTP provides is from the amount of twisting among the wires.
V 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
VDSL - Very high speed Digital Subscriber Line. The latest DSL technology that promises to get 40-50 Mbs of throughput. Uses just one pair of copper wires.
VPN - Virtual Private Network - a private communications session between two or more parties that is conducted over a public medium such as the Internet. Encryption techniques are typically used to guarantee privacy and security.
W 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
WAN - Wide Area Network. A network that covers multiple sites and connects, typically, multiple LANs.
WINS - Windows Name Service - a Microsoft-specific service that translates names to IP numbers (similar to DNS).
X 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
xDSL - The generic term for various types of DSL: ADSL, HDSL, IDSL, VDSL, etc.
Y Z 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
|
Home | Products | Services | High Availability | Information | Employment | Contacts | Site Map Hosted by Bristol Systems Inc. |
