| TERM | DESCRIPTION |
| 10BaseT | A 10-Mbps Ethernet Specification that uses two pairs of twisted-pair cabling (Category 3 or 5). 10BaseT, which is part of IEEE 802.3 specification, has a distance limit of approximately 100 meters per segment. |
| 100BaseT | Another term for fast Ethernet, an upgraded standard for connecting computers into a local area network (LAN). 100BaseT Ethernet works just like regular Ethernet except that it can transfer data at a peak rate of 100 Mbps. See 10BaseT |
| 1000BaseT | A specification for Gigabit Ethernet over copper cabling (IEEE 802.3ab), the 1000BaseT standard defines 1Gb/s data transfer with a maximum distance of 100m. Since it uses CAT-5 cabling, which many companies already have installed, 1000BaseT simplifies the migration to Gigabit Ethernet. It is an attractive and less expensive alternative to Gigabit Ethernet over multimode optical fiber (1000BaseLX, 1000BaseSX). |
| 3DES | Triple (3) Data Encryption Standard. Uses a 168-bit key that is considered virtually unbreakable. |
| Aggressive Mode | An IPSEC term referring to a packet exchange in ISAKMP phase one; in ISAKMP/Oakley used to negotiate an ISAKMP SA. It is an alternative to Main mode but not required by the RFCs. Although it involves fewer messages being transmitted between peers, it is seen as less secure that Main Mode. The Security Appliance does not support this mode of operation. See also Quick Mode, Main Mode |
| AH | See Authentication Header |
| ARP | Address Resolution Protocol. A TCP/IP protocol used to obtain a node‘s physical address. |
| ASP | Application Service Provider. An organization that hosts software applications on its own servers within its own facilities. |
| Asymmetric Encryption | An encryption scheme in which one key (the public key) and one algorithm is used to encrypt data, and another key (the private key) and another algorithm are used for decryption. The benefit of established asymmetric encryption schemes such as RSA are that you cannot easily find the private key simply from knowing the public one, and the public key can only be used for encryption, not for decryption. In practice, someone using asymmetric encryption for communication generates a public/private key pair, keeps the private key secret, and distributes the public key to anyone who wishes to communicate with them. Those with the public key can then use it to encrypt communications destined for that person, and only that person can decrypt that data. This property of asymmetric encryption schemes makes them particularly valuable in network environments. Asymmetric encryption schemes typically must use a much larger key than symmetric schemes. See also Encryption, Symmetric Decryption |
| ATM | Asynchronous Transfer Mode. A network technology for both LANs and WANs that supports real-time voice and video as well as data. |
| Authentication | In cryptography, a way of proving identity. An authentication scheme typically requires a sender to perform manipulations on the data they’re sending (with a digital signature scheme and/or a hash function) to prove they have certain cryptographic keys only they should know, thereby proving their identify. Authentication schemes often guarantee the integrity of the data being sent as well. See Digital Signatures and Hash Functions |
| Authentication Header (AH) | Part of the IPSEC protocol suite. It is the header used in IPSEC-compliant IP packets to carry authentication data (from a digital signature scheme or keyed hash), thereby preventing tampering during transmission and permitting verification of the identity of the sending party. |
| BIOS | Basic Input Output System. An essential set of routines in a computer, which is stored on a chip and provides an interface between the operating system and the hardware. |
| BOOTP | BOOT Protocol. A TCP/IP protocol used by a diskless workstation or network computer (NC) to obtain its IP address and other network information such as server address and default gateway. |
| CA | Certificate Authority. An organization that issues digital certificates (digital Ids) and make its public key widely available to its intended audience. |
| CBC | Cipher Block Chaining mode, a method of using a block cipher in which for each block except the first, the result of the previous encryption is XOR-ed into the new block before it is encrypted. CBC is the mode used in IPSEC. An initialization vector (IV) must be provided. It is XOR-ed into the first block before encryption. The IV need not be secret but should be different for each message and unpredictable. |
| Ciphertext | The coded text generated in an encryption scheme when a plaintext, the original message or data, is encrypted. See Encryption |
| Collision | Occurs when two devices on an Ethernet network transmit data at the same time. The data packets from each device become damaged when they collide on the network. |
| CLF | Command Line Format. |
| CLI | Command Line Interface. |
| CPU | Central Processing Unit. The computing part of the computer. Also called the "processor," it is made up of the control unit and Arithmetic Logic Unit. |
| CRL | Certificate Revocation List. A list of certificates that are no longer valid. The Certificate Authority maintains the CRL. |
| Crossover Cable | A cable that directly connects two similar devices without going through a switch or a router. |
| Datagram | A network term referring to a unit of data. See Packet |
| Data Encryption Standard (DES) | A symmetric encryption algorithm certified as a standard for US government departments that use encryption. DES uses a 56-bit key, giving it a 256 keyspace. DES has the disadvantage that its keyspace is not large enough for continued use and is now widely considered as insecure. For example, in a 1998 ruling, a German court described DES as "out-of-date and not safe enough" and held a bank liable for using it. The Security Appliance does not support this algorithm. |
| DES | See Data Encryption Standard |
| DHCP | Dynamic Host Configuration Protocol. Software that automatically assigns IP addresses to client stations logging onto a TCP/IP network. It eliminates having to manually assign permanent IP addresses. |
| DIG | Domain Information Groper. An Internet utility that gathers information from domain name servers. |
| Digital Signature | A form of authentication. In digital signature schemes, persons proving their identify must encrypt transmitted data with a key only they possess and then pass both the original data and the ciphertext generated with their key to whomever wishes to verify their identity. Such schemes often have the advantage of protecting transmitted data against alteration, since any alteration would require the signature to be changed to match it, and the key generating that signature is secret. Since most encryption schemes generate ciphertext at least as long as the original plaintext, many digital signature schemes also use hash functions to reduce the amount of data that must be signed. The sending party first uses the hash to produce a shorter (usually fixed in size) piece of data and then signs this with the signature scheme. To verify, the recipient does the same hash on the data and then runs the opposite encryption operation on the signature, using either the same key as the sender should have (see Symmetric Encryption) or the complementary public key (see Asymmetric Encryption). The output should match the hash if the signature is legitimate and the message has not been altered. The IPSEC protocol suite can use digital signature schemes for authentication and data integrity checks throughout the protocol suites. |
| DNS | Domain Name Server. Name resolution software that lets users locate computers on a UNIX network or the Internet (TCP/IP network) by domain name. |
| DMZ | DeMilitarized Zone. Serves as a kind of barrier that is separated from the Internet by a security device such as a firewall or a VPN unit. |
| DSL | Digital Subscriber Line. An international telecommunications standard for providing a digital service from the customer‘s premises to the dial-up telephone network. |
| Encapsulating Security Payload (ESP) | Payload format used in IPSEC-compliant IP packets to carry encrypted and/or authenticated data, thereby preventing sniffing (eavesdropping) on the network between communicating nodes. |
| Encryption | A scheme in which information is rendered unreadable during transport, so that an intercepting party cannot make use of it. In encryption, readable data (the plaintext) is encrypted to produce an unreadable ciphertext. The ciphertext must then be decrypted (converting it back to the plaintext) before it can be read at the receiving end. Modern encryption schemes typically use an algorithm and key system. The algorithm is a set of rules for what to do to the data to encrypt it. The key is a parameter—a value the algorithm uses to encrypt the data. Once a certain key has been used to encrypt data, you usually need either the same key (symmetric encryption) or a different but complementary key (asymmetric encryption) to decrypt the data. Typically the rules of the algorithm used are public, but keys used are kept secret between communicating parties, so that only they can decrypt the message. |
| Encryption Key | A parameter used to encrypt and decrypt data. Once data has been encrypted using a given key, either the same key (in symmetric encryption), or a complementary key (in asymmetric encryption) is then needed to decrypt it. See also Keyspace |
| ESP | An IPSEC term. See Encapsulating Security Payload |
| Ethernet | A Baseband LAN specification invented by Xerox Corporation and developed jointly by Xerox, Intel and Digital Corporation. Ethernet networks use carrier sense multiple access/collision detection (CSMA/CD) and run over a variety of cable types at 10 Mbps. Ethernet is similar to the IEEE 802.3 series of standards. |
| Fast Ethernet | Any of a number of 100 Mbps Ethernet specifications. Fast Ethernet offers a speed ten times that of the 10BaseT Ethernet specification. Existing 10BaseT applications and network management tools can be run on Fast Ethernet networks. It is based on an extension to the IEE 802.3 specification. |
| Firewall | A security system intended to protect an organization’s network against external threats coming from another network, such as the Internet. |
| FTP | File Transfer Protocol. A protocol used to transfer files over a TCP/IP network (Internet, UNIX, etc.). |
| FQDN | Fully Qualified Domain Name. The complete domain name for a specific host on the Internet. It provides enough information so that it can be converted to a physical IP address. |
| Gateway | A point of contact between networks. |
| Gbps | GigaBits Per Second. One billion bits per second. |
| GRE | Generic Routing Encapsulation. |
| Hash Function | A cryptography term. A hash function is a subclass of the encryption functions used to assist digital signature schemes, and for cryptographic authentication schemes in general. Hashes used for such schemes have the property that their output is of constant length, whatever the input, and that it is extremely difficult to come up with a second input message that would produce the same hash. Therefore in digital signature schemes, rather than signing the message itself, the sending party usually first runs a hash on the message and signs the output (also colloquially called the hash) thus reducing the size of the signature and the amount of data that has to be sent. Hashes may also be keyed. A keyed hash uses a parameter (a key) much like an encryption key, and precisely the same key must be used to generate the same hash from the same data. So a keyed hash can provide authentication of the sending party’s identity on its own, by proving they know the appropriate key. Keyed hashes are similar to encryption functions, except that hashes are reducing processes, so you cannot get the original data back from the hash output. You can only verify that the hash is appropriate output from that data. A hash is both a pseudo-random function (PRF) and a one-way function. |
| Header (or Packet Header) |
A network term referring to a portion attached to the beginning of a
packet to specify the protocol level data needed to process the rest of
the packet, such as: - addresses to which to deliver it - which SA rules to use to decipher it - how to assemble it with the next packet - which procedures to use to authenticate the packet. See also Payload |
| HTTP | HyperText Transfer Protocol. The communications protocol used to connect to servers on the World Wide Web. |
| HTTPS | HyperText Transfer Protocol Secure. The protocol for accessing a secure Web server. |
| IANA | Internet Assigned Numbers Authority – see http://www.iana.org |
| ICMP | Internet Control Message Protocol. A TCP/IP protocol used to send error and control messages. |
| IDP | Inter-Domain Policy. |
| IDPR | Inter-Domain Policy Routing. A link state interdomain routing protocol being worked on in the IETF Community. |
| IEEE | Institute of Electrical and Electronic Engineers. A membership organization that includes engineers, scientists and students in electronics and allied fields. |
| IETF | See Internet Engineering Task Force |
| IGP | Interior Gateway Protocol. A broad category of routing protocols that support a single, confined geographic area such as a local area network (LAN). |
| IKE | Internet Key Exchange. It is a key exchange protocol specified by Engineering. |
| Internet | A "super network" of two or more networks. Usually these networks are using different governing protocols or are either administratively or physically separated. |
| Internet Engineering Task Force (IETF) | A multinational group of people working on Internet communications technology issues at the international level. The IETF coordinates working groups, including the IPSEC working group, developing communications standards. |
| Internet Protocol (IP) | A network term referring to the basic transmission protocol, immediately above the physical protocols (frequently Ethernet or PPP) in the Internet, and a common standard in many large corporate and academic LANs and WANs. IP is the protocol responsible for delivering packets to their destination. Other, higher level protocols (typically TCP) are responsible for actually breaking the data into appropriate chunks for transmission, and reassembling them on delivery. IP is a highly flexible scheme designed to transparently negotiate communications between networks of differing capabilities, and for highly flexible, adaptive routing. TCP and UDP are the two protocols that most commonly call on IP’s services. IP is the only IP network protocol used universally throughout the net (and this applies to the Internet) for all communications. This is one of the reasons adding security at the IP level (see IPSEC Protocol Suite) has such value. |
| Internet Security Association and Key Management Protocol | Part of the IPSEC protocol suite. ISAKMP/Oakley is the current IPSEC standard for SA rules negotiation, key management, and key exchange. ISAKMP/Oakley uses three modes: aggressive mode, quick mode, and main mode. ISAKMP stands for Internet Security Association and Key Management Protocol. |
| IP | See Internet Protocol |
| IP Addressing | A network term referring to a 32-bit address, usually written in four bytes (for example, 123.145.156.178), used in IP networks to identify a node on the network. Packets are routed by IP to the appropriate machine on the network by reading the destination IP address in the packet header. Every machine on a network to which packets may be routed must have a unique IP address. See also Domain Name, Internet Protocol |
| IP/BIT | IP Address and Netmask pair (Netmask in Bit format) |
| IP/MASK | IP Address and Netmask pair |
| IPSEC | Acronym for Internet Protocol (IP) Security. See also IPSEC Protocol Suite and IPSEC Working Group |
| IPSEC Protocol Suite | A set of extensions to the Internet Protocol (IP), adding security services developed by the IETF’s IPSEC working group. The suite consists of protocols for an authentication header (AH), encapsulating security protocol (ESP), and a key management and exchange protocol (ISAKMP/Oakley). |
| IPSEC SA | A term specific to this paper referring to a general purpose SA used for carrying IP data. See also ISAKMP SA |
| IPSEC Working Group | A subcommittee of the Internet Engineering Task Force (IETF) dedicated to developing security extensions for the Internet Protocol; designers of the IPSEC protocol suite. |
| IPX | Internet Packet EXchange. A NetWare communications protocol used to route messages from one node to another. |
| ISAKMP/Oakley | See Internet Security Association and Key Management Protocol |
| ISAKMP SA | An IPSEC term referring to an SA negotiated using ISAKMP/Oakley, strictly for the purpose of negotiating general purpose IPSEC SAs. |
| ISDN | Integrated Services Digital Network. An international telecommunications standard for providing a digital service from the customer‘s premises to the dial-up telephone network. |
| ISO | International Standardization Organization. An organization, founded in 1946, that sets international standards. The U.S. member body is ANSI. |
| ISP | Internet Server Provider. An organization that provides access to the Internet. |
| Key | A cryptography term. See Encryption Key |
| Keyspace | A cryptography term. The total range (or number) of possible encryption keys that might be used in a given encryption scheme. Using binary keys, the key space is always two raised to the power of the length of the key. So the keyspace for a 56 bit binary key is 256, or around 7.2x1016 (about 72 million billion possible keys). See also Encryption |
| LAN | See Local Area Network |
| Link | A connection between two ports. |
| Local Area Network (LAN) | A communications network that serves users within a confined geographical area. It is made up of servers, workstations, a network operating system and a communications link. |
| MAC | Message Authentication Code. A number computed from the contents of a text message that is used to authenticate the message. The MAC is a checksum that is computed using an algorithm and secret key and then sent with the message. |
| Main Mode | An IPSEC term referring to the packet exchange protocol used in ISAKMP phase one (in ISAKMP/Oakley) to negotiate an ISAKMP SA. See also Aggressive Mode, Quick Mode, ISAKMP SA |
| Manual Keying | Allows the user to specify authentication and encryption keys. |
| Mbps | MegaBits Per Second. One million bits per second. |
| MD5 | Message Digest 5. A popular one-way hash function developed by Ronald Rivest (the "R" in RSA), which is used to create a message digest for digital signatures. |
| MIB | Management Information Base. An SNMP structure that describes the particular device being monitored. |
| MTU | Maximum Transmission Unit. The largest packet size that can be transmitted over the network. Messages longer than the MTU must be divided into smaller packets by the communications protocol. |
| NAT | Network Address Translation. An IETF standard that allows an organization to present itself to the Internet with one address. NAT converts the address of each LAN node into one IP address for the Internet and vice versa. |
| NetBIOS | Network Basic Input Output Service. The native networking protocol in DOS and Windows networks. It provides a programming interface for applications at the session layer (layer 5). |
| NetBUI | NetBIOS User Interface. The transport layer for NetBIOS. |
| Netmask / Network Mask | A set of values that masks (or causes the bridge/router to ignore) portions of a packet’s address. This technique allows the administrator to subdivide the network at levels below tile Internet address-defined range. |
| Nonce | A random number usually used either for verification purposes, or for adding randomness to cryptographic key exchanges. In ISAKMP/Oakley exchanges, you send the other communicating party a nonce that they then must sign with their digital signature and send back, so that you can verify their identity. |
| One-way Function | A mathematical/cryptography term. A one-way function has the often-useful property that it is difficult to deduce the inputs from the output alone. A hash is a one-way function. |
| Packet | A network term. A packet is the basic unit of transmission under IP (and virtually all network protocols). Data streams are broken into packets (small ‘buckets of data’) by the transmitting machine, passed through the network in pieces by IP, and then reassembled at the receiving end. You will also see the term datagram. A datagram is a unit of data, and a packet is the physical thing on the wire. But the terms are usually used interchangeably, and for most purposes, this is both convenient and legitimate. |
| Packet Filtering | Packet Filtering allows the user to define and apply filters on interfaces at the IP level. |
| Packet Header | See Header |
| PAT | Port Address Translation. When there are more inside IP hosts than NAT-allocated addresses, the PAT feature allows the handling of this situation by using socket mappings |
| Payload | A network term referring to the data portion of a packet following the header. See also Packet and Header |
| PFS | Perfect Forward Secrecy. A new Diffie-Hellman Key exchange takes place, new encryption keys are derived from this D-H shared secret and the D-H shared secret is not used to derive any other key. |
| Phase One Exchange | An ISAKMP/Oakley exchange used to establish the initial ISAKMP SA. |
| Phase Two Exchange | An ISAKMP/Oakley exchange used to establish the general-purpose IPSEC SA, or to refresh keying material either for an IPSEC SA or an ISAKMP SA. |
| PING | Packet INternet Groper. An Internet utility used to determine whether a particular IP address is online. It is used to test and debug a network by sending out a packet and waiting for a response. |
| Plaintext | A cryptographic term for a message before encryption and after decryption. You encrypt the plaintext to generate the ciphertext, which you then transmit through the unsecured channel. You then decrypt the ciphertext to get back the plaintext. |
| PPP | Point-to-Point Protocol. A data link protocol that provides dial-up access over serial lines. It can run on any full-duplex link from POTS to ISDN to high-speed lines (T1, T3, etc). |
| Protocol |
A general term/network term (1) referring to a way of doing things; (2) in networking, the rules that govern how machines communicate. The Internet protocol (IP), for example, defines the rules for machine addressing and for routing packets between machines in a network. |
| Pseudo-random Function | A mathematical/cryptography term. A pseudo-random function is a function in which a small change in the input may result in any magnitude of change in the output. Pseudo-random functions are deterministic in that the same inputs always result in precisely the same output. However, without actually running the function, it can be difficult to know what will be the output. Random number generators and hashes may both be pseudo-random functions. |
| Quick Mode | An IPSEC term referring to the packet exchange protocol used in ISAKMP phase two in ISAKMP/Oakley to establish general purpose IPSEC SAs, and to refresh keying material for ISAKMP SAs or IPSEC SAs. See also Main Mode, Aggressive Mode |
| RARP | Reverse Address Resolution Protocol, a TCP/IP protocol defined in RFC 903 that permits a physical address, such as an Ethernet address, to be translated into an IP address. Hosts that know only their MAC address when booted must discover their IP addresses from an external source, usually a RARP server. |
| RFC | Request For Comments. A document that describes the specifications for a recommended technology. RFCs are used by the Internet Engineering Task Force (IETF) and other standards bodies. |
| RSA | Rivest–Shamir-Adleman. The original and best-known asymmetric encryption scheme. RSA uses the product of two large primes as a public key, and values derived from those (secret) primes as a secret key. See Asymmetric Encryption |
| SA | See Security Association |
| SA Rules | In the IPSEC protocol suite, the set of algorithms, and keys, and rules for using them in a Security Association (SA). |
| Secure Virtual Private Network (Secure VPN) | A secure private network using unsecured public networks as carriers. The IPSEC protocol suite provides the capability of building secure VPNs within the context of larger, unsecured public IP networks such as the Internet. Users of the secure VPN may use their network as though it were a perfectly secure, isolated LAN, even though it is physically directly connected to unsecured public networks. See also virtual private network. |
| Secure VPN | See Secure Virtual Private Network |
| Security Association (SA) | An IPSEC term. In the IPSEC protocol suite, (1) a dedicated secure virtual connection between two nodes; (2) a term used casually to refer to the SA Rules. |
| Security Parameters Index (SPI) | An IPSEC term referring to an arbitrary 32-bit number, which in concert with a destination IP address, uniquely identifies a single SA. The headers of IPSEC packets carry an SPI, which the recipient node then uses to look up the SA rules for a given incoming packet. A node may reassign an SPI to a new SA after the old SA expires, provided it waits long enough that it is unlikely packets from the old SA are still percolating. |
| Shared Secret | A predefined field that two endpoints of a VPN Tunnel use when setting up an IKE SA. |
| SHA-1 | Secure Hash Algorithm-1. A popular one-way hash algorithm used to create digital signatures. SHA was developed by the NIST, and SHA-1 is a revision to the standard released in 1994. SHA-1 is similar to the MD4 and MD5 algorithms developed by Rivest, but it is slightly slower and more secure. |
| SNMP | Simple Network Management Protocol. A widely used network monitoring and control protocol. Data is passed from SNMP agents, which are hardware and/or software processes reporting activity in each network device (hub, router, bridge, etc.), to the workstation console used to oversee the network. |
| SPI | See Security Parameter Index |
| SSH | Secure Shell: is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and to provide secure encrypted communications between two un-trusted hosts over an insecure network. |
| SSL | Secure Socket Layer: Internet cryptography technology Netscape Communications and RSA Security developed SSL in 1993. SSL lies between the application layer and the TCP/IP layer, and allows a secure connection between a web browser and a web server. This channel guarantees confidentiality in that the messages that pass over it are encrypted. |
| Static NAT | Allows the user to configure an internal subnet to present a virtual IP address to the outside world. |
| Straight Through Ethernet Cable | A cable that wires a pin to its equivalent pin. A straight through Ethernet cable is the most common cable used. An example specific to the switch is connecting one of these switches to an end station, such as a computer. |
| Strong Encryption | Systems that use RSA (Rivest-Shamir-Adleman) with key sizes over 512 bits or symmetric algorithms (such as triple-DES, IDEA, or RC5) with key sizes over 56 bits. |
| Subnet Mask | A method for altering the host field of an address. This is used to divide a network into smaller administrative units called sub-networks. |
| Symmetric Encryption | A cryptographic term describing encryption schemes in which the same key is used both for encryption and decryption. For example, DES. |
| TCP | Transmission Control Protocol. The TCP part of TCP/IP. TCP and UDP are the two transport protocols in TCP/IP. TCP ensures that a message is sent accurately and in its entirety. However, for real-time voice and video, there is really no time or reason to correct errors, and UDP is used instead. |
| TCP/IP | See Transmission Control Protocol |
| Telnet | A protocol within the TCP/IP suite providing a virtual terminal emulation between computers on an Internet. |
| Transmission Control Protocol (TCP) | An IP-specific network term. A general-purpose protocol designed for carrying data of virtually any type and any size though IP-based networks, and the standard protocol for most general-purpose communications in the Internet. TCP is said to ‘run on top of’ IP, meaning it uses IP for actual delivery and addressing of the data. TCP effectively sets up a dedicated, but temporary channel between two nodes. An e-mail client would typically use TCP for carrying messages back and forth, to and from an e-mail server. |
| Trusted Port | A port that provides a secure connection between two devices. |
| TTL | Time To Live. A set maximum amount of time a packet is allowed to propagate through the network before it is discarded. |
| UDP | See User Datagram Protocol |
| Un-trusted Port | A port that provides an un-secure connection between two devices. |
| User Datagram Protocol (UDP) | An IP-specific network term. A general-purpose protocol used in IP networks in situations in which reliable delivery is not required. Like TCP, UDP runs "on top of" IP, meaning it uses IP for actual delivery and addressing of data. Internet clients use UDP principally for communications with domain name servers, in resolving Internet addresses. Real-time audio and video traffic also frequently uses UDP. IPSEC’s ISAKMP/Oakley protocol suite is based on UDP. |
| UTP | Unshielded Twisted Pair. UTP is the most common twisted pair cable. UTP come in stranded and solid wire varieties. The stranded wire is the most common and very flexible for bending around corners. Solid wire cable has less attenuation and can span longer distances, but is less flexible than stranded wire and cannot be repeatedly bent. |
| Virtual Private Network (VPN) | A system in which a public network is used to carry the data of a private one, usually in such a way that the distinctions between the resulting virtual network and a true private LAN or WAN are invisible to the user. Note that the term VPN by itself does not necessarily imply that the data carried is private (i.e. unreadable by other network users), as does the term secure virtual private network (secure VPN). However, the term VPN commonly refers to a secure VPN. |
| VPN | See Virtual Private Network |
| VPN Tunnel | A connection between two or more private nodes/LANs over the internet. |
| WAN | Wide Area Network. A communications network that covers a wide geographic area, such as state or country. |
| WebUI | Web User Interface. |
| WINS | Windows Internet Naming Service – software that resolves NetBIOS names to IP addresses. |
