Ordbok
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
VLAN Stacking
VLAN stacking allows a service provider to distinguish multiple subscriber VLANs, even those with the same (subscriber-assigned) VLAN ID, within its network.
Policy
A policy defines the action(s) to be performed on a traffic flow that has been classified. See also Bandwidth Management, Classifier, Firewall and VPN.
VLAN Stacking
VLAN stacking allows a service provider to distinguish multiple subscriber VLANs, even those with the same (subscriber-assigned) VLAN ID, within its network.
Policy
A policy defines the action(s) to be performed on a traffic flow that has been classified. See also Bandwidth Management, Classifier, Firewall and VPN.
Management Port
A management port is a dedicated port on a device for management purposes only. You cannot access the network through a management port.
In-band Management
In-band management means accessing the management interface of a device through a network port that is not a management port.
Out-of-band Management
Out-of-band management means accessing the management interface of a device through a management port. See also Management Port.
Classifier
In computer networking, a classifier groups traffic based on specific criteria such as the IP address, port or protocol, etc.
BRAS
A BRAS (Broadband Remote Access Server) aggregates and routes subscriber traffic to/from the DSLAMs (Digital Subscriber Line Access Multiplexers) in the ISP's network.
TMSS
TMSS (Trend Micro Security Services) identifies vulnerabilities and protects computers and networks that have Internet connections through a broadband router.
VDSL
Very High Bit Rate DSL is an asymmetric version of DSL that is used as the final drop from a fiber optic junction point to nearby customers. VDSL lets an apartment or office complex obtain high-bandwidth services using existing copper wires without having to replace the infrastructure with optical fiber. Like ADSL, VDSL can share the line with the telephone.
ADPCM
ADPCM-32 is a 32-bit voice compression method that converts analog signals to digital data, thus allowing voice transmission over digital lines.
100 Base-T
The 100-Mbps baseband Ethernet specification uses two pairs of twisted-pair wire with a maximum distance of 100 meters between the hub and the workstation.
10 Base-T
Twisted-pair cable with maximum segment lengths of 100 meters.
10Base-S Mode
This is a VDSL mode. Each mode operates in a specific frequency band allocation with associated upstream and downstream speeds.
AAL
AAL converges packets from upper layers into ATM cells as defined by ITU-T, ETSI and the ATM Forum. AAL has several service types and classes of operation to accommodate different types of classes.
AAL-2
A connection oriented, VBR (Variable Bit Rate) protocol for real-time applications. It is similar to T1 or T3 and provides a variety of data rates. See AAL.
AAL-5
A UBR (Unspecified Bit Rate) protocol that provides spare bandwidth to non-critical services such as file transfers. See AAL.
ADSL
This is an asymmetrical technology which means that the downstream data rate of the line is much higher than the upstream data rate. ADSL operates in a frequency range that is above the frequency range of voice services, so both can operate over the same cable.
A-Law
A-Law and Mu-Law are Pulse Code Modulation (PCM) techniques that dictate forms of compression for audio signals. They are widely-used standard methods of coding voice as they improve signal-to-noise ratio without increasing the amount of data. Mu-Law is a standard in North America; A-Law in Europe.
Analog
An electrical circuit that is represented by means of continuous, variable physical quantities (such as voltages and frequencies), as opposed to discrete representations (like the 0/1, off/on representation of digital circuits).
IRTF
The Internet Research Task Force is composed of small research groups that work on Internet protocols, applications, architecture and technology.
ANSI
ANSI is the primary organization for fostering the development of technology standards (defining coding standards and signaling schemes) in the United States.
ANSI Mode
This is a VDSL mode that operates in a specific frequency band allocation with associated upstream and downstream speeds.
ARP
Address Resolution Protocol is a protocol for mapping an Internet Protocol address (IP address) to a physical computer address that is recognized in the local network.
AT&T 5ESS
A digital central office switching system made by AT&T.
ATM
ATM is a LAN and WAN networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed.
Authenticity
Proof that the information came from the person or location that reportedly sent it. One example of authenticating software is through digital signatures.
Backdoor
In computer terminology, a backdoor (also called a trapdoor) is hidden software or a hardware mechanism that can be triggered to gain access to a program, online service or an entire system.
Backbone
A high-speed line or series of connections that forms a major pathway within a network.
BackOrifice
BackOrifice is a remote administration tool that allows a user to control a computer across a TCP/IP connection using a simple console or GUI application.
Bandwidth
This is the capacity of a link usually measured in bits-per-second (bps).
Bit
A Binary Digit (either a one or a zero); a single digit number in base-2. A bit is the smallest unit of computerized data.
Boot Module Commands
Boot Module Commands, available in the debug mode via SMT (some devices may not have SMTs), help you initialize the configuration of the basic functions and features of your device(s) such as uploading firmware, changing the console port speed and viewing product-related information.
Bridging
Bridging provides LAN to LAN frame forwarding services between two or more LANs. Frames from one LAN are forwarded across a bridge to a connected LAN, although filtering can be employed to selectively forward frames.
Brute Force Hacking
A technique used to find passwords or encryption keys. Brute Force Hacking involves trying every possible combination of letters, numbers, etc., until the code is broken.
Byte
A set of bits that represents a single character. There are eight bits in a byte.
Call filtering
Call filtering is used to determine if a packet should be allowed to trigger a call. Outgoing packets must undergo data filtering before they encounter call filtering.
Camping Out
Staying in a "safe" place once a hacker has broken into a system. The term can be used with a physical location, electronic reference or an entry point for future attacks.
CDR
This is a name used by telephone companies for call-related information.
CHAP
Challenge Handshake Authentication Protocol is an alternative protocol that avoids sending passwords over the wire by using a challenge/response technique.
Cipher Text
Text that has been scrambled or encrypted so that it cannot be read without deciphering it. See Encryption.
Client program
A software program that is used to contact and obtain data from a server software program on another computer. Each client program is designed to work with one or more specific kinds of server programs and each server requires a specific kind of client. A web browser, for example, is a specific kind of client.
CO
A CO is a facility that serves local telephone subscribers. In the CO, subscribers' lines are joined to switching equipment that allows them to connect to each other for both local and long distance calls.
COE
COE is where home and office phone lines terminate and connect to a much larger switching system.
DSP
A Digital Signal Processor (DSP) carries out the mathematical operations used in converting a signal into digital output.
Community
This is the SNMP equivalent of a password.
Cookie
A string of characters saved by a web browser on the user's hard disk.
Countermeasures
Techniques, programs or other tools that can protect your computer against threats.
CPE
CPE is privately-owned telecommunication equipment at an individual or organization’s site that is attached to the telecommunication network.
Cracker
Another term for hackers. Generally, the term cracker refers specifically to a person who maliciously attempts to break encryption, software locks or network security.
Cracker Tools
Programs used to break into computers. Cracker tools are widely distributed on the Internet. They include password crackers, Trojans, viruses, war-dialers and worms.
Crossover Ethernet Cable
A cable that wires a pin to its opposite pin, for example, RX+ is wired to TX+. This cable connects two similar devices, for example, two data terminal equipment (DTE) or data communications equipment (DCE) devices.
Crosstalk
Crosstalk on telephone wires is noise emanating from the signals transmitted on adjacent wire pairs caused by electric or magnetic fields of one telecommunication signal affecting the signal in an adjacent circuit.
Crosstalk in wireless network applications occurs when the radio signals from access points overlap and interfere with one another thus reducing performance.
Cryptoanalysis
The act of analyzing (or breaking into) secure documents or systems that are protected with encryption.
CSU/DSU
CSUs and DSUs are actually two separate devices, but they are used in conjunction and often combined into the same box. CSU/DSU are hardware devices that convert digital signals used on a LAN into a digital signal used on a WAN and vice-versa (over a T-1 line, for example).
DCE
DCE (Data Communication Equipment) is a device, such as a modem, that converts data between different interfaces (digital and analog for example) and exchanges data with the DTE.
Decryption
The act of restoring an encrypted file to its original state.
Denial of Service
Act of preventing customers, users, clients or other computers from accessing data on a computer. This is usually accomplished by interrupting or overwhelming the computer with bad or excessive information requests.
Device Filters
Device Filters decide whether or not to allow passage of a data packet and/or to make a call. Device filters act on raw data from/to LAN and WAN and serve as a limited firewall to your device.
DHCP
Dynamic Host Configuration Protocol automatically assigns IP addresses to clients when they log on. DHCP centralizes IP address management on central computers that run the DHCP server program. DHCP leases addresses, for a period of time, which means that past addresses are “recycled” and made available for future reassignment to other systems.
Digital
The use of a binary code to represent information, such as 0/1, or on/off.
DLCI
A DLCI specifies the channel and destination that frame relay traffic will use.
DNS
Domain Name System links names to IP addresses. When you access Web sites on the Internet you can type the IP address of the site or the DNS name.
Domain Name
The unique name that identifies an Internet site. Domain Names always have two or more parts that are separated by dots. The part on the left is the most specific and the part on the right is the most general.
DRAM
Dynamic RAM stores information in capacitors that must be refreshed periodically.
DSL
Digital Subscriber Line technologies enhance the data capacity of the existing twisted pair wire that runs between the local telephone company switching offices and most homes and offices. There are actually several types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both directions) or asymmetrical (the downstream capacity is higher than the upstream capacity). DSL connections are point-to-point dedicated circuits, meaning that they are always connected. There is no dial-up. There is also no switching, which means that the line is a direct connection into the carrier’s frame relay, ATM (Asynchronous Transfer Mode) or Internet-connect system.
DSLAM
A Digital Subscriber Line Access Multiplexor (DSLAM) is a network device, usually at a telephone company central office, that receives signals from multiple customer Digital Subscriber Line connections and puts the signals on a high-speed backbone line using multiplexing techniques. Depending on the product, DSLAM multiplexers connect DSL lines with some combination of asynchronous transfer mode ATM, frame relay or IP networks.
DTE
The DTE (Data Terminal Equipment) is a computer or terminal that is connected to a DCE.
WPA2
WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. It includes two data encryption algorithms, Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication Code Protocol (CCMP). See also WPA.
Echo Cancellation
Echo Cancellation minimizes the delays associated with digital networks. Delays are encountered as signals are processed through various routes within the networks, including copper wire, fiber optic lines, microwave connections, international gateways and satellite transmissions.
Egress port
Egress is the act of going out of something. An egress port is an outgoing port, that is, a port through which a data packet leaves. An egress router is a router through which a data packet leaves a network from another network.
eWC
This is an HTML-based configurator that allows easy setup and management.
EMI
Interference by electromagnetic signals that can cause reduced data integrity and increased error rates on transmission channels.
Encapsulation
Encapsulation is the inclusion of one data structure within another structure so that the first data structure is hidden for the time being.
Encryption
The act of substituting numbers and characters in a file so that the file is unreadable until it is decrypted. Encryption is usually done using a mathematical formula that determines how the file is decrypted.
Ethernet
A very common method of networking computers in a LAN. There are a number of adaptations to the IEEE 802.3 Ethernet standard, including adaptations with data rates of 10 Mbits/sec and 100 Mbits/sec over coaxial cable, twisted-pair cable and fiber-optic cable. See also Gigabit Ethernet.
BRAS
A BRAS (Broadband Remote Access Server) aggregates and routes subscriber traffic to/from the DSLAMs (Digital Subscriber Line Access Multiplexers) in the ISP’s network.
ETSI
ETSI is a non-profit organization that establishes telecommunications standards (defining coding standards and signaling schemes) for Europe. ETSI guidelines are voluntary and almost always comply with standards produced by international bodies.
ETSI Mode
This is a VDSL mode that operates in a specific frequency band allocation with associated upstream and downstream speeds.
Events
These are network activities. Some activities are direct attacks on your system, while others might be depending on the circumstances. Therefore, any activity, regardless of severity is called an event. An event may or may not be a direct attack on your system.
FAQ
FAQs list and answer the most common questions on a particular subject.
FCC
The FCC (Federal Communications Commission) is in charge of allocating the electromagnetic spectrum and thus the bandwidth of various communication systems.
Firewall
A hardware or software "wall" that restricts access in and out of a network. Firewalls are most often used to separate an internal LAN or WAN from the Internet.
Flash memory
A nonvolatile storage device that can be electrically erased and reprogrammed so that data can be stored, booted and rewritten as necessary.
Frame Relay
Frame relay is a form of packet-switching technology that routes frames of information from source to destination over a switching network owned by a carrier. Frame sizes are not fixed.
Frame Type
Each frame type is a separate logical network, even though they exist on one physical network. Frame Types are 802.2, 802.3, Ethernet II (DIX) and SNAP (Sub-Network Access Protocol).
FTP
File Transfer Protocol is an Internet file transfer service that operates on the Internet and over TCP/IP networks. A system running the FTP server accepts commands from a system running an FTP client. The service allows users to send commands to the server for uploading and downloading files.
G.SHDSL
A Single-pair High-speed Digital Subscriber Line is a symmetrical, bi-directional DSL service that operates on one twisted-pair wire. The “G.” in “G.SHDSL” refers to ITU (International Telecommunication Union) “G” standards. G.SHDSL provides data rates from 192kbps up to 2.3 Mbps at distances of 6,000 feet to 20,000 feet on 26 AWG copper. See also DSL.
Gateway
A gateway is a computer system or other device that acts as a translator between two systems that do not use the same communication protocols, data formatting structures, languages and/or architecture.
Ground Start
This is a type of analog voice grade access line signaling that requires the customer interface to provide a ground on the ring conductor at the network interface to initiate service requests.
GSTN
A GSTN denotes an analog network (PSTN) or digital network (ISDN).
Hacker
Generally, a hacker is anyone who experiments with technology - including computers and networks.
HDLC
A bit-oriented (the data is monitored bit by bit), link layer protocol for the transmission of data over synchronous networks.
Host
Any computer on a network that is a repository for services available to other computers on the network. It is quite common to have one host machine provide several services, such as WWW and USENET.
HTTP
The most common protocol used on the Internet. HTTP is the primary protocol used for web sites and web browsers. It is also prone to certain kinds of attacks.
IANA
Acts as the clearing-house to assign and coordinate the use of numerous Internet protocol parameters such as Internet addresses, domain names, protocol numbers and more.
ICMP
A message control and error-reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and are not directly apparent to the application user.
Ingress
Ingress is the act of entering something. An ingress port is an incoming port, that is, the port that a data packet enters from another port. An ingress router is a router through which a data packet enters a network from another network.
Inside Wiring
Wiring that is done from the point of demarcation to the jack in the wall where the line terminates.
Integrity
Proof that the data is the same as originally intended. Unauthorized software or people have not altered the original information.
Internet
(Upper case “I”). The vast collection of inter-connected networks that use TCP/IP protocols evolved from the ARPANET (Advanced Research Projects Agency Network) of the late 1960’s and early 1970’s.
internet
(Lower case “i”). Any time you connect two or more networks together, you have an internet.
Internet Worm
See Worm.
Intranet
A private network inside a company or organization that uses the same kinds of software that you would find on the public Internet, but that is only for internal use.
Intruder
Person or software interested in breaking computer security to access, modify, or damage data. Also see Cracker.
IP
(Currently IP version 4 or IPv4) The underlying protocol for routing packets on the Internet and other TCP/IP-based networks.
IP Policy Routing
Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and forward the packet based on the policy defined by the network administrator.
IP Pool
Refers to the collective group of IP addresses located in any particular place (for example, LAN, WAN, Ethernet, etc.).
IP Source Route
Source routing makes use of an optional header to dictate the route an IP packet takes from source to destination. Network technicians may use it to time certain paths or for diagnostics. Most packets do not have a source route header.
IPCP (PPP)
Allows changes to IP parameters such as the IP address.
IPX
The native NetWare internetworking protocol is IPX (Internetwork Packet Exchange). Like IP (Internet Protocol), IPX is an internetworking protocol that provides datagram services.
IRC
It is a way for multiple users on a system to “chat” over the network.
ISP
Provide connections into the Internet for home users and businesses. There are local, regional, national, and global ISPs. You can think of local ISPs as the gatekeepers into the Internet.
ITU-T
The ITU-T is the primary international body for fostering cooperative standards for telecommunications equipment and systems. It was formerly known as the CCITT (Consultative Committee for International Telephony and Telegraphy).
LAN
A shared communication system to which many computers are attached. A LAN, as its name implies, is limited to a local area. LANs have different topologies, the most common being the linear bus and the star configuration.
Jack Type
Different types of jacks (RJ-11, RJ45 or RJ-48) can be used for an ISDN line. The RJ-11 is the most common in the world and is most often used for analog phones, modems and fax machines. RJ-48 and RJ-45 are essentially the same, as they both have the same 8-pin configuration. An RJ-11 jack can fit into an RJ-45/RJ-48 connector, however, an RJ-45/RJ-48 cannot fit into an RJ-11 connector.
LATA
A geographic territory used primarily by local telephone companies to determine charges for intrastate calls.
LEC
The local phone companies – either a Regional Bell Operating Company (RBOC) or an independent phone company (GTE for example) – that provide local transmission services.
LED
LEDs are visual indicators that relay information about the status of specific functions to the user by lighting up, turning off or blinking. LEDs are usually found on the front panel of the physical device. Examples include Status, Power and System LEDS.
LLC-Multiplexing
One VC (Virtual Circuit) carries multiple protocols with protocol identifying information being contained in each packet header. Despite the extra bandwidth and processing overhead, this method my be advantageous if it is not practical to have a separate VC for each carried protocol, eg., if charging heavily depends on the number of simultaneous VCs.
Logic Bomb
A virus that only activates itself when certain conditions are met. Logic bombs usually damage files or cause other serious problems when they are activated.
Loop Start
A supervisory signal given by a telephone or PBX in response to completing the loop path.
Loop-reach
Loop reach defines speed that can be attained at various distances. This is very important for DSL technology as distance from the CO (Central Office) influences attainable speeds.
MAC
On a local area network (LAN) or other network, the MAC address is a computer's unique hardware number. (On an Ethernet LAN, it's the same as your Ethernet address). The MAC layer frames data for transmission over the network, then passes the frame to the physical layer interface where it is transmitted as a stream of bits.
MTU
Buildings such as hotels, motels, resorts, residential multi-dwelling units, office buildings, university campuses, etc.
mu-Law
Mu-Law and A-Law are Pulse Code Modulation (PCM) techniques that dictate forms of compression for audio signals. They are widely-used standard methods of coding voice as they improve the signal-to-noise ratio without increasing the amount of data. Mu-Law is a standard in North America; A-Law in Europe.
Multiplexing
A method that combines information from multiple connections into one connection for transfer over an ATM circuit.
Multiplexor
Multiplexors or MUXs, as they are often called, are devices that combine signals from various sources such as PBX (Private Branch Exchange), asynchronous terminals or a bridge connected to a WAN. A multiplexor transmits these signals as a single data stream over a digital line. Multiplexors conserve bandwidth.
Name Resolution
The allocation of an IP address to a host name. See also DNS.
NAT
The translation of an Internet Protocol address used within one network to a different IP address known within another network - see also SUA.
NDIS
A Windows specification for how communication protocol programs (such as TCP/IP) and network device drivers should communicate with each other.
NetBIOS
NetBIOS is an extension of the DOS BIOS that enables a computer to connect to and communicate with a LAN.
Network
Any time you connect two or more computers together, allowing them to share resources, you have a computer network. Connect two or more networks together and you have an internet.
NIC
A board that provides network communication capabilities to and from a computer system. Also called an adapter.
PAC
The PAC is the box that calls/answers the phone call and relays the PPP frames to the PNS (PPTP Network Server). A PAC must have IP and dial-up capability.
Packet Filter
A filter that scans packets and decides whether to let them through or not.
PAP
A security protocol that requires users to enter a password before accessing a secure system. The user’s name and password are sent over the wire to a server where they are compared with a database of user account names and passwords.
Password Cracker
A program that uses a dictionary of words, phrases, names, etc. to guess a password.
Password encryption
A system of encrypting electronic files using a single key or password. Anyone who knows the password can decrypt the file.
Password Shadowing
The encrypted password is not visible in the password file but stored in a shadow file that is only readable by root. This prevents brute force attacks on the encrypted field to guess the password.
PBX
A subscriber-owned telecommunications exchange that usually includes access to the public switched network. It may also be a private telephone switchboard that provides on-premises dial service and may provide connections to local and trunked communications networks.
Penetration
Gaining access to computers or networks by bypassing security programs and passwords.
Phreaking
Breaking into phone or other communication systems.
Ping Attack
An attack that slows down the network until it is unusable. The attacker sends a "ping" command to the network repeatedly to slow it down. See also Denial of Service.
Pirate
Someone who steals or distributes software without paying the legitimate owner for it.
Pirated Software
Software that has been illegally copied, or that is being used in violation of the software's licensing agreement. Pirated software is often distributed through pirate bulletin boards or on the Internet. In the Internet underground, it is known as Warez.
Plain Text
Plain Text is clear text, readable by anyone – it is the opposite of cipher text.
PNS
A PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel. The PNS must have IP connectivity.
Point of Demarcation
The physical point where the phone company ends its responsibility for the wiring of the phone line.
POP
This is a common protocol used for sending, receiving, and delivering mail messages.
Port
An Internet port refers to a number that is part of a URL, appearing after a colon (:), directly following the domain name. Every service on an Internet server listens on a particular port number on that server. Most services have standard port numbers, for example, Web servers normally listen on port 80.
Port (H/W)
An interface on a computer for connecting peripherals or devices to the computer. A printer port, for example, is an interface that is designed to have a printer connected to it. Ports can be defined by specific hardware (such as a keyboard port) or through software.
POTS
The analog telephone service that runs over copper twisted-pair wires and is based on the original Bell telephone system. Twisted-pair wires connect homes and businesses to a neighborhood central office. This is called the local loop. The central office is connected to other central offices and long-distance facilities.
PPP
PPP encapsulates and transmits IP (Internet Protocol) datagrams over serial point-to-point links. The protocol is defined in IETF (Internet Engineering Task Force) RFC 1661 through 1663. PPP provides router-to-router, host-to-router, and host-to-host connections.
PPPoE
PPPoE relies on two widely accepted standards: PPP and Ethernet. PPPoE is a specification for connecting the users on an Ethernet to the Internet through a common broadband medium, such as a single DSL line, wireless device or cable modem.
Hardware Monitor
A device uses the hardware monitor to observe temperature, voltage and fan speed readings.
Promiscuous Packet Capture
Actively capturing packet information from a network. Most computers only collect packets specifically addressed to them. Promiscuous packet capture acquires all network traffic it can regardless of where the packets are addressed.
Protocol
A “language” for communicating on a network. Protocols are sets of standards or rules used to define, format and transmit data across a network. There are many different protocols used on networks. For example, most web pages are transmitted using the HTTP protocol.
Protocol Filters
Use Protocol Filters to decide whether or not to allow passage of a data packet and/or to make a call. Protocol filters act on IP/IPX packets and can serve as a limited firewall.
Proxy Server
A server that performs network operations in lieu of other systems on the network. Proxy Servers are most often used as part of a firewall to mask the identity of users inside a corporate network yet still provide access to the Internet.
PSTN
Public Switched Telephone Network was put into place many years ago as a voice telephone call-switching system. The system transmits voice calls as analog signals across copper twisted cables from homes and businesses to neighborhood COs (central offices); this is often called the local loop. The PSTN is a circuit-switched system, meaning that an end-to-end private circuit is established between caller and the person called.
Public Key Encryption
System of encrypting electronic files using a key pair. The key pair contains a public key used during encryption, and a corresponding private key used during decryption.
PVC
A PVC is a logical point-to-point circuit between customer sites. PVCs are low-delay circuits because routing decisions do not need to be made along the way. Permanent means that the circuit is preprogrammed by the carrier as a path through the network. It does not need to be set up or torn down for each session.
ras
This is the name of the firmware on the ZyXEL device. Renaming may be necessary when uploading new firmware to the device.
RBOC
There are currently seven regional telephone companies that were created by the AT&T divestiture.
Reconnaissance
The finding and observation of potential targets for a cracker to attack.
REN
A Ringer Equivalence Number is used to determine the number of devices that may be connected to the telephone line.
RFC
An RFC is an Internet formal document or standard that is the result of committee drafting and subsequent review by interested parties.
Ring Type
Ring Type determines the sound and frequency of your telephone’s ring.
RIP
An interior or intra-domain routing protocol that uses distance-vector routing algorithms. RIP is used on the Internet and is common in the NetWare environment as a method for exchanging routing information between routers.
Rom-0
This is the name of the configuration file on your ZyXEL device. Renaming may be necessary when uploading a new configuration file to your ZyXEL device.
Router
A device that connects two networks together. Routers monitor, direct and filter information that passes between these networks.
SAP
In NetWare, the SAP broadcasts information about available services on the network that other network devices can listen to. A server sends out SAP messages every 60 seconds. A server also sends out SAP messages to inform other devices that it is closing down. Workstations use SAP to find services they need on the network.
SATAN
A UNIX program that gathers information on networks and stores it in databases. It is helpful in finding security flaws such as incorrect settings, software bugs and poor policy decisions. It shows network services that are running, the different types of hardware and software on the network, and other information.
SDSL
A Symmetrical Digital Subscriber Line is a symmetrical, bi-directional DSL service that operates on one twisted-pair wire. It can provide data rates up to the T1 rate of 1.544 Mbits/sec, and it operates above the voice frequency, so voice and data can be carried on the same wire.
Server
A computer, or a software package, that provides a specific kind of service to client software running on other computers.
Shoulder Surfing
Looking over someone's shoulder to see the numbers they dial on a phone, or the information they enter into a computer.
SMT
The SMT is a menu-based interface that you use to configure your device.
SNMP
SNMP is a popular management protocol defined by the Internet community for TCP/IP networks. It is a communication protocol for collecting information from devices on the network.
Trap
A trap is a report sent to an SNMP manager when an event occurs.
Snooping
Passively watching a network for information that could be used to a hacker's advantage, such as passwords. Usually done while Camping Out.
Socks
A protocol that handles TCP traffic through proxy servers.
Splitter
In telephony, a splitter, sometimes called a “plain old telephone service splitter" is a device that divides a telephone signal into two or more signals, each carrying a selected frequency range, and can also reassemble signals from multiple signal sources into a single signal
Spoofing
To forge something, such as an IP address. IP spoofing is a common way for hackers to hide their location and identity
SSL
Technology that allows you to send information that only the server can read. SSL allows servers and browsers to encrypt data as they communicate with each other. This makes it very difficult for third parties to understand the communications.
Static Routing
Static routes tell routing information that a networking device cannot learn automatically through other means. The need for static routing can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
STP
STP cable consists of copper-core wires surrounded by an insulator. Two wires are twisted together to form a pair; the pair form a balanced circuit. The twisting prevents interference problems, STP provides protection against external crosstalk.
Straight-through Ethernet cable
A cable that wires a pin to its equivalent pin. This cable connects two dissimilar devices, for example, a data terminal equipment (DTE) device and a data communications equipment (DCE) device. A straight-through Ethernet cable is the most commonly used Ethernet cable.
SUA
Your system’s SUA feature allows multiple user Internet access for the cost of a single ISP account. See also NAT.
Subnet Mask
The subnet mask specifies the network number portion of an IP address. Your device will compute the subnet mask automatically based on the IP Address that you entered. You do not need to change the computer subnet mask unless you are instructed to do so.
ALG
An Application Layer Gateway (ALG) is a device that manages a specific protocol (such as SIP, H.323 or FTP) at the application layer.
TCP
TCP is a connection-oriented transport service that ensures the reliability of message delivery. It verifies that messages and data were received.
Telnet
Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.
TEMPEST
Electromagnetic signals radiate from electronic equipment and cables. Extra shielding is used on cables and equipment to meet TEMPEST requirements, in order to stop these signals from going out to unauthorized listeners.
Terminal
A device that allows you to send commands to a computer somewhere else. At a minimum, this usually means a keyboard, display screen and some simple circuitry.
Terminal Software
Software that pretends to be (emulates) a physical terminal and allows you to type commands to a computer somewhere else.
TFTP
TFTP is an Internet file transfer protocol similar to FTP (File Transfer Protocol), but it is scaled back in functionality so that it requires fewer resources to run. TFTP uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).
Alarm Profile
An alarm profile is a set of thresholds that trigger an alarm when one is reached.
Twisted Pair
Two insulated wires, usually copper, twisted together and often bound into a common sheath to form multi-pair cables. In ISDN, the cables are the basic path between a subscriber's terminal or telephone and the PBX or the central office.
UDP
UDP is a connectionless transport service that dispenses with the reliability services provided by TCP. UDP gives applications a direct interface with the Internet Protocol (IP) and the ability to address a particular application process running on a host via a port number without setting up a connection session.
UNIX
A widely-used operating system in large networks. Usually used on workstations and servers.
URL
URL is an object on the Internet or an intranet that resides on a host system. Objects include directories and an assortment of file types, including text files, graphics, video and audio. A URL is the address of an object that is normally typed in the Address field of a Web browser. A URL is basically a pointer to the location of an object.
V Series Recommendations
V.xx or V Series Recommendations are the most commonly used international modem/telephone network standards. The V.xx series recommendations are from the ITU-TS (Telecommunication Standardization Sector of the International Telecommunications Union) and will probably replace the old American Telephone and Telegraph Company/Bell System MNP (Microcom Networking Protocol) standards. Some modems offer both MNP and ITU-T standards; however, MNP generally offers much lower transfer rates than the V.xx series. See also, V.35 Data Port Interface.
V.35 Data Port Interface
V.35 is a standard transfer rate implemented under recommendations by the ITU-TS (Telecommunication Standardization Sector of the International Telecommunications Union). V.35 provides the trunk interface between a network access device and a packet network with data rates greater than 19.2 Kbps. V.35 may use the bandwidths of several telephone circuits as a group. See also, V Series Recommendations.
VC-based Multiplexing
By prior mutual agreement, each protocol is assigned to a specific virtual circuit, eg., VCI carries IP, VC2 carries IPX, etc. VC-based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical.
VCI
A VCI is a number that denotes a particular logical connection between end stations (users or networks). A VCI specifies the channel and destination that ATM traffic will use. See also, VPI.
Voice Gateway
A voice gateway is an interface to the telephone network for VoDSL services found between an AAL-2 circuit and a GSTN.
VPI
A VPI is a number that denotes a bundle of virtual channels. A VPI specifies the path and destination that ATM traffic will use. See also, VCI.
VPN
These networks use public connections (such as the Internet) to transfer information. That information is usually encrypted for security purposes.
Vulnerability
Point where a system can be attacked.
WAN
WANs link geographically dispersed offices in other cities or around the globe including switched and permanent telephone circuits, terrestrial radio systems and satellite systems.
War Dialer
A program that automatically dials phone numbers looking for computers on the other end. They catalog numbers so that hackers can call back and try to break in.
Warez
A term that describes pirated software on the Internet.
Wire Tapping
Connecting to a network and monitoring all traffic. Most wire tapping features can only monitor the traffic on their subnet.
Speed Dial
A speed dial entry is a telephone keypad shortcut for dialing frequently used telephone numbers.
WWW
The Internet in general.
xDSL
Digital Subscriber Line(s)where x, when specified, denotes a particular type of DSL, for example, ADSL, G.SHDSL, SDSL, VDSL, RDSL, etc.
ZyNOS
ZyNOS is the firmware used in many ZyXEL products.
CBR
Constant Bit Rate is an ATM service category that provides a fixed amount of bandwidth for streaming data (like voice or video). The bandwidth is always reserved, even when streaming data is not being sent.
UBR
Unspecified Bit Rate is an ATM service category that does not appropriate fixed bandwidth or guarantee throughput and is best used for non-time-critical applications, such as e-mail.
VBR-rt
Variable Bit Rate Real Time is an ATM service category that provides a fixed amount of bandwidth for high priority, but only when it is being sent. VBR-rt is best used for on-and-off (bursty) traffic.
QoS
Quality of Service refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to provide bandwidth for real-time multimedia applications.
AH
Authentication Header (RFC 2402) is a protocol that IPSec uses to verify integrity of a data packet (including the header) and the identity of it’s sender.
Authentication Algorithm
This is an established, step-by-step procedure for verifying the identity of a packet’s sender.
DES
Data Encryption Standard is a widely-used method of data encryption that uses a private (secret) key. DES applies a 56-bit key to each 64-bit block of data.
DH
Diffie-Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys.
DMZ
A DMZ is a network that makes public servers visible to the outside world and physically separates them from the LAN, thus making the LAN more secure.
Encryption Algorithm
An Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
ESP
Encapsulating Security Payload (RFC 2406) is a protocol that IPSec uses to encrypt data to ensure confidentiality.
MD5
Message Digest 5, HMAC-MD5 (RFC 2403) is a hash algorithm that is used to authenticate packet data. It produces a 128-bit message digest. See also Hash and SHA1.
SHA1
Secure Hash Algorithm HMAC-SHA-1 (RFC 2404) is a hash algorithm that is used to authenticate packet data. It produces a 160-bit message digest. See also Hash and MD5.
IPSec
Internet Protocol Security is a standards-based VPN (Virtual Private Network) that offers flexible solutions for secure data communications across a public network like the Internet. IPSec is built around a number of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer.
Keys
Keys are used like passwords to open and close (encrypt and decrypt) messages. While many encryption algorithms are commonly known and public, the key must be kept secret.
PFS
Perfect Forward Secrecy is an IPSec keying method that uses a brand new key for each new IPSec SA setup. The keys are created by new key exchanges, see Diffie-Hellman.
SA
A Security Association is a contract between two parties indicating what security parameters, such as keys and algorithms they will use.
IKE
Internet Key Exchange is a two-phase security negotiation and key management service – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and phase 2 uses that SA to negotiate SAs for IPSec.
Transport
IPSec uses transport mode to protect upper layer protocols and affects only the data in the IP packet. The IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Triple DES
This is a stronger variant of DES (Data Encryption Standard). Triple DES is a widely-used method of data encryption that applies three separate private (secret) 56-bit keys to each 64-bit block of data.
Tunnel
IPSec uses tunnel mode to encapsulate the entire IP packet and transmit it securely. Tunnel mode is fundamentally an IP tunnel with authentication and encryption and is required for gateway services to provide access to internal systems.
Bandwidth Links
Links refers to traffic flow between the device port interfaces.
Bandwidth Borrowing
A class may use bandwidth from another class if that class is not using up its current allocation and bandwidth borrowing is allowed.
Borrowing Priority
Borrowing priority determines which class gets to borrow bandwidth when two or more classes are vying for spare bandwidth.
Bandwidth Management
Bandwidth management allows you to allocate bandwidth at an interface according to defined policies.
Bandwidth Class
A bandwidth class defines bandwidth allowed at an interface for an application, such as VoIP (Voice over Internet Protocol) or FTP (File Transfer Protocol) and/or a subnetwork.
Aggressive Mode
Aggressive mode is an IPSec phase 1 negotiation mode (see Negotiation Mode). Aggressive mode is quicker than Main Mode because it eliminates several steps. However the faster speed limits its negotiating power and it also does not provide identity protection. See also Main Mode.
Call Scheduling
Configure call time periods to restrict and allow access for users on remote nodes.
Content Filtering
Content filtering restricts or blocks access to certain web features or content from web pages.
Data Confidentiality
The IPSec sender can encrypt packets before transmitting them across a network.
Data Integrity
The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Data Origin Authentication
The IPSec receiver can verify the source of IPSec packets. This service depends on the data integrity service.
Dynamic DNS
With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider to use this service.
EAP
EAP (Extensible Authentication Protocol)(RFC2284)supports multiple authentication methods, such as RADIUS, to provide enhanced security.
IP Alias
Internet Protocol Alias allows you to partition a physical network into logical networks over the same Ethernet interface.
Key Management
Key Management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to set up a VPN.
Main Mode
Main mode is an IPSec phase 1 negotiation mode (see Negotiation Mode). Main mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). See also Aggressive Mode.
Multicast
Deliver IP packets to a specific group of hosts using IP multicast. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups.
Negotiation Mode
The phase 1 negotiation mode determines how the Security Association (SA) will be established for each connection through IKE negotiations. See also Aggressive Mode and Main Mode.
Port Forwarding
Use this feature to forward incoming service requests to a server on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.
PPTP
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network.
Pre-Shared Key
A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called “pre-shared” because you have to share it with another party before you can communicate with them over a secure connection.
Replay Detection
The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks.
SA Life Time (Seconds)
Define the length of time before an IKE Security Association automatically renegotiates in this field. It may range from 300 seconds (five minutes) to 86,400 seconds (one day).
Secure Gateway IP Address
Secure Gateway IP Address is the WAN IP address of the remote IPSec router.
SPI
An SPI is used to distinguish different SAs terminating at the same destination and using the same IPSec protocol. This data allows for the multiplexing of SAs to a single gateway. The SPI (Security Parameter Index) along with a destination IP address uniquely identify a particular Security Association (SA).
Hash
A hash is a mathematical function (or algorithm) that generates a message digest from plain text input. Se also message digest.
802.1Q
802.1Q is an IEEE standard for tagged VLANs (Virtual LANs) in which a VLAN ID is inserted into the layer-2 frame header to allow the creation of dynamic VLANs across switches. Tagged VLANs are not confined to the switch on which they were created as are port-based VLANs.
FCS
The Frame Check Sequence is the four octets in an Ethernet frame that contain the CRC-32 check.
CRC-32
CRC-32 (Cyclic Redundancy Check) is the checksum of an Ethernet frame as detailed in ISO 3309 [14].
VID
VID is the unique VLAN identification number.
Port-based VLAN
Port-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port. Port-based VLANs are specific only to the device on which they were created.
BSS
See Ad-Hoc
ESS
See Infrastructure.
Ad-Hoc
An Ad-Hoc wireless LAN is a group of computers that uses wireless LAN cards, to connect as an independent wireless LAN. An Ad-Hoc wireless LAN is sometimes referred to as a Basic Service Set (BSS).
Infrastructure
An infrastructure network is an integrated wireless and wired network. One or more APs link a wireless LAN to a wired LAN. This type of network topology is sometimes called an Extended Service Set (ESS).
Access Point
An Access Point (AP) is a network device that acts as a bridge between a wired and a wireless network.
Roaming
Roaming in wireless network applications is a wireless feature that allows wireless LAN clients to connect through multiple access points while moving from coverage area to coverage area.
Internal SPTGEN
Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual menus for each device.
Traffic Redirect
Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the router cannot connect to the Internet, thus acting as an auxiliary backup.
Trigger Port Forwarding
Trigger Port Forwarding allows computers on your LAN to dynamically take turns communicating with servers on the WAN that do not accept NAT port translation.
CRC
CRC is a method of checking for errors in data that has been transmitted on a communications link.
Bandwidth Policy
A bandwidth policy is where you define what application(s) and/or subnetworks make up a bandwidth class.
Bandwidth Monitoring
This is a graphical interface that allows you to gauge bandwidth usage.
Middleware
This is software that provides a way for two systems to exchange information or connect with one another even though they have different interfaces. For example, you can use middleware to have a VDSL based router communicate with a set-top box.
IEEE 802.1Q
802.1Q is an IEEE standard for tagged VLANs (Virtual LANs) in which a VLAN ID is inserted into the layer-2 frame header to allow the creation of dynamic VLANs across switches. Tagged VLANs are not confined to the switch on which they were created as are port-based VLANs.
Tagged VLAN
See IEEE 802.1Q VLAN.
Home Gateway
This is an intelligent network device located in the home. Users can access the home gateway device from a remote location. Examples of home gateways include computers, routers or modems, LAN access points, WLAN access points, and digital set-top boxes.
VLAN
A VLAN allows a physical network to be partitioned into multiple logical networks. Only stations within the same group can communicate with each other. Stations on a logical network can belong to one or more groups.
Queuing Algorithms
Queuing algorithms allow devices to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth.
GARP
GARP allows network devices to register and de-register attribute values with other GARP participants within a bridged LAN.
GVRP
GVRP is a registration protocol that defines a way for 802.1Q VLAN-aware switches to register necessary VLAN members on ports across the network.
STP
STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a device to interact with other STP-aware devices in your network to ensure that only one path exists between any two stations on the network.
IGMP
IGMP is a session-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. Refer to RFC 1112 and RFC 2236 for information on IGMP versions 1 and 2 respectively.
2B1Q
Two Binary, One Quarternary transmission is an amplitude modulation scheme for DC pulses. It combines two bits at a time to represent one of four amplitude levels. 2B1Q coding is defined in ANSI T1.601 and ETR 080, Annex A.
IGMP Snooping
IGMP snooping enables a layer-2 switch to dynamically learn the members of IP multicast groups. The switch can then forward multicast traffic to ports that are members of those multicast groups. When a switch receives multicast traffic destined for multicast groups that it does not know, it either forwards the traffic to all ports or discards it (depending on the switch and/or the switch’s configuration). IGMP snooping generates no additional network traffic and allows a switch to handle multicast traffic more efficiently and effectively.
Access Line
This is the physical telecommunications circuit (line) in the local network that connects the CO (Central Office) with the customer’s residence. See also Local Loop.
ATU-C
This is the hardware at the CO (Central Office) that terminates an ADSL connection.
ATU-R
This is the hardware at a customer’s location that provides termination for an ADSL connection.
Always-on
Always-on refers to broadband services that are connected all the time, eliminating the need to dial-up to connect.
ASIC
This is a chip engineered for a particular use or function.
ATM25
ATM25 is a 25.6 Mbps cell-based user interface defined by the ATM Forum.
B Channel
This is the bearer channel in an ISDN connection. B channel is a 64 Kbps full-duplex channel in both primary and basic rate ISDN.
Baseband
This is a networking technology that uses a line’s entire available bandwidth to transfer a single signal of digital data. Signals are not modulated and only one kind of signal (voice or data) can be sent at a time.
Basic Encoding Rate
This is an ANSI described rule for the encoding of data units. It also refers to the ratio of bits received that are in error. See Bit Error Rate Test.
Basic Rate Interface
This is an ISDN interface that has two B (bearer) channels that carry voice or data and one 16 Kbps D (data) channel. Also called Basic Rate Access (BRA).
BRA
This is an ISDN interface that has two B (bearer) channels that carry voice or data and one 16 Kbps D (data) channel. Also called Basic Rate Interface.
Bit Error Rate Test
This test shows the ratio of error bits to the total number of bits transmitted. Generally written as an exponential (10^5) to show that one out of a particular number of bits is in error.
BOOTP
This is a technology that a network uses to determine its Ethernet interface’s IP address.
Bridge
This is a networking device that forwards packets from one LAN to another. It uses the MAC address of an incoming packet to determine whether to drop or forward it. It allows the LANs to see each other’s devices, thus it is not as private or secure as a router.
Broadband
Broadband refers to networking technologies that use modulation or multiplexing to combine multiple channels for transmission over a single medium (copper telephone wire for instance). Broadband allows you to integrate data, video and voice so that it can share one line.
Cell
This is the data packet unit that ATM transmits. One cell consists of 53 bytes.
Circuit Switched Network
This is a network that sets up a temporary physical circuit when a telephone receiver is picked up (goes off hook) and holds the circuit open until it receives a disconnect signal.
Circuit Switching
This is the use of switches to set up a dedicated physical connection between two endpoints until it receives a disconnect signal.
Class 5 Switch
This is a PSTN (Public Switched Telephone Network) switch in a CO.
CLEC
A Competitive Local Exchange Carrier is a Local Exchange Carrier (LEC) that competes with the market leading or Incumbent LEC (ILEC). This type of carrier may offer Internet Access, video on demand/cable TV, long distance or local exchange service. It also includes wireless (cellular/PCS) providers.
Coaxial Cable
This type of cable has a braided copper shield that surrounds a single insulated copper wire.
Compression
This is a method of reducing the size of a signal.
Console
This is a device (usually a computer) that you use to manage a networking device via a serial port (RS232) connection.
Core Network
This refers to switching offices and the transmission plants that link them together. Competing Interchange networks connect Core Networks in the US, while in other countries, the Core Networks reach to the borders of the country they are in.
DHCP Server
This is a device that uses DHCP (see DHCP) to assign addresses to nodes on a LAN.
Dial Backup
Dial backup is an auxiliary WAN connection that you can use if your primary WAN link goes down.
Dial Up
This is the process of setting up a connection through a switched network. It also describes a type of Internet service where you have to connect (like a call) to your ISP for each session.
Bandwidth-on-demand
This allows you to dynamically set upstream and downstream line speeds to a particular rate of speed.
bps
This is a standard measurement of digital transmission speeds.
Bps
This is a standard measurement of digital transmission speeds. One byte is eight bits.
CIR
The carrier programs virtual circuits into the network between your sites and charges customers for a specific level of service called the committed information rate (CIR). The CIR is a negotiated rate and is basically a guarantee that the carrier will always have that bandwidth available.
Daylight-savings Time
This is a period during the late spring, summer and early fall when many countries set their clocks ahead of normal local time by one hour to give more daylight time in the evenings.
Device Filter Rules
Device filter rules are filter rules that treat a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
Cleared Alarms
An administrator clears an alarm after solving its cause. When an alarm is cleared, it is removed from the current alarm screen and becomes an historical alarm.
COM Port
The communications port is used for local management of the device. In some devices, it may also be used for uplinking.
Auxiliary Port
This port can be used as a traditional dial-up connection in reserve if ever the broadband connection to the WAN port fails. See also Dial Backup.
Downlink Port
This port connects to the uplink port of another device when the devices are cascaded. Also known as a subtending port.
Subtending Port
This port connects to the uplink port of another device when the devices are cascaded. Also known as a downlink port.
Hello Time
In RSTP (or STP), this is the time interval in seconds between tree configuration messages generated by all devices in RSTP or the root device in STP.
Dual Firmware Block Structure
Devices with a “dual firmware block structure” have one “main block” and another “backup block”. You can save the current firmware into the backup block before you upload new firmware. If the firmware in the main block gets corrupted, the device tries to boot from the backup block automatically so the service is not interrupted.
E1
This is the European basic multiplex rate which packs 30 voice channels into a 256 bit frame and transmits at 2.048 Mbps.
EIR
This is the burst capability of the connection, for instance, the maximum allowable data transfer rate.
Filters
Filters tell a device whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering.
Hop Count
Hop count is a measure of distance between two points on the Internet. It is equivalent to the number of gateways that separate the source and destination.
IP Multicast
Traditionally, IP packets are transmitted in one of either two ways - Unicast (one sender to one recipient) or Broadcast (one sender to everybody on the network). IP Multicast is a third way to deliver IP packets to a group of hosts on the network - not everybody.
NAT - Global
This refers to the packet address (source or destination) as the packet travels on the WAN.
NAT - Inside
This refers to the host on the LAN.
NAT - Local
This refers to the packet address (source or destination) as the packet travels on the LAN.
NAT -Outside
This refers to the host on the WAN.
NAT Server Set
A NAT server set is a list of inside servers (behind NAT on the LAN) that you can make visible to the outside world.
PTT
PTT is a generic European name that usually refers to state-owned telephone companies.
RS-232
RS-232 is an EIA standard which is the most common way of linking data devices together.
T1
A T1 line consists of 24 voice channels packed into a 193 bit frame and transmitted at 1.544 Mbps. The unframed version, or payload, is 192 bits at a rate of 1.536 Mbps.
Bandwidth Control
Bandwidth control means defining a maximum allowable bandwidth for traffic flows from specified source(s) to specified destination(s). See also Bandwidth Management.
TCP/IP Filter Rules
TCP/IP filter rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Telco
The generic name for telephone companies throughout the world.
UNI
User Network Interface defines the connection between user equipment and the Frame Relay network, for instance, if your device is connected to a service provider.
VC
A series of virtual paths between circuit end points. This is a logical link that behaves like a dedicated point-to-point line.
Filter rules
Filters decide whether or not to allow passage a data packet and/or make a call. There are two types of filter applications: data filtering and call filtering. Data filtering screens data to determine if the packet should be allowed to pass. Call filters prevent packets from triggering calls.
GGP
Gateway-to-Gateway Protocol is an Internet protocol that specifies how gateway routers communicate with each other.
Network contention
Network contention describes a situation when two or more networked devices attempt to use the same medium simultaneously.
DHCP Relay
Dynamic Host Configuration Protocol Relay is a function that allows DHCP data to be forwarded between the computer that requests the IP address and the DHCP server.
PPPoA
One of the two types of PPP interfaces you can define for a Virtual Circuit(VC), the other being PPPoE. You can only define one PPPoA per VC.
Switch
A layer-2 network device that selects a path or circuit to send a data packet through.
Latency
The time it takes for a bit to be transmitted from source to destination.
Virtual Channel
A logical connection between ATM switches.
Virtual Path
A bundle of virtual channels.
Broadcast
Sending data to all computers on a network.
RADIUS
A RADIUS (Remote Authentication Dial-In User Service)(RFC2138, 2139) server performs authentication, authorization and accounting for a network.
Antenna
An antenna acts as a radiator that propagates a radio frequency signal from a wireless device through the air. An antenna also works in reverse by capturing signals from the air.
Coverage
Coverage, or range, is the distance over which wireless devices can communicate.
WEP
WEP (Wired Equivalent Privacy) encrypts data transmitted between wired and wireless networks to keep the transmission private.
Loop
A data path loop forms when there is more than one path or route between two networked devices. A loop in a network may result in a broadcast storm.
Broadcast Storm
A broadcast storm occurs when a packet triggers multiple responses from all hosts on a network or when computers attempt to respond to a host that never replies. As a result, duplicated packets are continuously created and circulated in the network, thus reducing network performance or even rendering it inoperable.
Spanning Tree Algorithm
The spanning-tree algorithm calculates the best loop-free path throughout a switched network.
Set-top Box
A set-top box is a device that provides services such as High Definition Television (HDTV), content decryption, personal video recorder, electronic programming guide, VoIP, Web browsing and interactive television features.
Acknowledged Alarms
This means that an administrator has decided to handle the cause of this alarm. Other administrators see that person’s name in their alarm screen, thus avoiding duplicate effort to solve the same problem.
Active Alarms
“Active” is the initial state of an alarm, which means the alarm is new and an administrator is yet to assume responsibility for handling it.
A-end (IPSec)
This is the end of a VPN tunnel opposite the Z-end (see also Z-end).
Auto-crossover
An auto-crossover Ethernet port enables you to use either a crossover Ethernet cable or a straight-through Ethernet cable to connect your device to either a computer or external hub. In other words these ports automatically adjust according to the type of cable so that either straight-through Ethernet cable or crossover Ethernet cable may be used.
Band Plan (VDSL)
Each VDSL mode operates in a different frequency range called a band plan.
Bridge Priority
RSTP (or STP) uses bridge priority to determine the root device, root port and designated port. The device with the highest priority becomes the STP root device. If all devices have the same priority, the device with the lowest MAC address will then become the root device.
Max Age
In RSTP (or STP), this is the maximum time (in seconds) a device waits without receiving a configuration message before attempting to reconfigure.
BPDU
RSTP (or STP)-aware devices periodically exchange configuration messages called Bridge Protocol Data Units (BPDUs). When the bridged LAN topology changes, a new spanning tree is constructed.
MDI/MDIX
MDI (Medium Dependent Interface)/MDIX (MDI crossover) is a type of Ethernet port. MDI ports connect to MDIX ports using straight-through Ethernet cables; both MDI-to-MDI and MDIX-to-MDIX connections use crossover Ethernet cables.
SPQ
Strict Priority Queuing (SPQ) services queues based on priority only. As traffic comes into the switch, traffic on the highest priority queue is transmitted first. When that queue empties, traffic on the next highest-priority queue is transmitted until that queue empties, and so on. If higher priority queues never empty, then traffic on lower priority queues never gets sent. See also Queuing Algorithms.
Path Cost
In RSTP (or STP), path cost is the cost of transmitting a frame onto a LAN through that port. It is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost.
STUN
STUN allows a device to find the public IP address assigned by a NAT router and/or a firewall between it and the public Internet. See RFC 3489 for details on STUN.
Management VID
Management VLAN ID is the VLAN ID of the CPU and is used for management only. To access the switch make sure the port that you are connected to is a member of Management VLAN.
Reset Button
This hardware button is used to restore the factory default settings.
Reverse Engineering
Reverse engineering means analyzing software, firmware, or hardware to find out how it works.
Root Bridge
In RSTP (or STP), the root bridge is the base of the spanning tree; it is the bridge with the lowest identifier value (MAC address).
Subnetting
With subnetting, the class arrangement of an IP address is ignored. For example, a class C address no longer has to have 24 bits of network number and 8 bits of host ID. With subnetting, some of the host ID bits are converted into network number bits.
UID
User IDentification is equivalent to your user name. Usually a password is associated with a UID or user name.
Uplink Port
This port connects to an external switching hub, router or server.
Z-end (IPSec)
This is the end of a VPN tunnel opposite the A-end (see also A-end).
Local Loopback Test
A local loopback test is used to check the device's DSL chip. A local loopback test failure indicates an internal device problem.
Remote Loopback Test
A remote loopback test is used to test the connection between two DSL devices. The local device sends an Ethernet frame to the other (remote) DSL device and checks for it to be returned.
Port Bonding
This is the aggregation of separate physical DSL port links into one logical link; for example, three SHDSL links of 2.3 Mbps can be aggregated into one logical 6.9 Mbps link.
Port Trunking
This is the aggregation of separate physical port links into one logical link; for example, two fast Ethernet links can be aggregated into one logical 200 Mbps link.
Dotted-decimal Notation
This is the writing out of a decimal number (base-10) using periods (dots or decimals) to separate it into parts. This is commonly used for IP addresses, such as 192.168.1.1. Also referred to as dot-decimal format.
Dot-decimal Format
See dotted-decimal notation.
Jam Signal
In Ethernet networks, when a transmitting station detects a collision, it stops transmitting and sends a 32-bit jam sequence to inform other stations to (momentarily) stop transmitting so that it can transmit.
Hexadecimal Notation
Hexadecimal notation is a base-16 number as opposed to decimal (base-10) or binary (base 2). This number representation uses 0-9 along with the letters a-f to represent the (decimal) numbers 10 to 15. The right-most digit represents ones, the next represents multiples of 16, then 16 squared (256), 16 cubed (4096) and so on. MAC addresses are usually written in hexadecimal notation, for example 00:a0:c5:01:23:43.
Back Pressure Flow Control
Back Pressure flow control is typically used with Ethernet ports operating in half duplex mode to send a “collision” signal to the sending port (mimicking a state of packet collision) causing the sending port to temporarily stop sending signals and resume sending them later.
Flow Control
Flow control is used to manage the sending of traffic so the sending device does not transmit more than the receiving device can process. This helps prevent traffic from being dropped and having to be resent. See also IEEE802.3 Flow Control and Back Pressure Flow Control.
IEEE802.3 Flow Control
IEEE802.3 flow control is typically used with Ethernet ports operating in full duplex mode to send a pause signal to the sending port, causing it to temporarily stop sending signals when the receiving port’s memory buffers are full.
UTC
UTC is a standard time for use around the world (formerly known as Greenwich Mean Time or GMT). UTC is an international abbreviation that is neither French nor English. It means both "Temps Universel Coordonné" and "Coordinated Universal Time".
OAM F5 Loopback Test
An Operational, Administration and Maintenance Function 5 test is used to test the connection between two DSL devices. First, the DSL devices establish a virtual circuit. Then the local device sends an ATM F5 cell to be returned by the remote DSL device (both DSL devices must support ATM F5 in order to use this test).
Daisychain
In networking, to daisy chain devices it to connect them to each other in a series (cascaded). See also Subtending Port.
ADSL2
ADSL2 (ITU G.992.3 and G.992.4) offers improved performance and interoperability over ADSL. Key improvements are enhanced data rates, loop reach, diagnostics, rate adaptation and power management.
NAT Traversal(VPN/IPSec)
NAT traversal allows IPSec tunnels using the ESP protocol to pass through NAT-enabled routers.
ID Content
In IPSec, the ID type and ID content identify an individual Security Association (SA). The ID type can be a domain name, an IP address or an e-mail address. The ID content is the IP address, domain name, or e-mail address.
SNR
Signal-to-Noise Ratio (SNR) is the ratio of the amplitude of the desired (DSL) signal to the amplitude of noise signals at a given point in time. The higher the SNR number, the better the line quality.
Tx KB/s
This is the number of kilobytes per-second transmitted on an interface.
Rx KB/s
This is the number of kilobytes per-second received on an interface.
Rx CRC
This is the number of frames received on this interface with CRC (Cyclic Redundant Check) error(s).
ID Type
In IPSec, the ID type and ID content identify an individual SA. The ID type can be a domain name, an IP address or an e-mail address. The ID content is the IP address, domain name, or e-mail address. When used with aggressive negotiation mode, the ID type and content allow an IPSec router to distinguish between SAs that connect from IPSec endpoints with dynamic IP addresses. For example, several telecommuters with dynamic IP addresses can use separate passwords to simultaneously connect to an IPSec router. With main negotiation mode, the ID type and content act as an extra level of identification for incoming SAs.
Fragment
These are packets less than 64 octets long, and with either CRC (Cyclic Redundant Check) or alignment error(s).
Jabber
These are packets that are greater than the maximum octets (specified for the system by the configuration software) long and with either CRC or alignment error(s).
MSE
Minimum Square Error (MSE) is the minimum mean-square error (also known as MMSE) performance measure is a popular metric for optimal signal processing.
Auto-MDI/MDIX
Auto-MDI (Medium Dependent Interface)/MDIX (MDI crossover) is an Ethernet port feature that automatically adjusts to crossover or straight-through Ethernet cable so you can use either to connect your device to a computer or a switch/external hub. See also auto-crossover.
Broadcast Storm Control
Broadcast Storm Control limits the number of broadcast frames that can be stored in the switch buffer or sent out from the switch within a certain time. Broadcast frames that arrive when the buffer is full are discarded.
802.1x
See IEEE 802.1x.
Octet
In computer networking an octet is an 8-bit binary digit (byte).
Port Security
Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the switch.
CON/AUX Switch and Port
Set the CON/AUX switch to the “CON” side when using the CON/AUX port as a regular console port for local device configuration and management. Set this switch to the “AUX” side when using the CON/AUX port as an auxiliary dial-up WAN connection.
Dynamic Link Aggregation
The IEEE802.3ad standard describes Link Aggregate Control Protocol (LACP), which is a protocol that dynamically creates and manages trunk groups. When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote end of a link to establish trunk groups. LACP also allows port redundancy, that is, if an operational port fails, then one of the “standby” ports becomes operational without user intervention.
LACP
The IEEE802.3ad standard describes Link Aggregate Control Protocol (LACP), which is a protocol that dynamically creates and manages trunk groups. When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote end of a link to establish trunk groups. LACP also allows port redundancy, that is, if an operational port fails, then one of the “standby” ports becomes operational without user intervention.
MIB
A Management Information Base (MIB) is a collection of managed objects. The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as the number of packets received, node port status and so on.
NAT Traversal (UPnP)
UPnP NAT traversal automates the process of allowing an application to operate through NAT. UPnP network devices can automatically configure network addressing, announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions.
Port Mirroring
Port mirroring allows you to copy traffic from one port to another port in order to examine the first port’s traffic without interfering with it.
Rate Adaption
Rate adaption is the ability of the device to adjust the configured transmission rate to the attainable transmission rate automatically depending on your telephone line quality.
Service Access Control
Service Access Control allows you to decide what services may access the ZyXEL device. You may also choose to allow only clients with specific IP addresses to use a service to access the ZyXEL device.
Trunking
Trunking (link aggregation) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports of for example, if it is cheaper to use multiple lower-speed links than to under-utilize a higher-speed, but more costly, port link. However, the more ports you aggregate to get higher bandwidth then the fewer available ports you have.
UPnP
Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP-enabled device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
EAP-TLS
EAP-TLS (Extensible Authentication Protocol -Transport Layer Security) authentication uses digital certifications for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created.See also EAP and EAP-TTLS.
Digital Certificate
A digital certificate is an electronic ID card that proves the sender’s identity. A digital certificate is issued by a certificate authority.
EAP-TTLS
EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Service) authentication is a type of mutual authentication where just the server sends a digital certificate to identify itself to the clients. See also EAP and EAP-TLS.
Linux
Linux is a free, open-source UNIX-type operating system.
Cracking
This is the act of breaking into computers, bypassing passwords or licenses in a computer program or intentionally breaching computer security.
Mirror Port
This is a port that copies the network traffic of another port for the purpose of analyzing the network traffic. This is also known as the sniffer port or the analysis port.
Monitor Port
This is a port whose traffic is duplicated and analyzed by a sniffer port. This is also known as the source port.
WFQ
Weighted Fair Queuing (WFQ) services queues based on their priority and queue weight. Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues. See also Queuing Algorithms.
Cluster Management
Cluster management allows you to manage switches through one switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.
Cluster Manager
The cluster manager is the switch through which you manage the cluster member switches.
Cluster Members
The cluster members are the switches being managed by the cluster manager switch.
Clustering Candidates
Clustering candidates are switches that are potential cluster members.
Filtering Database
The filtering database shows how frames are forwarded or filtered across a switch’s ports. The switch uses the filtering database to determine how to forward frames.
CLI
In this interface, you can use line commands to configure the device or perform advanced device diagnostics and troubleshooting.
WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. WPA encrypts data by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. See also WPA-PSK (WPA -Pre-Shared Key).
WPA-PSK
WPA-PSK (WPA -Pre-Shared Key) requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a client will be granted access to a WLAN. See also WPA.
TKIP
Temporal Key Integrity Protocol (TKIP) is an encryption protocol that uses 128-bit keys that are dynamically generated and distributed by the authentication server. TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice.
MIC
Message Integrity Check (MIC, also named Michael) is a function designed to detect if someone has covertly altered data packets. The receiver and the transmitter each compute and compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
Wireless Client Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA.
ISO
The International Organization for Standardization is based in Geneva and is responsible for a wide range of standards including ones that apply to networking.
Bridge Mode
An AP in bridge mode can function as a wireless network bridge allowing you to connect two wired network segments. The peer device also must be in bridge mode. This wireless bridge connection is equivalent to a Wireless Distribution System (WDS). See also WDS.
Channel
A channel is a radio frequency used by a wireless device. Channels available depend on your geographical area.
ESS ID
An Extended Service Set (ESS) is a group of access points connected to a wired LAN on the same subnet. An ESS ID uniquely identifies each group. All access points and their associated wireless stations in the same group must have the same ESSID.
Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size that can be sent in a wireless network before the AP fragments the packet into smaller data frames.
IBSS
An IBSS, also called an Ad-hoc network, is defined as two or more computers with wireless adapters within range of each other that form an independent (wireless) network without the need of an access point (AP).
Multi-ESS
Multiple ESS is a function that allows multiple ESSs to be configured on just one access point. Wireless stations can use different ESSIDs to associate with the same AP. Only wireless stations with the same ESSID can communicate with each other. This allows the AP to logically group wireless stations in a manner similar to VLAN (Virtual LAN).
PoE
PoE is the ability to provide power to a PoE-enabled device via an 8-pin CAT 5 Ethernet cable, eliminating the need for a nearby power source.
WDS
A Distribution System (DS) is a wired connection between two or more APs, while a WDS is a wireless connection. An AP using WDS can function as a wireless network bridge allowing you to wirelessly connect two wired network segments.
Hotspot
Hotspots are public areas, such as airports, hotels, coffee shops, where end users can access the Internet via a mobile device.
Immediate Dial
Immediate dial allows you to make a phone make call immediately after you press a certain key (for instance the # key).
Portal Page
A portal page is the first web site to which a subscriber is directed after logging in successfully.
Walled Garden
This is a list of web site address(es) which all users can access without logging in.
PMS
PMS is an automated billing system commonly used by hotels to perform in-room billing of services.
Account Generator Printer
When connected to an Internet service gateway device, an account generator printer allows you to create and print out subscriber accounts automatically. The account generator printer is also known as the statement printer.
Statement Printer
See account generator printer.
Billing Profile
A billing profile is a template of predefined billing parameters such as time unit, unit cost and/or account expiration time.
Passphrase
A passphrase is a string of text used for automatic WEP key generation on wireless client adapters.
BLES
Broadband Loop Emulation Service (Voice over DSL, TR-039 Annex A) is a DSL forum standard that provides architectural requirements and recommendations for using the Loop Emulation Standard (see LES) to deploy voice services on a DSL broadband access network.
Call Waiting
Call waiting allows you to place a call on hold while you answer another incoming call on the same telephone (directory) number.
CAS
In telephone networks that use CAS (Channel Associated Signaling), each channel carries both the control signal and voice signal. CAS is commonly used in America.
CCS
In telephone networks that use CCS (Common Channel Signaling), one channel carries the control signal and a separate channel carries the voice signal. CCS is commonly used in Europe.
Comfort Noise
Comfort noise is the background noise a device generates to fill moments of silence when the other device in a call stops transmitting because the other party is not speaking (as total silence could easily be mistaken for a lost connection). See also VAD.
Flash
Flashing means to press the telephone’s hook for a short period of time (a few hundred milliseconds) before releasing it. On newer telephones, there should be a “flash” key (button) that generates the signal electronically.
LES
Loop Emulation Standard is an ATM forum specification for sending voice traffic over ATM Adaptation Layer type 2 (AAL2).
Message Waiting
Message waiting notifies you when a voice message arrives. The details of the message waiting feature depend on your telephone and your voice mail service.
Metering Pulse
A metering pulse is a periodic signal that the telephone company’s switch sends to a telephone during a call in order to measure the length of the call for billing purposes.
Off Hook
Off hook means that the telephone is in use.
On Hook
On hook means that the telephone is not in use.
Three Way Calling
Three way calling allows you to add a third party to an existing call. You must subscribe to your telephone company for this service.
Tip/Ring Polarity Reversal
A twisted pair telephone wire consists of one tip wire and one ring wire. The polarity on the tip and ring wires gets reversed according to the requirements of a country’s telephone system.
VAD
Voice Activity Detection (or silence suppression) allows a device to reduce a call’s bandwidth by only transmitting when you are speaking. See also Comfort Noise.
VMoA
Voice and Multimedia over ATM is an ATM forum standard for sending voice and multimedia signals across a network as ATM cells. The voice and multimedia signals are carried over AAL-2.
VoATM
Voice over ATM is an ATM forum standard for sending a voice signal across a network as ATM cells. The voice signal is carried over AAL-2.
VoDSL
Voice over Digital Subscriber Line is the sending of a voice signal across a network as ATM cells. The voice signal is carried over AAL-2. This allows the combination of multiple voice/fax/modem lines and Internet access (data) on a single DSL line. The data signal is carried over AAL-5.
VoIP
Voice over Internet Protocol is the converting of the voice signal to data (IP) packets and then sending the packets over an IP network.
IEEE 802.1p
IEEE 802.1p Priority defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service.
MAC Filtering
Media Access Control filtering filters incoming frames based on MAC (Media Access Control) address(es) that you specify.
Static MAC Address Forwarding
A static MAC address entry is an address that you manually enter into the MAC address-learning table. Static MAC addresses do not age out. This may reduce unicast flooding. The devices with MAC addresses on this list cannot receive traffic on another port on the device.
AES
Advanced Encryption Standard is method of data encryption that uses a secret key. AES may use a 128-bit, 192-bit or 256-bit key. AES is faster than 3DES.
Bandwidth Management Lite
Bandwidth management lite uses firewall rules to limit bandwidth on traffic flows.
Binary PKCS#7
Binary PKCS#7 is a standard that defines the general syntax for data (including digital signatures) that may be encrypted.
Binary X.509
Binary X.509 is an ITU-T recommendation that defines the formats for X.509 certificates.
Certificates
Certificates (also called digital IDs) can be used to authenticate users. Certificates are based on public-private key pairs. They provide a way to exchange public keys for use in authentication.
CA
A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner.
Certification Path
A certification path is the hierarchy of certification authority certificates that validate a certificate.
Certification Request
A certification request contains identifying information and public keys. You can send a certification request to a certification authority. The certification authority signs the certification request and issues a certificate.
CMP
Certificate Management Protocol (CMP) is a TCP-based certificate enrollment protocol that was developed by the Public Key Infrastructure X.509 working group of the Internet Engineering Task Force (IETF) and is specified in RFC 2510.
CRL
A CRL (Certificate Revocation List) is a directory of certificates that have been revoked before their scheduled expirations.
HTTPS
HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL is a web protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed).
LDAP
LDAP (Lightweight Directory Access Protocol) is a protocol over TCP that specifies how clients access directories of certificates and lists of revoked certificates.
MD5 Fingerprint
A MD5 fingerprint is a certificate’s message digest that was calculated using the MD5 algorithm. See also message digest.
PEM (Base-64) encoded PKCS#7
PEM (Base-64) encoded PKCS#7 is a Privacy Enhanced Mail (PEM) format that uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form.
PEM (Base-64) encoded X.509
PEM (Base-64) encoded X.509 is a Privacy Enhanced Mail format that uses 64 ASCII characters to convert a binary X.509 certificate into a printable form.
PKI
PKI (Public-Key Infrastructure) is the framework of servers, software, procedures and policies that handles (public-key cryptography) keys.
PKIX
Public-Key Infrastructure (X.509) refers to an IETF working group and the protocols and architecture that it has drafted based on X.509.
RSA
RSA is a public-key encryption and digital signature algorithm.
SCEP
Simple Certificate Enrollment Protocol (SCEP) is a TCP-based certificate enrollment protocol that was developed by VeriSign and Cisco.
Self-signed Certificate
A self-signed certificate is one that you generate on a device. The device acts as the certification authority and signs the certificate itself.
SHA1 Fingerprint
A SHA1 fingerprint is a certificate’s message digest that was calculated using the SHA1 algorithm. See also message digest.
Message Digest
A message digest is the fixed-length encrypted output that is the result of applying a hash to plain text input. The message digest functions as a digital fingerprint of the original message. A message digest provides a way to check the integrity of a message. If someone changes the original message, it produces a different message digest. See also Hash.
X.509
X.509 is a recommendation that defines formats for certificates and CRLs. It was issued by the ITU-T.
X-Auth
X-Auth (Extended Authentication) provides added security for VPN by requiring each VPN client to use a username and password.
VLAN Trunking
VLAN trunking on a port allows traffic belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices.
Transceiver
A transceiver houses both a transmitter and a receiver.
GBIC
A GBIC is a transceiver that changes optical signals to electric currents and vice versa, with a one gigabit per second (1 Gbps) or higher data transfer rate. Commonly used to connect Ethernet and fiber optic networks.
Mini GBIC
A Mini Gigabit Interface Converter complies with the Small Form-factor Pluggable (SFP) Transceiver MultiSource Agreement (MSA). See the SFF committee’s INF-8074i specification Rev 1.0 for details. See also GBIC.
DHCP Relay Agent Information (Option 82)
This feature has a device add information to client TCP/IP configuration requests that it relays to a DHCP server. The information details where on the device the request was received (such as the slot ID, port number and VLAN ID) and helps the DHCP server authenticate the source of the DHCP requests. Option 82 allows you to specify a string of additional information for the device to add.
RSTP
Rapid Spanning Tree Protocol (IEEE 802.1w) is an evolution of STP that provides faster tree reconfiguration. RSTP is backwards compatible with STP.
Forward Delay
In RSTP (or STP), this is the maximum time (in seconds) a device waits before changing states. This delay is required because every device must receive information about topology changes before it starts to forward frames.
iStacking
See cluster management.
MAC Count Filter
MAC count filtering limits the number of MAC addresses (see MAC) that may be dynamically learned or statically configured on a port.
Multiple PVC
Some DSLAMs support more than one Permanent Virtual Circuit per DSL port. The PVCs can be used in providing different services to subscribers.
Traffic Shaping
Traffic shaping is an ATM network’s built-in traffic management. It is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. Traffic shaping helps fine-tune the levels of services based on the priority of the traffic flow.
ABR
Available Bit Rate is an ATM traffic class that provides a minimum amount of bandwidth and allows the use of more if it is available. ABR is used for bursty data traffic. End devices using ABR get feedback from the network and can use flow-control to dynamically adjust transmission rates. See also RM.
RM
Resource Management cells are used in ABR (see ABR) to send feedback information from the connection’s destination and/or intervening network switches to the connection’s source.
NRM
With ABR, the Number of Resource Management (NRM) is the maximum number of cells a source may send for each RM cell that it sends.
MCR
Minimum Cell Rate is the minimum rate at which the sender can send cells and applies with the ABR ATM traffic class (see ABR).
PCR
In ATM, the Peak Cell Rate is the maximum rate at which the sender can send cells. This parameter may be set lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed because it depends on the line speed.
SCR
In ATM, the Sustained Cell Rate is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR (see PCR).
MBS
In ATM, the Maximum Burst Size is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again (see PCR).
CDVT
In ATM, the Cell Delay Variation Tolerance is the accepted tolerance of the difference between a cell’s transfer delay and the expected transfer delay. CDVT controls the time scale over which the PCR is enforced. CDVT is used to determine if a cell arrived too early in relation to the PCR (see PCR).
BT
In ATM, the Burst Tolerance is the maximum number of cells that the port is guaranteed to handle without any discards. BT controls the time scale over which the SCR is enforced. BT is used to determine if a cell arrived too early in relation to SCR. Use this formula to calculate BT: (MBS – 1) x (1 / SCR – 1 / PCR) = BT. (See SCR, MBS and PCR).
TAT
In ATM, the Theoretical Arrival Time is the time when the next cell is expected to arrive. TAT is calculated based on the PCR or SCR. See PCR and SCR.
DiffServ
Differentiated Services is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow.
DSCP
The DiffServ Code Point value determines the forwarding treatment (or PHB) that each packet gets across the DiffServ network.
PHB
Per-Hop Behavior is the forwarding treatment that each packet gets across a DiffServ network.
VRRP
Virtual Routing Redundancy Protocol, defined in RFC 2338, allows you to create redundant backup gateways to ensure that the default gateway of a host is always available.
Virtual Router
In VRRP, a virtual router (VR) represents a number of physical layer-3 devices.
Advertising Interval
In VRRP, this is the time interval between sending the Hello messages.
DVMRP
DVMRP is a protocol used for routing multicast data within an autonomous system (AS).
DVMRP Probe
DVMRP probes are used to discover DVMRP neighbors on a network.
DVMRP Report
DVMRP reports contain DVMRP source routing information.
DVMRP Prune
DVMRP prunes trim the multicast delivery tree(s).
DVMRP Graft
DVMRP grafts attach a branch back onto the multicast delivery tree.
Multicast Delivery Tree
In DVMRP, multicast packets are forwarded along the multicast delivery tree branches. DVMRP dynamically learns host membership information using Internet Group Multicast Protocol (IGMP). The trees are updated dynamically to track the membership of individual groups.
OSPF
OSPF is a link-state protocol designed to distribute routing information within an autonomous system (AS).
AS
An autonomous system (AS) is a collection of networks using a common routing protocol to exchange routing information.
Area
In OSPF, an area is a logical grouping of adjacent networks. All areas are connected to a backbone (also known as area 0).
Backbone
In OSPF, the backbone is the transit area to route packets between two areas. The backbone is also known as area 0.
Stub Area
In OSPF, a stub area, at the edge of an AS, is not a transit area since there is only one connection to the stub area.
Internal Router
In OSPF, an Internal or intra-area router is a router in an area.
ABR
In OSPF, an Area Border Router connects two or more areas.
BR
In OSPF, a backbone router has an interface to the backbone.
AS Boundary Router
In OSPF, an AS boundary router exchanges routing information with routers in other ASes.
Link State Database
In OSPF, the link state database contains records of router IDs, their associated links and path costs. Each device can then use the link state database and Dijkstra algorithm to compute the least cost paths to network destinations.
OSPF Interface
An OSPF interface is a link between a layer 3 device and an OSPF network.
Virtual Link
In OSPF, a virtual link establishes/maintains connectivity between a non-backbone area and the backbone.
Link State Advertisement
Routers constantly send out Link State Advertisements (LSAs) to update the link state database in an OSPF network.
Routing Table
A routing table stores network and route information.
BPS
The backup power supply (BPS) constantly monitors the status of the internal power supply. The backup power supply automatically provides power to a device in the event of a power failure.
DMT
Discrete Multi-Tone (DMT) modulation allows a VDSL device to adapt to the bit rate based on the line condition.
Zero Configuration Internet Access
This feature allows a modem to automatically detect the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes.
Any IP
The Any IP feature allows a computer to access the Internet or a device without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the device are not in the same subnet.
Signature
A signature is a unique pattern that identifies a malicious program.
Computer Virus
A computer virus is a small program designed to corrupt and/or alter the operation of other legitimate programs.
P2P
Peer-to-Peer (P2P) is where devices link to each other without an intermediary and either device can initiate communications.
ADSL2+
ADSL2+ (ITU G.992.5) offers improved performance over ADSL2.
SRA
Seamless Rate Adaptation is an ADSL2+ feature that automatically adjusts the connection’s data rate according to line conditions without interrupting service.
Gateway Policy
A gateway policy identifies the IPSec routers at either end of a VPN tunnel and specifies the authentication, encryption and other settings needed to negotiate a phase 1 IKE SA.
Network Policy
A network policy identifies the devices behind the IPSec routers at either end of a VPN tunnel and specifies the authentication, encryption and other settings needed to negotiate a phase 2 IPSec SA.
E-mail Virus
E-mail viruses are malicious programs that spread through e-mail. These can infect your computer even if you do not read the e-mail messages.
RMON
Similar to SNMP, RMON (Remote Network Monitor) allows you to gather and monitor network traffic using an agent, known as a probe, which are software processes running on network
Bucket
A bucket is a set of data samplings on a device. When a bucket is filled, then the new data samplings overwrite the old ones.
Single Sign-On
This allows you to log on to multiple systems (such as e-mail, Internet access) with a single password/username pair.
H.323
H.323 is a standard teleconferencing protocol suite that provides audio, data and video conferencing. It allows for real-time point-to-point and multipoint communication between client computers over a packet-based network that does not provide a guaranteed quality of service.
CGI
Common Gateway Interface (CGI) allows a web server to obtain information from a database, documents or other programs and present the retrieved information to the subscribers.
NAI
Network Access Identifier (NAI) uniquely identifies a subscriber in an administrative network domain (or realm).
Backup Power Supply
This feature allows a device to monitor its power connection and automatically use another power connection in the event of a power failure.
Preamble
The preamble is a seven-byte field at the start of an Ethernet frame header that helps synchronize transmissions between the sender and receiver.
SFD
The Start Frame Delimiter is a one-byte field in an Ethernet frame that indicates the start of the frame.
CNM
Vantage Centralized Network Management is a software suite that allows you to manage many geographically dispersed ZyXEL devices from one location.
Product Serial Number
This is a unique multi-digit number found on the product label that identifies the product. You need this number to register your product.
Authentication Code
For hardware products this is the LAN MAC address of the device. For software products, it is a generated number that is displayed after you install the software. You need this number to register your product.
MyZyXEL.com
This is ZyXEL’s online services center where you can register products and manage product services. Software products must be activated before you can use them.
License Key
You purchase a license key in order to activate a service on a hardware product or activate a software product.
Activation Key
An activation key is a number generated at myZyXEL.com from the license key that represents a specific service.
Service Set Key
A service set key is a number generated at myZyXEL.com from the license key(s) that represents a set of services.
Alarms
Alarms are time-critical information that a device automatically sends out at the time of occurrence.
Logs
Logs are device information that a device is scheduled to send out.
Brute-Force Password Guessing Protection
This is a protection mechanism to discourage brute-force password guessing attacks on a device’s management interface. A wait-time must expire before entering the nth password after n-1 incorrect passwords have been entered.
Wireless Network Camera
This is a Web camera and surveillance device that includes audio capture, motion detection, and automatic wireless connection.
Xbox
This is Microsoft’s gaming console.
Xbox Live
This is Microsoft’s gaming service that lets you play multiplayer Xbox games through the Internet.
SIP
Session Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
eMule/eDonkey
These are programs that use peer-to-peer file sharing applications.
CoS
Class of Service is a form of priority queuing that promises a level of service to a client. CoS classifies packets by examining the packet parameters and placing the packets in queues of different priorities based on predefined criteria. QoS guarantees a level of network performance to meet these service agreements. See QoS.
Max. Frame Burst
Maximum Frame Burst sets the maximum time, in microseconds, that the ZyAIR transmits IEEE 802.11g wireless traffic only. This helps to eliminate collisions in mixed-mode networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks.
Preamble
A preamble is used to synchronize transmissions in a wireless network. The preamble type defines the length of the CRC (Cyclic Redundancy Check) block for communication between the device and roaming wireless stations. CRC is a common technique for detecting data transmission errors. See CRC.
IP Zero Length Attack
An IP Zero Length Attack is the flooding of the network by sending packets with zero data size.
Transparent Firewall
A transparent firewall, also known as a bridge firewall, is a device that can act as a bridge and also filter/inspect packets. You do not have to change other network settings when you add a transparent firewall to the network.
Load Balancing
Load balancing is the process of dividing traffic loads between interfaces (or ports). This improves quality of services and maximizes bandwidth utilization.
Available Bandwidth
In load balancing, available bandwidth is the actual bandwidth provided by the ISP.
Measured Bandwidth
In load balancing, measured bandwidth is the bandwidth an interface is currently using.
Upstream Bandwidth Utilization
In load balancing, upstream (outgoing) bandwidth utilization is the measured upstream throughput as a ratio of the available upstream bandwidth.
Downstream Bandwidth Utilization
In load balancing, downstream (incoming) bandwidth utilization is the measured downstream throughput as a ratio of the available downstream bandwidth.
Least Load First Algorithm
In load balancing, the least load first algorithm has the device send traffic through the interface with the lowest traffic loading.
Round Robin Algorithm
All elements in a group being equal, this is a method of providing resources to each element in turn. Each element gets an equal share of the resources. See also Weighted Round Robin Algorithm.
Weighted Round Robin Algorithm
The weighted round robin algorithm is similar to the round robin algorithm in that it provides resources to each element in turn. WRR also assigns a weight to each element. An element with a larger weight gets more of the resources than an element with a smaller weight. See also Round Robin Algorithm.
Spillover Algorithm
In load balancing, the spillover algorithm allows a device to send traffic through the primary interface until the maximum allowable bandwidth is reached, then the device sends excess traffic (new sessions) to the secondary interface.
Active/Passive (Fail Over) Mode
When a router with multiple WAN ports is in Active/Passive (fail over) operation mode, the router uses the second highest priority WAN port as a back up. The router will normally use the primary WAN and only uses the second highest priority WAN port when the primary WAN port's connection fails.
Active/Active Mode
When a router with multiple WAN ports is in Active/Active mode, the router uses both of the WAN ports at the same time and allows you to enable load balancing. See also Load Balancing.
Address Record
An address record contains the mapping of a fully qualified domain name (FQDN) to an IP address.
FQDN
An FQDN consists of a host and domain name and includes the top-level domain. For example, www.zyxel.com.tw is a fully qualified domain name, where “www” is the host, “zyxel” is the second-level domain, and “com.tw” is the top level domain. mail.myZyXEL.com.tw is also a FQDN, where “mail” is the host, “myZyXEL” is the second-level domain, and “com.tw” is the top level domain.
Name Server Record
A name server record contains a DNS server’s IP address.
Domain Zone
A domain zone is a fully qualified domain name without the host. For example, zyxel.com.tw is the domain zone for the www.zyxel.com.tw fully qualified domain name.
DNS Cache
DNS cache is the temporary storage area where a router stores responses from DNS servers.
High Availability DNS
A DNS server maps a domain name to a port’s IP address. If that port loses its connection, high availability allows the router to substitute another port’s IP address for the domain name mapping.
Jumbo Frames
Jumbo frames are used to forward non-standard packet sizes on your network. These frames can deliver frames of up to 9216 bytes instead of standard Ethernet frames of 1522 bytes. Fewer packets are required for large data transfer, improving traffic throughput on the port. The peer device must also support non-standard packet traffic.
Access Control
Access control refers to procedures and controls that limit or detect access. Access control is used typically to control user access to network resources such as servers, directories, and files.
Anomaly Analysis
This detection system identifies “normal” traffic on a network, and then classifies anything “non-normal” to be an “intrusion”. Anomaly detection can recognize previously unseen attacks, since it is not reliant on knowing what an attack looks like. See also Heuristic Analysis, Protocol Decode, Protocol Anomaly Detection and Traffic Flow Anomaly.
API
An API is the specific method an application program uses to make requests of an operating system or another application program.
Back Door
A back door (also called a trapdoor) is hidden software or a hardware mechanism that can be triggered to gain access to a program, online service or a computer system. See also Trojan Horse.
Blaster W32.Worm
This is a worm that exploits the DCOM RPC vulnerability (see Microsoft Security Bulletin MS03-026 and Microsoft Security Bulletin MS03-039) using TCP port 135. The worm targets only Windows 2000 and Windows XP computers.
Boot Sector Virus
This type of virus infects the area of a hard drive that a computer reads and executes during startup. The virus causes computer crashes and to some extend renders the infected computer inoperable.
Buffer Overflow
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. The excess information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Intruders could run codes in the overflow buffer region to obtain control of the system, install a backdoor or use the compromised device to launch attacks on other devices.
DDoS
A DDoS attack is one in which multiple compromised systems attack a single target, thereby causing denial of service for users of the targeted system. See also DoS.
DoS
The goal of DoS attacks is not to steal information, but to disable a device or network on the Internet. See also DDoS.
Intrusion Policy ID
An intrusion policy ID identifies a unique intrusion signature.
File Infector
This is a small program that embeds itself in a legitimate program. A file infector is able to copy and attach itself to other programs that are executed on an infected computer.
Heuristic Analysis
Heuristic-based signatures use algorithms based often on statistics to judge whether a warning is warranted. An example of this type of signature is one that would be used to detect a port sweep. This signature might look for the presence of a threshold number of unique ports being probed on a particular device. See also Protocol Decode, Protocol Anomaly Detection and Traffic Flow Anomaly.
IDP
An IDP system can detect malicious or suspicious packets and respond.
IDP - Host
Host IDPs are directly on the system being protected. They work closely with the operating system of the device on which they’re installed.
IDP - Network
A Network IDP has at least two network interfaces, one internal and one external. As packets appear at an interface they are passed to the detection engine, which determines whether they are malicious or not. If a malicious packet is detected, an action is taken.
IDS
An Intrusion Detection System (IDS) can detect suspicious traffic, but does not take action against attacks. An IDS only raises an alert after the malicious payload has been delivered.
IIS
IIS is a group of Internet servers for Microsoft's Windows NT and Windows 2000 Server operating systems. IIS includes a set of programs for building and administering Web sites, a search engine, and support for writing Web-based applications that access databases.
IM
IM (Instant Messaging) refers to chat applications. Chat is real-time, text-based communication between two or more users via networked-connected devices.
Intrusions
Intrusions are attacks caused by malicious or suspicious packet(s) sent with the intent of causing harm, illegally accessing resources or interrupting service.
Intrusions - Host
The goal of host-based intrusions is to infiltrate files on an individual computer or server with the goal of accessing confidential information or destroying information on a computer.
Intrusions –Network
Network-based intrusions have the goal of bringing down a network or networks by attacking computer(s), switch(es), router(s) or modem(s). Host-based intrusions may be used to cause network-based intrusions when the goal of the host virus is to propagate attacks on the network, or attack computer/server operating system vulnerabilities with the goal of bringing down the computer/server. Typical “network-based intrusions” are SQL slammer, Blaster, Nimda, MyDoom etc.
IP Spoofing
IP spoofing is a technique used to gain unauthorized access to computers by tricking a router or firewall into thinking that the communications are coming from within the trusted network by modifying the packet headers.
Kernel
A kernel is the nucleus of a computer operating system, the core that provides basic services for all other parts of the operating system. See also Shell.
LAND Attack
In a LAND attack, hackers flood SYN packets into the network with a spoofed source IP address of the target system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.
Macro Virus
Macros are small programs that are created to perform repetitive actions. Macros run automatically when a file to which they are attached is opened. Macro viruses spread more rapidly than other types of viruses as data files are often shared on a network.
Mydoom
MyDoom W32.Mydoom.A@mm (also known as W32.Novarg.A) is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources
MySecurity Zone
http://www.mysecurity.zyxel.com is a web portal that provides security-related information for ZyXEL security products.
Nimda
This name ("admin” backwards) refers to an "admin.DLL" file that, when run, continues to propagate the virus. Nimda probes each IP address within a randomly selected range of IP addresses, attempting to exploit weaknesses thatare known to exist in computers with Microsoft's Internet Information Server.
Pattern Matching
Pattern matching identifies malicious code strings in a single packet.
OTIST
OTIST (One-Touch Intelligent Security Technology) allows you to transfer your AP’s SSID and WEP or WPA-PSK security settings to wireless clients that support OTIST and are within transmission range.
Ping Of Death
Ping of Death uses a "ping" utility to create and send an IP packet that exceeds the maximum 65,536 bytes of data allowed by the IP specification. This may cause systems to crash, hang or reboot.
Policy Severity
Intrusions are assigned a severity level from very low to severe. The intrusion severity level determines the default signature action applied.
Protocol Anomaly Detection
Protocol Anomaly Detection is an intrusion detection method that checks for RFC protocol violations.
Scan
Scan refers to all port, IP or vulnerability scans. Hackers scan ports to find targets. They may use a TCP connect() call, SYN scanning (half-open scanning), Nmap etc.
Shell
A shell is the outermost part of an operating system that interacts with user commands. See also Kernel.
Smurf Attack
A Smurf hacker floods a router with Internet Control Message Protocol (ICMP) echo request packets (pings). The destination IP address of each packet is the broadcast address of the target network, so the router will broadcast ICMP echo request packets to all hosts on that network.
Spam
Spam is unsolicited "junk" e-mail sent to large numbers of people to promote products or services.
SQL SLAMMER WORM
W32.SQLExp.Worm is a worm that targets the systems running Microsoft SQL Server 2000, as well as Microsoft Desktop Engine (MSDE) 2000.
Protocol Decode
Protocol decode also known as Protocol Anomaly Detection or Protocol Validation performs a full protocol analysis, decoding and processing the packet in order to highlight anomalies in packet contents. This is quicker than doing a search of a signature database. It is more flexible in capturing attacks that would be very difficult to catch using pattern-matching techniques, as well as new variations of old attacks, which would require a new signature in the database.
SSH
SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network.
Stateful Pattern Matching
Stateful pattern matching is an intrusion detection method based on reassembling a TCP stream to make the complete string available to the detection engine. It is based on the established session, rather than on a single packet. It stores all packets in a TCP stream and then searches for patterns across all packets.
Stealth
Stealth enabled on a port means that the device drops all incoming packets destined for the device received on that port with no response to the sender.
SYN Attack
A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer terminates the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable for legitimate users.
Syslog
An abbreviated form of System Log. Syslog logging sends a log to an external (syslog) server used to store and analyze logs.
Teardrop
The Teardrop program creates a series of IP fragments with overlapping offset fields. When these fragments are reassembled at the destination, some systems will crash, hang, or reboot.
Traceroute
Traceroute is a utility used to determine the path a packet takes between two endpoints.
Traffic Flow Anomaly
Traffic flow anomaly is an intrusion detection method where certain applications, for example, peer-to-peer applications, can be defined as “abnormal” and therefore an “intrusion”. See also Anomaly Analysis, Heuristic Analysis, Protocol Decode and Protocol Anomaly Detection.
Trojan
A Trojan horse is a harmful program that s hidden inside apparently harmless programs or data. See also Back Door.
Virus
A computer virus is a small program designed to corrupt and/or alter the operation of other legitimate programs.
Web Attack
A “web attack” refers to attacks on web servers such as IIS.
Worms
A worm is a program that is designed to copy itself from one computer to another on a network. A worm’s uncontrolled replication consumes system resources thus slowing or stopping other tasks.
SIP URI
A SIP URI is a complete SIP address (also called a SIP identity) consisting of a SIP number and a SIP service domain. See also SIP, SIP Number and SIP Service Domain.
SIP Number
A SIP number is the part of the SIP URI that comes before the “@” symbol. For example, if the SIP URI is 1122334455@VoIP-provider.com, then “1122334455” is the SIP number.
SIP Service Domain
A SIP service domain is the part of the SIP URI that comes after the “@” symbol. For example, if the SIP URI is 1122334455@VoIP-provider.com, then “VoIP-provider.com” is the SIP service domain.
SIP User Agent Server
A SIP user agent server can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol.
SIP Proxy Server
A SIP proxy server receives requests from clients and forwards them to another server.
SIP Redirect Server
A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server. Redirect servers do not initiate SIP requests.
SIP Register Server
A SIP register (or registrar) server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register.
RTP
When you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer. See RFC 1889 for details on RTP.
Full Cone NAT
In full cone NAT, all requests from the same private IP address and port are mapped to the same public source IP address and port. Someone on the Internet only needs to know the mapping scheme in order to send packets to a device behind the NAT router.
Restricted Cone NAT
Restricted cone NAT maps all requests from the same private IP address and port to the same public source IP address and port. A host on the Internet can only send a packet to the private IP address and port if the private IP address and port has previously sent a packet to that host’s IP address.
Port Restricted Cone NAT
Restricted cone NAT maps all requests from the same private IP address and port to the same public source IP address and port. A host on the Internet can only send a packet to the private IP address and port if the private IP address and port has previously sent a packet to that host’s IP address and port.
Symmetric NAT
Symmetric NAT maps requests from the same private IP address and port to a different public source IP address and/or port depending on the packet’s destination IP address. A host on the Internet can only send a packet to the private IP address and port via the specific public source IP address and port that were previously used in sending a packet from the private IP address and port to the host’s IP address and port.
PCM
Pulse Code Modulation measures analog signal amplitudes at regular time intervals and converts them into bits.
Codec
A codec (coder/decoder) codes analog voice signals into digital signals and decodes the digital signals back into voice signals.
G.711
G.711 is a Pulse Code Modulation (PCM) waveform codec. G.711 provides very good sound quality but requires 64kbps of bandwidth. G.711u is used mainly in North America and G.711a is used in most of the rest of the world. See also Codec.
G.729
G.729 is an Analysis-by-Synthesis (AbS) hybrid waveform codec that uses a filter based on information about how the human vocal tract produces sounds. G.729 provides good sound quality and reduces the required bandwidth to 8kbps.
DTMF
Dual-Tone MultiFrequency (DTMF) call setup signaling uses pairs of frequencies (one lower frequency and one higher frequency) to set up calls. It is also known as Touch Tone®. Each of the keys on a DTMF telephone corresponds to a different pair of frequencies.
Pulse Dialing
Pulse dialing call setup signaling sends a series of clicks to the local phone office in order to dial numbers.
G.168
G.168 is an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk.
PSTN Lifeline
The Public Switched Telephone Network lifeline feature lets you have VoIP phone service and analog phone service at the same time. You can receive incoming analog phone calls even while someone else is making VoIP phone calls. You can still make analog phone calls if the device loses power.
Dynamic Jitter Buffer
A dynamic jitter buffer helps smooth out the variations in delay (jitter) for voice traffic. This helps ensure good voice quality for your conversations.
N-wire Mode
The n-wire mode allows you to physically bundle two or four G.SHDSL ports into a single 4-wire or 8-wire G.SHDSL connection. This can increase the reach of G.SHDSL or give increased bandwidth when connecting to 4-wire mode G.SHDSL modems or another DSLAM.
SIP ALG
A SIP Application Layer Gateway (ALG) allows VoIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. When a VoIP device behind the ALG registers with the SIP register server, the ALG translates the device’s private IP address inside the SIP data stream to a public IP address.
RMA Number
Return Material Authorization (RMA) is a unique number that customer support assigns to a device returned for repair.
MAP
The Multimedia Auto Provisioner (MAP) is ZyXEL's hardware connection tutorial and Configuration Genie. See also Configuration Genie.
Configuration Genie
Configuration Genie is a program that helps you to configure your device for Internet access. It configures some settings automatically and may prompt you for others.
ZyXEL Utility (WLAN)
This is the name given to the configuration program for ZyXEL's wireless clients.
WFS
Weighted Fair Scheduling (WFS) is used to guarantee each queue’s minimum bandwidth based on its bandwidth weight (portion) when there is traffic congestion. WFS is activated only when a port has more traffic than it can handle. Queues with larger weights get more bandwidth than queues with smaller weights. Bandwidth is divided across the different traffic queues according to their weights.
WFS
Weighted Fair Scheduling (WFS) is used to guarantee each queue’s minimum bandwidth based on its bandwidth weight (portion) when there is traffic congestion. WFS is activated only when a port has more traffic than it can handle. Queues with larger weights get more bandwidth than queues with smaller weights. Bandwidth is divided across the different traffic queues according to their weights.
SP TPID
SP TPID (Service Provider Tag Protocol IDentifier) is the service provider VLAN stacking tag type. It is a standard Ethernet type code identifying the frame and indicates whether the frame carries IEEE 802.1Q tag information. TPID (Tag Protocol IDentifier) is an inner (VLAN) IEEE 802.1Q tag.
SP VID
In VLAN stacking, SP VID (Service Provider VLAN ID) is the outer VLAN tag.
EAP-SIM
Extended Authentication Protocol-Subscriber Identity Module (EAP-SIM) is an authentication protocol used to authenticate wireless clients with SIM cards. See also SIM.
Gigabit Ethernet
Gigabit Ethernet (IEEE 802.3z standard) uses Ethernet over copper technology to increase network data rates to 1 Gbit/sec. It uses standard 4-pair Category 5 copper cabling.
G-plus
G-plus is an enhancement to the IEEE 802.11g wireless standard. It increases wireless transmission speeds by allowing larger frames to be sent.
GSM
The Global System for Mobile communication (GSM) is a globally accepted standard for digital cellular communication. Mobile phones that use the GSM-based mobile phone network use SIM cards. See also SIM.
Layer-2 Isolation
Layer-2 isolation prevents wireless clients associated with an AP from communicating with other APs (on the same wired network) and their associated wireless clients.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implemented authentication protocol of IEEE 802.1x.
MBM
ZyXEL’s MBM (Media Bandwidth Management) allows you to allocate specific amounts of bandwidth capacity (bandwidth budgets) to outgoing traffic based on an application and/or subnet.
MS-CHAP-V2
Microsofts Challenge-Handshake Authentication Protocol (MS-CHAP-V2) is used to periodically verify the identity of a peer (station or other AP) through mutual authentication.
PEAP
PEAP (Protected Extensible Authentication Protocol) is an authentication protocol of IEEE 802.1x that uses certificates.
Print Server
A print server is a device or software that provides users on a network with shared access to one or more printers. The print server acts as a buffer, holding the information to be printed out until the printer becomes free.
SIM
A SIM (Subscriber Identity Module) is a mobile phone network card that holds subscriber information such as personal account details, address book and security settings. SIM cards can also be connected to computers and PDA’s (Personal Digital Assistants).
TMSS
TMSS (Trend Micro Security Services) identifies vulnerabilities and protects computers and networks that have Internet connections through a broadband router.
Classifier
In computer networking, a classifier groups traffic based on specific criteria such as the IP address, port or protocol, etc.
Out-of-band Management
Out-of-band management means accessing the management interface of a device through a management port. See also Management Port.
In-band Management
In-band management means accessing the management interface of a device through a network port that is not a management port.
Management Port
A management port is a dedicated port on a device for management purposes only. You cannot access the network through a management port.
Policy
A policy defines the action(s) to be performed on a traffic flow that has been classified. See also Bandwidth Management, Classifier, Firewall and VPN.
VLAN Stacking
VLAN stacking allows a service provider to distinguish multiple subscriber VLANs, even those with the same (subscriber-assigned) VLAN ID, within its network.
Anti-virus
Anti-virus features or software scan files and help stop viruses from infecting computer(s) on a network. See also host-based anti-virus and network-based anti-virus.
NAV
A network-based anti-virus (NAV) scanner is software on a gateway device that protects the network from virus attacks.
Annex L
Annex L is an addendum to the ADSL2+ standard (ITU G.992.5). Also known as Reach-Extended ADSL2 it allows increased ADSL2 connection distances.
Backplane
A backplane is a circuit board containing sockets into which other circuit boards or expansion cards can be inserted.
Intrusion Lock
Intrusion locking is a security feature that stops unauthorized access to a port. If a cable is disconnected from the port, intrusion locking blocks access once a cable is reconnected.
MAC Freeze
When you enable MAC freeze on a port, all MAC addresses that have been dynamically learned on a port are considered as “static” MAC address entries and have exclusive access to that port from that time on.
PMM
Power ManageMent (PMM) is an ADSL2 feature that manages transmission power based on line conditions.
WMM
Wi-Fi MultiMedia (WMM) is a part of the IEEE 802.11e QoS enhancement to the Wi-Fi standard that ensures quality of service for multimedia applications in wireless networks.
MX Record
A MX (Mail eXchange) record identifies a mail server that handles the mail for a particular domain.
PTR Record
A PTR (pointer) record is also called a reverse record or a reverse lookup record. It is a mapping of an IP address to a domain name.
CIR
The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.
PIR
The Peak Information Rate (PIR) is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion.
iCard
This is a card with the license key that allows you to activate services, such as content filtering, anti-virus, anti-spam and so on.
IGMP Filtering
The IGMP filtering feature controls which IGMP groups a subscriber on a port can join.
Spyware
Spyware is software that secretly gathers user information through the user's Internet connection without his or her knowledge. As spyware uses memory and system resources, it can lead to system crashes or general system instability. See also Adware.
Adware
Adware is either software that collects information about the user's web browsing patterns in order to display related advertisements or application software that has advertisements already embedded. See also Spyware.
Zombie
A zombie is a computer that is under the control of a hacker without the knowledge of the computer owner. Zombies could then be used to launch DoS attacks. See also DoS.
Stateful Inspection
Stateful inspection (also known as dynamic packet filtering) tracks each connection crossing the firewall and makes sure it is valid. Filtering decisions are based not only on rules but also context. For example, traffic from the WAN may only be allowed to cross the firewall in response to a request from the LAN. See also firewalls.
Rootkit
Rootkit is a type of malicious software that is activated each time your system boots up, making it difficult to detect as it is active before your system operating system (OS). A rootkit often allows the installation of hidden files, processes, user accounts and so on in your system OS and is able to intercept data from network connections and the keyboard.
SGMP
SGMP (Simple Gateway Monitoring Protocol) is an application-layer protocol that allows remote users to inspect and change a gateway's configuration.
UTM
A UTM (Unified Threat Management) appliance integrates firewall, content filtering, spam filtering, intrusion detection and anti virus functions into a single network appliance.
MVR
Multicast VLAN Registration (MVR) is designed for applications (such as Media-on-Demand (MoD)) using multicast traffic across an Ethernet network. MVR allows one single multicast VLAN to be shared among different subscriber VLANs on the network. This improves bandwidth utilization by reducing multicast traffic in the subscriber VLANs and simplifies multicast group management. MVR is also known as Multicast VLAN Group (MVG).
MVG
Multicast VLAN Group (MVG) is designed for applications (such as Media-on-Demand (MoD)) using multicast traffic across an Ethernet network. MVG allows one single multicast VLAN to be shared among different subscriber VLANs on the network. This improves bandwidth utilization by reducing multicast traffic in the subscriber VLANs and simplifies multicast group management. MVG is also known as Multicast VLAN Registration (MVR).
Loopback Interface
The loopback interface is the IP address that you can ping to check whether your device’s network adapter and IP stack are working properly. 127.0.0.1 is the IP address most commonly used for the loopback interface.
MS-CHAP
MS-CHAP, Microsoft CHAP (Challenge Handshake Authentication Protocol) uses a challenge-response mechanism where the response is encrypted.
Fax Pass-through
Fax pass-through is where a VoIP device applies the G.711 codec to fax messages before sending them over the Internet. See also G.711.
T.38 Fax Relay
T.38 is an ITU-T standard that VoIP devices use to send fax messages over the Internet.
Microsoft RDP
Microsoft's Remote Desktop Protocol (RDP) allows you to access a computer through the Internet in order to work with its files, programs and resources. It uses TCP port 3389 by default.
VNC
Virtual Network Computing (VNC) allows you to view a computer's 'desktop' environment through the Internet. It uses TCP port 5900 by default.
NTP
Network Time Protocol (NTP) allows devices to synchronize their time with a time server. It uses TCP or UDP port 123 by default.
Anti-Spam
Anti-spam is a feature that marks or discards unsolicited commercial or junk e-mail (spam).
Spam
Spam is unsolicited commercial or junk e-mail.
E-mail Whitelist
An e-mail whitelist identifies e-mail that you want to accept.
E-mail Blacklist
An e-mail blacklist identifies e-mail that you do not want to accept.
Phishing
Phishing is where fraudsters send e-mail claiming to be from a well-known enterprise in an attempt to steal private information for use in identity theft. See also identity theft.
Identity Theft
Identity theft is the use of someone’s personal information such as a credit card number or Social Security number, without the person’s permission to commit fraud or other crimes. See also phishing.
SMTP
Simple Mail Transfer Protocol (SMTP) is a mail protocol used for sending e-mail. SMTP uses TCP port 25 by default.
POP
Post Office Protocol (POP) is a mail server protocol that e-mail clients use to retrieve e-mail. POP uses TCP port 110 by default.
MIME Headers
Multipurpose Internet Mail Extensions (MIME) allow varied media types to be used in e-mail. MIME headers describe an e-mail’s content encoding and type.
IMAP
Internet Message Access Protocol (IMAP) is a mail server protocol that e-mail clients use to retrieve e-mail. IMAP uses TCP or UDP port 143 by default.
POP3S
POP3 over TLS/SSL (POP3S) allows users to use TLS/SSL to create a secure POP3 connection for receiving e-mail. POP3S uses TCP or UDP port 995 by default. See also POP, TLS, and SSL.
IMAPS
IMAP over TLS/SSL (IMAPS) allows users to use TLS/SSL to create a secure IMAP connection for receiving e-mail. IMAPS uses TCP or UDP port 995 by default. See also IMAP, TLS, and SSL.
TLS
Transport Layer Security (TLS) is a protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed). TLS is the application protocol-independent successor to the Secure Socket Layer (SSL) protocol.
IGMP Proxy
An IGMP proxy device reduces multicast traffic by issuing IGMP host messages to a multicast router or server on behalf of the multicast hosts connected to the IGMP proxy device.
|
