802.1Q tagging | The process of inserting a virtual local area network (VLAN) ID in the header of frames from clients assigned to a VLAN.
A
AAA | A system used in IP-based networking to track user activity and control user access to computer resources.
Access control lists (ACLs) | Lists of rules that a networking device will process to allow access rights to ports, applications, or services from clients or connections.
Active fingerprinting | A method of fingerprinting in which requests are transmitted a remote device to gain information from the corresponding replies.
Active scanning | A process of wireless discovery in which the client proactively scans the network by sending out probe pulse requests.
Additional authentication data (AAD) | A method of ensuring tamper-proof authentication.
Ad hoc mode | A wireless configuration in which a client forms a peer-to-peer connection with another client.
Advanced Encryption Standard (AES) | A U.S. government encryption standard used in IPSec, WPA2, and other data-protection schemes.
Advanced Mobile Phone System (AMPS) | The first, or 1G, standard for mobile communication. This is an analog-only technology.
Advanced persistent threats (APTs) | Multi-phased attacks used to break into a network to harvest valuable information while avoiding detection. These highly complex, long-term infiltration attacks present a significant risk to financial institutions and government agencies, among others.
Always on Listening | A phone feature that keeps a microphone active at all times to listen for key phrases. This is typically used to enable touchless voice commands, but other apps can take advantage of the feature as well.
Android sandbox | A security feature in the Android OS that isolates applications (and the resources they use) from each other.
Annualized loss expectancy (ALE) | The product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE).
Annual rate of occurrence (ARO) | The probability that a risk will occur in a particular year.
Application fingerprinting | A type of fingerprinting that looks at the HTTP headers for application-specific information.
Application Layer | Layer 7 of the OSI Reference Model. It is the interface between the user-facing software and the layers that prepare and send or receive networked data.
Application provenance | The practice of requiring users to download applications only from an approved portal or source. This practice allows vendors to identify application developers (who must register their apps) and gives them the ability to test and check application code for malware.
ARP poisoning | A type of attack in which a hacker sends a falsified Address Resolution Protocol (ARP) response, which tricks the client into sending information to the hacker’s address.
AT command codes | Short for attention commands. The configuration commands used for modems. The AT command codes provide specific instructions to the device when set in configuration mode.
Authentication Header (AH) | Part of the Internet Protocol Security (IPSec) protocol suite, the AH confirms the source of a packet and ensures that its contents (header and payload) have not been changed since transmission.
Auto Content Update | A feature that enables information and content to be loaded to a phone app without having to request download permission from the user.
Autonomous access points | Access points with switch-like intelligence that can operate at the control and data functional layers.
B
Base controller station (BCS) | A device that handles signaling and communication between cellular towers and the mobile phone network or public switched telephone network (PSTN).
Base transceiver station (BTS) | A device that manages cellular traffic between mobile devices (via the cell tower antennas) and the mobile network (via the base controller station [BCS]).
Basic service set (BSS) | A wireless local area network that includes all the wireless devices.
Behavior analysis | A scanning technique that relies not on version data, but on how the system responds to requests, the aim being to find unexpected responses to queries.
Binary protection | A software security technique in which binary files are analyzed and modified to protect against common exploits. Also referred to as binary hardening.
BlackBerry Enterprise Server (BES) | The software and server that connect enterprise e-mail and other services to BlackBerry devices.
Block cipher | A cryptographic algorithm that operates on fixed-length groups of bits, called blocks.
Bluebugging | A technique used to gain access to mobile phone commands by exploiting Bluetooth vulnerabilities.
Bluejacking | Misuse for advertising purposes of a Bluetooth feature whereby a mobile phone can exchange a “business card” or messages with another phone in the vicinity.
Bluesnarfing | The unauthorized access of information from a wireless device through a Bluetooth connection.
Bluetooth | A standard for short-range wireless interconnection.
Bots | Derived from the word robot, programs that perform automated tasks that would otherwise be conducted by a human being.
Bring your own application (BYOA) | The practice of employees installing and using third-party applications for business purposes. Typically these are cloud-based applications such as Google Docs and Dropbox.
Bring your own device (BYOD) | The practice of allowing employees to use their own computers or smart devices for work purposes.
Broadcast domains | Logical partitions in a network in which all nodes behave as if they are on the same physical LAN segment.
Brute force | A method of attack, typically against passwords, in which every possible combination is tried until the right one is found.
C
Captive portal | A Web page to which users are routed prior to gaining access to the Internet. Captive portals are commonly used by hotspots for payment or for the acknowledgment of user agreements, but can also be used as a form of authentication or to check credentials.
Carriage return line feed (CRLF) | A common HTTP vulnerability in which an HTTP packet is split using a carriage return followed by a line feed. After splitting a packet in two, with one packet containing legitimate header and protocol information, the attacker can pack a malicious payload into the second packet.
Cell towers | The physical mount for cellular antennas. Typically constructed as tall poles but sometimes disguised as trees or other natural objects.
Cellular | A generic term for mobile phone systems or devices. Refers to the portioning of frequency coverage maps into cells.
Certificate authority (CA) | An authority in a network that issues and manages security credentials and public keys for message encryption.
C-I-A triad | The three main components of information security: confidentiality, data integrity, and availability.
Circuit switching | A telecommunications method that uses a dedicated channel or circuit to connect two endpoints.
Clickjacking | An exploit that uses a Web page with a background of invisible frames. If the victim clicks the page, the exploit is triggered.
Client-side injection | An exploit that seeks to install malware through the injection of malicious content from a custom-built hostile service.
Code Division Multiple Access (CDMA) standard | Part of the 2G wave of technologies, CDMA allows multiple communication streams to share a common communications channel.
Collocation model | An access point deployment in which there is 100-percent overlap between the two access point service areas.
Command line interface (CLI) | An interface for issuing commands to a computer (or any computerized device) by way of typing. This was the primary means of interaction with most computer systems until the introduction of video display terminals and is still in use today as a shortcut method for interfacing with devices.
Common Operating Environment (COE) | A set of IT policies that standardize devices, operating systems, and applications within a corporate environment. COE greatly improves IT efficiency and support capabilities, although users tend to be unhappy with the lack of customization it allows.
Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) | A Web page feature that attempts to distinguish a human user from a machine user, typically by requiring the visual recognition of a phrase in the form of a picture (rather than text). This helps to prevent spam and automated logins.
Compliance | The adherence to regulations required by government and/or industry for IT security and data protection.
Cookies | Typically small text files that are stored on a computer to keep track of the user’s movements on a Web site, resume interrupted sessions, and remember login credentials.
Corporate owned personally enabled (COPE) | The practice of allowing an employee to choose, manage, and to some degree customize a device that is purchased by the company for which the individual works. This is considered to be the opposite of bring your own device (BYOD).
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) | An enhanced data cryptographic encapsulation mechanism created to address the vulnerabilities presented by WEP.
Cross-site profiling | A technique companies use to collect data from various Web sites to find and compile information about users, which the companies can then use to target ads.
Crypto primitives | Well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols.
Customer resource management (CRM) | A system used to manage customer interactions—for example, with sales or support.
Cybercrime | Any crime (including trespassing) committed over the Internet or other computer network.
D
Data Link Layer | Layer 2 of the OSI Reference Model. It specifies how data is communicated over local area networks.
Dead spots | Areas without wireless coverage.
Deep packet inspection | A form of packet filtering that inspects the data portion of a packet for malicious code rather than looking only at the packet header.
Defense in depth | The practice of implementing several layers of network and data security.
Demilitarized zone (DMZ) | An intermediate area of a network that allows outside access to certain assets (such as a Web server) but limits internal access to the back-end control servers.
Desktop virtualization | The reproduction of the user’s desktop on an Internet-accessible server.
Diameter | An authentication protocol used for Mobile IP networks.
Dictionary password crackers | Password crackers that decode passwords by using a lookup table or database of large numbers of common and stolen passwords and their hashes for different encryption methods. Because most people don’t use strong or varied passwords, these lookup tables are far more efficient than brute-force methods.
Digital Advanced Mobile Phone System (D-AMPS) | The standard for what was the second generation of mobile networks.
Direct sequence spread spectrum (DSSS) | A spread spectrum technique that uses data encoding to spread data across several channels for transmission.
Distribution medium | The physical medium to which the access points ports connect, typically an Ethernet LAN.
Distribution service (DS) | The ability of a wireless access point (WAP) to recognize, reframe, address, and deliver packets between two interfaces or mediums.
Distribution system service (DSS) | The internal software that controls the switch-like intelligence and manages client station association and disassociations.
Domain Name System (DNS) | A system for naming computers and network services so they can be located and communicated with by other networked devices.
Dotted decimal | A numerical format expressed as a string of numbers separated by periods.
Drive-by browser exploits | Exploits that target Web browser plug-ins on mobile devices for Java, Adobe Reader, and Flash. These attacks are most often launched via legitimate but compromised Web sites that infect browser software running on mobile clients.
Dynamic Host Configuration Protocol (DHCP) | A network protocol that enables a server to automatically assign IP addresses.
E
Encapsulation Security Payload (ESP) | Part of the IPSec set of protocols. The ESP is inserted into an IP packet to provide confidentiality as well as data origin authentication and integrity.
End User License Agreement (EULA) | A legal agreement between a software developer and users.
Enterprise mobility management (EMM) | A set of people, processes, and technology focused on managing mobile devices, wireless networks, and related services in a business context.
Evil twin | A hacker-controlled access point set up with the same SSID as a legitimate access point.
Extended service set (ESS) | A wireless local area network that includes one or more basic service sets (BSSes) as well as their associated local area networks.
F
Federal Communications Commission (FCC) | An independent U.S. government agency charged with regulating communications over radio, television, wire, satellite, and cable.
File Transfer Protocol (FTP) | A network protocol used to transfer computer files from one host to another over a TCP-based network.
Fingerprinting | The process of identifying a device on a network or the user behind the device.
FreeBSD | An operating system for a variety of platforms derived from BSD, the version of UNIX developed at the University of California, Berkeley.
Frequency Division Multiple Access (FDMA) | An access method that allows for multiple users through the assignment of frequency channels.
Frequency hopping spread spectrum (FHSS) | A method of transmitting radio signals by rapidly switching among many frequency channels.
Frequency reuse | The practice of assigning multiple users to the same frequency channel. Achieved by the physical separation and power management of the transmission streams.
Full duplex | Communication in both directions simultaneously.
General controls review (GCR) | An assessment of an organization’s internal controls over information technology and information security to help align controls with industry best practices.
General Packet Radio Service (GPRS) | The first packet-switched technology used on mobile networks. Often referred to as 2G+, it allowed Web-based access from mobile phones.
Global System for Mobile (GSM) standard | The primary technology used for 2G mobile systems. GSM was the dominant digital standard for mobile communications.
Gramm-Leach-Bliley Act (GLBA) | A U.S. federal law enacted to reorganize the financial services industry and control how financial institutions deal with individuals’ private information.
Groupe Spécial Mobile (GSM) | The dominant 2G mobile phone system standard. GSM was the standard throughout all of Europe, but saw competition from CDMA in the U.S. and parts of Asia. The name was later changed to Global System for Mobile.
H
Hackers | The name generally applied to those who commit cybercrime, although in the early days of networking, hackers were more curious technologists than criminals.
Half duplex | Communication in both directions, one direction at a time.
Handoff | A feature that enables a user to begin working in an application on one device and then hand off, or continue work, on a second device.
Hash | A number generated from a string of text. The hash, also called a hash value or message digest, is substantially smaller than the text itself and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
Health Insurance Portability and Accountability Act (HIPAA) | A U.S. law aimed at making it easier for people to keep health information private.
Heartbleed | Discovered in 2014, a security bug in the OpenSSL cryptography library, which is a widely used implementation of the TLS protocol.
Highly directional antennas | Directional antennas that radiate greater power in a single direction. Also called beam antennas.
High Speed Downlink Packet Access (HSDPA) | An enhanced 3G communications protocol that allowed faster data rates than the original 3G systems. HSDPA is referred to as 3G+ and 3.5G.
Hypertext Transfer Protocol Secure (HTTPS) | A secure communication protocol in wide use on the Internet.
I
Identity and access management (IAM) | The management of an individual’s authentication, authorization, and privileges within or across system and enterprise boundaries.
Independent basic service set (IBSS) | An ad hoc wireless network that does not have an access point. An IBSS cannot connect to other basic service sets.
Information security | The processes and practices that must be implemented to secure the digital assets you wish to protect from various threats.
Infrastructure mode | The most common topology for a WLAN. It uses an access point as a connection hub and portal to a distribution system.
Integration service (IS) | The process of recognizing, reframing, addressing, and delivering packets between wireless and wired mediums.
International Mobile Station Equipment Identity (IMEI) number | A serial number that uniquely identifies a mobile station internationally.
International Mobile Subscriber Identity (IMSI) | A unique identification associated with all GSM and UMTS network mobile phone users.
International Mobile Telecommunications-2000 (IMT-2000) | A set of 3G standards that define global roaming and network interoperability.
International Telecommunications Union (ITU) | A United Nations (UN) agency charged with coordinating telecommunications operations and services throughout the world.
Internet Control Message Protocol (ICMP) | A protocol used by network devices to send error messages.
Internet of Things (IoT) | The networking of electronics and other physical objects via embedded electronics.
Internet Protocol Security (IPSec) | An open standards encryption method of ensuring private, secure communications over Internet Protocol (IP) networks.
Internet Protocol version 4 (IPv4) | The addressing scheme that defines private networks. Version 4 has been used for most of the Internet age.
Internet Protocol version 6 (IPv6) | An updated addressing scheme that defines private networks. Version 6 offers many more addresses and more features than version 4.
Inter-process communication (IPC) | A set of programming interfaces that allow a programmer to coordinate activities among different program processes that can run concurrently in an operating system.
Intrusion detection systems (IDSes) | Devices or applications that monitor networks for malicious activities or policy violations.
Intrusion prevention systems (IPSes) | Network security appliances that monitor networks and systems for malicious activity.
IP addressing | A logical (non-permanent) label assigned to networked devices to establish a location for transmitting and receiving data.
IP private branch exchange (IP PBX) | A private exchange switch that connects an internal voice over IP (VoIP) system to the public switched telephone network (PSTN).
J
Jailbreaking | The act of rooting, or hacking into a smart device to allow users to attain privileged control (known as root access) within the device’s subsystem.
Jitter | The variation in the time between the arrival of packets from the same transmission, caused by network congestion, timing drift, or route changes.
K
Kali Linux | A variant of Linux designed for digital forensics and penetration testing.
Key performance indicators (KPIs) | A set of values against which to measure the quality or success of an operation or process.
Knowledge workers | Professionals whose job involves the use and manipulation of data.
L
Latency | A measurement of delay. Typically, the amount of time it takes for a packet to get from one point to another.
Least privilege | A policy whereby users are given access only to the systems and data they need to perform their jobs, and no more.
Likejacking | An exploit that uses an invisible frame over a Facebook Like button on a Web page. When a user clicks the button, the exploit is triggered. This exploit works especially well on mobile devices.
Long Term Evolution (LTE) | A 4G mobile communications standard.
M
Macro cells | Cells within a mobile system with a large coverage area.
MAC service data unit (MSDU) | A service data unit that is received from the logical link control (LLC) sub-layer (a portion of the Layer 3 Data Link Layer).
Madware | An aggressive form of advertising that affects smartphones and tablets. Short for mobile adware.
Man-in-the-middle attack | A form of network eavesdropping in which the attacker inserts himself or herself between two machines after making them believe they are talking directly to each other.
Masquerading | An attack in which the hacker attempts to impersonate an authorized user and gain that user’s level of privileges.
Media access control (MAC) address | A unique identifier assigned by manufacturers to any network-connected device. The MAC address is used to establish the source or destination of data flows on a local area network.
Mesh basic service set (MBSS) | A basic service set that forms a mesh of stations.
Message information base (MIB) | A component of SNMP, an MIB is a local database containing information relevant to network management.
Message integrity code (MIC) | A short piece of information used to authenticate and provide messaging integrity.
Micro cells | Cells within a mobile system with a small coverage area.
Mobile application management (MAM) | Software and services for controlling access to mobile apps used in business settings on both company-provided and bring your own device (BYOD) smart devices.
Mobile device management (MDM) | Best practices for deploying, securing, monitoring, integrating, and managing mobile devices in the workplace.
Mobile IP | A communication standard that allows users to maintain an IP address and Web session as they roam between different networks or network segments.
Mobile remote access Trojans (mRATs) | Malware programs that give an attacker administrative control over a smartphone or tablet.
Mobile Worldwide Interoperability for Microwave Access (WiMAX) | A wireless communication standard designed to offer high data rates.
Modem | Short for modulator/demodulator. Modems prepare information for transmission over a network and reassemble the data on the receiving end.
Multi-path | A phenomenon that results in radio signals reaching the receiving antenna by two or more paths.
Multiple input/multiple output (MIMO) antennas | A technology that allows multiple antennas to transmit and receive concurrently.
N
Narrowband | Transmitting or receiving signals over a narrow range of frequencies.
Near field communication (NFC) | A communication standard for smartphones and other devices to establish radio communication with other devices by bringing them near each other.
Network address translation (NAT) | A method of masking or hiding a private address from a public network.
Network cloaking | The act of hiding a WLAN by not advertising the SSID in the beacon.
Network effect | The increased value of all devices whenever a new device is added. For example, the first fax machine was useless by itself, but adding a second fax machine made the first one usable. With each fax machine added, the usefulness of all fax machines increased.
Network Layer | Layer 3 of the OSI Reference Model, where routing protocols such as IP are defined.
Network management system (NMS) server | A combination of hardware and software used to monitor and administer a computer network or networks.
Nomadic roaming | A type of roaming in which, when the device moves from one wireless coverage area to another, the session is broken from one transmitter and then reestablished with another.
Nonce | A one-time randomly generated number used to create encryption keys.
Nonrepudiation | The act of providing undeniable evidence that an action was taken and by whom. Nonrepudiation is important in e-commerce and financial transactions such as online trading.
O
Omnidirectional antenna | An antenna that transmits and receives signals in all directions.
Open share | A method of sharing files directly between clients over an air interface.
Open System authentication | A process by which a client gains access to a wireless network.
Open Systems Interconnection (OSI) Reference Model | A multi-layered, vendor-neutral description that defines the protocols and communication procedures for networks.
Open Web Application Security Project (OWASP) | An online community dedicated to Web application security.
OS fingerprinting | The process of analyzing TCP/IP packets to detect what operating system a machine is running.
P
Packet switching | A method of data communication that chops data into smaller parts for transmission and reassembles them on the receiving end. Packet switching greatly improves efficiency over dedicated circuit switching because packets from different communication streams can share a common circuit and packets from a single transmission stream can use different circuits during transmission.
Passive fingerprinting | The process of analyzing packets from a host on a network. In this case, the fingerprinter acts as a sniffer, and doesn’t put any traffic on a network.
Passive scanning | With passive scanning, a client waits until it “hears” a beacon advertising an SSID from an access point. If the client hears a beacon with a matching SSID, it selects the access point with the strongest signal.
Password management system (PMS) | A software application or system that helps a user store and organize passwords, which are applied automatically when the user logs into different sites.
Payment Card Industry Data Security Standard (PCI DSS) | An industry-driven data privacy standard that describes best practices and certifications for the secure storage, processing, or transmitting of credit cardholder data.
PDCA cycle | A four-step problem-solving repetitive technique used to improve business processes. The four steps are plan, do, check, and act.
Penetration testing (pentesting) | A method of testing and evaluating network security by simulating an attack on the network. Pentesting requires permission in advance from the network owners.
Personally identifiable information (PII) | Information that can be used to identify, contact, or locate a single person, or to identify an individual in context.
Phablets | Mobile devices that are somewhere between a phone and a tablet.
Phishing | The act of defrauding a person by posing as a legitimate organization (typically a bank), most often in a e-mail or Web site. The victim is tricked into giving away his or her login information to criminals, who then obtain valuable personal information or take money from the victim’s account.
Phreakers | Those who attempt to access and gain free use of telephone networks.
Physical Layer | Layer 1 of the OSI Reference Model. Defines the standards for the various signal paths over which data is transmitted.
Pico cells | Small hotspot cells that offer wireless (Wi-Fi) connectivity via a mobile carrier.
Piconet | A network created using a Bluetooth connection.
Point-to-Point Protocol (PPP) networks | Data links between two locations (or clients) without the use of any intermediate devices.
Port-based Network Access Control (PNAC) | Part of the IEEE 802.1 group of networking protocols, PNAC provides an authentication mechanism through the use of an authenticator device, which passes login credentials to an authentication database for approval prior to allowing access to the network.
Port mirroring | A method of monitoring network traffic in which the network sends a copy of all network packets seen on one or more ports to another port, where the packets can be viewed and analyzed.
Port scanning | The process of probing servers and hosts on a network for open ports. Port scanning is used by administrators to verify security policies and by attackers to identify services on a host.
Potentially unwanted applications
(PUAs) | Programs that contain adware, install toolbars, or have other unclear objectives.
Premium SMS | A pay-as-you-go service available on smartphones. This service is often taken advantage of by hackers. They use malware to send premium SMS messages from hacked phones to services that they own, control, or can otherwise extract payment from.
Presentation Layer | Layer 6 of the OSI Reference Model. It defines the formatting of information sent to and from applications.
Proximity fingerprinting | Fingerprinting that takes places via data collected from nearby sources, typically via wireless sniffing.
Public switched telephone network (PSTN) | All of the world’s telephone networks, which, while independently owned and operated, are connected and interoperate worldwide.
Q
Quality of service (QoS) | A method of prioritizing time-sensitive traffic (usually voice or video) on a network.
Quarantining | The process of isolating a client that is not compliant or is out of date with antivirus and security patches. Usually, such a client is quarantined to a guest virtual local area network (VLAN), where it can access the Internet but not internal systems. It typically remains there until it is security compliant.
R
Rainbow table | A table that is populated over time and used for reversing cryptographic hash functions, usually for cracking password hashes.
Remote access Trojans (RATs) | Malware programs that give an attacker administrative control over a computer.
Remote Authentication Dial-In User Service (RADIUS) | A network protocol that provides authentication, authorization, and account (AAA) services for devices or users connecting to a network.
Remote fingerprinting | Fingerprinting that takes place online.
Replay attack | An attack in which legitimate traffic is captured using a packet analyzer, modified, and then retransmitted.
Robust Security Network (RSN) | A protocol for establishing secure communications over an 802.11 wireless network. The Wi-Fi Alliance refers to its approved, interoperable implementation of the full 802.11i as RSN.
Rooting | The process of allowing users of smart devices to attain privileged control (known as root access) within the device’s subsystem. Also called jailbreaking.
S
Sandbox | An approach to software development and mobile application management (MAM) that limits the environments in which certain code can execute.
Sarbanes-Oxley Act (SOX) | A 2002 U.S. federal law that set new accounting standards for publicly traded companies and requires them to certify that controls are in place to protect their information. Also referred to as SOX or SarbOx.
Script kiddies | Those who, lacking skills to create their own attacks, launch cyberattacks through the use of scripts.
Seamless roaming | A type of roaming in which the session is not disrupted when the device moves from one wireless coverage area to another.
Secure Simple Pairing (SSP) | A secure method of pairing or connecting Bluetooth devices.
Security Associations (SA) | The establishment of shared security attributes between two network entities to support secure communication.
Semi-directional antennas | Antennas designed to transmit and receive with greater effectiveness in a particular direction, most often at the expense of all other directions. This improves performance in the intended direction while limiting interference in the non-targeted areas.
Service level agreements (SLAs) | Contracts between a network service provider and a customer that specify, usually in measurable terms, what services the network service provider will furnish. An SLA can also be an internal agreement between internal service providers (such as the IT team) and their constituents.
Service set identifier (SSID) | The name (in the form of a text string of up to 32 bytes) assigned to a wireless access point.
Session Layer | Layer 5 of the OSI Reference Model. It defines the communication setup and teardown between two networked devices.
Shared key authentication | A type of authentication that assumes each station has received a secret shared key through a secure channel independent from the wireless network.
Short Message Service (SMS) | A standardized text message service for use over mobile phones and other devices.
Signaling System 7 (SS7) | A protocol used in the setup and teardown of telephone calls.
Simplex communication | Communication that flows in only one direction, such as broadcast radio.
Single loss expectancy (SLE) | The expected monetary cost from the occurrence of a risk on an asset.
Single sign-on (SSO) | A property of access control whereby a user logs in once and gains access to all systems without being prompted to log in again at each of them.
Small office/home office (SOHO) | A office with just a handful of employees or an office in a person’s home.
Small to medium business (SMB) | A business that, due to its size, has different IT requirements and often faces different IT challenges than do large enterprises, and whose IT budget and staff are often constrained.
Smartphone | A mobile phone with advanced computing and connectivity capabilities.
SNMP traps | Alerts generated by Simple Network Management Protocol (SNMP) agents on managed devices. SNMP traps are generated when certain activities are flagged or set to a threshold. When the conditions are met, an alert is sent to the network management system.
Social engineering | The practice of teasing out from people information that should not be shared to use it to one’s advantage.
Software development kit (SDK) | A programming package that enables a programmer to develop applications for a specific platform. Typically, an SDK includes one or more APIs, programming tools, and documentation.
Spam | Junk mail that is typically distributed to a large number of recipients.
Spread spectrum | A data-transmission technique in which a signal is transmitted across the entire frequency space available.
Spyware | Malicious software that enables a user to covertly obtain information about another user’s computer activities.
SSID cloaking | A relatively weak method of wireless security in which the network name (service set identifier) is prevented from being publicly broadcasted.
Stack | In the context of the OSI Reference Model, the hierarchical relationship of the seven layers.
Station (STA) | A device that has the capability to use the 802.11 protocol.
Stream cipher | An encryption algorithm in which plaintext is combined with a random key stream. In a stream cipher, each plaintext digit is encrypted one at a time, creating a stream of ciphertext.
Subnetting | The process of logically segmenting a single private network into multiple partitions.
Subscriber identification module (SIM) | A “smart card” that is either embedded in or attached to a mobile device to enable mobile network access. SIM cards often hold a user’s personal information and can be switched from one phone to another.
T1/E1 | The standard digital carrier signals that transmit both voice and data. T1 rates are 1.544 Mbps and E1 operates at about 2 Mbps.
Telegraphy | A one-way message protocol invented by Samuel Morse that used start and stop signals of dots and dashes transmitted over copper wires and later radio signals.
Telephony | The design or use of telephones, limited to voice communication.
Telnet | A network protocol that allows one computer to log onto another computer on the same network.
Temporal Key Integrity Protocol (TKIP) | A security protocol used in the IEEE 802.11 wireless networking standard as an interim solution to replace WEP without requiring the replacement of legacy hardware.
Thin access points | Wireless access points with limited or no switch-like intelligence. Thin access points are configured and managed via a central controller, which provides the transition between the wireless and wired networks.
Time Division Multiple Access (TDMA) | A multiple user access scheme that partitions users into time slots on the same channel.
Transmission Control Protocol/Internet Protocol (TCP/IP) | The dominant suite of communication protocols used to communicate over the Internet. TCP/IP defines the communication setup as well as how packets are formatted, transmitted, routed, and received.
Transport Layer | Layer 4 of the OSI Reference Model. The bridge between the network and the application-processing software on devices. This is where data from applications is broken down into small chunks, or packets and then reassembled on the receiving device.
V
Version analysis | A scanning technique whereby the scanner sends out requests to a target system and, upon receiving a response, analyzes the headers for the version details.
Very high throughput (VHT) | The 802.11ac standard, a faster version of 802.11n. It is referred to as giga wireless or VHT.
Virtual LANs (VLANs) | Logical partitions on a local area network (LAN) that allow workstations within to communicate with each other as though they were on a single, isolated LAN.
Viruses | Malicious pieces of code that attach to a program. Once installed on a machine, a virus can replicate itself, often replacing or corrupting critical files in the process.
Voice over WLAN (VoWLAN) | A wireless-based voice over Internet Protocol (VoIP) system.
W
Walled garden | An environment that controls the user’s access to Web content and services.
Wardriving | The act of searching for and using an unsecured or open wireless network.
White list | A security or access control technique whereby all options are denied except those specifically permitted. Those on the permitted list are said to be white listed (allowed).
Wi-Fi | An alternate term for wireless LAN (WLAN). Refers to a system that allows for wireless connectivity to the Internet or a private network.
Wi-Fi Protected Access (WPA) | A technology used for security and data protection over wireless networks. More powerful than WEP, WPA uses 128-bit encryption.
Wi-Fi Protected Access 2 (WPA2) | A more secure version of WPA. With WPA2, a passphrase is used to create an encryption key.
Wired Equivalent Privacy (WEP) | A security protocol for wireless networks defined by the 802.11 standard. Proven to be a weak method of security, WEP has been replaced by WPA and WPA2.
Wireless access point (WAP) | A device that allows wireless devices to connect to a wired network using Wi-Fi or related standards.
Wireless distribution system (WDS) | A system that enables the wireless interconnection of access points without the use of a backbone (wired) network.
Wireless extender | A device that takes a signal from a wireless access point and rebroadcasts it to create a second network. Also called a wireless repeater.
Wireless local area network (WLAN) | A local area network that allows access via radio waves rather than through cables. Access to the network is most often gained through a device known as an access point, which provides the physical connection to the network.
Wireless personal area network (WPAN) | A wireless network centered around a person’s immediate workspace. Typically it is used to wirelessly connect peripheral devices to a computer.
Wireless repeater | See wireless extender.
Worldwide Interoperability for Microwave Access (WiMAX) | A wireless standard that provides data rates of up to 1 Gbps. WiMAX is often viewed as a “last mile” broadband method, connecting home or small offices to the high-speed network backbone.
Worms | Similar to viruses. A worm replicates itself by spreading to other machines. Unlike viruses, worms are standalone pieces of code.