What are private IP addresses?

The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (local networks):

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255


Also, IP addresses in the range of 169.254.0.0 -169.254.255.255 are reserved for Automatic Private IP Addressing.

These IP's should not be used on the Internet.

VPN client using XP

Configure a VPN cliet Connection Using Windows XP

In this article we will learn how to configure a connection to a virtual private network (VPN) using Windows XP. This article will show you how to create a new VPN connection using Microsoft Windows XP. By creating an encryption tunnel through the Internet, data can be passed safely.

VPN Overview
A VPN is a private network created over a public one. It’s done with encryption, this way, your data is encapsulated and secure in transit – this creates the ‘virtual’ tunnel. A VPN is a method of connecting to a private network by a public network like the Internet. An internet connection in a company is common. An Internet connection in a Home is common too. With both of these, you could create an encrypted tunnel between them and pass traffic, safely - securely.
If you want to create a VPN connection you will have to use encryption to make sure that others cannot intercept the data in transit while traversing the Internet. Windows XP provides a certain level of security by using Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP). They are both considered tunneling protocols – simply because they create that virtual tunnel just discussed, by applying encryption.
Configure a VPN with XP
If you want to configure a VPN connection from a Windows XP client computer you only need what comes with the Operating System itself, it's all built right in. To set up a connection to a VPN, do the following:
1. On the computer that is running Windows XP, confirm that the connection to the Internet is correctly configured.
· You can try to browse the internet
· Ping a known host on the Internet, like yahoo.com, something that isn’t blocking ICMP
2. Click Start, and then click Control Panel.

3. In Control Panel, double click Network Connections

4. Click Create a new connection in the Network Tasks task pad


5. In the Network Connection Wizard, click Next.

6. Click Connect to the network at my workplace, and then click Next.

7. Click Virtual Private Network connection, and then click Next.
8. If you are prompted, you need to select whether you will use a dialup connection or if you have a dedicated connection to the Internet either via Cable, DSL, T1, Satellite, etc. Click Next.

9. Type a host name, IP or any other description you would like to appear in the Network Connections area. You can change this later if you want. Click Next.

10. Type the host name or the Internet Protocol (IP) address of the computer that you want to connect to, and then click Next.
11. You may be asked if you want to use a Smart Card or not.

12. You are just about done, the rest of the screens just verify your connection, click Next.

13. Click to select the Add a shortcut to this connection to my desktop check box if you want one, if not, then leave it unchecked and click finish.
14. You are now done making your connection, but by default, it may try to connect. You can either try the connection now if you know its valid, if not, then just close it down for now.

15. In the Network Connections window, right-click the new connection and select properties. Let’s take a look at how you can customize this connection before it’s used.
16. The first tab you will see if the General Tab. This only covers the name of the connection, which you can also rename from the Network Connection dialog box by right clicking the connection and selecting to rename it. You can also configure a First connect, which means that Windows can connect the public network (like the Internet) before starting to attempt the ‘VPN’ connection. This is a perfect example as to when you would have configured the dialup connection; this would have been the first thing that you would have to do. It's simple, you have to be connected to the Internet first before you can encrypt and send data over it. This setting makes sure that this is a reality for you.

17. The next tab is the Options Tab. It is The Options tab has a lot you can configure in it. For one, you have the option to connect to a Windows Domain, if you select this check box (unchecked by default), then your VPN client will request Windows logon domain information while starting to work up the VPN connection. Also, you have options here for redialing. Redial attempts are configured here if you are using a dial up connection to get to the Internet. It is very handy to redial if the line is dropped as dropped lines are very common.

18. The next tab is the Security Tab. This is where you would configure basic security for the VPN client. This is where you would set any advanced IPSec configurations other security protocols as well as requiring encryption and credentials.

19. The next tab is the Networking Tab. This is where you can select what networking items are used by this VPN connection.

20. The Last tab is the Advanced Tab. This is where you can configure options for configuring a firewall, and/or sharing.

Connecting to Corporate
Now that you have your XP VPN client all set up and ready, the next step is to attempt a connection to the Remote Access or VPN server set up at the corporate office. To use the connection follow these simple steps. To open the client again, go back to the Network Connections dialog box.
1. One you are in the Network Connection dialog box, double-click, or right click and select ‘Connect’ from the menu – this will initiate the connection to the corporate office.

2. Type your user name and password, and then click Connect. Properties bring you back to what we just discussed in this article, all the global settings for the VPN client you are using.
3. To disconnect from a VPN connection, right-click the icon for the connection, and then click “Disconnect”
Summary
In this article we covered the basics of building a VPN connection using Windows XP. This is very handy when you have a VPN device but don’t have the ‘client’ that may come with it. If the VPN Server doesn’t use highly proprietary protocols, then you can use the XP client to connect with. In a future article I will get into the nuts and bolts of both IPSec and more detail on how to configure the advanced options in the Security tab of this client.

CCNA ---Glossary

10Base2
A physical layer communications specification for 10Mbps, baseband data transmission over a coaxial cable (Thinnet) with a maximum cable segment length of 200 meters

10Base5
A physical layer communications specification for 10Mbps, baseband data transmission over a coaxial cable (Thicknet) with a maximum cable segment length of 500 meters

Access Control List (ACL)
Most network security systems operate by allowing selective use of services. An Access Control List is the usual means by which access to, and denial of, services is controlled. It is simply a list of the services available, each with a list of the hosts permitted to use the service

acknowledgment (ACK)
A type of message sent to indicate that a block of data arrived at its destination without error. See also: Negative Acknowledgement

address
There are four types of addresses in common use within the Internet. They are email address; IP,internet or Internet address; hardware or MAC address; and URL. See also: email address, IP address, internet address, MAC address

address mask
A bit mask used to identify which bits in an IP address correspond to the network and subnet portions of the address. This mask is often referred to as the subnet mask because the network portion of the address (i.e., the network mask) can be determined by the encoding inherent in an IP address. See also: Classless Inter- domain Routing.

address resolution
Conversion of a network-layer address (e.g. IP address) into the corresponding physical address (e.g., MAC address). See also: IP address, MAC address.

Address Resolution Protocol (ARP)
Used to dynamically discover the low level physical network hardware address that corresponds to the high level IP address for a given host. ARP is limited to physical network systems that support broadcast packets that can be heard by all hosts on the network. It is defined in. See also: proxy ARP, Reverse Address Resolution Protocol.

Administrative Domain (AD)
A collection of hosts and routers, and the interconnecting network(s), managed by a single administrative authority.


administrivia
Administrative tasks, most often related to the maintenance of mailing lists, digests, news gateways, etc.

Advanced Research Projects Agency (ARPA)
An agency of the U.S. Department of Defense responsible for the development of new technology for use by the military. ARPA (formerly known as DARPA, nee ARPA) was responsible for funding much of the development of the Internet we know today, including the Berkeley version of Unix and TCP/IP

American Standard Code for Information Interchange (ASCII)
A standard character-to-number encoding widely used in the computer industry. See also: EBCDIC.
anonymous FTP
Anonymous FTP allows a user to retrieve documents, files, programs, and other archived data from anywhere in the Internet without having to establish a userid and password. By using the special userid of "anonymous" the network user will bypass local security checks and will have access to publicly accessible files on the remote system. See also: archive site, File Transfer Protocol, World Wide Web.
ANSI
See: American National Standards Institute

Appletalk
A networking protocol developed by Apple Computer for communication between Apple Computer products and other computers. This protocol is independent of the network layer on which it is run. Current implementations exist for Localtalk, a 235Kb/s local area network; and Ethertalk, a 10Mb/s local area network
application
A program that performs a function directly for a user. FTP, mail and Telnet clients are examples of network applications.

application layer
The top layer of the network protocol stack. The application layer is concerned with the semantics of work (e.g., formatting electronic mail messages). How to represent that data and how to reach the foreign node are issues for lower layers of the network.

Application Program Interface (API)
A set of calling conventions which define how a service is invoked through a software package.

ASCII
See: American Standard Code for Information Interchange

Asynchronous Transfer Mode (ATM)
A standard which defines high-load, high-speed (1.544Mbps through 1.2Gbps), fixed-size packet switching with dynamic bandwidth allocation. ATM is also known as "fast packet."

authentication
The verification of the identity of a person or process.

Autonomous System (AS)
Internet (TCP/IP) terminology for a collection of routers under a single administrative authority using a common Interior Gateway Protocol (IGP) for routing packets. See subnetwork.

backbone
The top level in a hierarchical network. Stub and transit networks which connect to the same backbone are guaranteed to be interconnected. See also: stub network, transit network.
bandwidth
Technically, the difference, in Hertz (Hz), between the highest and lowest frequencies of a transmission channel. However, as typically used, the amount of data that can be sent through a given communications circuit.
BAR
Backbone Access Router between a MAN and the JANET backbone.
baseband
A transmission medium through which digital signals are sent without complicated frequency shifting. In general, only one communication channel is available at any given time. Ethernet is an example of a baseband network. See also: broadband, Ethernet.
Basic Encoding Rules (BER)
Standard rules for encoding data units described in ASN.1. Sometimes incorrectly lumped under the term ASN.1, which properly refers only to the abstract syntax description language, not the encoding technique. See also: Abstract Syntax Notation One.
BBS
See: Bulletin Board System
BCP
The newest subseries of RFCs which are written to describe Best Current Practices in the Internet. Rather than specifying a protocol, these documents specify the best ways to use the protocols and the best ways to configure options to ensure interoperability between various vendors' products. BCPs carry the endorsement of the IESG. See also: Request For Comments, Internet Engineering Steering Group.
BDP
Netscape's Browser Distribution Program.
BGP : Border Gateway Protocol
binary
11001001
Bitnet
Because It's Time NETwork. An academic computer network that provided interactive electronic mail and file transfer services, using a store-and-forward protocol, based on IBM Network Job Entry protocols. Bitnet-II encapsulated the Bitnet protocol within IP packets and depended on the Internet to route them.
Bluetooth
An IEEE standard 802.15.1 for short range (up to 10m) wireless links between mobile computers, phones and other portable peripheral devices. This uses the 2.4GHz band with a data rate of 1Mbit/s. Work was in progress in March 2002 on a High Rate (20Mbit/s or greater) version 802.15.3 in the same 2.4GHz band. Also known as Personal Area Network. See also: Wireless Local Area Network.
BNC
Bayonet Nut Connector. A connector used on coaxial cables such as 10Base2 Ethernet.
BOOTP
The Bootstrap Protocol, described is used for booting diskless nodes. Updated in superseded by DHCP. See also: Reverse Address Resolution Protocol, Dynamic Host Configuration Protocol.
Border Gateway Protocol (BGP)
The Border Gateway Protocol is an exterior gateway protocol defined in . It's design is based on experience gained with EGP, as defined in STD 18, and EGP usage in the NSFNET Backbone, See also: Exterior Gateway Protocol.
bounce
The return of a piece of mail because of an error in its delivery.
bridge
A device which forwards traffic between network segments based on datalink layer information. These segments would have a common network layer address. See also: gateway, router.
broadband
A transmission medium capable of supporting a wide range of frequencies. It can carry multiple signals by dividing the total capacity of the medium into multiple, independent bandwidth channels, where each channel operates only on a specific range of frequencies. See also: baseband.
broadcast
A special type of multicast packet which all nodes on the network are always willing to receive. See also: multicast, unicast
broadcast storm
An incorrect packet broadcast onto a network that causes multiple hosts to respond all at once, typically with equally incorrect packets which causes the storm to grow exponentially in severity.See also: Ethernet meltdown.
brouter
A device which bridges some packets (i.e., forwards based on datalink layer information) and routes other packets (i.e., forwards based on network layer information). The bridge/route decision is based on configuration information. See also: bridge, router.
Bulletin Board System (BBS)
A computer, and associated software, which typically provides electronic messaging services, archives of files, and any other services or activities of interest to the bulletin board system's operator. Although BBS's have traditionally been the domain of hobbyists, an increasing number of BBS's are connected directly to the Internet, and many BBS's are currently operated by government, educational, and research institutions. See also: Electronic Mail, Internet, Usenet.

checksum
A computed value which is dependent upon the contents of a packet. This value is sent along with the packet when it is transmitted. The receiving system computes a new checksum based upon the received data and compares this value with the one sent with the packet. If the two values are the same, the receiver has a high degree of confidence that the data was received correctly.
circuit switching
A communications paradigm in which a dedicated communication path is established between two hosts, and on which all packets travel. The telephone system is an example of a circuit switched network. See also: connection-oriented, connectionless, packet switching.
Classless Inter-domain Routing (CIDR)
A proposal, to allocate IP addresses so as to allow the addresses to be aggregated when advertised as routes. It is based on the elimination of intrinsic IP network addresses; that is, the determination of the network address based on the first few bits of the IP address. See also: IP address, network address, supernet. [Source: RFC1983]
client
A computer system or process that requests a service of another computer system or process. A workstation requesting the contents of a file from a file server is a client of the file server. See also: client-server model, server.
client-server model
A common way to describe the paradigm of many network protocols. Examples include the name-server/name-resolver relationship in DNS and the file-server/file-client relationship in NFS. See also: client, server, Domain Name System, Network File System.
CLNP
Connectionless Network Protocol. The OSI protocol for providing the OSI Connectionless Network Service (datagram service). CLNP is the OSI equivalent to Internet IP, and is sometimes called ISO IP.
CLTP
Connectionless Transport Protocol. Provides for end-to-end Transport data addressing (via Transport selector) and error control (via checksum), but cannot guarantee delivery or provide flow control. The OSI equivalent of UDP.
CMIP
Common Management Information Protocol. The OSI network management protocol.
CMOT
CMIP Over TCP. An effort to use the OSI network management protocol to manage TCP/IP networks.
CNAME
Canonical Name (alternative name for a host) in Domain Name Service.

connection-oriented
The data communication method in which communication proceeds through three well-defined phases: connection establishment, data transfer, connection release. TCP is a connection-oriented protocol. See also: circuit switching, connectionless, packet switching, Transmission Control Protocol.
connectionless
The data communication method in which communication occurs between hosts with no previous setup. Packets between two hosts may take different routes, as each is independent of the other. UDP is a connectionless protocol. See also: circuit switching, connection-oriented, packet switching, User Datagram Protocol.
Coordinating Committee for Intercontinental Research Networks (CCIRN)
A committee that includes the United States FNC and its counterparts in North America and Europe. Co-chaired by the executive directors of the FNC and the European Association of Research Networks (RARE), the CCIRN provides a forum for cooperative planning among the principal North American and European research networking bodies. See also: Federal Networking Council, RARE.
core gateway
Historically, one of a set of gateways (routers) operated by the Internet Network Operations Center at Bolt, Beranek and Newman (BBN). The core gateway system formed a central part of Internet routing in that all groups must advertise paths to their networks from a core gateway.

cracker
A cracker is an individual who attempts to access computer systems without authorization. These individuals are often malicious, as opposed to hackers, and have many means at their disposal for breaking into a system. See also: hacker, Computer Emergency Response Team, Trojan Horse, virus, worm.
Cyclic Redundancy Check (CRC)
A number derived from a set of data that will be transmitted. By recalculating the CRC at the remote end and comparing it to the value originally transmitted, the receiving node can detect some types of transmission errors

Data Encryption Key (DEK)
Used for the encryption of message text and for the computation of message integrity checks (signatures). See also: encryption.
Data Encryption Standard (DES)
A popular, standard encryption scheme. See also: encryption, Pretty Good Privacy, RSA.
datagram
A self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network. See also: frame, packet.
Data Link Layer
The OSI layer that is responsible for data transfer across a single physical connection, or series of bridged connections, between two Network entities.
DCE (1)
Data Circuit-terminating Equipment
default route
A routing table entry which is used to direct packets addressed to networks not explicitly listed in the routing table.

DHCP : Dynamic Host Configuration Protocol
dialup
A temporary, as opposed to dedicated, connection between machines established over a standard phone line.
Distributed Computing Environment (DCE)
An architecture of standard programming interfaces, conventions, and server functionalities (e.g., naming, distributed file system, remote procedure call) for distributing applications transparently across networks of heterogeneous computers. Promoted and controlled by the Open Software Foundation (OSF), a consortium led by Digital, IBM and Hewlett Packard.
distributed database
A collection of several different data repositories that looks like a single database to the user. A prime example in the Internet is the Domain Name System.
domain
"Domain" is a heavily overused term in the Internet. It can be used in the Administrative Domain context, or the Domain Name context. See also: Administrative Domain, Domain Name System.
Domain Name System (DNS)
The DNS is a general purpose distributed, replicated, data query service. The principal use is the lookup of host IP addresses based on host names. The style of host names now used in the Internet is called "domain name", because they are the style of names used to look up anything in the DNS. Some important domains are: .COM (commercial), .EDU (educational), .NET (network operations), .GOV (U.S. government), and .MIL (U.S. military). Most countries also have a domain. The country domain names are based on ISO 3166. For example, .US (United States), .UK (United Kingdom), .AU (Australia). It is defined in STD 13,. See also: Fully Qualified Domain Name, Mail Exchange Record.
dot address (dotted decimal notation)
Dot address refers to the common notation for IP addresses of the form A.B.C.D; where each letter represents, in decimal, one byte of a four byte IP address. See also: IP address.
DPA
Data Protection Act.
DTE
Data Terminal Equipment

dynamic adaptive routing
Automatic rerouting of traffic based on a sensing and analysis of current actual network conditions. NOTE: this does not include cases of routing decisions taken on predefined information.
DUL
Dial-up User List, which has entries for ranges of IP addresses used by Internet Service Providers for modem users.
Dynamic Host Configuration Protocol (DHCP)
A framework for passing configuration information to hosts on a TCP/IP network, using an options field; a development from the BOOTP Bootstrap Protocol.

Electronic Mail (email)
A system whereby a computer user can exchange messages with other computer users (or groups of users) via a communications network. Electronic mail is one of the most popular uses of the Internet.
email address
The domain-based or UUCP address that is used to send electronic mail to a specified destination. For example an editor's address is "gmalkin@xylogics.com". See also: bang path, mail path, UNIX- to-UNIX CoPy.
encapsulation
The technique used by layered protocols in which a layer adds header information to the protocol data unit (PDU) from the layer above. As an example, in Internet terminology, a packet would contain a header from the physical layer, followed by a header from the datalink layer (e.g. Ethernet), followed by a header from the network layer (IP), followed by a header from the transport layer (TCP), followed by the application protocol data.
encryption
Encryption is the manipulation of a packet's data in order to prevent any but the intended recipient from reading that data. There are many types of data encryption, and they are the basis of network security. See also: Data Encryption Standard.
end system
An OSI system which contains application processes capable of communicating through all seven layers of OSI protocols. Equivalent to Internet host.
error checking
The examination of received data for transmission errors. See also: checksum, Cyclic Redundancy Check.
ESMTP
Extended Simple Mail Transfer Protocol. See Simple Mail Transfer Protocol.
Exterior Gateway Protocol (EGP)
A protocol which distributes routing information to the routers which connect autonomous systems. The term "gateway" is historical, as "router" is currently the preferred term. There is also a routing protocol called EGP See also: Autonomous System, Border Gateway Protocol, Interior Gateway Protocol.
file transfer
The copying of a file from one computer to another over a computer network. See also: File Transfer Protocol, Kermit, Gopher, World Wide Web.
File Transfer Protocol (FTP)
A protocol which allows a user on one host to access, and transfer files to and from, another host over a network.
fragment
A piece of a packet. When a router is forwarding an IP packet to a network that has a maximum packet size smaller than the packet size, it is forced to break up that packet into multiple fragments. These fragments will be reassembled by the IP layer at the destination host. See also: Maximum Transmission Unit.


fragmentation
The IP process in which a packet is broken into smaller pieces to fit the requirements of a physical network over which the packet must pass. See also: reassembly.
frame
A frame is a datalink layer "packet" which contains the header and trailer information required by the physical medium. That is, network layer packets are encapsulated to become frames. See also: datagram, encapsulation, packet.
Fully Qualified Domain Name (FQDN)
The FQDN is the full name of a system, rather than just its hostname. For example, "venera" is a hostname and "venera.isi.edu" is an FQDN. See also: hostname, Domain Name System.

gateway
The term "router" is now used in place of the original definition of "gateway". Currently, a gateway is a communications device/program which passes data between networks having similar functions but dissimilar implementations. This should not be confused with a protocol converter. By this definition, a router is a layer 3 (network layer) gateway, and a mail gateway is a layer 7 (application layer) gateway. See also: mail gateway, router, protocol converter.

General Packet Radio Service (GPRS)
An ETSI standard for packet-based wireless data communications at speeds up to a theoretical 171 kilobits per second, for continuous connection to the Internet, for portable computers and mobile phones. Addition of Virtual Private Network facilities will allow a degree of security for mobile access to important data. GPRS is based on the Global System for Mobile infrastructure, using up to 8 time slots (provided for 8 voice calls on a given frequency) only when there is information to transmit, rather than completely reserved as in a voice circuit. GPRS is being developed into Enhanced Data GSM Environment (EDGE), using a new modulation scheme for higher data rates up to 384 kilobits per second, as a step on the way to Universal Mobile Telecommunications Service (UMTS). See also: Virtual Private Network.

Global System for Mobile communications
An ETSI standard for second generation digital cellular wireless voice and data communications using time division multiple access transmission methods. Formerly known as Groupe Spécial Mobile, which was the study group of the Conference of European Posts and Telegraphs (CEPT) set up to develop a pan-European system for terrestrial mobiles

GSM
See: Global System for Mobile communications
GUI
Graphical User Interface, typically consisting of windows, menus and pointer (e.g. mouse) hence WIMP.

hacker
A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where "cracker" would be the correct term. See also: cracker.
HDLC
High level Data Link Control, ISO standard for carrying data over a link with error and flow control.
header
The portion of a packet, preceding the actual data, containing source and destination addresses, and error checking and other fields. A header is also the part of an electronic mail message that precedes the body of a message and contains, among other things, the message originator, date and time. See also: Electronic Mail, packet, error checking.
hierarchical routing
The complex problem of routing on large networks can be simplified by reducing the size of the networks. This is accomplished by breaking a network into a hierarchy of networks, where each level is responsible for its own routing. The Internet has, basically, three levels: the backbones, the mid-levels, and the stub networks. The backbones know how to route between the mid-levels, the mid-levels know how to route between the sites, and each site (being an autonomous system) knows how to route internally. See also: Autonomous System, Exterior Gateway Protocol, Interior Gateway Protocol, stub network, transit network.

High Performance Computing and Communications (HPCC)
High performance computing encompasses advanced computing, communications, and information technologies, including scientific workstations,
supercomputer systems, high speed networks, special purpose and experimental systems, the new generation of large scale parallel systems, and application and systems software with all components well integrated and linked over a high speed network.

hop
A term used in routing. A path to a destination on a network is a series of hops, through routers, away from the origin.
host
A computer that allows users to communicate with other host computers on a network. Individual users communicate by using application programs, such as electronic mail, Telnet and FTP.


hostname
The name given to a machine. See also: Fully Qualified Domain Name.

hub
A device connected to several other devices. In ARCnet, a hub is used to connect several computers together. In a message handling service, a hub is used for the transfer of messages across the network.
hyperlink
A pointer within a hypertext document which points (links) to another document, which may or may not also be a hypertext document. See also: hypertext.
hypertext
A document, written in HTML, which contains hyperlinks to other documents, which may or may not also be hypertext documents. Hypertext documents are usually retrieved using WWW. See also: hyperlink, Hypertext Markup Language, World Wide Web.
Hypertext Markup Language (HTML)
The language used to create hypertext documents. It is a subset of SGML and includes the mechanisms to establish hyperlinks to other documents. See also: hypertext, hyperlink, Standardized General Markup Language. [Source: RFC1983]
Hypertext Markup Protocol (HTTP)
The protocol used by WWW to transfer HTML files. A formal standard is still under development in the IETF. See also: hyperlink, hypertext, Hypertext Markup Language, World Wide Web.

IIS
Internet Information Service (Microsoft).
IGP
See: Interior Gateway Protocol
IGRP
Internet Gateway Routing Protocol. A proprietary IGP used by cisco System's routers. [Source: RFC1208]
Integrated Services Digital Network (ISDN)
An emerging technology which is beginning to be offered by the telephone carriers of the world. ISDN combines voice and digital network services in a single medium, making it possible to offer customers digital data services as well as voice connections through a single "wire". The standards that define ISDN are specified by CCITT. See also: CCITT.

International Organization for Standardization (ISO)
A voluntary, nontreaty organization founded in 1946 which is responsible for creating international standards in many areas, including computers and communications. Its members are the national standards organizations of the 89 member countries, including ANSI for the U.S. See also: American National Standards Institute, Open Systems Interconnection. [Source: TAN]


internet
While an internet is a network, the term "internet" is usually used to refer to a collection of networks interconnected with routers. See also: network.
internet address
A IP address that uniquely identifies a node on an internet. An Internet address (capital "I"), uniquely identifies a node on the Internet. See also: internet, Internet, IP address.
Internet Corporation for Assigned Numbers and Names (ICANN)
Successor to Internet Assigned Numbers Authority for Internet management functions performed under contract to US Government.
Internet Control Message Protocol (ICMP)
ICMP is an extension to the Internet Protocol. It allows for the generation of error messages, test packets and informational messages related to IP. It is defined in STD 5
Internet Message Access Protocol (IMAP)
allowing a client to read and manipulate electronic mail messages and message folders (mailboxes) on a server.
Internet Protocol (IP, IPv4)
The Internet Protocol (version 4), is the network layer for the TCP/IP Protocol Suite. It is a connectionless, best-effort packet switching protocol. See also: packet switching, TCP/IP Protocol Suite, Internet Protocol Version 6.
Internet Protocol security (IPsec)
A packet layer security standard consisting of Authentication Header (AH) and Encapsulating Security Payload (ESP) elements, defined in respectively. Useful for Virtual Private Networks.
Internet Protocol Version 6 (IPng, IPv6)
IPv6 (version 5 is a stream protocol used for special applications) is a new version of the Internet Protocol which is designed to be an evolutionary step from its predecessor, version 4. There are many RFCs defining various portions of the protocol, its auxiliary protocols, and the transition plan from IPv4. . The name IPng (IP next generation) is a nod to STNG (Star Trek Next Generation).
IP address
The 32-bit address defined by the Internet Protocol in RFC 791. It is usually represented in dotted decimal notation. See also: dot address, internet address, Internet Protocol, network address, subnet address, host address.

layer
Communication networks for computers may be organized as a set of more or less independent protocols, each in a different layer (also called level). The lowest layer governs direct host-to-host communication between the hardware at different hosts; the highest consists of user applications. Each layer builds on the layer beneath it. For each layer, programs at different hosts use protocols appropriate to the layer to communicate with each other. TCP/IP has five layers of protocols; OSI has seven. The advantages of different layers of protocols is that the methods of passing information from one layer to another are specified clearly as part of the protocol suite, and changes within a protocol layer are prevented from affecting the other layers. This greatly simplifies the task of designing and maintaining communication programs. See also: Open Systems Interconnection, TCP/IP Protocol Suite.
Lightweight Directory Access Protocol
This protocol provides access for management and browser applications that provide read/write interactive access to the X.500 Directory. See also: X.500.
link
A pointer which may be used to retreive the file or data to which the pointer points.
list server
An automated mailing list distribution system. List servers handle the administrivia of mailing list maintenance, such as the adding and deleting of list members. See also: mailing list.
listserv
An automated mailing list distribution system originally designed for the Bitnet/EARN network. See also: mailing list.
Local Area Network (LAN)
A data network intended to serve an area of only a few square kilometers or less. Because the network is known to cover only a small area, optimizations can be made in the network signal protocols that permit data rates up to 100Mb/s. See also: Ethernet, Fibre Distributed Data Interface, token ring, Metropolitan Area Network, Wide Area Network, Wireless Local Area Network.
Logical Link Control (LLC)
The upper portion of the datalink layer, as defined in IEEE 802.2. The LLC sublayer presents a uniform interface to the user of the datalink service, usually the network layer. Beneath the LLC sublayer is the MAC sublayer. See also: 802.x, layer, Media Access Control

MAC address
The hardware address of a device connected to a shared media. See also: Media Access Control, Ethernet, token ring. [Source: MALAMUD]
mail bridge
A mail gateway that forwards electronic mail between two or more networks while ensuring that the messages it forwards meet certain administrative criteria. A mail bridge is simply a specialized form of mail gateway that enforces an administrative policy with regard to what mail it forwards. See also: Electronic Mail, mail gateway.
Mail Exchange Record (MX Record)
A DNS resource record type indicating which host can handle mail for a particular domain. See also: Domain Name System, Electronic Mail.
mail exploder
Part of an electronic mail delivery system which allows a message to be delivered to a list of addresses. Mail exploders are used to implement mailing lists. Users send messages to a single address and the mail exploder takes care of delivery to the individual mailboxes in the list. See also: Electronic Mail, email address, mailing list.
mail gateway
A machine that connects two or more electronic mail systems (including dissimilar mail systems) and transfers messages between them. Sometimes the mapping and translation can be quite complex, and it generally requires a store-and-forward scheme whereby the message is received from one system completely before it is transmitted to the next system, after suitable translations. See also: Electronic Mail.
mail path
A series of machine names used to direct electronic mail from one user to another. This system of email addressing has been used primarily in UUCP networks which are trying to eliminate its use altogether. See also: bang path, email address, UNIX-to-UNIX CoPy.
mail server
A software program that distributes files or information in response to requests sent via email. Internet examples include Almanac and netlib. Mail servers have also been used in Bitnet to provide FTP-like services. See also: Bitnet, Electronic Mail, FTP.
mailing list
A list of email addresses, used by a mail exploder, to forward messages to groups of people. Generally, a mailing list is used to discuss certain set of topics, and different mailing lists discuss different topics. A mailing list may be moderated. This means that messages sent to the list are actually sent to a moderator who determines whether or not to send the messages on to everyone else. Requests to subscribe to, or leave, a mailing list should ALWAYS be sent to the list's "-request" address (e.g., ietf-request@cnri.reston.va.us for the IETF mailing list) or majordomo server. See also: Electronic Mail, mail exploder, email address, moderator, majordomo.
Media Access Control (MAC)
The lower portion of the datalink layer. The MAC differs for various physical media. See also: MAC Address, Ethernet, Logical Link Control, token ring.
medium
The material used to support the transmission of data. This can be copper wire, coaxial cable, optical fibre, or electromagnetic wave (as in microwave).
Metropolitan Area Network (MAN)
A data network intended to serve an area approximating that of a large city. Such networks are being implemented by innovative techniques, such as running fibre cables through subway tunnels. A popular example of a MAN is SMDS. See also: Local Area Network, Switched Multimegabit Data Service, Wide Area Network
MMC
Microsoft Management Console.
multicast
A packet with a special destination address which multiple nodes on the network may be willing to receive. See also: broadcast, unicast

name resolution
The process of mapping a name into its corresponding address. See also: Domain Name System.
Name Server
software which matches mnemonic names to raw addresses. This might be a Campus Name Server for local PCs (using a JNT protocol called Name Lookup Protocol or NLP), or a Domain Name Server for local hosts on an Internet site - such as the Bradford campus network.
Name Server record
A DNS resource record type indicating which host can provide the Domain Name Service facilities for a particular domain. See also: Domain Name System.
namespace
A commonly distributed set of names in which all names are unique.
NetBIOS
Network Basic Input Output System. The standard interface to networks on IBM PC and compatible systems before the rise of TCP/IP.
network
A computer network is a data communications system which interconnects computer systems at various different sites. A network may be composed of any combination of LANs, MANs or WANs. See also: Local Area Network, Metropolitan Area Network, Wide Area Network, internet.
network address
The network portion of an IP address. For a class A network, the network address is the first byte of the IP address. For a class B network, the network address is the first two bytes of the IP address. For a class C network, the network address is the first three bytes of the IP address. In each case, the remainder is the host address. In the Internet, assigned network addresses are globally unique. See also: Internet, IP address, subnet address, host address, Internet Registry, OSI Network Address.
Network Address Translation (NAT)
A method of converting between a range of IP addresses on the public side of a routing device, and a (typically smaller) range of IP addresses on the private side. Often used as to conserve IP addresses, since the private side can use "unrouteable" ranges of IP numbers, which can be safely re-used in many such locations. Also used to conceal identities of private hosts when implemented as part of a firewall. See also: Unroutable Address, IP Address.
Network File System (NFS)
A protocol developed by Sun Microsystems, and defined in , which allows a computer system to access files over a network as if they were on its local disks. This protocol has been incorporated in products by more than two hundred companies, and is now a de facto Internet standard.
Network Information Center (NIC)
A NIC provides information, assistance and services to network users. See also: Network Operations Center. [Source: RFC1392]
Network Information Services (NIS)
A set of services, generally provided by a NIC, to assist users in using the network. Also a service used by UNIX administrators to manage databases distributed across a network (a product of Sun Microsystems(R) - formerly known as Yellow Pages). See also: Network Information Center.
Network Layer
The OSI layer that is responsible for routing, switching, and subnetwork access across the entire OSI environment.
Network News Transfer Protocol (NNTP)
A protocol, , for the distribution, inquiry, retrieval, and posting of news articles. See also: Usenet.
Network Operations Center (NOC)
A location from which the operation of a network or internet is monitored. Additionally, this center usually serves as a clearinghouse for connectivity problems and efforts to resolve those problems. See also: Network Information Center. [Source: NNSC]
Network Time Protocol (NTP)
A protocol that assures accurate local timekeeping with reference to radio and atomic clocks located on the Internet. This protocol is capable of synchronizing distributed clocks within milliseconds over long time periods. It is defined in STD 12, (POSTSCRIPT format) . See also: Internet.
NT
New Technology, a version of Microsoft Windows operating system. The initials WNT bear the same relationship to VMS as IBM does to HAL. I'm sorry Dave...
NTP
Network Time Protocol, , provides the mechanisms to synchronise hosts and coordinate time distribution in a large diverse internet.
NTU
Network Termination Unit

ODBC
Open DataBase Connectivity. An application programming interface to allow programs to use databases, using Structured Query Language as its database access language.
Open Shortest-Path First (OSPF)
A link state, as opposed to distance vector, routing protocol. It is an Internet standard IGP defined The multicast version, MOSPF, is defined . See also: Interior Gateway Protocol, Routing Information Protocol.
Open Systems Interconnection (OSI)
A suite of protocols, designed by ISO committees, to be the international standard computer network architecture. See also: International Organization for Standardization.
OSI Network Address
The address, consisting of up to 20 octets, used to locate an OSI Transport entity. The address is formatted into an Initial Domain Part which is standardized for each of several addressing domains, and a Domain Specific Part which is the responsibility of the addressing authority for that domain.
OSI Presentation Address
The address used to locate an OSI Application entity. It consists of an OSI Network Address and up to three selectors, one each for use by the Transport, Session, and Presentation entities.

Packet
The unit of data sent across a network. "Packet" a generic term used to describe unit of data at all levels of the protocol stack, but it is most correctly used to describe application data units


packet switching
A communications paradigm in which packets (messages) are individually routed between hosts, with no previously established communication path. See also: circuit switching, connection- oriented, connectionless.
PAD
Packet Assembler Disassembler; the hardware or software interface between a user's terminal and a packet-switching network. A PAD assembles the user's input characters into packets for network transmission, and disassembles packets of output characters into their component characters for output on the terminal. The PAD facility may run on a host computer or on a dedicated processor (such as the JNT-PAD).
PHP
PHP: Hypertext Processor. An HTML-embedded scripting language used to create dynamic web pages by running scripts on the web server and embedding the results in web pages.
Physical Layer
The OSI layer that provides the means to activate and use physical connections for bit transmission. In plain terms, the Physical Layer provides the procedures for transferring a single bit across a Physical Media.
Physical Media
Any means in the physical world for transferring signals between OSI systems. Considered to be outside the OSI Model, and therefore sometimes referred to as "Layer 0." The physical connector to the media can be considered as defining the bottom interface of the Physical Layer, i.e., the bottom of the OSI Reference Model.
Point Of Presence (POP)
A site where there exists a collection of telecommunications equipment, usually digital leased lines and multi-protocol routers.
Point-to-Point Protocol (PPP)
The Point-to-Point Protocol, provides a method for transmitting packets over serial point-to-point links. There are many other RFCs which define extensions to the basic protocol. See also: Serial Line IP.
polling
Connecting to another system to check for things like mail or news.
port
A port is a transport layer demultiplexing value. Each application has a unique port number associated with it. See also: Transmission Control Protocol, User Datagram Protocol.
Post Office Protocol (POP)
A protocol designed to allow single user hosts to read mail from a server. Version 3, the most recent and most widely used, See also: Electronic Mail.
postmaster
The person responsible for taking care of electronic mail problems, answering queries about users, and other related work at a site. See also: Electronic Mail.
Presentation Layer
The OSI layer that determines how Application information is represented (i.e., encoded) while in transit between two end systems.

protocol
A formal description of message formats and the rules two computers must follow to exchange those messages. Protocols can describe low-level details of machine-to-machine interfaces (e.g., the order in which bits and bytes are sent across a wire) or high-level exchanges between allocation programs (e.g., the way in which two programs transfer a file across the Internet).
protocol converter
A device/program which translates between different protocols which serve similar functions (e.g., TCP and TP4).
proxy
The mechanism whereby one system "fronts for" another system in responding to protocol requests. Proxy systems are used in network management to avoid having to implement full protocol stacks in simple devices, such as modems.
proxy ARP
The technique in which one machine, usually a router, answers ARP requests intended for another machine. By "faking" its identity, the router accepts responsibility for routing packets to the "real" destination. Proxy ARP allows a site to use a single IP address with two physical networks. Subnetting would normally be a better solution. See also: Address Resolution Protocol

QoS
Quality of Service, a measure of the priority of packets in a shared network, principally in terms of latency in transmission. Of interest in real-time applications e.g. video.

queue
A backup of packets awaiting processing
RADIUS
Remote Authentication Dial In User Service is a protocol which allows an Authentication Server to authenticate, authorise and carry configuration information for one or more Network Access servers. These have links, typically for dialup access clients, that need authentication. This allows username and password information to be held in one place for many access lines.
Rainbow
a package for the PC allowing file transfer and terminal access between Ethernet based PCs and Ethernet or X25 based hosts, via Coloured Book protocols, running over Pink Book protocol. Written by Edinburgh University. Of historical interest.
remote login
Operating on a remote computer, using a protocol over a computer network, as though locally attached. See also: Telnet.


Remote Procedure Call (RPC)
An easy and popular paradigm for implementing the client-server model of distributed computing. In general, a request is sent to a remote system to execute a designated procedure, using arguments supplied, and the result returned to the caller. There are many variations and subtleties in various implementations, resulting in a variety of different (incompatible) RPC protocols.

repeater
A device which propagates electrical signals from one cable to another. See also: bridge, gateway, router.
resolve
Translate an Internet name into its equivalent IP address or other DNS information.

Reverse Address Resolution Protocol (RARP)
A protocol, which provides the reverse function of ARP. RARP maps a hardware (MAC) address to an internet address. It is used primarily by diskless nodes when they first initialize to find their internet address. See also: Address Resolution Protocol, BOOTP, internet address, MAC address
Round-Trip Time (RTT)
A measure of the current delay on a network.

route
The path that network traffic takes from its source to its destination. Also, a possible path from a given host to another host or destination.

routed
Route Daemon. A program which runs under 4.2BSD/4.3BSD UNIX systems (and derived operating systems) to propagate routes among machines on a local area network, using the RIP protocol. Pronounced "route-dee". See also: Routing Information Protocol, gated.

router
A device which forwards traffic between networks. The forwarding decision is based on network layer information and routing tables, often constructed by routing protocols. See also: bridge, gateway, Exterior Gateway Protocol, Interior Gateway Protocol.

routing
The process of selecting the correct interface and next hop for a packet being forwarded. See also: hop, router, Exterior Gateway Protocol, Interior Gateway Protocol.

routing domain
A set of routers exchanging routing information within an administrative domain. See also: Administrative Domain, router.




Routing Information Protocol (RIP)
A distance vector, as opposed to link state, routing protocol. It is an Internet standard IGP defined in STD 34. See also: Interior Gateway Protocol, Open Shortest Path First....
RSA
A public-key cryptographic system which may be used for encryption and authentication. It was invented in 1977 and named for its inventors: Ron Rivest, Adi Shamir, and Leonard Adleman. See also: encryption, Data Encryption Standard, Pretty Good Privacy.


server
A provider of resources (e.g., file servers and name servers). See also: client, Domain Name System, Network File System.
Session Layer
The OSI layer that provides means for dialogue control between end systems.
signature
The three or four line message at the bottom of a piece of email or a Usenet article which identifies the sender. Large signatures (over five lines) are generally frowned upon. See also: Electronic Mail, Usenet.
Simple Mail Transfer Protocol (SMTP)
A protocol, , used to transfer electronic mail between computers, with extensions specified in many other RFCs. It is a server to server protocol, so other protocols are used to access the messages. See also: Electronic Mail, Post Office Protocol, RFC 822.
Simple Network Management Protocol (SNMP)
The Internet standard protocol developed to manage nodes on an IP network. The first version is defined in (STD 15). SNMPv2 (version 2) is defined in too many RFCs to list. It is currently possible to manage wiring hubs, toasters, jukeboxes, etc. See also: Management Information Base.
SQL
Structured Query Language. The international standard language for defining and accessing relational databases.
Squid
A Web proxy cache package.
SSH
Secure Shell, a package for eliciting secure (i.e. encrypted) interactive connections across a public network such as the Internet.
SSL
Secure Socket Layer protocol, a method for eliciting secure (i.e. encrypted) connections (e.g. to web services) across a public network such as the Internet. Now extended as Transport Layer Security (TLS).
stub network
A stub network only carries packets to and from local hosts. Even if it has paths to more than one other network, it does not carry traffic for other networks. See also: backbone, transit network.
subnet
A portion of a network, which may be a physically independent network segment, which shares a network address with other portions of the network and is distinguished by a subnet number. A subnet is to a network what a network is to an internet. See also: internet, network.
subnet address
The subnet portion of an IP address. In a subnetted network, the host portion of an IP address is split into a subnet portion and a host portion using an address (subnet) mask. See also: address mask, IP address, network address, host address.
subnetwork
A collection of OSI end systems and intermediate systems under the control of a single administrative domain and utilizing a single network access protocol. Examples:- private X.25 networks, collection of bridged LANs.

Telnet
Telnet is the Internet standard protocol for remote terminal connection service. It is defined in STD 8, and extended with options by many other RFCs.
terminal server
A device which connects many terminals to a LAN through one network connection. A terminal server can also connect many network users to its asynchronous ports for dial-out capabilities and printer access. See also: Local Area Network.
token ring
A token ring is a type of LAN with nodes wired into a ring. Each node constantly passes a control message (token) on to the next; whichever node has the token can send a message. Often, "Token Ring" is used to refer to the IEEE 802.5 token ring standard, which is the most common type of token ring. See also: 802.x, Local Area Network.
topology
A network topology shows the computers and the links between them. A network layer must stay abreast of the current network topology to be able to route packets to their final destination.
traceroute
A program available on many systems which traces the path a packet takes to a destination. It is mostly used to debug routing problems between hosts. There is also a traceroute protocol defined in .
transceiver
Transmitter-receiver. The physical device that connects a host interface to a local area network, such as Ethernet. Ethernet transceivers contain electronics that apply signals to the cable and sense collisions.
transit network
A transit network passes traffic between networks in addition to carrying traffic for its own hosts. It must have paths to at least two other networks. See also: backbone, stub network.
Transmission Control Protocol (TCP)
An Internet Standard transport layer protocol defined in It is connection-oriented and stream-oriented, as opposed to UDP. See also: connection-oriented, stream-oriented, User Datagram Protocol.

Transport Layer
The OSI layer that is responsible for reliable end- to-end data transfer between end systems.
Transport Layer Security (TLS)
An IETF standard in for eliciting secure (i.e. encrypted) connections (e.g. to web services) across a public network such as the Internet. Formerly known as Secure Sockets Layer (SSL).
Trojan Horse
A computer program which carries within itself a means to allow the creator of the program access to the system using it. See also: virus, worm.
tunnelling
Tunnelling refers to encapsulation of protocol A within protocol B, such that A treats B as though it were a datalink layer. Tunnelling is used to get data between administrative domains which use a protocol that is not supported by the internet connecting those domains. See also: Administrative Domain.
twisted pair
A type of cable in which pairs of conductors are twisted together to produce certain electrical properties

unicast
An address which only one host will recognize. See also: broadcast, multicast.
Uniform Resource Locator (URL)
A URL is a compact (most of the time) string representation for a resource available on the Internet. URLs are primarily used to retrieve information using WWW. The syntax and semantics for URLs are defined in . See also: World Wide Web.
Universal Time Coordinated (UTC)
This is Greenwich Mean Time.
Unrouteable Address
Certain ranges of IP addresses are designated in as exclusively for internal use. These are 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.16.255.255, and 192.168.0.0 to 192.168.255.255. A correctly configured router will not allow packets from any of these addresses through to the Internet. The only way that information can pass between hosts with any of these IP addresses and the outside world is to have a device (typically a firewall) that translates between these internal addresses and a specific collection of IP addresses that are assigned in the normal way. The internal IP addresses can be safely re-used in many such locations. See also: Network Address Translation, IP Address.
User Datagram Protocol (UDP)
An Internet Standard transport layer protocol defined in STD 6,. It is a connectionless protocol which adds a level of reliability and multiplexing to IP. See also: connectionless, Transmission Control Protocol.

virtual circuit
A network service which provides connection-oriented service regardless of the underlying network structure. See also: connection-oriented.


Virtual Private Network (VPN)
A client across a public network such as the Internet may appear to be part of a private network by encapsulating the private packets inside public packets which are routed in the normal way to a device (typically a firewall) on the private network which unpacks them and sends them on the private network, a process known as tunnelling. The tunnel can exist at the data link layer using Point to Point Tunnelling Protocol (PPTP) or the IETF standard Layer 2 Tunneling Protocol (L2TP) , or at the IP layer using IETF-defined IP Security (IPsec) protocol extensions from . There should also be some form of authentication and authorisation, and encryption of at least the authentication process (and preferably data transfers too) so IPsec is the most desireable method.
virus
A program which replicates itself on computer systems by incorporating itself into other programs which are shared among computer systems. See also: Trojan Horse, worm.

Wi-Fi Protected Access (WPA)
A development of Wired Equivalent Privacy to overcome deficiencies in WEP as used in Wireless LANs, by incorporating elements of 802.11i security before the latter (to be known subsequently as WPA v2) is fully developed. Temporary Key Integrity Protocol (TKIP) is incorporated to allow different encryption keys for each packet transmitted, as are RADIUS support and facilities to stop rogue network points attracting authenticated users to steal their credentials. See also: RADIUS, Wired Equivalent Privacy.
Wireless Application Protocol (WAP)
A stack of protocols, akin to the OSI model or the TCP/IP stack, to implement the layers needed for communication with wireless devices, security, applications, etc, promoted as an open standard by the WAP Forum http://www.wapforum.org/.
Wireless Application Protocol Gateway
A WAP client may receive documents from an ordinary WWW server via a WAP gateway, a proxy which converts between WAP requests and HTTP requests (including CGI programs) and converts the output to WAP formats (e.g. WML or WMLScript) followed by compression to binary for sending to the client. WWW pages may also be coded directly in WML on the WWW server before receipt by the gateway.
Wireless Application Environment (WAE)
WAE is the programming environment for WAP. WAE is handled by a browser program in the device, and consists of Wireless Markup Language (WML), WMLScript and Wireless Telephony Application (WTA).
Wireless Datagram Protocol (WDP)
The transport layer of WAP, which transforms datagrams from upper layer protocols into the formats specific to datapaths, bearers and devices, e.g. GSM or SMS or GPRS. Thus upper layers have no need to program for the physical layer of communication such as air interface.
Wired Equivalent Privacy (WEP)
A security protocol within IEE standard 802.11b intended to give Wireless Local Area Networks the degree of privacy expected of fixed LANs. Encryption over air between the devices and fixed access points (rather than end to end) goes part way towards countering the eavesdropping risk of signals spilling out of buildings. However, the length of the key may be only 40 bits (up to 128 bits is allowed) even if WEP is turned on, and the encryption method produces some predictable sequences, so it is prone to statistical analysis to recover keys. Also the Service Set Identifier (SSID) is broadcast in clear in probes from the access point (unless turned off); this is used as a "password" for packets sent between members of specific LANs, so is useful for eavesdroppers to acquire, especially if obvious names are chosen e.g. 10Downing.
As an interim solution, the IEE 802.1x standard is available for port-level authentication and key management i.e. rapid changes and secure key delivery. This incorporates Extensible Authentication Protocol (EAP). This was first designed for wired (e.g. dialup) links, and is not itself a cipher standard, so the first version authenticates the MAC address rather than the user. The authentication is passed through from the fixed access point to an authentication server such as RADIUS or Kerberos. However, there are no checks that an access point is what it claims to be, so there is a way of masquerading or intercepting the authentication process.
Work on the 802.11i standard is ongoing at March 2003, but this addresses such issues as mutual and per-packet authentication, and could incorporate Advanced Encryption Standard (AES). An interim standard Wi-Fi Protected Access (WPA) contains some of the technologies to overcome WEP deficiencies.
It is imperative that further security measures are taken on top of WEP and its immediate successors, such as Virtual Private Network schemes, although Network Layer solutions such as IPsec are tricky when roaming devices use DHCP for dynamic IP addresses, and products orientated to wireless working are necessary. See also: 802.11, Kerberos, RADIUS, Wireless Local Area Network, Wireless Protected Access.
Wireless Local Area Network (WLAN)
A data network intended to serve an area of only a few hundres square metres or less, using radio communications between mobile computers and (typically) a fixed access point which provides onward connections to fixed networks such as the Internet. There are several competing technologies such as HIPERLAN in Europe and the 802.11 series in the USA. This is the next level up in distance from Personal Area Networks such as Bluetooth. See also: Bluetooth, 802.11, HIPERLAN.
whois
An Internet program which allows users to query a database of people and other Internet entities, such as domains, networks, and hosts, kept at the DDN NIC. The information for people shows a person's company name, address, phone number and email address. See also: Defense Data Network Network ..., white pages, Knowbot, X.500.
Wide Area Network (WAN)
A network, usually constructed with serial lines, which covers a large geographic area. See also: Local Area Network, Metropolitan Area Network
World Wide Web (WWW or W3)
A hypertext-based, distributed information system created by researchers at CERN in Switzerland. Users may create, edit or browse hypertext documents. The clients and servers are freely available.
workstation
A networked personal computing device with more power than a standard IBM PC or Macintosh. Typically, a workstation has an operating system such as unix that is capable of running several tasks at the same time. It has several megabytes of memory and a large, high-resolution display. Examples are Sun Sparcstations and Digital Alpha stations.
worm
A computer program which replicates itself and is self- propagating. Worms, as opposed to viruses, are meant to spawn in network environments. Network worms were first defined by Shoch & Hupp of Xerox in ACM Communications (March 1982). The Internet worm of November 1988 is perhaps the most famous; it successfully propagated itself on over 6,000 systems across the Internet. See also: Trojan Horse, virus.

Glossary.........

Glossary
Numbers

802.11 :
Refers to a family of Institute of Electrical and Electronics Engineers (IEEE) specifications for wireless
networking.
802.11a :
An extension to 802.11 that applies to wireless local area networks (WLANs) and provides up to 54 Mbps in the 5 GHz band.
802.11b :
An extension to 802.11 that applies to wirelessLANs and provides 11 Mbps transmission (with a fallback to 5.5, 2, and 1 Mbps) in the 2.4 GHz band. 802.11b is a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet. Also called Wi-Fi.
802.11g :
An extension to 802.11 that applies to wireless LANs and provides 54 Mbps transmission in the 2.4 GHz band. 802.11g is backward compatible with 802.11b, allowing the two to work together.
A
access control entry (ACE):
An entry in an access control list (ACL) that defines the level of access for a user or group.
access control list (ACL) :
A set of data associated with a file, directory, or other resource that defines the permissions users or groups have for accessing it. In Active Directory, the ACL is a list of access control entries (ACEs) stored with the object it protects. In Microsoft Windows NT, an ACL is stored as a binary value called a security descriptor.
access token or security access token :
A collection of security identifiers (SIDs) that represent a user and that user’s group memberships. The security subsystem compares SIDs in the token to SIDs in an access control list (ACL) to determine resource access.
account lockout :
A security feature that disables a user account if failed logons exceed a specified number in a specified period of time. Locked accounts cannot log on and must be unlocked by an administrator.
Active Directory :
Beginning in Microsoft Windows 2000 Server and continuing in Windows Server 2003, Active Directory replaces the Windows NT collection of directory functions with functionality that integrates with and relies upon stan­ dards including Domain Name System (DNS), Lightweight Directory Access Proto­ col (LDAP), and Kerberos security protocol.
Active Directory-integrated zone :
A DNS (Domain Name System) zone stored in Active Directory so it has Active Directory security features and can be used for multimaster replication.
Active Directory Service Interface (ADSI) :
A programming interface that provides access to Active Directory.
ActiveX :
A loosely defined set of technologies that allows software components to interact with each other in a networked environment.
ActiveX component :
Reusable software component that adheres to the ActiveX specification and can operate in an ActiveX-compliant environment.
Address :
A precise location where a piece of information is stored in memory or on disk. Also, the unique identifier for a node on a network. On the Internet, the code by which an individual user is identified. The format is username@hostname, where username is your user name, logon name, or account number, and hostname is the name of the computer or Internet provider you use. The host name might be a few words strung together with periods.
Address Resolution Protocol (ARP) :
A Transmission Control Protocol/Internet Pro­ tocol (TCP/IP) and AppleTalk protocol that provides IP-address-to-MAC (media access control) address resolution for IP packets.








Advanced Configuration Power Interface (ACPI) :
An industry specification, defining power management on a range of computer devices. ACPI compliance is nec­ essary for devices to take advantage of Plug and Play and power management capabilities.
allocation unit :
The smallest unit of managed space on a hard disk or logical volume. Also called a cluster.
anonymous FTP :
A way to use an FTP program to log on to another computer to copy files when you do not have an account on that computer. When you log on, enter anonymous as the user name and your e-mail address as the password. This gives you access to publicly available files. See also File Transfer Protocol (FTP).
AppleTalk :
Local area network architecture built into Macintosh computers to con nect them with printers. A network with a Windows Server 2003 server and Mac­ intosh clients can function as an AppleTalk network with the use of AppleTalk network integration (formerly Services for Macintosh).
Archive (A) attribute :
An attribute of each file that is used by backup utilities to determine whether or not to back up that file. The Archive attribute is set to TRUE whenever a file is created or modified. Differential and incremental backup jobs will back up files only if their archive attribute is TRUE.
Associate :
To connect files having a particular extension to a specific program. When you double-click a file with the extension, the associated program is launched and the file you clicked is opened. In Windows, associated file extensions are usually called registered file types.
Asynchronous Transfer Mode (ATM) :
A network technology based on sending data in cells or packets of a fixed
size. It is asynchronous in that the transmission of cells containing information from a particular user is not necessarily
periodic.

Attribute :
A characteristic. In Windows file management, it is information that shows whether a file is read-only, hidden, compressed, encrypted, ready to be backed up (archived), or should be indexed.
audit policy :
Defines the type of security events to be logged. It can be defined on a server or an individual computer.
authentication :
Verification of the identity of a user or computer process. In Windows Server 2003, Windows 2000, and Windows NT, authentication involves comparing the user’s security identifier (SID) and password to a list of authorized users on a domain controller.
authoritative restore :
Specifies a type of recovery of Active Directory. When an authoritative restore is performed using the Backup Utility and Ntdsutil in the Directory Services Restore Mode, the directory or the specific object(s) in the directory that have been authoritatively restored are replicated to other domain controllers in the forest. See also nonauthoritative restore.
Automated System Recovery (ASR) :
A feature of Windows Server 2003 that allows an administrator to return a failed server to operation efficiently. Using the ASR Wizard of the Backup Utility, you create an ASR set which includes a floppy disk with a catalog of system files, and a comprehensive backup. When a server fails, boot with the Windows Server 2003 CD-ROM and press F2 when prompted to start Automated System Recovery.
Automatic Updates :
A client-side component that can be used to keep a system up to date with security rollups, patches, and drivers. Automatic Updates is also the client component of a Software Update Services (SUS) infrastructure, which allows an enterprise to provide centralized and managed updates.





B

Background Intelligent Transfer Service (BITS) :
A service used to transfer files between a client and a Hypertext Transfer Protocol (HTTP) server. BITS intelli­ gently uses idle network bandwidth, and will decrease transfer requests when other network traffic increases.
backup domain controller (BDC) :
In a Windows NT domain, a computer that stores a backup of the database that contains all the security and account informa­ tion from the primary domain controller (PDC). The database is regularly and automatically synchronized with the copy on the PDC. A BDC also authenticates logons and can be promoted to a PDC when necessary. In a Windows Server 2003 or Windows 2000 domain, BDCs are not required; all domain controllers are peers, and all can perform maintenance on the directory.
backup media pool :
A logical set of backup storage media used by Windows Server 2003 and Windows 2000 Server Backup.
bandwidth :
On a network, the transmission capacity of a communications channel stated in megabits per second (Mbps). For example, Ethernet has a bandwidth of 10 Mbps. Fast Ethernet has a bandwidth of 100 Mbps.
basic disk :
A physical disk that is configured with partitions. The disk’s structure is compatible with previous versions of Windows and with several non-Windows operating systems.
Basic Input/Output System (BIOS) :
The program used by a personal computer’s microprocessor to start the system and manage data flow between the operating system and the computer’s devices, such as its hard disks, CD-ROM, video adapter, keyboard, and mouse.
binding :
A software connection between a network card and a network transport protocol such as Transmission Control Protocol/Internet Protocol (TCP/IP). BOOTP Used on Transmission Control Protocol/Internet Protocol (TCP/IP) networks to enable a diskless workstation to learn its own IP address, the location of a BOOTP server on the network, and the location of a file to be loaded into memory to boot the machine. This allows a computer to boot without a hard disk or a floppy disk. Stands for “Boot Protocol.”
bottleneck :
Refers to the point of resource insufficiency when demand for computer system resources and services becomes extreme enough to cause performance degradation.
Broadcasting :
To send a message to all computers on a network simultaneously. See also multicasting.
Browser service :
The service that maintains a current list of computers and provides the list to applications when needed. When a user attempts to connect to a resource in the domain, the Browser service is contacted to provide a list of available resources. The lists displayed in My Network Places and Active Directory Users and Computers (among others) are provided by the Browser service. Also called the Computer Browser service.





C

Caching :
A process used to enhance performance by retaining previously-accessed information in a location that provides faster response than the original location. Hard disk caching is used by the File and Print Sharing for Microsoft Networks ser­ vice, which stores recently accessed disk information in memory for faster retrieval. The Remote Desktop Connection client can cache previously viewed screen shots from the terminal server on its local hard disk to improve perfor­ mance of the Remote Desktop Protocol (RDP) connection.

Catalog : An index of files in a backup set.
certificate :
A credential used to prove the origin, authenticity, and purpose of a public key to the entity that holds the corresponding private key.
certificate authority (CA) :
The service that accepts and fulfills certificate requests and revocation requests and that can also manage the policy-directed registration process a user completes to get a certificate.
certificate revocation list (CRL) :
A digitally signed list (published by a certificate authority) of certificates that are no longer valid.
child domain :
A domain located directly beneath another domain name (which is known as a parent domain). For example, Engineering.scribes.com is a child domain of scribes.com, the parent domain. Also called a subdomain. child object An object inside another object. For example, a file is a child object inside a folder, which is the parent object.
Client Access License (CAL) :
The legal right to connect to a service or application. CALs can be configured per server or per device/per user.
Cluster :
A set of computers joined together in such a way that they behave as a single system. Clustering is used for network load balancing as well as fault tolerance. In data storage, a cluster is the smallest amount of disk space that can be allocated for a file.
Cluster service :
The collection of software on each node that manages all cluster specific activity.
Codec :
Technology that compresses and decompresses data, particularly audio or video. Codecs can be implemented in software, hardware, or a combination of both. common name (CN) The primary name of an object in a Lightweight Directory Access Protocol (LDAP) directory such as Active Directory. The CN must be unique within the container or organizational unit (OU) in which the object exists. concurrent Simultaneous.
console tree :
The default left pane in a Microsoft Management Console (MMC) that shows the items contained in a console.
container :
An Active Directory object that has attributes and is part of the Active Directory namespace. Unlike other objects, it does not usually represent something concrete. It is a package for a group of objects and other containers.





D

Delegate :
Assign administrative rights over a portion of the namespace to another user or group.
Device Driver :
A program that enables a specific device, such as a modem, network adapter, or printer, to communicate
with the operating system. Although a device might be installed on your system, Windows cannot use the device until
you have installed and configured the appropriate driver. Device drivers load automatically (for all enabled devices) when a computer is started, and thereafter run transparently.

Device Manager :
An administrative tool that you can use to administer the devices on your computer. Using Device
Manager, you can view and change device prop­ erties, update device drivers, configure device settings, and uninstall
devices.
digital signature :
An attribute of a driver, application, or document that identifies the creator of the file. Microsoft’s digital signature is included in all Microsoft-supplied drivers, providing assurance as to the stability and compatibility of the drivers with Windows Server 2003 and Windows 2000 Server.
directory service :
A means of storing directory data and making it available to net work users and administrators. For example, Active Directory stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables other authorized users on the same network to access this information.
disk quota :
A limitation set by an administrator on the amount of disk space available to a user.
distinguished name (DN) :
In the context of Active Directory, “distinguished” means the qualities that make the name distinct. The DN identifies the domain that holds the object, as well as the complete path through the container hierarchy used to reach the object.
Distributed file system (Dfs) :
A file management system in which files can be located on separate computers but are presented to users as a single directory tree. DNS name servers Servers that contain information about part of the Domain Name
System (DNS) database. These servers make computer names available to queries for name resolution across the Internet. Also called domain name servers.
domain :
A group of computers that share a security policy and a user account data base. A Windows Server 2003 domain is not the same as an Internet domain. See also domain name.
domain controller A :
server in a domain that accepts account logons and initiates their authentication. In an Active Directory domain, a domain controller controls access to network resources and participates in replication.
domain functional level :
The level at which an Active Directory domain operates. As functional levels are raised, more features of Active Directory become available. There are four levels: Windows 2000 mixed, Windows 2000 native, Windows Server 2003 interim, and Windows Server 2003.
domain local group :
A local group used on ACLs only in its own domain. A domain local group can contain users and global groups from any domain in the forest, universal groups, and other domain local groups in its own domain. domain name In Active Directory, the name given to a collection of networked computers that share a common directory. On the Internet, the unique text name that identifies a specific host. A machine can have more than one domain name, but a given domain name points to only one machine. Domain names are resolved to IP addresses by DNS name servers.

Domain Name System (DNS) :
A service on Transmission Control Protocol/Internet Protocol (TCP/IP) networks (including the Internet) that translates domain names into IP addresses. This allows users to employ friendly names like FinanceServer or Adatum.com when querying a remote system, instead of using an IP address such as 192.168.1.10.







domain naming master :
The one domain controller assigned to handle the addition or removal of domains in a forest. See also Operations Master.
DWORD : A data type consisting of four bytes in hexadecimal.
Dynamic Data Exchange (DDE) :
Communication between processes implemented in the Windows family of operating systems. When programs that support DDE are running at the same time, they can exchange data by means of conversations. Conversations are two-way connections between two applications that transmit data alternately.
dynamic disk :
A disk that is configured using volumes. Its configuration is stored in the Logical Disk Manager (LDM) database, and is replicated to other dynamic disks attached to the same computer. Dynamic disks are compatible only with Windows Server 2003, Windows XP, and Windows 2000.
Dynamic Host Configuration Protocol (DHCP) :
A Transmission Control Protocol/ Internet Protocol (TCP/IP) protocol used to automatically assign IP addresses and configure TCP/IP for network clients.
dynamic-link library (DLL) :
A program module that contains executable code and data that can be used by various
programs. A program uses the DLL only when the program is active, and the DLL is unloaded when the program
closes.
E

Effective permissions :
The permissions that result from the evaluation of group and user permissions allowed, denied,
inherited, and explicitly defined on a resource. The effective permissions determine the actual access for a security
principal.
Enterprise : Term used to encompass a business’s entire operation, including all remote offices and branches.
environment variable :
A string of environment information such as a drive, path, or filename associated with a symbolic name. The System option in Control Panel or the Set command from the command prompt can be used to define environment variables.
Ethernet :
A local area network (LAN) protocol. Ethernet supports data transfer rates of 10 Mbps and uses a bus topology and thick or thin coaxial, fiberoptic, or twisted-pair cabling. A newer version of Ethernet called Fast Ethernet supports data transfer rates of 100 Mbps, and an even newer version, Gigabit Ethernet, supports data transfer rates of 1000 Mbps.
extended partition :
A nonbootable portion of a hard disk that can be subdivided into logical drives. There can be only a single extended partition per hard disk. Extensible Authentication Protocol (EAP) An extension to the Point-toPoint Pro­ tocol (PPP) that allows the use of arbitrary authentication methods for validating a PPP Connection.
Extensible Markup Language (XML) :
An abbreviated version of the Standard Gen­ eralized Markup Language (SGML), it allows the flexible development of userdefined document types and provides a non-proprietary, persistent, and verifiable file format for the storage and transmission of text and data both on and off the Web. external trust A one-way or two-way trust for providing access to a Windows NT 4 domain or a domain located in another forest that is not joined by a forest trust.

F

failover :
An operation that automatically switches to a standby database, server, or network if the primary system fails or is temporarily shut down for servicing. In server clusters, the process of taking resources off one node in a prescribed order and restoring them on another node.
fault tolerance :
The ability of a system to ensure data integrity when an unexpected hardware or software failure occurs. Many fault-tolerant computer systems mirror all operations—that is, all operations are done on two or more duplicate systems, so if one fails the other can take over.

File Replication Service (FRS) :
The service responsible for ensuring consistency of the SYSVOL folder on domain controllers. FRS will replicate, or copy, any changes made to a domain controller’s SYSVOL to all other domain controllers. FRS can also be used to replicate folders in a Distributed File System (Dfs).
File Transfer Protocol (FTP) :
A method of transferring one or more files from one computer to another over a network or telephone line. Because FTP has been implemented on a variety of systems, it’s a simple way to transfer information between usually incongruent systems such as a PC and a minicomputer.
firewall :
A protective filter for messages and logons. An organization connected directly to the Internet uses a firewall to prevent unauthorized access to its network. See also proxy server.
folder redirection :
An option in Group Policy to place users’ special folders, such as My Documents, on a network server.
forest :
A group of one or more Active Directory trees that trust each other through two-way transitive trusts. All trees in a forest share a common schema, configuration, and Global Catalog (GC). When a forest contains multiple trees, the trees do not form a contiguous namespace. Unlike trees, a forest does not need a distinct name.
forest trust :
A transitive trust used to share resources between forests. Can be oneway or two-way.
fully qualified domain name (FQDN) :
A domain name that includes the names of all network domains leading back to the root to clearly indicate a location in the domain namespace tree. An example of an FQDN is Accts.finance.adatum.com or Sales.europe.microsoft.com.
G

gateway :

A device used to connect networks using dissimilar protocols so that infor­ mation can be passed from one to another.
Global Catalog (GC) :
Contains a full replica of all Active Directory objects in its host domain plus a partial replica of all directory objects in every domain in the forest. A GC contains information about all objects in all domains in the forest, so finding information in the directory does not require unnecessary queries across domains. A single query to the GC produces the information about where the object can be found.
global group :
A group that can be used in its own domain and in trusting domains. However, it can contain user accounts and other global groups only from its own domain.

globally unique identifier (GUID) :
Part of the identifying mechanism generated by Active Directory for each object in the directory. If a user or computer object is renamed or moved to a different name, the security identifier (SID), relative dis­ tinguished name (RDN), and distinguished name (DN) will change, but the GUID will remain the same.
GUID partition table (GPT) :
The storage location for disk configuration information for disks used in 64-bit versions of Windows.
Group Policy :
Setting of rules for computers and users in Windows Server 2003 and Windows 2000 Server. Group Policy is able to store policies for file deployment, application deployment, logon/logoff scripts, startup/shutdown scripts, domain security, Internet Protocol security (IPSec), and so on.
Group Policy Object (GPO) :
A collection of policies stored in two locations: a Group Policy container (GPC) and a
Group Policy template (GPT). The GPC is an Active Directory object that stores version information, status
information, and other policy information (for example, application objects). The GPT is used for file-based data and
stores software policy, script, and deployment information. The GPT is located in the system volume folder of the
domain controller.





H

headless server :
A server without a monitor, keyboard, mouse, or video card, which is administered remotely.
Hive :
One of five sections of the registry. Each hive is a discrete body of keys, sub keys, and values that record configuration information for the computer. Each hive is a file that can be moved from one system to another but can be edited only by using the Registry Editor.
Host :
Any device on the network that uses TCP/IP. A host is also a computer on the Internet you might be able to log on to. You can use FTP to get files from a host computer and use other protocols (such as Telnet) to make use of the host computer.
hosts file :
A local ASCII text file that maps host names to IP addresses. Each line represents one host, starting with the IP address, one or more spaces, and then the host’s name.
hypertext :
A system of writing and displaying text that enables the text to be linked in multiple ways, available at several levels of detail. Hypertext documents can also contain links to related documents, such as those referred to in footnotes.
Hypertext Markup Language (HTML) :
A language used for writing pages for use on the Internet or an intranet. HTML allows text to include codes that define fonts, layout, embedded graphics, and hypertext links.
Hypertext Transfer Protocol (HTTP) The method by which Web pages are transferred over the network.
I
identity store :
A database of security identities, or security principals. Active Direc tory is the identity store for a Windows Server 2003 domain.
inheritance :
The process through which permissions are propagated from a parent object to its children. Inheritance is at work in Active Directory and on disk vol­ umes formatted with NTFS.
Instance :
The most granular level of performance counter. A performance object, such as LogicalDisk, has counters, such as % Free Space. That counter may have instances, representing specific occurrences of that counter, for example the free space on disk volume C:\ and disk volume D:\.
IntelliMirror :
A suite of technologies that allows a complete operating environment to follow the user to other computers, as well as offline. Components include the user’s profiles, data, and applications.
Internet Authentication Service (IAS) :
The Microsoft implementation of Remote Authentication Dial-In User Service (RADIUS), an authentication and accounting system used by many Internet Service Providers (ISPs). When a user connects to an ISP using a username and password, the information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system.
Internet Control Message Protocol (ICMP) :
A protocol used to report problems encountered with the delivery of data, such as unreachable hosts or unavailable ports. ICMP is also used to send a request packet to determine whether a host is available. The receiving host sends back a packet if it is available and functioning. See also ping.
Internet Printing Protocol (IPP) :
A protocol that allows a client to send a job to a printer over the Internet or an intranet. The communication between the client and the printer is encapsulated in HTTP.
Internet Protocol (IP) :
The inter-network layer protocol used as a basis of the Internet. IP enables information to be routed from one network to another in packets and then reassembled when they reach their destination.
Internet Protocol version 6 (IPv6) :
A new version of Internet Protocol supported in Windows Server 2003. The current version of IP is version 4, also known as IPv4. IPv6, formerly called IP—The Next Generation (IPng), is an evolutionary upgrade and will coexist with version 4 for some time.
Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) :
Transport protocols used in Novell NetWare networks.







interrupt request (IRQ) :
One of a set of possible hardware interrupts, identified by a number. The number of the IRQ determines which interrupt handler will be used.
Internet Protocol security (IPSec) :
An Internet Engineering Task Force (IETF) stan­ dard that provides authentication and encryption over the Internet. IPSec is widely used with virtual private networks (VPNs).
IP address :
A 128-bit number, usually represented as a four-part decimal separated by periods (for example, 192.168.1.10) that uniquely identifies a machine on the Internet. Every machine on the Internet has a unique IP address.
K

Kerberos :
An identity-based security system developed at the Massachusetts Institute of Technology (MIT) that authenticates users at logon. It works by assigning a unique key, called a ticket, to each user who logs on to the network. The ticket is then embedded in messages to identify the sender of the message. The Kerberos security protocol is the primary authentication mechanism in Windows Server 2003 and Windows 2000 Server.
Kernel :
The part of the executive (or operating system) that manages the processor. The kernel performs thread
scheduling and dispatching, interrupt and exception handling, and multiprocessor synchronization.
L

Layer Two Tunneling Protocol (L2TP) :
An extension to the Point-to-Point Protocol (PPP) used in conjunction with IPSec to provide secure VPN connections. license group A group of users or devices that shares one or more client access licenses (CALs). License groups are administered using the Licensing tool in the Administrative Tools folder.
Lightweight Data Interchange Format (LDIF) :
An ASCII file format used to transfer data between Lightweight Directory Access Protocol (LDAP) directory services.
Lightweight Directory Access Protocol (LDAP) :
A protocol used to access a directory service. LDAP is a simplified version of the Directory Access Protocol (DAP), which is used to gain access to X.500 directories. LDAP is the primary access protocol for Active Directory.
LISTSERV :
A family of programs that manage Internet mailing lists by distributing messages posted to the list, and adding and deleting members automatically.
Lmhosts :
An ASCII text file like Hosts but used to associate IP addresses to host names inside a network. To remember which is which, remember Lmhosts as LAN Manager Hosts.
local area network (LAN) :
A group of connected computers, usually located close to one another (such as in the same building or the same floor of the building) so that data can be passed among them.
log on :
The act of entering into a computer system; for example, “Log on to the net work and read your e-mail.”
Logical Disk Manager (LDM) :
The service responsible for maintaining configuration information for disks that are configured as dynamic disks.
logical printer :
The representation of a physical printer. A logical printer is created on a Windows computer and includes the printer driver, printer settings, print defaults, and other configuration information that controls when and how a print job is sent to the printer.
logon script :
Typically a batch file set to run when a user logs on or logs off a sys tem. A logon script is used to configure a user’s initial environment. A logoff script is used to return a system to some predetermined condition. Either script can be assigned to multiple users individually or through Group Policy.





M
master boot record (MBR) :
The first sector on a hard disk where the computer gets its startup information. The MBR contains the partition table for the computer and a small program called the master boot code.
master file table (MFT) :
A special system file on an NT file system (NTFS) volume that consists of a database describing every file and subdirectory on the volume.
media access control (MAC) address :
A unique 48-bit number assigned to network interface cards by the manufacturer. MAC addresses are used for mapping in TCP/ IP network communication.
media pool :
A logical collection of removable media sharing the same management policies.
member server :
A server that is part of a domain but is not a domain controller. Member servers can be dedicated to managing files or printer services or other functions. A member server does not verify logons or maintain a security database. mirror 1. Two partitions on two hard disks (also called RAID-1) configured so that each will contain identical data to the other. If one disk fails, the other contains the data and processing can continue. 2. A File Transfer Protocol (FTP) server that provides copies of the same files as another server. Some FTP servers are so pop­ ular that other servers have been set up to mirror them and spread the FTP load to more than one site.
MMC (Microsoft Management Console) :
A framework for hosting administrative tools called snap-ins. A console might contain tools, folders, or other containers, Web pages, and other administrative items. These items are displayed in the left pane of the console, called a console tree. A console has one or more windows that can provide views of the console tree. See also snap-in.
multicasting :
Simultaneously sending a message to more than one destination on a network Multicasting is distinguished from broadcasting in that multicasting sends to only selected recipients.
multilink dialing :
Combining two or more physical communication links into a sin gle logical link to increase available bandwidth.
multimaster replication :
A feature of Active Directory, multimaster replication automatically propagates every object (such as users, groups, computers, domains, organization units, security policies, and so on) created on any domain controller to each of the other participating domain controllers. All domain controllers con­ tain the same directory data, so the domain does not depend on a single source for directory information.
multitasking :
Computer legerdemain by which tasks are switched in and out of the processor so quickly that it appears they are all happening at once. The success of a multitasking system depends on how well the various tasks are isolated from one another.
Multithreading :
The simultaneous processing of several threads inside the same program. Because several threads can be processed in parallel, one thread does not have to finish before another one can start.
N
name resolution The process of mapping a name to its corresponding IP address. namespace A name or group of names defined according to a naming convention; any bounded area in which a given name can be resolved. Active Directory is pri­ marily a namespace, as is any directory service. The Internet uses a hierarchical namespace that partitions names into categories known as top-level domains, such as .com, .edu, and .gov.
native mode :
In Windows 2000 domains, the condition of a domain when all domain controllers have been upgraded to Windows 2000 and the administrator has enabled native mode operation. In Windows Server 2003 domains, where there are no Windows 2000 or Windows NT 4 domain controllers, native mode is simply called Windows Server 2003 mode or functional level. See also domain functional level. Net Logon service A service that accepts logon requests from any client and pro­ vides authentication from the Security Accounts Manager (SAM) database of accounts.
NetBIOS Enhanced User Interface (NetBEUI) :
A small and fast protocol that requires little memory but can be routed only by using token ring routing. Remote locations linked by routers cannot use NetBEUI to communicate. network Two or more computers connected for the purpose of sharing resources.







Network Access Server (NAS) :
A server that accepts Point-to-Point Protocol connec­ tions and places them on the network served by NAS.
Network Address Translation (NAT) :
A technology that enables a local-area net work (LAN) to use one set of Internet Protocol (IP) addresses for internal traffic and a second set of addresses for external traffic.
Network Load Balancing (NLB) A technology that allows for efficient utilization of multiple network cards.
Network News Transfer Protocol (NNTP) :
A protocol defined for distribution, inquiry, retrieval, and posting of news articles on the Internet.
newsgroup :
On the Internet, a distributed bulletin board system about a particular topic. USENET News (also known as Netnews) is a system that distributes thousands of newsgroups to all parts of the Internet.
node :
A location on a tree structure with links to one or more items below it. On a local area network (LAN), a device that can communicate with other devices on the network. In clustering, a computer that is a member of a cluster.
non-authoritative restore :
When a domain controller’s system state is restored, Active Directory is restored. When the
domain controller is restarted, the informa­ tion in the directory, which is only as recent as the date of the backup set, is
brought up to date through normal replication processes between the restored domain controller and its replication
partners.
NTFS file system (NTFS) :
The native file system for Windows Server 2003, Windows 2000, and Windows NT. Supports long filenames, a variety of permissions for sharing files to manage access to files and folders, and a transaction log that allows the com­ pletion of any incomplete file-related tasks if the operating system is interrupted.
O
Object :
A particular set of attributes that represents something concrete, such as a user, a printer, or an application. The attributes hold data describing the thing that is identified by the object. Attributes of a user might include the user’s given name, surname, and e-mail address. The classification of the object defines which types of attributes are used. For example, the objects classified as users might allow the use of attribute types like common name, telephone number, and e-mail address, whereas the object class of organization allows for attribute types like organization name and business category. An attribute can take one or more values, depending on its type.
object identifier (OID) :
A globally unique identifier (GUID), which is assigned by the Directory System Agent (DSA) when the object is created. The GUID is stored in an attribute, the object GUID, which is part of every object. The object GUID attribute cannot be modified or deleted. When storing a reference to an Active Directory object in an external store (for example, a database), you should use the object GUID because, unlike a name, it will not change.
Operations Master :>
A domain controller that has been assigned Active Directory operations that are single master— that is, operations that are not permitted to occur at different places in the network at the same time. Some single-master operations include schema modification, domain naming, and the relative identi­ fier (RID) allocator.
organizational unit (OU) :
A container object in Active Directory used to separate computers, users, and other resources into logical units. An organizational unit is the smallest entity to which Group Policy can be linked. It is also the smallest scope to which administration authority can be delegated.
P
packet The basic unit of information sent over a network. Each packet contains the destination address, the sender’s address, error-control information, and data. The size and format of a packet depend on the protocol being used.
page A document, or collection of information, available over the Web. A page can contain text, graphics, video, and sound files. Also can refer to a portion of mem­ ory that the virtual memory manager can swap to and from a hard disk. paging A virtual memory operation in which pages are transferred from memory to disk when memory becomes full. When a thread accesses a page that’s not in memory, a page fault occurs and the memory manager uses page tables to find the page on disk and then loads the page into memory.








PDC Emulator master :
The domain controller that services network clients that do not have Active Directory client software installed and replicates changes to any Windows NT backup controllers. The PDC emulator master also handles authen­ tication requests for accounts with recently changed passwords, if the change has not been replicated yet to the entire domain.
Ping :
An Internet Protocol (IP) utility that checks to see whether another computer is available and functioning. It sends a short message to which the other computer automatically responds. If the other computer does not respond to the ping, it is often an indication that communications between the two computers cannot be established at the IP level.
point of presence (POP) :
A physical site in a geographic area where a network access provider, such as a telecommunications company, has equipment to which users connect. The local telephone company’s central office in a particular area is also sometimes referred to as their POP for that area.
Point-to-Point Tunneling Protocol (PPTP)
A protocol that provides router-to router and host-to-network connections over a telephone line (or a network link that acts like a telephone line). See also Serial Line Internet Protocol (SLIP). port From a computer system perspective, a physical connection point on a com­ puter where you can connect devices that pass data into and out of a computer. For example, a printer is typically connected to a parallel port (also called an LPT port), and a modem is typically connected to a serial port (also called a COM port). From a network perspective, a port is a numbered communication channel through which information passes from one computer system to another. Terminal Services traffic, for example, communicates on port 3389.
Post Office Protocol (POP) :
A protocol by which a mail server on the Internet lets you access your mail and download it to a computer. Most people refer to this protocol with its version number (POP2, POP3, and so on) to avoid confusing it with points of presence (POPs).
primary domain controller (PDC) :
In a Windows NT domain, the server that authenticates domain logons and maintains the security policy and master database for a domain. In a Windows 2000 or Windows Server 2003 domain, running in mixed mode, one of the domain controllers in each domain is identified as the PDC emulator master for compatibility with down-level clients and servers.
primary partition :
A portion of the hard disk that’s been marked as a potentially bootable logical drive by an operating system. MS-DOS can support only a single primary partition. Master boot record disks can support four primary partitions. Computers with the Intel Itanium processor use a GUID partition table that supports up to 128 primary partitions.
Profile :
Loaded by the system when a user logs on, the profile defines a user’s envi ronment, including network settings, printer connections, desktop settings, and program items.
proxy server :
A server that receives Web requests from clients, retrieves Web pages, and forwards them back to clients. Proxy servers can dramatically improve perfor­ mance for groups of users by caching retrieved pages. Proxy servers also provide security by shielding the IP addresses of internal clients from the Internet.
public-key cryptography :
A method of secure transmission in which two different keys are used—a public key for encrypting data and a private key for decrypting data.
Q
Quality of Service (QoS) A set of standards for assuring the quality of data transmission on a network.
Queue Length :
A performance counter that measures the number of instructions that are waiting to be processed by an object such as the Processor or Physical Disk. If the Queue Length is greater than 2 or 3 for an extended period of time, it is a reflection that the system’s resources are not sufficient for the demands being placed on that system.





R
realm trust :
Used to connect between a non-Windows Kerberos realm and a Windows Server 2003 domain. Realm trusts can be transitive or non-transitive, one-way, or two-way.
Recovery Console :
A command-line interface that provides limited access to the system for troubleshooting purposes. The Recovery Console can be launched by booting with the Windows Server 2003 CD-ROM and, when prompted, pressing R for Repair.

redundant array of independent disks (RAID) :
A range of disk management and striping techniques to implement fault tolerance.
relative distinguished name (RDN) :
Active Directory uses the concept of a relative distinguished name (RDN), which is the part of the distinguished name that is an attribute of the object itself.
relative identifier (RID) :
The part of the security identifier (SID) that is unique to each object.
Remote Access Service (RAS) :
Allows users to connect from remote locations and access their networks for file and printer sharing and e-mail. The computer initiat­ ing the connection is the RAS client; the answering computer is the RAS server.
Remote Assistance :
Allows for a novice user to use Windows Messenger to request personal, interactive help from an expert user. When the help request is accepted and the remote session negotiated, the expert is able to view and, if allowed by the novice, control the desktop.
Remote Authentication Dial-In User Service (RADIUS) :
A security authentication system used by many Internet service providers (ISPs). A user connects to the ISP and enters a user name and password. This information is verified by a RADIUS server, which then authorizes access to the ISP system.
Remote Desktop for Administration :
A technology based on Terminal Services that allows up to two remote connections to a server for remote administration purposes. In Windows 2000, this was known as Terminal Server in Remote Admin­ istration mode.
Remote Installation Services (RIS) :
Allows clients to boot from a network server and use special preboot diagnostic tools installed on the server to automatically install a client operating system.
Removable Storage Management (RSM) system :
A feature of Windows Server 2003 that interfaces with robotic changers and media libraries, enables multiple applications to share local libraries and tape or disk drives, and controls remov­ able media within a single-server system.
Replication :
On network computers, enables the contents of a directory, designated as an export directory, to be copied to other directories, called import directories. Active Directory changes are replicated to all domain controllers on a regular schedule.
Requests for Comments (RFCs) :
An evolving collection of information that details the functions within the TCP/IP family of protocols. Some RFCs are official docu­ ments of the Internet Engineering Task Force (IETF), defining the standards of TCP/IP and the Internet, whereas others are simply proposals trying to become standards, and others fall somewhere in between. Some are tutorial in nature, whereas others are quite technical.

roaming user profile :
A profile that is stored in a network-accessible location, thus allowing a user to access their desktop, application data, and settings when they log on to any computer. See also profile.
Router :
A network hardware device (or computer-installed software package) that handles the connection between two or more networks. Routers look at the des­ tination addresses of the packets passing through them and decide which route to use to send them.





S

schema :
A set of definitions of the object classes and attributes that can be stored in Active Directory. Like other objects in Active Directory, schema objects have an access control list (ACL) to limit alterations to only authorized users. schema master The single domain controller assigned to track all updates to a schema within a forest.
scope :
In Dynamic Host Configuration Protocol (DHCP), the range of Internet Protocol (IP) addresses available to be leased to DHCP clients by the DHCP service. In groups, scope describes where in the network permissions can be assigned to the group.
Security Accounts Manager (SAM) :
A service used at logon that manages user account information, including group membership.
security descriptor An attribute of an object that contains ownership and access control information.

Security Identifier (SID):
A unique number assigned to every computer, group, and user account on a Windows Server 2003, Windows 2000, or Windows NT network. Internal processes in the operating system refer to an account’s SID, rather than a name. A deleted SID is never reused.
security principal :
An identity that can be given permission to a resource. A security principal is an object that includes a security identifier (SID) attribute. Windows Server 2003 supports four security principals: users, groups, computers, and the InetOrgPerson object.
Serial Line Internet Protocol (SLIP) :
A protocol used to run Internet Protocol (IP) over serial lines or telephone lines using modems. Rapidly being replaced by Point-to-Point Tunneling Protocol (PPTP). SLIP is part of Windows remote access for compatibility with other remote access software.
server :
A computer that provides a service to other computers on a network. A file server, for example, provides files to client machines.

Server Message Block (SMB) :
An application-layer protocol that allows a client to access files and printers on remote servers. Clients and servers that are configured to support SMB can communicate using SMB over transport- and network-layer protocols, including Transmission Control Protocol (TCP/IP).
Service locator (SRV) resource record :
A record in a DNS zone that specifies the computer (by name) that is hosting a particular service. SRV records allow clients to query DNS for services.
shortcut trust :
Used to reduce logon times between two domains in a Windows Server 2003 or Windows 2000 forest. This type of trust is transitive and can be oneway or two-way.
Simple Object Access Protocol (SOAP) :
An XML/HTTP-based protocol that provides a way for applications to communicate with each other over the Internet, independent of platform.
site In Active Directory, an area of one or more well-connected subnets. When users log on to a site, clients use Active Directory servers in the same site. See also wellconnected.
smart card :
A credit card-sized device that securely stores user credentials such as passwords, certificates, public and private keys, and other types of personal information. snap-in A tool that can be added to a console supported by the Microsoft Manage­ ment Console (MMC). You can add a snap-in extension to extend the function of a snap-in.

Socket :
An endpoint to a connection. Two sockets form a complete path for a bidi­ rectional pipe for incoming and outgoing data between networked computers. The Windows Sockets API is a networking application programming interface (API) for programmers writing for the Windows family of products.
Software Update Services (SUS) :
A server-based technology that centralizes the acquisition and approval of security rollups and critical updates for distribution to network clients running the Automatic Updates client.
subnet :
The portion of a Transmission Control Protocol/Internet Protocol (TCP/IP) network in which all devices share







a common prefix. For example, all devices with an IP address that starts with 198 are on the same subnet. IP networks are divided using a subnet mask.
superscope :
A collection of scopes grouped into a single administrative whole. Grouping scopes together into a superscope makes it possible to have more than one logical subnet on a physical subnet.
SystemRoot :
The path and folder where the Windows system files are located. The value %SystemRoot% can be used in paths to replace the actual location. To iden­ tify the SystemRoot folder on a computer, type %SystemRoot% at a command prompt.

System State :
The collection of critical system files, such as the registry, COM+ registration database, and startup files that must be backed up regularly to provide for system recoverability.
SYSVOL :
The folder on a domain controller that contains group policies and logon scripts. SYSVOL is replicated between domain controllers by the file replication service (FRS).
T

Telnet :
The protocol and program used to log on from one Internet site to another. The Telnet protocol/program gets you to the logon prompt of another host. terminal A device that allows you to send commands to another computer. At a minimum, this usually means a keyboard, a display screen, and some simple circuitry. You will usually use terminal software in a personal computer—the software pretends to be, or emulates, a physical terminal and allows you to type commands to another computer.
Terminal Services :
The underlying technology that enables Remote Desktop for Administration, Remote Assistance, and Terminal Server.
thread :
An executable entity that belongs to one (and only one) process. In a multi tasking environment, a single program can contain several threads, all running at the same time.
token ring :
A type of computer network in which the computers connected in a ring. A token, which is a special bit pattern, travels around the ring. To communicate to another computer, a computer catches the token, attaches a message to it, and the token continues around the network, dropping off the message at the designated location.
transitive trust :
The standard trust between Windows Server 2 0 0 3 domains in a domain tree or forest. Transitive trusts are always two-way trusts. When a domain joins a domain tree or forest, a transitive trust relationship is established automatically.
Transmission Control Protocol/Internet Protocol (TCP/IP) :
A suite of protocols that networks use to communicate with each other on the Internet. tree A tree in Active Directory is just an extension of the idea of a directory tree. It’s a hierarchy of objects and containers that demonstrates how objects are con­ nected, or the path from one object to another. Endpoints on the tree are usually objects.
trust relationship :
A security term meaning that one workstation or server trusts a domain controller to authenticate a user logon on its behalf. It also means a domain controller trusts a domain controller in another domain to authenticate a logon.





U

Uniform Resource Locator (URL) :
The standard way to give the address of any resource on the Internet that is part of the Internet. For example, http://www.adatum.com. The most common way to use a URL is to enter it into a Web browser.
universal group :
A group that can be used anywhere in a domain tree or forest. Members can come from any domain, and rights and permissions can be assigned at any domain. Universal groups are available only when the domain is in native mode.
Universal Naming Convention (UNC) :
A PC format for indicating the location of resources on a network. UNC uses the following format: \\Server\Shared_ resource_path. To identify the Example.txt file in the Sample folder on the server named Ample, the UNC would be \\Ample\Sample\Example.txt.

Universal Plug and Play (UPnP)
A standard that enables a network-attached device such as a PC, peripheral, or wireless device to acquire an Internet Protocol (IP) address and then, using Internet and Web protocols such as Hypertext Transfer Protocol (HTTP), to announce its presence and availability on the network.

universal serial bus (USB) :
An interface between a computer and add-on devices that enables simplified connection and Plug-and-Play detection of those devices. USB ports support multiple devices per port and usually allow a device to be added to the computer without powering the computer off.
UNIX :
An operating system designed to be used by many computer users at the sametime (multiuser) with Transmission Control Protocol/Internet Protocol operating system for servers on the Internet.
user account :
A user’s access to a network. Each user account has a unique username and security ID (SID).
User Principal Name (UPN) :
An attribute of every user object in Active Directory
(TCP/IP) built in. A common

that uniquely identifies that user in the entire forest. The UPN includes the user logon name and a suffix, such as lsmithbates@contoso.com.
user profile Information about user accounts. See also profile.
user right :
A logon right or privilege that allows a user to perform a system task, such
as logging on locally or restoring files and folders. Because user rights are systemspecific, rather than resource
specific, they will override permissions on an indi­ vidual resource. For example, users with the user right to Backup Files And Folders can back up a file to tape even if they are denied read permission for that file.

V

Virtual Private Network (VPN) :
A network constructed by using public wires to connect nodes. VPNs use encryption, such as Internet Protocol security (IPSec), and other security mechanisms to make sure only authorized users can access the network and that the data cannot be intercepted.
Voice over Internet Protocol (VoIP) :
A method for using the Internet as a transmission medium for telephone calls. Volume Shadow Copy Service (VSS) A service that creates snapshot backups of files, allowing a backup utility to back up the snapshot regardless of whether the original file is locked or open.
W

Web-Based Enterprise Management (WBEM) :
A set of management and Internet standard technologies developed to unify the management of enterprise computing environments. Microsoft’s implementation of WBEM is the Windows Management Instrumentation.
well-connected :
Being fast and reliable for the needs of Active Directory site com munication. The definition of “sufficiently fast and reliable” for a particular network depends on the work being done on the specific network.
wide area network (WAN) Any Internet or network that covers an area larger than a single building or campus.







Windows Internet Name Service (WINS) :
A name resolution service that converts computer NetBIOS names to Internet Protocol (IP) addresses in a routed environment.
Windows Management Instrumentation (WMI) :
A programming interface that provides access to the hardware, software, and other components of a computer. WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM) to establish standards of data in Enterprise Management.

Windows Sockets (Winsock) :
Winsock is a standard way for Windows-based pro grams to work with Transmission Control Protocol/Internet Protocol (TCP/IP). You can use Winsock if you use SLIP to connect to the Internet.
Workstation :
In Windows NT, a computer running the Windows NT Workstation operating system. In a wider context, used to describe any powerful computer optimized for graphics or computer-aided design (CAD) or any of a number of other functions requiring high performance.

X

X.500 :
A standard for a directory service established by the International Telecommunications Union (ITU). The same standard is also published by the International Standards Organization/International Electro-technical Commission (ISO/IEC).
The X.500 standard defines the information model used in the directory service. All information in the directory is stored in entries, each of which belongs to at least one object class. The actual information in an entry is determined by attributes that are contained in that entry.

Z

zone :
A part of the Domain Name System (DNS) namespace that consists of a single domain or a domain and subdomains managed as a single, separate entity.