Aramak için bir harf seçin veya yandaki Arama kutusunu kullanın:

• A
• B
• C
• D
• E
• F
• G
• H
• I
• J
• K
• L
• M
• N
• O
• P
• Q
• R
• S
• T
• U
• V
• W
• X
• Y
• Z

VLAN Stacking

VLAN stacking allows a service provider to distinguish multiple subscriber VLANs, even those with the same (subscriber-assigned) VLAN ID, within its network.

Policy

A policy defines the action(s) to be performed on a traffic flow that has been classified. See also Bandwidth Management, Classifier, Firewall and VPN.

VLAN Stacking

VLAN stacking allows a service provider to distinguish multiple subscriber VLANs, even those with the same (subscriber-assigned) VLAN ID, within its network.

Policy

A policy defines the action(s) to be performed on a traffic flow that has been classified. See also Bandwidth Management, Classifier, Firewall and VPN.

Management Port

A management port is a dedicated port on a device for management purposes only. You cannot access the network through a management port.

In-band Management

In-band management means accessing the management interface of a device through a network port that is not a management port.

Out-of-band Management

Out-of-band management means accessing the management interface of a device through a management port. See also Management Port.

VDSL

Very High Bit Rate DSL is an asymmetric version of DSL that is used as the final drop from a fiber optic junction point to nearby customers. VDSL lets an apartment or office complex obtain high-bandwidth services using existing copper wires without having to replace the infrastructure with optical fiber. Like ADSL, VDSL can share the line with the telephone.

ADPCM

ADPCM-32 is a 32-bit voice compression method that converts analog signals to digital data, thus allowing voice transmission over digital lines.

ATM

ATM is a LAN and WAN networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed.

Authenticity

Proof that the information came from the person or location that reportedly sent it. One example of authenticating software is through digital signatures.

Backdoor

In computer terminology, a backdoor (also called a trapdoor) is hidden software or a hardware mechanism that can be triggered to gain access to a program, online service or an entire system.

Backbone

A high-speed line or series of connections that forms a major pathway within a network.

BackOrifice

BackOrifice is a remote administration tool that allows a user to control a computer across a TCP/IP connection using a simple console or GUI application.

Bandwidth

This is the capacity of a link usually measured in bits-per-second (bps).

Bit

A Binary Digit (either a one or a zero); a single digit number in base-2. A bit is the smallest unit of computerized data.

Boot Module Commands

Boot Module Commands, available in the debug mode via SMT (some devices may not have SMTs), help you initialize the configuration of the basic functions and features of your device(s) such as uploading firmware, changing the console port speed and viewing product-related information.

Bridging

Bridging provides LAN to LAN frame forwarding services between two or more LANs. Frames from one LAN are forwarded across a bridge to a connected LAN, although filtering can be employed to selectively forward frames.

Brute Force Hacking

A technique used to find passwords or encryption keys. Brute Force Hacking involves trying every possible combination of letters, numbers, etc., until the code is broken.

Byte

A set of bits that represents a single character. There are eight bits in a byte.

Call filtering

Call filtering is used to determine if a packet should be allowed to trigger a call. Outgoing packets must undergo data filtering before they encounter call filtering.

Camping Out

Staying in a "safe" place once a hacker has broken into a system. The term can be used with a physical location, electronic reference or an entry point for future attacks.

CDR

This is a name used by telephone companies for call-related information.

CHAP

Challenge Handshake Authentication Protocol is an alternative protocol that avoids sending passwords over the wire by using a challenge/response technique.

Cipher Text

Text that has been scrambled or encrypted so that it cannot be read without deciphering it. See Encryption.

Client program

A software program that is used to contact and obtain data from a server software program on another computer. Each client program is designed to work with one or more specific kinds of server programs and each server requires a specific kind of client. A web browser, for example, is a specific kind of client.

CO

A CO is a facility that serves local telephone subscribers. In the CO, subscribers' lines are joined to switching equipment that allows them to connect to each other for both local and long distance calls.

COE

COE is where home and office phone lines terminate and connect to a much larger switching system.

DSP

A Digital Signal Processor (DSP) carries out the mathematical operations used in converting a signal into digital output.

Community

This is the SNMP equivalent of a password.

Cookie

A string of characters saved by a web browser on the user's hard disk.

Countermeasures

Techniques, programs or other tools that can protect your computer against threats.

CPE

CPE is privately-owned telecommunication equipment at an individual or organization’s site that is attached to the telecommunication network.

Cracker

Another term for hackers. Generally, the term cracker refers specifically to a person who maliciously attempts to break encryption, software locks or network security.

Cracker Tools

Programs used to break into computers. Cracker tools are widely distributed on the Internet. They include password crackers, Trojans, viruses, war-dialers and worms.

Crossover Ethernet Cable

A cable that wires a pin to its opposite pin, for example, RX+ is wired to TX+. This cable connects two similar devices, for example, two data terminal equipment (DTE) or data communications equipment (DCE) devices.

Crosstalk

Crosstalk on telephone wires is noise emanating from the signals transmitted on adjacent wire pairs caused by electric or magnetic fields of one telecommunication signal affecting the signal in an adjacent circuit.
Crosstalk in wireless network applications occurs when the radio signals from access points overlap and interfere with one another thus reducing performance.

Cryptoanalysis

The act of analyzing (or breaking into) secure documents or systems that are protected with encryption.

CSU/DSU

CSUs and DSUs are actually two separate devices, but they are used in conjunction and often combined into the same box. CSU/DSU are hardware devices that convert digital signals used on a LAN into a digital signal used on a WAN and vice-versa (over a T-1 line, for example).

DCE

DCE (Data Communication Equipment) is a device, such as a modem, that converts data between different interfaces (digital and analog for example) and exchanges data with the DTE.

Decryption

The act of restoring an encrypted file to its original state.

Denial of Service

Act of preventing customers, users, clients or other computers from accessing data on a computer. This is usually accomplished by interrupting or overwhelming the computer with bad or excessive information requests.

Device Filters

Device Filters decide whether or not to allow passage of a data packet and/or to make a call. Device filters act on raw data from/to LAN and WAN and serve as a limited firewall to your device.

DHCP

Dynamic Host Configuration Protocol automatically assigns IP addresses to clients when they log on. DHCP centralizes IP address management on central computers that run the DHCP server program. DHCP leases addresses, for a period of time, which means that past addresses are “recycled” and made available for future reassignment to other systems.

Digital

The use of a binary code to represent information, such as 0/1, or on/off.

DLCI

A DLCI specifies the channel and destination that frame relay traffic will use.

DNS

Domain Name System links names to IP addresses. When you access Web sites on the Internet you can type the IP address of the site or the DNS name.

Domain Name

The unique name that identifies an Internet site. Domain Names always have two or more parts that are separated by dots. The part on the left is the most specific and the part on the right is the most general.

DRAM

Dynamic RAM stores information in capacitors that must be refreshed periodically.

DSL

Digital Subscriber Line technologies enhance the data capacity of the existing twisted pair wire that runs between the local telephone company switching offices and most homes and offices. There are actually several types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both directions) or asymmetrical (the downstream capacity is higher than the upstream capacity). DSL connections are point-to-point dedicated circuits, meaning that they are always connected. There is no dial-up. There is also no switching, which means that the line is a direct connection into the carrier’s frame relay, ATM (Asynchronous Transfer Mode) or Internet-connect system.

DSLAM

A Digital Subscriber Line Access Multiplexor (DSLAM) is a network device, usually at a telephone company central office, that receives signals from multiple customer Digital Subscriber Line connections and puts the signals on a high-speed backbone line using multiplexing techniques. Depending on the product, DSLAM multiplexers connect DSL lines with some combination of asynchronous transfer mode ATM, frame relay or IP networks.

DTE

The DTE (Data Terminal Equipment) is a computer or terminal that is connected to a DCE.

WPA2

WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. It includes two data encryption algorithms, Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication Code Protocol (CCMP). See also WPA.

Echo Cancellation

Echo Cancellation minimizes the delays associated with digital networks. Delays are encountered as signals are processed through various routes within the networks, including copper wire, fiber optic lines, microwave connections, international gateways and satellite transmissions.

Egress port

Egress is the act of going out of something. An egress port is an outgoing port, that is, a port through which a data packet leaves. An egress router is a router through which a data packet leaves a network from another network.

eWC

This is an HTML-based configurator that allows easy setup and management.

EMI

Interference by electromagnetic signals that can cause reduced data integrity and increased error rates on transmission channels.

Encapsulation

Encapsulation is the inclusion of one data structure within another structure so that the first data structure is hidden for the time being.

Encryption

The act of substituting numbers and characters in a file so that the file is unreadable until it is decrypted. Encryption is usually done using a mathematical formula that determines how the file is decrypted.

Ethernet

A very common method of networking computers in a LAN. There are a number of adaptations to the IEEE 802.3 Ethernet standard, including adaptations with data rates of 10 Mbits/sec and 100 Mbits/sec over coaxial cable, twisted-pair cable and fiber-optic cable. See also Gigabit Ethernet.

BRAS

A BRAS (Broadband Remote Access Server) aggregates and routes subscriber traffic to/from the DSLAMs (Digital Subscriber Line Access Multiplexers) in the ISP’s network.

ETSI

ETSI is a non-profit organization that establishes telecommunications standards (defining coding standards and signaling schemes) for Europe. ETSI guidelines are voluntary and almost always comply with standards produced by international bodies.

ETSI Mode

This is a VDSL mode that operates in a specific frequency band allocation with associated upstream and downstream speeds.

Events

These are network activities. Some activities are direct attacks on your system, while others might be depending on the circumstances. Therefore, any activity, regardless of severity is called an event. An event may or may not be a direct attack on your system.

FAQ

FAQs list and answer the most common questions on a particular subject.

FCC

The FCC (Federal Communications Commission) is in charge of allocating the electromagnetic spectrum and thus the bandwidth of various communication systems.

Firewall

A hardware or software "wall" that restricts access in and out of a network. Firewalls are most often used to separate an internal LAN or WAN from the Internet.

Flash memory

A nonvolatile storage device that can be electrically erased and reprogrammed so that data can be stored, booted and rewritten as necessary.

Frame Relay

Frame relay is a form of packet-switching technology that routes frames of information from source to destination over a switching network owned by a carrier. Frame sizes are not fixed.

Frame Type

Each frame type is a separate logical network, even though they exist on one physical network. Frame Types are 802.2, 802.3, Ethernet II (DIX) and SNAP (Sub-Network Access Protocol).

FTP

File Transfer Protocol is an Internet file transfer service that operates on the Internet and over TCP/IP networks. A system running the FTP server accepts commands from a system running an FTP client. The service allows users to send commands to the server for uploading and downloading files.

G.SHDSL

A Single-pair High-speed Digital Subscriber Line is a symmetrical, bi-directional DSL service that operates on one twisted-pair wire. The “G.” in “G.SHDSL” refers to ITU (International Telecommunication Union) “G” standards. G.SHDSL provides data rates from 192kbps up to 2.3 Mbps at distances of 6,000 feet to 20,000 feet on 26 AWG copper. See also DSL.

Gateway

A gateway is a computer system or other device that acts as a translator between two systems that do not use the same communication protocols, data formatting structures, languages and/or architecture.

Ground Start

This is a type of analog voice grade access line signaling that requires the customer interface to provide a ground on the ring conductor at the network interface to initiate service requests.

GSTN

A GSTN denotes an analog network (PSTN) or digital network (ISDN).

Hacker

Generally, a hacker is anyone who experiments with technology - including computers and networks.

HDLC

A bit-oriented (the data is monitored bit by bit), link layer protocol for the transmission of data over synchronous networks.

Host

Any computer on a network that is a repository for services available to other computers on the network. It is quite common to have one host machine provide several services, such as WWW and USENET.

HTTP

The most common protocol used on the Internet. HTTP is the primary protocol used for web sites and web browsers. It is also prone to certain kinds of attacks.

IANA

Acts as the clearing-house to assign and coordinate the use of numerous Internet protocol parameters such as Internet addresses, domain names, protocol numbers and more.

ICMP

A message control and error-reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and are not directly apparent to the application user.

Ingress

Ingress is the act of entering something. An ingress port is an incoming port, that is, the port that a data packet enters from another port. An ingress router is a router through which a data packet enters a network from another network.

Inside Wiring

Wiring that is done from the point of demarcation to the jack in the wall where the line terminates.

Integrity

Proof that the data is the same as originally intended. Unauthorized software or people have not altered the original information.

Internet

(Upper case “I”). The vast collection of inter-connected networks that use TCP/IP protocols evolved from the ARPANET (Advanced Research Projects Agency Network) of the late 1960’s and early 1970’s.

internet

(Lower case “i”). Any time you connect two or more networks together, you have an internet.

Internet Worm

See Worm.

Intranet

A private network inside a company or organization that uses the same kinds of software that you would find on the public Internet, but that is only for internal use.

Intruder

Person or software interested in breaking computer security to access, modify, or damage data. Also see Cracker.

IP

(Currently IP version 4 or IPv4) The underlying protocol for routing packets on the Internet and other TCP/IP-based networks.

IP Policy Routing

Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and forward the packet based on the policy defined by the network administrator.

IP Pool

Refers to the collective group of IP addresses located in any particular place (for example, LAN, WAN, Ethernet, etc.).

IP Source Route

Source routing makes use of an optional header to dictate the route an IP packet takes from source to destination. Network technicians may use it to time certain paths or for diagnostics. Most packets do not have a source route header.

IPCP (PPP)

Allows changes to IP parameters such as the IP address.

IPX

The native NetWare internetworking protocol is IPX (Internetwork Packet Exchange). Like IP (Internet Protocol), IPX is an internetworking protocol that provides datagram services.

IRC

It is a way for multiple users on a system to “chat” over the network.

ISP

Provide connections into the Internet for home users and businesses. There are local, regional, national, and global ISPs. You can think of local ISPs as the gatekeepers into the Internet.

ITU-T

The ITU-T is the primary international body for fostering cooperative standards for telecommunications equipment and systems. It was formerly known as the CCITT (Consultative Committee for International Telephony and Telegraphy).

LAN

A shared communication system to which many computers are attached. A LAN, as its name implies, is limited to a local area. LANs have different topologies, the most common being the linear bus and the star configuration.

Jack Type

Different types of jacks (RJ-11, RJ45 or RJ-48) can be used for an ISDN line. The RJ-11 is the most common in the world and is most often used for analog phones, modems and fax machines. RJ-48 and RJ-45 are essentially the same, as they both have the same 8-pin configuration. An RJ-11 jack can fit into an RJ-45/RJ-48 connector, however, an RJ-45/RJ-48 cannot fit into an RJ-11 connector.

LATA

A geographic territory used primarily by local telephone companies to determine charges for intrastate calls.

LEC

The local phone companies – either a Regional Bell Operating Company (RBOC) or an independent phone company (GTE for example) – that provide local transmission services.

LED

LEDs are visual indicators that relay information about the status of specific functions to the user by lighting up, turning off or blinking. LEDs are usually found on the front panel of the physical device. Examples include Status, Power and System LEDS.

LLC-Multiplexing

One VC (Virtual Circuit) carries multiple protocols with protocol identifying information being contained in each packet header. Despite the extra bandwidth and processing overhead, this method my be advantageous if it is not practical to have a separate VC for each carried protocol, eg., if charging heavily depends on the number of simultaneous VCs.

Logic Bomb

A virus that only activates itself when certain conditions are met. Logic bombs usually damage files or cause other serious problems when they are activated.

Loop Start

A supervisory signal given by a telephone or PBX in response to completing the loop path.

Loop-reach

Loop reach defines speed that can be attained at various distances. This is very important for DSL technology as distance from the CO (Central Office) influences attainable speeds.

MAC

On a local area network (LAN) or other network, the MAC address is a computer's unique hardware number. (On an Ethernet LAN, it's the same as your Ethernet address). The MAC layer frames data for transmission over the network, then passes the frame to the physical layer interface where it is transmitted as a stream of bits.

MTU

Buildings such as hotels, motels, resorts, residential multi-dwelling units, office buildings, university campuses, etc.

mu-Law

Mu-Law and A-Law are Pulse Code Modulation (PCM) techniques that dictate forms of compression for audio signals. They are widely-used standard methods of coding voice as they improve the signal-to-noise ratio without increasing the amount of data. Mu-Law is a standard in North America; A-Law in Europe.

Multiplexing

A method that combines information from multiple connections into one connection for transfer over an ATM circuit.

Multiplexor

Multiplexors or MUXs, as they are often called, are devices that combine signals from various sources such as PBX (Private Branch Exchange), asynchronous terminals or a bridge connected to a WAN. A multiplexor transmits these signals as a single data stream over a digital line. Multiplexors conserve bandwidth.

Name Resolution

The allocation of an IP address to a host name. See also DNS.

NAT

The translation of an Internet Protocol address used within one network to a different IP address known within another network - see also SUA.

NDIS

A Windows specification for how communication protocol programs (such as TCP/IP) and network device drivers should communicate with each other.

NetBIOS

NetBIOS is an extension of the DOS BIOS that enables a computer to connect to and communicate with a LAN.

Network

Any time you connect two or more computers together, allowing them to share resources, you have a computer network. Connect two or more networks together and you have an internet.

NIC

A board that provides network communication capabilities to and from a computer system. Also called an adapter.

PAC

The PAC is the box that calls/answers the phone call and relays the PPP frames to the PNS (PPTP Network Server). A PAC must have IP and dial-up capability.

Packet Filter

A filter that scans packets and decides whether to let them through or not.

PAP

A security protocol that requires users to enter a password before accessing a secure system. The user’s name and password are sent over the wire to a server where they are compared with a database of user account names and passwords.

Password Cracker

A program that uses a dictionary of words, phrases, names, etc. to guess a password.

Password encryption

A system of encrypting electronic files using a single key or password. Anyone who knows the password can decrypt the file.

Password Shadowing

The encrypted password is not visible in the password file but stored in a shadow file that is only readable by root. This prevents brute force attacks on the encrypted field to guess the password.

PBX

A subscriber-owned telecommunications exchange that usually includes access to the public switched network. It may also be a private telephone switchboard that provides on-premises dial service and may provide connections to local and trunked communications networks.

Penetration

Gaining access to computers or networks by bypassing security programs and passwords.

Phreaking

Breaking into phone or other communication systems.

Ping Attack

An attack that slows down the network until it is unusable. The attacker sends a "ping" command to the network repeatedly to slow it down. See also Denial of Service.

Pirate

Someone who steals or distributes software without paying the legitimate owner for it.

Pirated Software

Software that has been illegally copied, or that is being used in violation of the software's licensing agreement. Pirated software is often distributed through pirate bulletin boards or on the Internet. In the Internet underground, it is known as Warez.

Plain Text

Plain Text is clear text, readable by anyone – it is the opposite of cipher text.

PNS

A PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel. The PNS must have IP connectivity.

Point of Demarcation

The physical point where the phone company ends its responsibility for the wiring of the phone line.

POP

This is a common protocol used for sending, receiving, and delivering mail messages.

Port

An Internet port refers to a number that is part of a URL, appearing after a colon (:), directly following the domain name. Every service on an Internet server listens on a particular port number on that server. Most services have standard port numbers, for example, Web servers normally listen on port 80.

Port (H/W)

An interface on a computer for connecting peripherals or devices to the computer. A printer port, for example, is an interface that is designed to have a printer connected to it. Ports can be defined by specific hardware (such as a keyboard port) or through software.

POTS

The analog telephone service that runs over copper twisted-pair wires and is based on the original Bell telephone system. Twisted-pair wires connect homes and businesses to a neighborhood central office. This is called the local loop. The central office is connected to other central offices and long-distance facilities.

PPP

PPP encapsulates and transmits IP (Internet Protocol) datagrams over serial point-to-point links. The protocol is defined in IETF (Internet Engineering Task Force) RFC 1661 through 1663. PPP provides router-to-router, host-to-router, and host-to-host connections.

PPPoE

PPPoE relies on two widely accepted standards: PPP and Ethernet. PPPoE is a specification for connecting the users on an Ethernet to the Internet through a common broadband medium, such as a single DSL line, wireless device or cable modem.

Hardware Monitor

A device uses the hardware monitor to observe temperature, voltage and fan speed readings.

Promiscuous Packet Capture

Actively capturing packet information from a network. Most computers only collect packets specifically addressed to them. Promiscuous packet capture acquires all network traffic it can regardless of where the packets are addressed.

Protocol

A “language” for communicating on a network. Protocols are sets of standards or rules used to define, format and transmit data across a network. There are many different protocols used on networks. For example, most web pages are transmitted using the HTTP protocol.

Protocol Filters

Use Protocol Filters to decide whether or not to allow passage of a data packet and/or to make a call. Protocol filters act on IP/IPX packets and can serve as a limited firewall.

Proxy Server

A server that performs network operations in lieu of other systems on the network. Proxy Servers are most often used as part of a firewall to mask the identity of users inside a corporate network yet still provide access to the Internet.

PSTN

Public Switched Telephone Network was put into place many years ago as a voice telephone call-switching system. The system transmits voice calls as analog signals across copper twisted cables from homes and businesses to neighborhood COs (central offices); this is often called the local loop. The PSTN is a circuit-switched system, meaning that an end-to-end private circuit is established between caller and the person called.

Public Key Encryption

System of encrypting electronic files using a key pair. The key pair contains a public key used during encryption, and a corresponding private key used during decryption.

PVC

A PVC is a logical point-to-point circuit between customer sites. PVCs are low-delay circuits because routing decisions do not need to be made along the way. Permanent means that the circuit is preprogrammed by the carrier as a path through the network. It does not need to be set up or torn down for each session.

ras

This is the name of the firmware on the ZyXEL device. Renaming may be necessary when uploading new firmware to the device.

RBOC

There are currently seven regional telephone companies that were created by the AT&T divestiture.

Reconnaissance

The finding and observation of potential targets for a cracker to attack.

REN

A Ringer Equivalence Number is used to determine the number of devices that may be connected to the telephone line.

RFC

An RFC is an Internet formal document or standard that is the result of committee drafting and subsequent review by interested parties.

Ring Type

Ring Type determines the sound and frequency of your telephone’s ring.

RIP

An interior or intra-domain routing protocol that uses distance-vector routing algorithms. RIP is used on the Internet and is common in the NetWare environment as a method for exchanging routing information between routers.

Rom-0

This is the name of the configuration file on your ZyXEL device. Renaming may be necessary when uploading a new configuration file to your ZyXEL device.

Router

A device that connects two networks together. Routers monitor, direct and filter information that passes between these networks.

SAP

In NetWare, the SAP broadcasts information about available services on the network that other network devices can listen to. A server sends out SAP messages every 60 seconds. A server also sends out SAP messages to inform other devices that it is closing down. Workstations use SAP to find services they need on the network.

SATAN

A UNIX program that gathers information on networks and stores it in databases. It is helpful in finding security flaws such as incorrect settings, software bugs and poor policy decisions. It shows network services that are running, the different types of hardware and software on the network, and other information.

SDSL

A Symmetrical Digital Subscriber Line is a symmetrical, bi-directional DSL service that operates on one twisted-pair wire. It can provide data rates up to the T1 rate of 1.544 Mbits/sec, and it operates above the voice frequency, so voice and data can be carried on the same wire.

Server

A computer, or a software package, that provides a specific kind of service to client software running on other computers.

Shoulder Surfing

Looking over someone's shoulder to see the numbers they dial on a phone, or the information they enter into a computer.

SMT

The SMT is a menu-based interface that you use to configure your device.

SNMP

SNMP is a popular management protocol defined by the Internet community for TCP/IP networks. It is a communication protocol for collecting information from devices on the network.

Trap

A trap is a report sent to an SNMP manager when an event occurs.

Snooping

Passively watching a network for information that could be used to a hacker's advantage, such as passwords. Usually done while Camping Out.

Socks

A protocol that handles TCP traffic through proxy servers.

Splitter

In telephony, a splitter, sometimes called a “plain old telephone service splitter" is a device that divides a telephone signal into two or more signals, each carrying a selected frequency range, and can also reassemble signals from multiple signal sources into a single signal

Spoofing

To forge something, such as an IP address. IP spoofing is a common way for hackers to hide their location and identity

SSL

Technology that allows you to send information that only the server can read. SSL allows servers and browsers to encrypt data as they communicate with each other. This makes it very difficult for third parties to understand the communications.

Static Routing

Static routes tell routing information that a networking device cannot learn automatically through other means. The need for static routing can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.

STP

STP cable consists of copper-core wires surrounded by an insulator. Two wires are twisted together to form a pair; the pair form a balanced circuit. The twisting prevents interference problems, STP provides protection against external crosstalk.

Straight-through Ethernet cable

A cable that wires a pin to its equivalent pin. This cable connects two dissimilar devices, for example, a data terminal equipment (DTE) device and a data communications equipment (DCE) device. A straight-through Ethernet cable is the most commonly used Ethernet cable.

SUA

Your system’s SUA feature allows multiple user Internet access for the cost of a single ISP account. See also NAT.

Subnet Mask

The subnet mask specifies the network number portion of an IP address. Your device will compute the subnet mask automatically based on the IP Address that you entered. You do not need to change the computer subnet mask unless you are instructed to do so.

ALG

An Application Layer Gateway (ALG) is a device that manages a specific protocol (such as SIP, H.323 or FTP) at the application layer.

TCP

TCP is a connection-oriented transport service that ensures the reliability of message delivery. It verifies that messages and data were received.

Telnet

Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.

TEMPEST

Electromagnetic signals radiate from electronic equipment and cables. Extra shielding is used on cables and equipment to meet TEMPEST requirements, in order to stop these signals from going out to unauthorized listeners.

Terminal

A device that allows you to send commands to a computer somewhere else. At a minimum, this usually means a keyboard, display screen and some simple circuitry.

Terminal Software

Software that pretends to be (emulates) a physical terminal and allows you to type commands to a computer somewhere else.

TFTP

TFTP is an Internet file transfer protocol similar to FTP (File Transfer Protocol), but it is scaled back in functionality so that it requires fewer resources to run. TFTP uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).

Alarm Profile

An alarm profile is a set of thresholds that trigger an alarm when one is reached.

Twisted Pair

Two insulated wires, usually copper, twisted together and often bound into a common sheath to form multi-pair cables. In ISDN, the cables are the basic path between a subscriber's terminal or telephone and the PBX or the central office.

UDP

UDP is a connectionless transport service that dispenses with the reliability services provided by TCP. UDP gives applications a direct interface with the Internet Protocol (IP) and the ability to address a particular application process running on a host via a port number without setting up a connection session.

UNIX

A widely-used operating system in large networks. Usually used on workstations and servers.

URL

URL is an object on the Internet or an intranet that resides on a host system. Objects include directories and an assortment of file types, including text files, graphics, video and audio. A URL is the address of an object that is normally typed in the Address field of a Web browser. A URL is basically a pointer to the location of an object.

V Series Recommendations

V.xx or V Series Recommendations are the most commonly used international modem/telephone network standards. The V.xx series recommendations are from the ITU-TS (Telecommunication Standardization Sector of the International Telecommunications Union) and will probably replace the old American Telephone and Telegraph Company/Bell System MNP (Microcom Networking Protocol) standards. Some modems offer both MNP and ITU-T standards; however, MNP generally offers much lower transfer rates than the V.xx series. See also, V.35 Data Port Interface.

V.35 Data Port Interface

V.35 is a standard transfer rate implemented under recommendations by the ITU-TS (Telecommunication Standardization Sector of the International Telecommunications Union). V.35 provides the trunk interface between a network access device and a packet network with data rates greater than 19.2 Kbps. V.35 may use the bandwidths of several telephone circuits as a group. See also, V Series Recommendations.

VC-based Multiplexing

By prior mutual agreement, each protocol is assigned to a specific virtual circuit, eg., VCI carries IP, VC2 carries IPX, etc. VC-based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical.

VCI

A VCI is a number that denotes a particular logical connection between end stations (users or networks). A VCI specifies the channel and destination that ATM traffic will use. See also, VPI.

Voice Gateway

A voice gateway is an interface to the telephone network for VoDSL services found between an AAL-2 circuit and a GSTN.

VPI

A VPI is a number that denotes a bundle of virtual channels. A VPI specifies the path and destination that ATM traffic will use. See also, VCI.

VPN

These networks use public connections (such as the Internet) to transfer information. That information is usually encrypted for security purposes.

Vulnerability

Point where a system can be attacked.

WAN

WANs link geographically dispersed offices in other cities or around the globe including switched and permanent telephone circuits, terrestrial radio systems and satellite systems.

War Dialer

A program that automatically dials phone numbers looking for computers on the other end. They catalog numbers so that hackers can call back and try to break in.

Warez

A term that describes pirated software on the Internet.

Wire Tapping

Connecting to a network and monitoring all traffic. Most wire tapping features can only monitor the traffic on their subnet.

Speed Dial

A speed dial entry is a telephone keypad shortcut for dialing frequently used telephone numbers.

WWW

The Internet in general.

xDSL

Digital Subscriber Line(s)where x, when specified, denotes a particular type of DSL, for example, ADSL, G.SHDSL, SDSL, VDSL, RDSL, etc.

ZyNOS

ZyNOS is the firmware used in many ZyXEL products.

CBR

Constant Bit Rate is an ATM service category that provides a fixed amount of bandwidth for streaming data (like voice or video). The bandwidth is always reserved, even when streaming data is not being sent.

UBR

Unspecified Bit Rate is an ATM service category that does not appropriate fixed bandwidth or guarantee throughput and is best used for non-time-critical applications, such as e-mail.

VBR-rt

Variable Bit Rate Real Time is an ATM service category that provides a fixed amount of bandwidth for high priority, but only when it is being sent. VBR-rt is best used for on-and-off (bursty) traffic.

QoS

Quality of Service refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to provide bandwidth for real-time multimedia applications.

AH

Authentication Header (RFC 2402) is a protocol that IPSec uses to verify integrity of a data packet (including the header) and the identity of it’s sender.

Authentication Algorithm

This is an established, step-by-step procedure for verifying the identity of a packet’s sender.

DES

Data Encryption Standard is a widely-used method of data encryption that uses a private (secret) key. DES applies a 56-bit key to each 64-bit block of data.

DH

Diffie-Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys.

DMZ

A DMZ is a network that makes public servers visible to the outside world and physically separates them from the LAN, thus making the LAN more secure.

Encryption Algorithm

An Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.

ESP

Encapsulating Security Payload (RFC 2406) is a protocol that IPSec uses to encrypt data to ensure confidentiality.

MD5

Message Digest 5, HMAC-MD5 (RFC 2403) is a hash algorithm that is used to authenticate packet data. It produces a 128-bit message digest. See also Hash and SHA1.

SHA1

Secure Hash Algorithm HMAC-SHA-1 (RFC 2404) is a hash algorithm that is used to authenticate packet data. It produces a 160-bit message digest. See also Hash and MD5.

IPSec

Internet Protocol Security is a standards-based VPN (Virtual Private Network) that offers flexible solutions for secure data communications across a public network like the Internet. IPSec is built around a number of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer.

Keys

Keys are used like passwords to open and close (encrypt and decrypt) messages. While many encryption algorithms are commonly known and public, the key must be kept secret.

PFS

Perfect Forward Secrecy is an IPSec keying method that uses a brand new key for each new IPSec SA setup. The keys are created by new key exchanges, see Diffie-Hellman.

SA

A Security Association is a contract between two parties indicating what security parameters, such as keys and algorithms they will use.

IKE

Internet Key Exchange is a two-phase security negotiation and key management service – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and phase 2 uses that SA to negotiate SAs for IPSec.

Transport

IPSec uses transport mode to protect upper layer protocols and affects only the data in the IP packet. The IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).

Triple DES

This is a stronger variant of DES (Data Encryption Standard). Triple DES is a widely-used method of data encryption that applies three separate private (secret) 56-bit keys to each 64-bit block of data.

Tunnel

IPSec uses tunnel mode to encapsulate the entire IP packet and transmit it securely. Tunnel mode is fundamentally an IP tunnel with authentication and encryption and is required for gateway services to provide access to internal systems.

Bandwidth Links

Links refers to traffic flow between the device port interfaces.

Bandwidth Borrowing

A class may use bandwidth from another class if that class is not using up its current allocation and bandwidth borrowing is allowed.

Borrowing Priority

Borrowing priority determines which class gets to borrow bandwidth when two or more classes are vying for spare bandwidth.

Bandwidth Management

Bandwidth management allows you to allocate bandwidth at an interface according to defined policies.

Bandwidth Class

A bandwidth class defines bandwidth allowed at an interface for an application, such as VoIP (Voice over Internet Protocol) or FTP (File Transfer Protocol) and/or a subnetwork.

Aggressive Mode

Aggressive mode is an IPSec phase 1 negotiation mode (see Negotiation Mode). Aggressive mode is quicker than Main Mode because it eliminates several steps. However the faster speed limits its negotiating power and it also does not provide identity protection. See also Main Mode.

Call Scheduling

Configure call time periods to restrict and allow access for users on remote nodes.

Content Filtering

Content filtering restricts or blocks access to certain web features or content from web pages.

Data Confidentiality

The IPSec sender can encrypt packets before transmitting them across a network.

Data Integrity

The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.

Data Origin Authentication

The IPSec receiver can verify the source of IPSec packets. This service depends on the data integrity service.

Dynamic DNS

With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider to use this service.

EAP

EAP (Extensible Authentication Protocol)(RFC2284)supports multiple authentication methods, such as RADIUS, to provide enhanced security.

IP Alias

Internet Protocol Alias allows you to partition a physical network into logical networks over the same Ethernet interface.

Key Management

Key Management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to set up a VPN.

Main Mode

Main mode is an IPSec phase 1 negotiation mode (see Negotiation Mode). Main mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). See also Aggressive Mode.

Multicast

Deliver IP packets to a specific group of hosts using IP multicast. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups.

Negotiation Mode

The phase 1 negotiation mode determines how the Security Association (SA) will be established for each connection through IKE negotiations. See also Aggressive Mode and Main Mode.

Port Forwarding

Use this feature to forward incoming service requests to a server on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.

PPTP

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using a TCP/IP-based network.

Pre-Shared Key

A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called “pre-shared” because you have to share it with another party before you can communicate with them over a secure connection.

Replay Detection

The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks.

SA Life Time (Seconds)

Define the length of time before an IKE Security Association automatically renegotiates in this field. It may range from 300 seconds (five minutes) to 86,400 seconds (one day).

Secure Gateway IP Address

Secure Gateway IP Address is the WAN IP address of the remote IPSec router.

SPI

An SPI is used to distinguish different SAs terminating at the same destination and using the same IPSec protocol. This data allows for the multiplexing of SAs to a single gateway. The SPI (Security Parameter Index) along with a destination IP address uniquely identify a particular Security Association (SA).

Hash

A hash is a mathematical function (or algorithm) that generates a message digest from plain text input. Se also message digest.

802.1Q

802.1Q is an IEEE standard for tagged VLANs (Virtual LANs) in which a VLAN ID is inserted into the layer-2 frame header to allow the creation of dynamic VLANs across switches. Tagged VLANs are not confined to the switch on which they were created as are port-based VLANs.

FCS

The Frame Check Sequence is the four octets in an Ethernet frame that contain the CRC-32 check.

CRC-32

CRC-32 (Cyclic Redundancy Check) is the checksum of an Ethernet frame as detailed in ISO 3309 [14].

VID

VID is the unique VLAN identification number.

Port-based VLAN

Port-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port. Port-based VLANs are specific only to the device on which they were created.

BSS

See Ad-Hoc

ESS

See Infrastructure.

Ad-Hoc

An Ad-Hoc wireless LAN is a group of computers that uses wireless LAN cards, to connect as an independent wireless LAN. An Ad-Hoc wireless LAN is sometimes referred to as a Basic Service Set (BSS).

Infrastructure

An infrastructure network is an integrated wireless and wired network. One or more APs link a wireless LAN to a wired LAN. This type of network topology is sometimes called an Extended Service Set (ESS).

Access Point

An Access Point (AP) is a network device that acts as a bridge between a wired and a wireless network.

Roaming

Roaming in wireless network applications is a wireless feature that allows wireless LAN clients to connect through multiple access points while moving from coverage area to coverage area.

Internal SPTGEN

Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual menus for each device.

Traffic Redirect

Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the router cannot connect to the Internet, thus acting as an auxiliary backup.

Trigger Port Forwarding

Trigger Port Forwarding allows computers on your LAN to dynamically take turns communicating with servers on the WAN that do not accept NAT port translation.

CRC

CRC is a method of checking for errors in data that has been transmitted on a communications link.

Bandwidth Policy

A bandwidth policy is where you define what application(s) and/or subnetworks make up a bandwidth class.

Bandwidth Monitoring

This is a graphical interface that allows you to gauge bandwidth usage.

Middleware

This is software that provides a way for two systems to exchange information or connect with one another even though they have different interfaces. For example, you can use middleware to have a VDSL based router communicate with a set-top box.

IEEE 802.1Q

802.1Q is an IEEE standard for tagged VLANs (Virtual LANs) in which a VLAN ID is inserted into the layer-2 frame header to allow the creation of dynamic VLANs across switches. Tagged VLANs are not confined to the switch on which they were created as are port-based VLANs.

Tagged VLAN

See IEEE 802.1Q VLAN.

Home Gateway

This is an intelligent network device located in the home. Users can access the home gateway device from a remote location. Examples of home gateways include computers, routers or modems, LAN access points, WLAN access points, and digital set-top boxes.

VLAN

A VLAN allows a physical network to be partitioned into multiple logical networks. Only stations within the same group can communicate with each other. Stations on a logical network can belong to one or more groups.

Queuing Algorithms

Queuing algorithms allow devices to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth.

GARP

GARP allows network devices to register and de-register attribute values with other GARP participants within a bridged LAN.

GVRP

GVRP is a registration protocol that defines a way for 802.1Q VLAN-aware switches to register necessary VLAN members on ports across the network.

STP

STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a device to interact with other STP-aware devices in your network to ensure that only one path exists between any two stations on the network.

IGMP

IGMP is a session-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. Refer to RFC 1112 and RFC 2236 for information on IGMP versions 1 and 2 respectively.

2B1Q

Two Binary, One Quarternary transmission is an amplitude modulation scheme for DC pulses. It combines two bits at a time to represent one of four amplitude levels. 2B1Q coding is defined in ANSI T1.601 and ETR 080, Annex A.

IGMP Snooping

IGMP snooping enables a layer-2 switch to dynamically learn the members of IP multicast groups. The switch can then forward multicast traffic to ports that are members of those multicast groups. When a switch receives multicast traffic destined for multicast groups that it does not know, it either forwards the traffic to all ports or discards it (depending on the switch and/or the switch’s configuration). IGMP snooping generates no additional network traffic and allows a switch to handle multicast traffic more efficiently and effectively.

Access Line

This is the physical telecommunications circuit (line) in the local network that connects the CO (Central Office) with the customer’s residence. See also Local Loop.

ATU-C

This is the hardware at the CO (Central Office) that terminates an ADSL connection.

ATU-R

This is the hardware at a customer’s location that provides termination for an ADSL connection.

Always-on

Always-on refers to broadband services that are connected all the time, eliminating the need to dial-up to connect.

ASIC

This is a chip engineered for a particular use or function.

ATM25

ATM25 is a 25.6 Mbps cell-based user interface defined by the ATM Forum.

B Channel

This is the bearer channel in an ISDN connection. B channel is a 64 Kbps full-duplex channel in both primary and basic rate ISDN.

Baseband

This is a networking technology that uses a line’s entire available bandwidth to transfer a single signal of digital data. Signals are not modulated and only one kind of signal (voice or data) can be sent at a time.

Basic Encoding Rate

This is an ANSI described rule for the encoding of data units. It also refers to the ratio of bits received that are in error. See Bit Error Rate Test.

Basic Rate Interface

This is an ISDN interface that has two B (bearer) channels that carry voice or data and one 16 Kbps D (data) channel. Also called Basic Rate Access (BRA).

BRA

This is an ISDN interface that has two B (bearer) channels that carry voice or data and one 16 Kbps D (data) channel. Also called Basic Rate Interface.

Bit Error Rate Test

This test shows the ratio of error bits to the total number of bits transmitted. Generally written as an exponential (10^5) to show that one out of a particular number of bits is in error.

BOOTP

This is a technology that a network uses to determine its Ethernet interface’s IP address.

Bridge

This is a networking device that forwards packets from one LAN to another. It uses the MAC address of an incoming packet to determine whether to drop or forward it. It allows the LANs to see each other’s devices, thus it is not as private or secure as a router.

Broadband

Broadband refers to networking technologies that use modulation or multiplexing to combine multiple channels for transmission over a single medium (copper telephone wire for instance). Broadband allows you to integrate data, video and voice so that it can share one line.

Cell

This is the data packet unit that ATM transmits. One cell consists of 53 bytes.

Circuit Switched Network

This is a network that sets up a temporary physical circuit when a telephone receiver is picked up (goes off hook) and holds the circuit open until it receives a disconnect signal.

Circuit Switching

This is the use of switches to set up a dedicated physical connection between two endpoints until it receives a disconnect signal.

Class 5 Switch

This is a PSTN (Public Switched Telephone Network) switch in a CO.

CLEC

A Competitive Local Exchange Carrier is a Local Exchange Carrier (LEC) that competes with the market leading or Incumbent LEC (ILEC). This type of carrier may offer Internet Access, video on demand/cable TV, long distance or local exchange service. It also includes wireless (cellular/PCS) providers.

Coaxial Cable

This type of cable has a braided copper shield that surrounds a single insulated copper wire.

Compression

This is a method of reducing the size of a signal.

Console

This is a device (usually a computer) that you use to manage a networking device via a serial port (RS232) connection.

Core Network

This refers to switching offices and the transmission plants that link them together. Competing Interchange networks connect Core Networks in the US, while in other countries, the Core Networks reach to the borders of the country they are in.

DHCP Server

This is a device that uses DHCP (see DHCP) to assign addresses to nodes on a LAN.

Dial Backup

Dial backup is an auxiliary WAN connection that you can use if your primary WAN link goes down.

Dial Up

This is the process of setting up a connection through a switched network. It also describes a type of Internet service where you have to connect (like a call) to your ISP for each session.

Bandwidth-on-demand

This allows you to dynamically set upstream and downstream line speeds to a particular rate of speed.

bps

This is a standard measurement of digital transmission speeds.

Bps

This is a standard measurement of digital transmission speeds. One byte is eight bits.

CIR

The carrier programs virtual circuits into the network between your sites and charges customers for a specific level of service called the committed information rate (CIR). The CIR is a negotiated rate and is basically a guarantee that the carrier will always have that bandwidth available.

Daylight-savings Time

This is a period during the late spring, summer and early fall when many countries set their clocks ahead of normal local time by one hour to give more daylight time in the evenings.

Device Filter Rules

Device filter rules are filter rules that treat a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.

Cleared Alarms

An administrator clears an alarm after solving its cause. When an alarm is cleared, it is removed from the current alarm screen and becomes an historical alarm.

COM Port

The communications port is used for local management of the device. In some devices, it may also be used for uplinking.

Auxiliary Port

This port can be used as a traditional dial-up connection in reserve if ever the broadband connection to the WAN port fails. See also Dial Backup.

Downlink Port

This port connects to the uplink port of another device when the devices are cascaded. Also known as a subtending port.

Subtending Port

This port connects to the uplink port of another device when the devices are cascaded. Also known as a downlink port.

Hello Time

In RSTP (or STP), this is the time interval in seconds between tree configuration messages generated by all devices in RSTP or the root device in STP.

Dual Firmware Block Structure

Devices with a “dual firmware block structure” have one “main block” and another “backup block”. You can save the current firmware into the backup block before you upload new firmware. If the firmware in the main block gets corrupted, the device tries to boot from the backup block automatically so the service is not interrupted.

E1

This is the European basic multiplex rate which packs 30 voice channels into a 256 bit frame and transmits at 2.048 Mbps.

EIR

This is the burst capability of the connection, for instance, the maximum allowable data transfer rate.

Filters

Filters tell a device whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering.

Hop Count

Hop count is a measure of distance between two points on the Internet. It is equivalent to the number of gateways that separate the source and destination.

IP Multicast

Traditionally, IP packets are transmitted in one of either two ways - Unicast (one sender to one recipient) or Broadcast (one sender to everybody on the network). IP Multicast is a third way to deliver IP packets to a group of hosts on the network - not everybody.

NAT - Global

This refers to the packet address (source or destination) as the packet travels on the WAN.

NAT - Inside

This refers to the host on the LAN.

NAT - Local

This refers to the packet address (source or destination) as the packet travels on the LAN.

NAT -Outside

This refers to the host on the WAN.

NAT Server Set

A NAT server set is a list of inside servers (behind NAT on the LAN) that you can make visible to the outside world.

PTT

PTT is a generic European name that usually refers to state-owned telephone companies.

RS-232

RS-232 is an EIA standard which is the most common way of linking data devices together.

T1

A T1 line consists of 24 voice channels packed into a 193 bit frame and transmitted at 1.544 Mbps. The unframed version, or payload, is 192 bits at a rate of 1.536 Mbps.

Bandwidth Control

Bandwidth control means defining a maximum allowable bandwidth for traffic flows from specified source(s) to specified destination(s). See also Bandwidth Management.

TCP/IP Filter Rules

TCP/IP filter rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.

Telco

The generic name for telephone companies throughout the world.

UNI

User Network Interface defines the connection between user equipment and the Frame Relay network, for instance, if your device is connected to a service provider.

VC

A series of virtual paths between circuit end points. This is a logical link that behaves like a dedicated point-to-point line.

Filter rules

Filters decide whether or not to allow passage a data packet and/or make a call. There are two types of filter applications: data filtering and call filtering. Data filtering screens data to determine if the packet should be allowed to pass. Call filters prevent packets from triggering calls.

GGP

Gateway-to-Gateway Protocol is an Internet protocol that specifies how gateway routers communicate with each other.

Network contention

Network contention describes a situation when two or more networked devices attempt to use the same medium simultaneously.

DHCP Relay

Dynamic Host Configuration Protocol Relay is a function that allows DHCP data to be forwarded between the computer that requests the IP address and the DHCP server.

PPPoA

One of the two types of PPP interfaces you can define for a Virtual Circuit(VC), the other being PPPoE. You can only define one PPPoA per VC.

Switch

A layer-2 network device that selects a path or circuit to send a data packet through.

Latency

The time it takes for a bit to be transmitted from source to destination.

Virtual Channel

A logical connection between ATM switches.

Virtual Path

A bundle of virtual channels.

Broadcast

Sending data to all computers on a network.

RADIUS

A RADIUS (Remote Authentication Dial-In User Service)(RFC2138, 2139) server performs authentication, authorization and accounting for a network.

Antenna

An antenna acts as a radiator that propagates a radio frequency signal from a wireless device through the air. An antenna also works in reverse by capturing signals from the air.

Coverage

Coverage, or range, is the distance over which wireless devices can communicate.

WEP

WEP (Wired Equivalent Privacy) encrypts data transmitted between wired and wireless networks to keep the transmission private.

Loop

A data path loop forms when there is more than one path or route between two networked devices. A loop in a network may result in a broadcast storm.

Broadcast Storm

A broadcast storm occurs when a packet triggers multiple responses from all hosts on a network or when computers attempt to respond to a host that never replies. As a result, duplicated packets are continuously created and circulated in the network, thus reducing network performance or even rendering it inoperable.

Spanning Tree Algorithm

The spanning-tree algorithm calculates the best loop-free path throughout a switched network.

Set-top Box

A set-top box is a device that provides services such as High Definition Television (HDTV), content decryption, personal video recorder, electronic programming guide, VoIP, Web browsing and interactive television features.

Acknowledged Alarms

This means that an administrator has decided to handle the cause of this alarm. Other administrators see that person’s name in their alarm screen, thus avoiding duplicate effort to solve the same problem.

Active Alarms

“Active” is the initial state of an alarm, which means the alarm is new and an administrator is yet to assume responsibility for handling it.

A-end (IPSec)

This is the end of a VPN tunnel opposite the Z-end (see also Z-end).

Auto-crossover

An auto-crossover Ethernet port enables you to use either a crossover Ethernet cable or a straight-through Ethernet cable to connect your device to either a computer or external hub. In other words these ports automatically adjust according to the type of cable so that either straight-through Ethernet cable or crossover Ethernet cable may be used.

Band Plan (VDSL)

Each VDSL mode operates in a different frequency range called a band plan.

Bridge Priority

RSTP (or STP) uses bridge priority to determine the root device, root port and designated port. The device with the highest priority becomes the STP root device. If all devices have the same priority, the device with the lowest MAC address will then become the root device.

Max Age

In RSTP (or STP), this is the maximum time (in seconds) a device waits without receiving a configuration message before attempting to reconfigure.

BPDU

RSTP (or STP)-aware devices periodically exchange configuration messages called Bridge Protocol Data Units (BPDUs). When the bridged LAN topology changes, a new spanning tree is constructed.

MDI/MDIX

MDI (Medium Dependent Interface)/MDIX (MDI crossover) is a type of Ethernet port. MDI ports connect to MDIX ports using straight-through Ethernet cables; both MDI-to-MDI and MDIX-to-MDIX connections use crossover Ethernet cables.

SPQ

Strict Priority Queuing (SPQ) services queues based on priority only. As traffic comes into the switch, traffic on the highest priority queue is transmitted first. When that queue empties, traffic on the next highest-priority queue is transmitted until that queue empties, and so on. If higher priority queues never empty, then traffic on lower priority queues never gets sent. See also Queuing Algorithms.

Path Cost

In RSTP (or STP), path cost is the cost of transmitting a frame onto a LAN through that port. It is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost.

STUN

STUN allows a device to find the public IP address assigned by a NAT router and/or a firewall between it and the public Internet. See RFC 3489 for details on STUN.

Management VID

Management VLAN ID is the VLAN ID of the CPU and is used for management only. To access the switch make sure the port that you are connected to is a member of Management VLAN.

Reset Button

This hardware button is used to restore the factory default settings.

Reverse Engineering

Reverse engineering means analyzing software, firmware, or hardware to find out how it works.

Root Bridge

In RSTP (or STP), the root bridge is the base of the spanning tree; it is the bridge with the lowest identifier value (MAC address).

Subnetting

With subnetting, the class arrangement of an IP address is ignored. For example, a class C address no longer has to have 24 bits of network number and 8 bits of host ID. With subnetting, some of the host ID bits are converted into network number bits.

UID

User IDentification is equivalent to your user name. Usually a password is associated with a UID or user name.

Uplink Port

This port connects to an external switching hub, router or server.

Z-end (IPSec)

This is the end of a VPN tunnel opposite the A-end (see also A-end).

Local Loopback Test

A local loopback test is used to check the device's DSL chip. A local loopback test failure indicates an internal device problem.

Remote Loopback Test

A remote loopback test is used to test the connection between two DSL devices. The local device sends an Ethernet frame to the other (remote) DSL device and checks for it to be returned.

Port Bonding

This is the aggregation of separate physical DSL port links into one logical link; for example, three SHDSL links of 2.3 Mbps can be aggregated into one logical 6.9 Mbps link.

Port Trunking

This is the aggregation of separate physical port links into one logical link; for example, two fast Ethernet links can be aggregated into one logical 200 Mbps link.

Dotted-decimal Notation

This is the writing out of a decimal number (base-10) using periods (dots or decimals) to separate it into parts. This is commonly used for IP addresses, such as 192.168.1.1. Also referred to as dot-decimal format.

Dot-decimal Format

See dotted-decimal notation.

Jam Signal

In Ethernet networks, when a transmitting station detects a collision, it stops transmitting and sends a 32-bit jam sequence to inform other stations to (momentarily) stop transmitting so that it can transmit.

Hexadecimal Notation

Hexadecimal notation is a base-16 number as opposed to decimal (base-10) or binary (base 2). This number representation uses 0-9 along with the letters a-f to represent the (decimal) numbers 10 to 15. The right-most digit represents ones, the next represents multiples of 16, then 16 squared (256), 16 cubed (4096) and so on. MAC addresses are usually written in hexadecimal notation, for example 00:a0:c5:01:23:43.

Back Pressure Flow Control

Back Pressure flow control is typically used with Ethernet ports operating in half duplex mode to send a “collision” signal to the sending port (mimicking a state of packet collision) causing the sending port to temporarily stop sending signals and resume sending them later.

Flow Control

Flow control is used to manage the sending of traffic so the sending device does not transmit more than the receiving device can process. This helps prevent traffic from being dropped and having to be resent. See also IEEE802.3 Flow Control and Back Pressure Flow Control.

IEEE802.3 Flow Control

IEEE802.3 flow control is typically used with Ethernet ports operating in full duplex mode to send a pause signal to the sending port, causing it to temporarily stop sending signals when the receiving port’s memory buffers are full.

UTC

UTC is a standard time for use around the world (formerly known as Greenwich Mean Time or GMT). UTC is an international abbreviation that is neither French nor English. It means both "Temps Universel Coordonné" and "Coordinated Universal Time".

OAM F5 Loopback Test

An Operational, Administration and Maintenance Function 5 test is used to test the connection between two DSL devices. First, the DSL devices establish a virtual circuit. Then the local device sends an ATM F5 cell to be returned by the remote DSL device (both DSL devices must support ATM F5 in order to use this test).

Daisychain

In networking, to daisy chain devices it to connect them to each other in a series (cascaded). See also Subtending Port.

ADSL2

ADSL2 (ITU G.992.3 and G.992.4) offers improved performance and interoperability over ADSL. Key improvements are enhanced data rates, loop reach, diagnostics, rate adaptation and power management.

NAT Traversal(VPN/IPSec)

NAT traversal allows IPSec tunnels using the ESP protocol to pass through NAT-enabled routers.

ID Content

In IPSec, the ID type and ID content identify an individual Security Association (SA). The ID type can be a domain name, an IP address or an e-mail address. The ID content is the IP address, domain name, or e-mail address.

SNR

Signal-to-Noise Ratio (SNR) is the ratio of the amplitude of the desired (DSL) signal to the amplitude of noise signals at a given point in time. The higher the SNR number, the better the line quality.

Tx KB/s

This is the number of kilobytes per-second transmitted on an interface.

Rx KB/s

This is the number of kilobytes per-second received on an interface.

Rx CRC

This is the number of frames received on this interface with CRC (Cyclic Redundant Check) error(s).

ID Type

In IPSec, the ID type and ID content identify an individual SA. The ID type can be a domain name, an IP address or an e-mail address. The ID content is the IP address, domain name, or e-mail address. When used with aggressive negotiation mode, the ID type and content allow an IPSec router to distinguish between SAs that connect from IPSec endpoints with dynamic IP addresses. For example, several telecommuters with dynamic IP addresses can use separate passwords to simultaneously connect to an IPSec router. With main negotiation mode, the ID type and content act as an extra level of identification for incoming SAs.

Fragment

These are packets less than 64 octets long, and with either CRC (Cyclic Redundant Check) or alignment error(s).

Jabber

These are packets that are greater than the maximum octets (specified for the system by the configuration software) long and with either CRC or alignment error(s).

MSE

Minimum Square Error (MSE) is the minimum mean-square error (also known as MMSE) performance measure is a popular metric for optimal signal processing.

Auto-MDI/MDIX

Auto-MDI (Medium Dependent Interface)/MDIX (MDI crossover) is an Ethernet port feature that automatically adjusts to crossover or straight-through Ethernet cable so you can use either to connect your device to a computer or a switch/external hub. See also auto-crossover.

Broadcast Storm Control

Broadcast Storm Control limits the number of broadcast frames that can be stored in the switch buffer or sent out from the switch within a certain time. Broadcast frames that arrive when the buffer is full are discarded.

802.1x

See IEEE 802.1x.

Octet

In computer networking an octet is an 8-bit binary digit (byte).

Port Security

Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the switch.

CON/AUX Switch and Port

Set the CON/AUX switch to the “CON” side when using the CON/AUX port as a regular console port for local device configuration and management. Set this switch to the “AUX” side when using the CON/AUX port as an auxiliary dial-up WAN connection.

Dynamic Link Aggregation

The IEEE802.3ad standard describes Link Aggregate Control Protocol (LACP), which is a protocol that dynamically creates and manages trunk groups. When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote end of a link to establish trunk groups. LACP also allows port redundancy, that is, if an operational port fails, then one of the “standby” ports becomes operational without user intervention.

LACP

The IEEE802.3ad standard describes Link Aggregate Control Protocol (LACP), which is a protocol that dynamically creates and manages trunk groups. When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote end of a link to establish trunk groups. LACP also allows port redundancy, that is, if an operational port fails, then one of the “standby” ports becomes operational without user intervention.

MIB

A Management Information Base (MIB) is a collection of managed objects. The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as the number of packets received, node port status and so on.

NAT Traversal (UPnP)

UPnP NAT traversal automates the process of allowing an application to operate through NAT. UPnP network devices can automatically configure network addressing, announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions.

Port Mirroring

Port mirroring allows you to copy traffic from one port to another port in order to examine the first port’s traffic without interfering with it.

Rate Adaption

Rate adaption is the ability of the device to adjust the configured transmission rate to the attainable transmission rate automatically depending on your telephone line quality.

Service Access Control

Service Access Control allows you to decide what services may access the ZyXEL device. You may also choose to allow only clients with specific IP addresses to use a service to access the ZyXEL device.

Trunking

Trunking (link aggregation) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports of for example, if it is cheaper to use multiple lower-speed links than to under-utilize a higher-speed, but more costly, port link. However, the more ports you aggregate to get higher bandwidth then the fewer available ports you have.

UPnP

Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP-enabled device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.

EAP-TLS

EAP-TLS (Extensible Authentication Protocol -Transport Layer Security) authentication uses digital certifications for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created.See also EAP and EAP-TTLS.

Digital Certificate

A digital certificate is an electronic ID card that proves the sender’s identity. A digital certificate is issued by a certificate authority.

EAP-TTLS

EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Service) authentication is a type of mutual authentication where just the server sends a digital certificate to identify itself to the clients. See also EAP and EAP-TLS.

Linux

Linux is a free, open-source UNIX-type operating system.

Cracking

This is the act of breaking into computers, bypassing passwords or licenses in a computer program or intentionally breaching computer security.

Mirror Port

This is a port that copies the network traffic of another port for the purpose of analyzing the network traffic. This is also known as the sniffer port or the analysis port.

Monitor Port

This is a port whose traffic is duplicated and analyzed by a sniffer port. This is also known as the source port.

WFQ

Weighted Fair Queuing (WFQ) services queues based on their priority and queue weight. Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues. See also Queuing Algorithms.

Cluster Management

Cluster management allows you to manage switches through one switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.

Cluster Manager

The cluster manager is the switch through which you manage the cluster member switches.

Cluster Members

The cluster members are the switches being managed by the cluster manager switch.

Clustering Candidates

Clustering candidates are switches that are potential cluster members.

Filtering Database

The filtering database shows how frames are forwarded or filtered across a switch’s ports. The switch uses the filtering database to determine how to forward frames.

CLI

In this interface, you can use line commands to configure the device or perform advanced device diagnostics and troubleshooting.

WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. WPA encrypts data by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. See also WPA-PSK (WPA -Pre-Shared Key).

WPA-PSK

WPA-PSK (WPA -Pre-Shared Key) requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a client will be granted access to a WLAN. See also WPA.

TKIP

Temporal Key Integrity Protocol (TKIP) is an encryption protocol that uses 128-bit keys that are dynamically generated and distributed by the authentication server. TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice.

MIC

Message Integrity Check (MIC, also named Michael) is a function designed to detect if someone has covertly altered data packets. The receiver and the transmitter each compute and compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.

Wireless Client Supplicants

A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA.

ISO

The International Organization for Standardization is based in Geneva and is responsible for a wide range of standards including ones that apply to networking.

Bridge Mode

An AP in bridge mode can function as a wireless network bridge allowing you to connect two wired network segments. The peer device also must be in bridge mode. This wireless bridge connection is equivalent to a Wireless Distribution System (WDS). See also WDS.

Channel

A channel is a radio frequency used by a wireless device. Channels available depend on your geographical area.

ESS ID

An Extended Service Set (ESS) is a group of access points connected to a wired LAN on the same subnet. An ESS ID uniquely identifies each group. All access points and their associated wireless stations in the same group must have the same ESSID.

Fragmentation Threshold

A Fragmentation Threshold is the maximum data fragment size that can be sent in a wireless network before the AP fragments the packet into smaller data frames.

IBSS

An IBSS, also called an Ad-hoc network, is defined as two or more computers with wireless adapters within range of each other that form an independent (wireless) network without the need of an access point (AP).

Multi-ESS

Multiple ESS is a function that allows multiple ESSs to be configured on just one access point. Wireless stations can use different ESSIDs to associate with the same AP. Only wireless stations with the same ESSID can communicate with each other. This allows the AP to logically group wireless stations in a manner similar to VLAN (Virtual LAN).

PoE

PoE is the ability to provide power to a PoE-enabled device via an 8-pin CAT 5 Ethernet cable, eliminating the need for a nearby power source.

WDS

A Distribution System (DS) is a wired connection between two or more APs, while a WDS is a wireless connection. An AP using WDS can function as a wireless network bridge allowing you to wirelessly connect two wired network segments.

Hotspot

Hotspots are public areas, such as airports, hotels, coffee shops, where end users can access the Internet via a mobile device.

Immediate Dial

Immediate dial allows you to make a phone make call immediately after you press a certain key (for instance the # key).

Portal Page

A portal page is the first web site to which a subscriber is directed after logging in successfully.

Walled Garden

This is a list of web site address(es) which all users can access without logging in.

PMS

PMS is an automated billing system commonly used by hotels to perform in-room billing of services.

Account Generator Printer

When connected to an Internet service gateway device, an account generator printer allows you to create and print out subscriber accounts automatically. The account generator printer is also known as the statement printer.

Statement Printer

See account generator printer.

Billing Profile

A billing profile is a template of predefined billing parameters such as time unit, unit cost and/or account expiration time.

Passphrase

A passphrase is a string of text used for automatic WEP key generation on wireless client adapters.

BLES

Broadband Loop Emulation Service (Voice over DSL, TR-039 Annex A) is a DSL forum standard that provides architectural requirements and recommendations for using the Loop Emulation Standard (see LES) to deploy voice services on a DSL broadband access network.

Call Waiting

Call waiting allows you to place a call on hold while you answer another incoming call on the same telephone (directory) number.

CAS

In telephone networks that use CAS (Channel Associated Signaling), each channel carries both the control signal and voice signal. CAS is commonly used in America.

CCS

In telephone networks that use CCS (Common Channel Signaling), one channel carries the control signal and a separate channel carries the voice signal. CCS is commonly used in Europe.

Comfort Noise

Comfort noise is the background noise a device generates to fill moments of silence when the other device in a call stops transmitting because the other party is not speaking (as total silence could easily be mistaken for a lost connection). See also VAD.

Flash

Flashing means to press the telephone’s hook for a short period of time (a few hundred milliseconds) before releasing it. On newer telephones, there should be a “flash” key (button) that generates the signal electronically.

LES

Loop Emulation Standard is an ATM forum specification for sending voice traffic over ATM Adaptation Layer type 2 (AAL2).

Message Waiting

Message waiting notifies you when a voice message arrives. The details of the message waiting feature depend on your telephone and your voice mail service.

Metering Pulse

A metering pulse is a periodic signal that the telephone company’s switch sends to a telephone during a call in order to measure the length of the call for billing purposes.

Off Hook

Off hook means that the telephone is in use.

On Hook

On hook means that the telephone is not in use.

Three Way Calling

Three way calling allows you to add a third party to an existing call. You must subscribe to your telephone company for this service.

Tip/Ring Polarity Reversal

A twisted pair telephone wire consists of one tip wire and one ring wire. The polarity on the tip and ring wires gets reversed according to the requirements of a country’s telephone system.

VAD

Voice Activity Detection (or silence suppression) allows a device to reduce a call’s bandwidth by only transmitting when you are speaking. See also Comfort Noise.

VMoA

Voice and Multimedia over ATM is an ATM forum standard for sending voice and multimedia signals across a network as ATM cells. The voice and multimedia signals are carried over AAL-2.

VoATM

Voice over ATM is an ATM forum standard for sending a voice signal across a network as ATM cells. The voice signal is carried over AAL-2.

VoDSL

Voice over Digital Subscriber Line is the sending of a voice signal across a network as ATM cells. The voice signal is carried over AAL-2. This allows the combination of multiple voice/fax/modem lines and Internet access (data) on a single DSL line. The data signal is carried over AAL-5.

VoIP

Voice over Internet Protocol is the converting of the voice signal to data (IP) packets and then sending the packets over an IP network.

IEEE 802.1p

IEEE 802.1p Priority defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service.

MAC Filtering

Media Access Control filtering filters incoming frames based on MAC (Media Access Control) address(es) that you specify.

Static MAC Address Forwarding

A static MAC address entry is an address that you manually enter into the MAC address-learning table. Static MAC addresses do not age out. This may reduce unicast flooding. The devices with MAC addresses on this list cannot receive traffic on another port on the device.

AES

Advanced Encryption Standard is method of data encryption that uses a secret key. AES may use a 128-bit, 192-bit or 256-bit key. AES is faster than 3DES.

Bandwidth Management Lite

Bandwidth management lite uses firewall rules to limit bandwidth on traffic flows.

Binary PKCS#7

Binary PKCS#7 is a standard that defines the general syntax for data (including digital signatures) that may be encrypted.

Binary X.509

Binary X.509 is an ITU-T recommendation that defines the formats for X.509 certificates.

Certificates

Certificates (also called digital IDs) can be used to authenticate users. Certificates are based on public-private key pairs. They provide a way to exchange public keys for use in authentication.

CA

A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner.

Certification Path

A certification path is the hierarchy of certification authority certificates that validate a certificate.

Certification Request

A certification request contains identifying information and public keys. You can send a certification request to a certification authority. The certification authority signs the certification request and issues a certificate.

CMP

Certificate Management Protocol (CMP) is a TCP-based certificate enrollment protocol that was developed by the Public Key Infrastructure X.509 working group of the Internet Engineering Task Force (IETF) and is specified in RFC 2510.

CRL

A CRL (Certificate Revocation List) is a directory of certificates that have been revoked before their scheduled expirations.

HTTPS

HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL is a web protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed).

LDAP

LDAP (Lightweight Directory Access Protocol) is a protocol over TCP that specifies how clients access directories of certificates and lists of revoked certificates.

MD5 Fingerprint

A MD5 fingerprint is a certificate’s message digest that was calculated using the MD5 algorithm. See also message digest.

PEM (Base-64) encoded PKCS#7

PEM (Base-64) encoded PKCS#7 is a Privacy Enhanced Mail (PEM) format that uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form.

PEM (Base-64) encoded X.509

PEM (Base-64) encoded X.509 is a Privacy Enhanced Mail format that uses 64 ASCII characters to convert a binary X.509 certificate into a printable form.

PKI

PKI (Public-Key Infrastructure) is the framework of servers, software, procedures and policies that handles (public-key cryptography) keys.

PKIX

Public-Key Infrastructure (X.509) refers to an IETF working group and the protocols and architecture that it has drafted based on X.509.

RSA

RSA is a public-key encryption and digital signature algorithm.

SCEP

Simple Certificate Enrollment Protocol (SCEP) is a TCP-based certificate enrollment protocol that was developed by VeriSign and Cisco.

Self-signed Certificate

A self-signed certificate is one that you generate on a device. The device acts as the certification authority and signs the certificate itself.

SHA1 Fingerprint

A SHA1 fingerprint is a certificate’s message digest that was calculated using the SHA1 algorithm. See also message digest.

Message Digest

A message digest is the fixed-length encrypted output that is the result of applying a hash to plain text input. The message digest functions as a digital fingerprint of the original message. A message digest provides a way to check the integrity of a message. If someone changes the original message, it produces a different message digest. See also Hash.

X.509

X.509 is a recommendation that defines formats for certificates and CRLs. It was issued by the ITU-T.

X-Auth

X-Auth (Extended Authentication) provides added security for VPN by requiring each VPN client to use a username and password.

VLAN Trunking

VLAN trunking on a port allows traffic belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices.

Transceiver

A transceiver houses both a transmitter and a receiver.

GBIC

A GBIC is a transceiver that changes optical signals to electric currents and vice versa, with a one gigabit per second (1 Gbps) or higher data transfer rate. Commonly used to connect Ethernet and fiber optic networks.

Mini GBIC

A Mini Gigabit Interface Converter complies with the Small Form-factor Pluggable (SFP) Transceiver MultiSource Agreement (MSA). See the SFF committee’s INF-8074i specification Rev 1.0 for details. See also GBIC.

DHCP Relay Agent Information (Option 82)

This feature has a device add information to client TCP/IP configuration requests that it relays to a DHCP server. The information details where on the device the request was received (such as the slot ID, port number and VLAN ID) and helps the DHCP server authenticate the source of the DHCP requests. Option 82 allows you to specify a string of additional information for the device to add.

RSTP

Rapid Spanning Tree Protocol (IEEE 802.1w) is an evolution of STP that provides faster tree reconfiguration. RSTP is backwards compatible with STP.

Forward Delay

In RSTP (or STP), this is the maximum time (in seconds) a device waits before changing states. This delay is required because every device must receive information about topology changes before it starts to forward frames.

iStacking

See cluster management.

MAC Count Filter

MAC count filtering limits the number of MAC addresses (see MAC) that may be dynamically learned or statically configured on a port.

Multiple PVC

Some DSLAMs support more than one Permanent Virtual Circuit per DSL port. The PVCs can be used in providing different services to subscribers.

Traffic Shaping

Traffic shaping is an ATM network’s built-in traffic management. It is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. Traffic shaping helps fine-tune the levels of services based on the priority of the traffic flow.

ABR

Available Bit Rate is an ATM traffic class that provides a minimum amount of bandwidth and allows the use of more if it is available. ABR is used for bursty data traffic. End devices using ABR get feedback from the network and can use flow-control to dynamically adjust transmission rates. See also RM.

RM

Resource Management cells are used in ABR (see ABR) to send feedback information from the connection’s destination and/or intervening network switches to the connection’s source.

NRM

With ABR, the Number of Resource Management (NRM) is the maximum number of cells a source may send for each RM cell that it sends.

MCR

Minimum Cell Rate is the minimum rate at which the sender can send cells and applies with the ABR ATM traffic class (see ABR).

PCR

In ATM, the Peak Cell Rate is the maximum rate at which the sender can send cells. This parameter may be set lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed because it depends on the line speed.

SCR

In ATM, the Sustained Cell Rate is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR (see PCR).

MBS

In ATM, the Maximum Burst Size is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again (see PCR).

CDVT

In ATM, the Cell Delay Variation Tolerance is the accepted tolerance of the difference between a cell’s transfer delay and the expected transfer delay. CDVT controls the time scale over which the PCR is enforced. CDVT is used to determine if a cell arrived too early in relation to the PCR (see PCR).

BT

In ATM, the Burst Tolerance is the maximum number of cells that the port is guaranteed to handle without any discards. BT controls the time scale over which the SCR is enforced. BT is used to determine if a cell arrived too early in relation to SCR. Use this formula to calculate BT: (MBS – 1) x (1 / SCR – 1 / PCR) = BT. (See SCR, MBS and PCR).

TAT

In ATM, the Theoretical Arrival Time is the time when the next cell is expected to arrive. TAT is calculated based on the PCR or SCR. See PCR and SCR.

DiffServ

Differentiated Services is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow.

DSCP

The DiffServ Code Point value determines the forwarding treatment (or PHB) that each packet gets across the DiffServ network.

PHB

Per-Hop Behavior is the forwarding treatment that each packet gets across a DiffServ network.

VRRP

Virtual Routing Redundancy Protocol, defined in RFC 2338, allows you to create redundant backup gateways to ensure that the default gateway of a host is always available.

Virtual Router

In VRRP, a virtual router (VR) represents a number of physical layer-3 devices.

Advertising Interval

In VRRP, this is the time interval between sending the Hello messages.

DVMRP

DVMRP is a protocol used for routing multicast data within an autonomous system (AS).

DVMRP Probe

DVMRP probes are used to discover DVMRP neighbors on a network.

DVMRP Report

DVMRP reports contain DVMRP source routing information.

DVMRP Prune

DVMRP prunes trim the multicast delivery tree(s).

DVMRP Graft

DVMRP grafts attach a branch back onto the multicast delivery tree.

Multicast Delivery Tree

In DVMRP, multicast packets are forwarded along the multicast delivery tree branches. DVMRP dynamically learns host membership information using Internet Group Multicast Protocol (IGMP). The trees are updated dynamically to track the membership of individual groups.

OSPF

OSPF is a link-state protocol designed to distribute routing information within an autonomous system (AS).

AS

An autonomous system (AS) is a collection of networks using a common routing protocol to exchange routing information.

Area

In OSPF, an area is a logical grouping of adjacent networks. All areas are connected to a backbone (also known as area 0).

Backbone

In OSPF, the backbone is the transit area to route packets between two areas. The backbone is also known as area 0.

Stub Area

In OSPF, a stub area, at the edge of an AS, is not a transit area since there is only one connection to the stub area.

Internal Router

In OSPF, an Internal or intra-area router is a router in an area.

ABR

In OSPF, an Area Border Router connects two or more areas.

BR

In OSPF, a backbone router has an interface to the backbone.

AS Boundary Router

In OSPF, an AS boundary router exchanges routing information with routers in other ASes.

Link State Database

In OSPF, the link state database contains records of router IDs, their associated links and path costs. Each device can then use the link state database and Dijkstra algorithm to compute the least cost paths to network destinations.

OSPF Interface

An OSPF interface is a link between a layer 3 device and an OSPF network.

Virtual Link

In OSPF, a virtual link establishes/maintains connectivity between a non-backbone area and the backbone.

Link State Advertisement

Routers constantly send out Link State Advertisements (LSAs) to update the link state database in an OSPF network.

Routing Table

A routing table stores network and route information.

BPS

The backup power supply (BPS) constantly monitors the status of the internal power supply. The backup power supply automatically provides power to a device in the event of a power failure.

DMT

Discrete Multi-Tone (DMT) modulation allows a VDSL device to adapt to the bit rate based on the line condition.

Zero Configuration Internet Access

This feature allows a modem to automatically detect the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes.

Any IP

The Any IP feature allows a computer to access the Internet or a device without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the device are not in the same subnet.

Signature

A signature is a unique pattern that identifies a malicious program.

Computer Virus

A computer virus is a small program designed to corrupt and/or alter the operation of other legitimate programs.

P2P

Peer-to-Peer (P2P) is where devices link to each other without an intermediary and either device can initiate communications.

ADSL2+

ADSL2+ (ITU G.992.5) offers improved performance over ADSL2.

SRA

Seamless Rate Adaptation is an ADSL2+ feature that automatically adjusts the connection’s data rate according to line conditions without interrupting service.

Gateway Policy

A gateway policy identifies the IPSec routers at either end of a VPN tunnel and specifies the authentication, encryption and other settings needed to negotiate a phase 1 IKE SA.

Network Policy

A network policy identifies the devices behind the IPSec routers at either end of a VPN tunnel and specifies the authentication, encryption and other settings needed to negotiate a phase 2 IPSec SA.

E-mail Virus

E-mail viruses are malicious programs that spread through e-mail. These can infect your computer even if you do not read the e-mail messages.

RMON

Similar to SNMP, RMON (Remote Network Monitor) allows you to gather and monitor network traffic using an agent, known as a probe, which are software processes running on network

Bucket

A bucket is a set of data samplings on a device. When a bucket is filled, then the new data samplings overwrite the old ones.

Single Sign-On

This allows you to log on to multiple systems (such as e-mail, Internet access) with a single password/username pair.

H.323

H.323 is a standard teleconferencing protocol suite that provides audio, data and video conferencing. It allows for real-time point-to-point and multipoint communication between client computers over a packet-based network that does not provide a guaranteed quality of service.

CGI

Common Gateway Interface (CGI) allows a web server to obtain information from a database, documents or other programs and present the retrieved information to the subscribers.

NAI

Network Access Identifier (NAI) uniquely identifies a subscriber in an administrative network domain (or realm).

Backup Power Supply

This feature allows a device to monitor its power connection and automatically use another power connection in the event of a power failure.

Preamble

The preamble is a seven-byte field at the start of an Ethernet frame header that helps synchronize transmissions between the sender and receiver.

SFD

The Start Frame Delimiter is a one-byte field in an Ethernet frame that indicates the start of the frame.

CNM

Vantage Centralized Network Management is a software suite that allows you to manage many geographically dispersed ZyXEL devices from one location.

Product Serial Number

This is a unique multi-digit number found on the product label that identifies the product. You need this number to register your product.

Authentication Code

For hardware products this is the LAN MAC address of the device. For software products, it is a generated number that is displayed after you install the software. You need this number to register your product.

MyZyXEL.com

This is ZyXEL’s online services center where you can register products and manage product services. Software products must be activated before you can use them.

License Key

You purchase a license key in order to activate a service on a hardware product or activate a software product.

Activation Key

An activation key is a number generated at myZyXEL.com from the license key that represents a specific service.

Service Set Key

A service set key is a number generated at myZyXEL.com from the license key(s) that represents a set of services.

Alarms

Alarms are time-critical information that a device automatically sends out at the time of occurrence.

Logs

Logs are device information that a device is scheduled to send out.

Brute-Force Password Guessing Protection

This is a protection mechanism to discourage brute-force password guessing attacks on a device’s management interface. A wait-time must expire before entering the nth password after n-1 incorrect passwords have been entered.

Wireless Network Camera

This is a Web camera and surveillance device that includes audio capture, motion detection, and automatic wireless connection.

Xbox

This is Microsoft’s gaming console.

Xbox Live

This is Microsoft’s gaming service that lets you play multiplayer Xbox games through the Internet.

SIP

Session Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.

eMule/eDonkey

These are programs that use peer-to-peer file sharing applications.

CoS

Class of Service is a form of priority queuing that promises a level of service to a client. CoS classifies packets by examining the packet parameters and placing the packets in queues of different priorities based on predefined criteria. QoS guarantees a level of network performance to meet these service agreements. See QoS.

Max. Frame Burst

Maximum Frame Burst sets the maximum time, in microseconds, that the ZyAIR transmits IEEE 802.11g wireless traffic only. This helps to eliminate collisions in mixed-mode networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks.

Preamble

A preamble is used to synchronize transmissions in a wireless network. The preamble type defines the length of the CRC (Cyclic Redundancy Check) block for communication between the device and roaming wireless stations. CRC is a common technique for detecting data transmission errors. See CRC.

IP Zero Length Attack

An IP Zero Length Attack is the flooding of the network by sending packets with zero data size.

Transparent Firewall

A transparent firewall, also known as a bridge firewall, is a device that can act as a bridge and also filter/inspect packets. You do not have to change other network settings when you add a transparent firewall to the network.

Load Balancing

Load balancing is the process of dividing traffic loads between interfaces (or ports). This improves quality of services and maximizes bandwidth utilization.

Available Bandwidth

In load balancing, available bandwidth is the actual bandwidth provided by the ISP.

Measured Bandwidth

In load balancing, measured bandwidth is the bandwidth an interface is currently using.

Upstream Bandwidth Utilization

In load balancing, upstream (outgoing) bandwidth utilization is the measured upstream throughput as a ratio of the available upstream bandwidth.

Downstream Bandwidth Utilization

In load balancing, downstream (incoming) bandwidth utilization is the measured downstream throughput as a ratio of the available downstream bandwidth.

Least Load First Algorithm

In load balancing, the least load first algorithm has the device send traffic through the interface with the lowest traffic loading.

Round Robin Algorithm

All elements in a group being equal, this is a method of providing resources to each element in turn. Each element gets an equal share of the resources. See also Weighted Round Robin Algorithm.

Weighted Round Robin Algorithm

The weighted round robin algorithm is similar to the round robin algorithm in that it provides resources to each element in turn. WRR also assigns a weight to each element. An element with a larger weight gets more of the resources than an element with a smaller weight. See also Round Robin Algorithm.

Spillover Algorithm

In load balancing, the spillover algorithm allows a device to send traffic through the primary interface until the maximum allowable bandwidth is reached, then the device sends excess traffic (new sessions) to the secondary interface.

Active/Passive (Fail Over) Mode

When a router with multiple WAN ports is in Active/Passive (fail over) operation mode, the router uses the second highest priority WAN port as a back up. The router will normally use the primary WAN and only uses the second highest priority WAN port when the primary WAN port's connection fails.

Active/Active Mode

When a router with multiple WAN ports is in Active/Active mode, the router uses both of the WAN ports at the same time and allows you to enable load balancing. See also Load Balancing.

Address Record

An address record contains the mapping of a fully qualified domain name (FQDN) to an IP address.

FQDN

An FQDN consists of a host and domain name and includes the top-level domain. For example, www.zyxel.com.tw is a fully qualified domain name, where “www” is the host, “zyxel” is the second-level domain, and “com.tw” is the top level domain. mail.myZyXEL.com.tw is also a FQDN, where “mail” is the host, “myZyXEL” is the second-level domain, and “com.tw” is the top level domain.

Name Server Record

A name server record contains a DNS server’s IP address.

Domain Zone

A domain zone is a fully qualified domain name without the host. For example, zyxel.com.tw is the domain zone for the www.zyxel.com.tw fully qualified domain name.

DNS Cache

DNS cache is the temporary storage area where a router stores responses from DNS servers.

High Availability DNS

A DNS server maps a domain name to a port’s IP address. If that port loses its connection, high availability allows the router to substitute another port’s IP address for the domain name mapping.

Jumbo Frames

Jumbo frames are used to forward non-standard packet sizes on your network. These frames can deliver frames of up to 9216 bytes instead of standard Ethernet frames of 1522 bytes. Fewer packets are required for large data transfer, improving traffic throughput on the port. The peer device must also support non-standard packet traffic.

Access Control

Access control refers to procedures and controls that limit or detect access. Access control is used typically to control user access to network resources such as servers, directories, and files.

Anomaly Analysis

This detection system identifies “normal” traffic on a network, and then classifies anything “non-normal” to be an “intrusion”. Anomaly detection can recognize previously unseen attacks, since it is not reliant on knowing what an attack looks like. See also Heuristic Analysis, Protocol Decode, Protocol Anomaly Detection and Traffic Flow Anomaly.

API

An API is the specific method an application program uses to make requests of an operating system or another application program.

Back Door

A back door (also called a trapdoor) is hidden software or a hardware mechanism that can be triggered to gain access to a program, online service or a computer system. See also Trojan Horse.

Blaster W32.Worm

This is a worm that exploits the DCOM RPC vulnerability (see Microsoft Security Bulletin MS03-026 and Microsoft Security Bulletin MS03-039) using TCP port 135. The worm targets only Windows 2000 and Windows XP computers.

Boot Sector Virus

This type of virus infects the area of a hard drive that a computer reads and executes during startup. The virus causes computer crashes and to some extend renders the infected computer inoperable.

Buffer Overflow

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. The excess information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Intruders could run codes in the overflow buffer region to obtain control of the system, install a backdoor or use the compromised device to launch attacks on other devices.

DDoS

A DDoS attack is one in which multiple compromised systems attack a single target, thereby causing denial of service for users of the targeted system. See also DoS.

DoS

The goal of DoS attacks is not to steal information, but to disable a device or network on the Internet. See also DDoS.

Intrusion Policy ID

An intrusion policy ID identifies a unique intrusion signature.

File Infector

This is a small program that embeds itself in a legitimate program. A file infector is able to copy and attach itself to other programs that are executed on an infected computer.

Heuristic Analysis

Heuristic-based signatures use algorithms based often on statistics to judge whether a warning is warranted. An example of this type of signature is one that would be used to detect a port sweep. This signature might look for the presence of a threshold number of unique ports being probed on a particular device. See also Protocol Decode, Protocol Anomaly Detection and Traffic Flow Anomaly.

IDP

An IDP system can detect malicious or suspicious packets and respond.

IDP - Host

Host IDPs are directly on the system being protected. They work closely with the operating system of the device on which they’re installed.

IDP - Network

A Network IDP has at least two network interfaces, one internal and one external. As packets appear at an interface they are passed to the detection engine, which determines whether they are malicious or not. If a malicious packet is detected, an action is taken.

IDS

An Intrusion Detection System (IDS) can detect suspicious traffic, but does not take action against attacks. An IDS only raises an alert after the malicious payload has been delivered.

IIS

IIS is a group of Internet servers for Microsoft's Windows NT and Windows 2000 Server operating systems. IIS includes a set of programs for building and administering Web sites, a search engine, and support for writing Web-based applications that access databases.

IM

IM (Instant Messaging) refers to chat applications. Chat is real-time, text-based communication between two or more users via networked-connected devices.

Intrusions

Intrusions are attacks caused by malicious or suspicious packet(s) sent with the intent of causing harm, illegally accessing resources or interrupting service.

Intrusions - Host

The goal of host-based intrusions is to infiltrate files on an individual computer or server with the goal of accessing confidential information or destroying information on a computer.

Intrusions –Network

Network-based intrusions have the goal of bringing down a network or networks by attacking computer(s), switch(es), router(s) or modem(s). Host-based intrusions may be used to cause network-based intrusions when the goal of the host virus is to propagate attacks on the network, or attack computer/server operating system vulnerabilities with the goal of bringing down the computer/server. Typical “network-based intrusions” are SQL slammer, Blaster, Nimda, MyDoom etc.

IP Spoofing

IP spoofing is a technique used to gain unauthorized access to computers by tricking a router or firewall into thinking that the communications are coming from within the trusted network by modifying the packet headers.

Kernel

A kernel is the nucleus of a computer operating system, the core that provides basic services for all other parts of the operating system. See also Shell.

LAND Attack

In a LAND attack, hackers flood SYN packets into the network with a spoofed source IP address of the target system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.

Macro Virus

Macros are small programs that are created to perform repetitive actions. Macros run automatically when a file to which they are attached is opened. Macro viruses spread more rapidly than other types of viruses as data files are often shared on a network.

Mydoom

MyDoom W32.Mydoom.A@mm (also known as W32.Novarg.A) is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources

MySecurity Zone

http://www.mysecurity.zyxel.com is a web portal that provides security-related information for ZyXEL security products.

Nimda

This name ("admin” backwards) refers to an "admin.DLL" file that, when run, continues to propagate the virus. Nimda probes each IP address within a randomly selected range of IP addresses, attempting to exploit weaknesses thatare known to exist in computers with Microsoft's Internet Information Server.

Pattern Matching

Pattern matching identifies malicious code strings in a single packet.

OTIST

OTIST (One-Touch Intelligent Security Technology) allows you to transfer your AP’s SSID and WEP or WPA-PSK security settings to wireless clients that support OTIST and are within transmission range.

Ping Of Death

Ping of Death uses a "ping" utility to create and send an IP packet that exceeds the maximum 65,536 bytes of data allowed by the IP specification. This may cause systems to crash, hang or reboot.

Policy Severity

Intrusions are assigned a severity level from very low to severe. The intrusion severity level determines the default signature action applied.

Protocol Anomaly Detection

Protocol Anomaly Detection is an intrusion detection method that checks for RFC protocol violations.

Scan

Scan refers to all port, IP or vulnerability scans. Hackers scan ports to find targets. They may use a TCP connect() call, SYN scanning (half-open scanning), Nmap etc.

Shell

A shell is the outermost part of an operating system that interacts with user commands. See also Kernel.

Smurf Attack

A Smurf hacker floods a router with Internet Control Message Protocol (ICMP) echo request packets (pings). The destination IP address of each packet is the broadcast address of the target network, so the router will broadcast ICMP echo request packets to all hosts on that network.

Spam

Spam is unsolicited "junk" e-mail sent to large numbers of people to promote products or services.

SQL SLAMMER WORM

W32.SQLExp.Worm is a worm that targets the systems running Microsoft SQL Server 2000, as well as Microsoft Desktop Engine (MSDE) 2000.

Protocol Decode

Protocol decode also known as Protocol Anomaly Detection or Protocol Validation performs a full protocol analysis, decoding and processing the packet in order to highlight anomalies in packet contents. This is quicker than doing a search of a signature database. It is more flexible in capturing attacks that would be very difficult to catch using pattern-matching techniques, as well as new variations of old attacks, which would require a new signature in the database.

SSH

SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network.

Stateful Pattern Matching

Stateful pattern matching is an intrusion detection method based on reassembling a TCP stream to make the complete string available to the detection engine. It is based on the established session, rather than on a single packet. It stores all packets in a TCP stream and then searches for patterns across all packets.

Stealth

Stealth enabled on a port means that the device drops all incoming packets destined for the device received on that port with no response to the sender.

SYN Attack

A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer terminates the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable for legitimate users.

Syslog

An abbreviated form of System Log. Syslog logging sends a log to an external (syslog) server used to store and analyze logs.

Teardrop

The Teardrop program creates a series of IP fragments with overlapping offset fields. When these fragments are reassembled at the destination, some systems will crash, hang, or reboot.

Traceroute

Traceroute is a utility used to determine the path a packet takes between two endpoints.

Traffic Flow Anomaly

Traffic flow anomaly is an intrusion detection method where certain applications, for example, peer-to-peer applications, can be defined as “abnormal” and therefore an “intrusion”. See also Anomaly Analysis, Heuristic Analysis, Protocol Decode and Protocol Anomaly Detection.

Trojan

A Trojan horse is a harmful program that s hidden inside apparently harmless programs or data. See also Back Door.

Virus

A computer virus is a small program designed to corrupt and/or alter the operation of other legitimate programs.

Web Attack

A “web attack” refers to attacks on web servers such as IIS.

Worms

A worm is a program that is designed to copy itself from one computer to another on a network. A worm’s uncontrolled replication consumes system resources thus slowing or stopping other tasks.

SIP URI

A SIP URI is a complete SIP address (also called a SIP identity) consisting of a SIP number and a SIP service domain. See also SIP, SIP Number and SIP Service Domain.

SIP Number

A SIP number is the part of the SIP URI that comes before the “@” symbol. For example, if the SIP URI is 1122334455@VoIP-provider.com, then “1122334455” is the SIP number.

SIP Service Domain

A SIP service domain is the part of the SIP URI that comes after the “@” symbol. For example, if the SIP URI is 1122334455@VoIP-provider.com, then “VoIP-provider.com” is the SIP service domain.

SIP User Agent Server

A SIP user agent server can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol.

SIP Proxy Server

A SIP proxy server receives requests from clients and forwards them to another server.

SIP Redirect Server

A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server. Redirect servers do not initiate SIP requests.

SIP Register Server

A SIP register (or registrar) server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register.

RTP

When you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer. See RFC 1889 for details on RTP.

Full Cone NAT

In full cone NAT, all requests from the same private IP address and port are mapped to the same public source IP address and port. Someone on the Internet only needs to know the mapping scheme in order to send packets to a device behind the NAT router.

Restricted Cone NAT

Restricted cone NAT maps all requests from the same private IP address and port to the same public source IP address and port. A host on the Internet can only send a packet to the private IP address and port if the private IP address and port has previously sent a packet to that host’s IP address.

Port Restricted Cone NAT

Restricted cone NAT maps all requests from the same private IP address and port to the same public source IP address and port. A host on the Internet can only send a packet to the private IP address and port if the private IP address and port has previously sent a packet to that host’s IP address and port.

Symmetric NAT

Symmetric NAT maps requests from the same private IP address and port to a different public source IP address and/or port depending on the packet’s destination IP address. A host on the Internet can only send a packet to the private IP address and port via the specific public source IP address and port that were previously used in sending a packet from the private IP address and port to the host’s IP address and port.

PCM

Pulse Code Modulation measures analog signal amplitudes at regular time intervals and converts them into bits.

Codec

A codec (coder/decoder) codes analog voice signals into digital signals and decodes the digital signals back into voice signals.

G.711

G.711 is a Pulse Code Modulation (PCM) waveform codec. G.711 provides very good sound quality but requires 64kbps of bandwidth. G.711u is used mainly in North America and G.711a is used in most of the rest of the world. See also Codec.

G.729

G.729 is an Analysis-by-Synthesis (AbS) hybrid waveform codec that uses a filter based on information about how the human vocal tract produces sounds. G.729 provides good sound quality and reduces the required bandwidth to 8kbps.

DTMF

Dual-Tone MultiFrequency (DTMF) call setup signaling uses pairs of frequencies (one lower frequency and one higher frequency) to set up calls. It is also known as Touch Tone®. Each of the keys on a DTMF telephone corresponds to a different pair of frequencies.

Pulse Dialing

Pulse dialing call setup signaling sends a series of clicks to the local phone office in order to dial numbers.

G.168

G.168 is an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk.

PSTN Lifeline

The Public Switched Telephone Network lifeline feature lets you have VoIP phone service and analog phone service at the same time. You can receive incoming analog phone calls even while someone else is making VoIP phone calls. You can still make analog phone calls if the device loses power.

Dynamic Jitter Buffer

A dynamic jitter buffer helps smooth out the variations in delay (jitter) for voice traffic. This helps ensure good voice quality for your conversations.

N-wire Mode

The n-wire mode allows you to physically bundle two or four G.SHDSL ports into a single 4-wire or 8-wire G.SHDSL connection. This can increase the reach of G.SHDSL or give increased bandwidth when connecting to 4-wire mode G.SHDSL modems or another DSLAM.

SIP ALG

A SIP Application Layer Gateway (ALG) allows VoIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. When a VoIP device behind the ALG registers with the SIP register server, the ALG translates the device’s private IP address inside the SIP data stream to a public IP address.

RMA Number

Return Material Authorization (RMA) is a unique number that customer support assigns to a device returned for repair.

MAP

The Multimedia Auto Provisioner (MAP) is ZyXEL's hardware connection tutorial and Configuration Genie. See also Configuration Genie.

Configuration Genie

Configuration Genie is a program that helps you to configure your device for Internet access. It configures some settings automatically and may prompt you for others.

ZyXEL Utility (WLAN)

This is the name given to the configuration program for ZyXEL's wireless clients.

WFS

Weighted Fair Scheduling (WFS) is used to guarantee each queue’s minimum bandwidth based on its bandwidth weight (portion) when there is traffic congestion. WFS is activated only when a port has more traffic than it can handle. Queues with larger weights get more bandwidth than queues with smaller weights. Bandwidth is divided across the different traffic queues according to their weights.

WFS

Weighted Fair Scheduling (WFS) is used to guarantee each queue’s minimum bandwidth based on its bandwidth weight (portion) when there is traffic congestion. WFS is activated only when a port has more traffic than it can handle. Queues with larger weights get more bandwidth than queues with smaller weights. Bandwidth is divided across the different traffic queues according to their weights.

SP TPID

SP TPID (Service Provider Tag Protocol IDentifier) is the service provider VLAN stacking tag type. It is a standard Ethernet type code identifying the frame and indicates whether the frame carries IEEE 802.1Q tag information. TPID (Tag Protocol IDentifier) is an inner (VLAN) IEEE 802.1Q tag.

SP VID

In VLAN stacking, SP VID (Service Provider VLAN ID) is the outer VLAN tag.

EAP-SIM

Extended Authentication Protocol-Subscriber Identity Module (EAP-SIM) is an authentication protocol used to authenticate wireless clients with SIM cards. See also SIM.

Gigabit Ethernet

Gigabit Ethernet (IEEE 802.3z standard) uses Ethernet over copper technology to increase network data rates to 1 Gbit/sec. It uses standard 4-pair Category 5 copper cabling.

G-plus

G-plus is an enhancement to the IEEE 802.11g wireless standard. It increases wireless transmission speeds by allowing larger frames to be sent.

GSM

The Global System for Mobile communication (GSM) is a globally accepted standard for digital cellular communication. Mobile phones that use the GSM-based mobile phone network use SIM cards. See also SIM.

Layer-2 Isolation

Layer-2 isolation prevents wireless clients associated with an AP from communicating with other APs (on the same wired network) and their associated wireless clients.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implemented authentication protocol of IEEE 802.1x.

MBM

ZyXEL’s MBM (Media Bandwidth Management) allows you to allocate specific amounts of bandwidth capacity (bandwidth budgets) to outgoing traffic based on an application and/or subnet.

MS-CHAP-V2

Microsofts Challenge-Handshake Authentication Protocol (MS-CHAP-V2) is used to periodically verify the identity of a peer (station or other AP) through mutual authentication.

PEAP

PEAP (Protected Extensible Authentication Protocol) is an authentication protocol of IEEE 802.1x that uses certificates.

Print Server

A print server is a device or software that provides users on a network with shared access to one or more printers. The print server acts as a buffer, holding the information to be printed out until the printer becomes free.

SIM

A SIM (Subscriber Identity Module) is a mobile phone network card that holds subscriber information such as personal account details, address book and security settings. SIM cards can also be connected to computers and PDA’s (Personal Digital Assistants).

TMSS

TMSS (Trend Micro Security Services) identifies vulnerabilities and protects computers and networks that have Internet connections through a broadband router.

Classifier

In computer networking, a classifier groups traffic based on specific criteria such as the IP address, port or protocol, etc.

Out-of-band Management

Out-of-band management means accessing the management interface of a device through a management port. See also Management Port.

In-band Management

In-band management means accessing the management interface of a device through a network port that is not a management port.

Management Port

A management port is a dedicated port on a device for management purposes only. You cannot access the network through a management port.

Policy

A policy defines the action(s) to be performed on a traffic flow that has been classified. See also Bandwidth Management, Classifier, Firewall and VPN.

VLAN Stacking

VLAN stacking allows a service provider to distinguish multiple subscriber VLANs, even those with the same (subscriber-assigned) VLAN ID, within its network.

Anti-virus

Anti-virus features or software scan files and help stop viruses from infecting computer(s) on a network. See also host-based anti-virus and network-based anti-virus.

NAV

A network-based anti-virus (NAV) scanner is software on a gateway device that protects the network from virus attacks.

Annex L

Annex L is an addendum to the ADSL2+ standard (ITU G.992.5). Also known as Reach-Extended ADSL2 it allows increased ADSL2 connection distances.

Backplane

A backplane is a circuit board containing sockets into which other circuit boards or expansion cards can be inserted.

Intrusion Lock

Intrusion locking is a security feature that stops unauthorized access to a port. If a cable is disconnected from the port, intrusion locking blocks access once a cable is reconnected.

MAC Freeze

When you enable MAC freeze on a port, all MAC addresses that have been dynamically learned on a port are considered as “static” MAC address entries and have exclusive access to that port from that time on.

PMM

Power ManageMent (PMM) is an ADSL2 feature that manages transmission power based on line conditions.

WMM

Wi-Fi MultiMedia (WMM) is a part of the IEEE 802.11e QoS enhancement to the Wi-Fi standard that ensures quality of service for multimedia applications in wireless networks.

MX Record

A MX (Mail eXchange) record identifies a mail server that handles the mail for a particular domain.

PTR Record

A PTR (pointer) record is also called a reverse record or a reverse lookup record. It is a mapping of an IP address to a domain name.

CIR

The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.

PIR

The Peak Information Rate (PIR) is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion.

iCard

This is a card with the license key that allows you to activate services, such as content filtering, anti-virus, anti-spam and so on.

IGMP Filtering

The IGMP filtering feature controls which IGMP groups a subscriber on a port can join.

Spyware

Spyware is software that secretly gathers user information through the user's Internet connection without his or her knowledge. As spyware uses memory and system resources, it can lead to system crashes or general system instability. See also Adware.

Adware

Adware is either software that collects information about the user's web browsing patterns in order to display related advertisements or application software that has advertisements already embedded. See also Spyware.

Zombie

A zombie is a computer that is under the control of a hacker without the knowledge of the computer owner. Zombies could then be used to launch DoS attacks. See also DoS.

Stateful Inspection

Stateful inspection (also known as dynamic packet filtering) tracks each connection crossing the firewall and makes sure it is valid. Filtering decisions are based not only on rules but also context. For example, traffic from the WAN may only be allowed to cross the firewall in response to a request from the LAN. See also firewalls.

Rootkit

Rootkit is a type of malicious software that is activated each time your system boots up, making it difficult to detect as it is active before your system operating system (OS). A rootkit often allows the installation of hidden files, processes, user accounts and so on in your system OS and is able to intercept data from network connections and the keyboard.

SGMP

SGMP (Simple Gateway Monitoring Protocol) is an application-layer protocol that allows remote users to inspect and change a gateway's configuration.

UTM

A UTM (Unified Threat Management) appliance integrates firewall, content filtering, spam filtering, intrusion detection and anti virus functions into a single network appliance.

MVR

Multicast VLAN Registration (MVR) is designed for applications (such as Media-on-Demand (MoD)) using multicast traffic across an Ethernet network. MVR allows one single multicast VLAN to be shared among different subscriber VLANs on the network. This improves bandwidth utilization by reducing multicast traffic in the subscriber VLANs and simplifies multicast group management. MVR is also known as Multicast VLAN Group (MVG).

MVG

Multicast VLAN Group (MVG) is designed for applications (such as Media-on-Demand (MoD)) using multicast traffic across an Ethernet network. MVG allows one single multicast VLAN to be shared among different subscriber VLANs on the network. This improves bandwidth utilization by reducing multicast traffic in the subscriber VLANs and simplifies multicast group management. MVG is also known as Multicast VLAN Registration (MVR).

Loopback Interface

The loopback interface is the IP address that you can ping to check whether your device’s network adapter and IP stack are working properly. 127.0.0.1 is the IP address most commonly used for the loopback interface.

MS-CHAP

MS-CHAP, Microsoft CHAP (Challenge Handshake Authentication Protocol) uses a challenge-response mechanism where the response is encrypted.

Fax Pass-through

Fax pass-through is where a VoIP device applies the G.711 codec to fax messages before sending them over the Internet. See also G.711.

T.38 Fax Relay

T.38 is an ITU-T standard that VoIP devices use to send fax messages over the Internet.

Microsoft RDP

Microsoft's Remote Desktop Protocol (RDP) allows you to access a computer through the Internet in order to work with its files, programs and resources. It uses TCP port 3389 by default.

VNC

Virtual Network Computing (VNC) allows you to view a computer's 'desktop' environment through the Internet. It uses TCP port 5900 by default.

NTP

Network Time Protocol (NTP) allows devices to synchronize their time with a time server. It uses TCP or UDP port 123 by default.

Anti-Spam

Anti-spam is a feature that marks or discards unsolicited commercial or junk e-mail (spam).

Spam

Spam is unsolicited commercial or junk e-mail.

E-mail Whitelist

An e-mail whitelist identifies e-mail that you want to accept.

E-mail Blacklist

An e-mail blacklist identifies e-mail that you do not want to accept.

Phishing

Phishing is where fraudsters send e-mail claiming to be from a well-known enterprise in an attempt to steal private information for use in identity theft. See also identity theft.

Identity Theft

Identity theft is the use of someone’s personal information such as a credit card number or Social Security number, without the person’s permission to commit fraud or other crimes. See also phishing.

SMTP

Simple Mail Transfer Protocol (SMTP) is a mail protocol used for sending e-mail. SMTP uses TCP port 25 by default.

POP

Post Office Protocol (POP) is a mail server protocol that e-mail clients use to retrieve e-mail. POP uses TCP port 110 by default.

MIME Headers

Multipurpose Internet Mail Extensions (MIME) allow varied media types to be used in e-mail. MIME headers describe an e-mail’s content encoding and type.

IMAP

Internet Message Access Protocol (IMAP) is a mail server protocol that e-mail clients use to retrieve e-mail. IMAP uses TCP or UDP port 143 by default.

POP3S

POP3 over TLS/SSL (POP3S) allows users to use TLS/SSL to create a secure POP3 connection for receiving e-mail. POP3S uses TCP or UDP port 995 by default. See also POP, TLS, and SSL.

IMAPS

IMAP over TLS/SSL (IMAPS) allows users to use TLS/SSL to create a secure IMAP connection for receiving e-mail. IMAPS uses TCP or UDP port 995 by default. See also IMAP, TLS, and SSL.

TLS

Transport Layer Security (TLS) is a protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed). TLS is the application protocol-independent successor to the Secure Socket Layer (SSL) protocol.

IGMP Proxy

An IGMP proxy device reduces multicast traffic by issuing IGMP host messages to a multicast router or server on behalf of the multicast hosts connected to the IGMP proxy device.

EN ÜSTE