Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

VPN

Download as rtf, pdf, or txt
Download as rtf, pdf, or txt
You are on page 1of 18

Virtual Private Network - VPN

The Virtual Private Network - VPN - has attracted the attention of many organizations
looking to both expand their networking capabilities and reduce their costs.

The VPN can be found in workplaces and homes, where they allow employees to safely
log into company networks. Telecommuters and those who travel often find a VPN a
more convenient way to stay connected to the corporate intranet . No matter your current
involvement with VPNs, this is a good technology to know something about. This VPN
tutorial involves many interesting aspects of network protocol design, Internet security,
network service outsourcing, and technology standards.

What Exactly Is A VPN?

A VPN supplies network connectivity over a possibly long physical distance. In this
respect, a VPN is a form of Wide Area Network (WAN) .

The key feature of a VPN, however, is its ability to use public networks like the Internet
rather than rely on private leased lines. VPN technologies implement restricted-access
networks that utilize the same cabling and routers as a public network, and they do so
without sacrificing features or basic security.

A VPN supports at least three different modes of use:

• Remote access client connections


• LAN-to-LAN internetworking
• Controlled access within an intranet

VPN Pros and Cons

Like many commercialized network technologies, a significant amount of sales and


marketing hype surrounds VPN. In reality, VPNs provide just a few specific potential
advantages over more traditional forms of wide-area networking. These advantages can
be significant, but they do not come for free.

The potential problems with the VPN outnumber the advantages and are generally more
difficult to understand. The disadvantages do not necessarily outweigh the advantages,
however. From security and performance concerns, to coping with a wide range of
sometimes incompatible vendor products, the decision of whether or not to use a VPN
cannot be made without significant planning and preparation.

Technology Behind VPNs

Several network protocols have become popular as a result of VPN developments:

• PPTP
• L2TP
• IPsec
The Virtual Private Network - VPN - has attracted the attention of many
organizations looking to both expand their networking capabilities and reduce
their costs

What Is a VPN?

A VPN supplies network connectivity over a possibly long physical distance. In this
respect, a VPN is a form of Wide Area Network (WAN) . VPNs enable file sharing, video
conferencing and similar network services. Virtual private networks generally don't
provide any new functionality that isn't already offered through alternative mechanisms,
but a VPN implements those services more efficiently / cheaply in most cases.

A key feature of a VPN is its ability to work over both private networks as well as public
networks like the Internet. Using a method called tunneling , a VPN use the same
hardware infrastructure as existing Internet or intranet links. VPN technologies includes
various security mechanisms to protect the virtual, private connections.

Specifically, a VPN supports at least three different modes of use:

• Internet remote access client connections


• LAN-to-LAN internetworking
• Controlled access within an intranet

Internet VPNs for Remote Access

In recent years, many organizations have increased the mobility of their workers by
allowing more employees to telecommute. Employees also continue to travel and face a
growing need to stay connected to their company networks.

A VPN can be set up to support remote, protected access to the corporate home offices
over the Internet. An Internet VPN solution uses a client/server design works as follows:

1. A remote host (client) wanting to log into the company network first connects
to any public Internet Service Provider (ISP) .

2. Next, the host initiates a VPN connection to the company VPN server . This
connection is made via a VPN client installed on the remote host.

3. Once the connection has been established, the remote client can
communicate with the internal company systems over the Internet just as if it
were a local host.
Before VPNs, remote workers accessed company networks over private leased lines or
through dialup remote access servers. While VPN clients and servers careful require
installation of hardware and software, an Internet VPN is a superior solution in many
situations.

VPNs for Internetworking


Besides using virtual private networks for remote access, a VPN can also bridge two
networks together. In this mode of operation, an entire remote network (rather than just a
single remote client) can join to a different company network to form an extended
intranet. This solution uses a VPN server to VPN server connection.

Intranet / Local Network VPNs

Internal networks may also utilize VPN technology to implement controlled access to
individual subnets within a private network. In this mode of operation, VPN clients
connect to a VPN server that acts as the network gateway.

This type of VPN use does not involve an Internet Service Provider (ISP) or public
network cabling. However, it allows the security benefits of VPN to be deployed inside
an organization. This approach has become especially popular as a way for businesses
to protect their WiFi local networks.

Question: What Are the Advantages and Benefits of a VPN?

A VPN - Virtual Private Network - is one solution to establishing long-distance and/or


secured network connections. VPNs are normally implemented (deployed) by
businesses or organizations rather than by individuals, but virtual networks can be
reached from inside a home network. Compared to other technologies, VPNs offers
several advantages, particularly benefits for wireless local area networking.
Answer: For an organization looking to provide a secured network infrastructure for its
client base, a VPN offers two main advantages over alternative technologies: cost
savings, and network scalability. To the clients accessing these networks, VPNs also
bring some benefits of ease of use.

Cost Savings with a VPN

A VPN can save an organization money in several situations:

• eliminating the need for expensive long-distance leased lines


• reducing long-distance telephone charges
• offloading support costs

VPNs vs leased lines - Organizations historically needed to rent network capacity such
as T1 lines to achieve full, secured connectivity between their office locations. With a
VPN, you use public network infrastructure including the Internet to make these
connections and tap into that virtual network through much cheaper local leased lines or
even just broadband connections to a nearby Internet Service Provider (ISP) .

Long distance phone charges - A VPN also can replace remote access servers and
long-distance dialup network connections commonly used in the past by business
travelers needing to access to their company intranet . For example, with an Internet
VPN, clients need only connect to the nearest service provider's access point that is
usually local.

Support costs - With VPNs, the cost of maintaining servers tends to be less than other
approaches because organizations can outsource the needed support from professional
third-party service providers. These provides enjoy a much lower cost structure through
economy of scale by servicing many business clients.

VPN Network Scalability

The cost to an organization of building a dedicated private network may be reasonable


at first but increases exponentially as the organization grows. A company with two
branch offices, for example, can deploy just one dedicated line to connect the two
locations, but 4 branch offices require 6 lines to directly connect them to each other, 6
branch offices need 15 lines, and so on.

Internet based VPNs avoid this scalability problem by simply tapping into the the public
lines and network capability readily available. Particularly for remote and international
locations, an Internet VPN offers superior reach and quality of service.

Using a VPN

To use a VPN, each client must possess the appropriate networking software or
hardware support on their local network and computers. When set up properly, VPN
solutions are easy to use and sometimes can be made to work automatically as part of
network sign on.

VPN technology also works well with WiFi local area networking. Some organizations
use VPNs to secure wireless connections to their local access points when working
inside the office. These solutions provide strong protection without affecting performance
excessively.

Limitations of a VPN

Despite their popularity, VPNs are not perfect and limitations exist as is true for any
technology. Organizations should consider issues like the below when deploying and
using virtual private networks in their operations:
1. VPNs require detailed understanding of network security issues and careful
installation / configuration to ensure sufficient protection on a public network like
the Internet.

2. The reliability and performance of an Internet-based VPN is not under an


organization's direct control. Instead, the solution relies on an ISP and their
quality of service.

3. Historically, VPN products and solutions from different vendors have not
always been compatible due to issues with VPN technology standards.
Attempting to mix and match equipment may cause technical problems, and
using equipment from one provider may not give as great a cost savings.

VPN tunneling

Virtual private network technology is based on the idea of tunneling. VPN tunneling
involves establishing and maintaining a logical network connection (that may contain
intermediate hops). On this connection, packets constructed in a specific VPN protocol
format are encapsulated within some other base or carrier protocol, then transmitted
between VPN client and server, and finally de-encapsulated on the receiving side.

For Internet-based VPNs, packets in one of several VPN protocols are encapsulated
within Internet Protocol (IP) packets. VPN protocols also support authentication and
encryption to keep the tunnels secure.

Types of VPN Tunneling

VPN supports two types of tunneling - voluntary and compulsory. Both types of tunneling
are commonly used.

In voluntary tunneling, the VPN client manages connection setup. The client first makes
a connection to the carrier network provider (an ISP in the case of Internet VPNs). Then,
the VPN client application creates the tunnel to a VPN server over this live connection.

In compulsory tunneling, the carrier network provider manages VPN connection setup.
When the client first makes an ordinary connection to the carrier, the carrier in turn
immediately brokers a VPN connection between that client and a VPN server. From the
client point of view, VPN connections are set up in just one step compared to the two-
step procedure required for voluntary tunnels.

Compulsory VPN tunneling authenticates clients and associates them with specific VPN
servers using logic built into the broker device. This network device is sometimes called
the VPN Front End Processor (FEP), Network Access Server (NAS) or Point of
Presence Server (POS). Compulsory tunneling hides the details of VPN server
connectivity from the VPN clients and effectively transfers management control over the
tunnels from clients to the ISP. In return, service providers must take on the additional
burden of installing and maintaining FEP devices.

VPN Tunneling Protocols

Several computer network protocols have been implemented specifically for use with
VPN tunnels. The three most popular VPN tunneling protocols listed below continue to
compete with each other for acceptance in the industry. These protocols are generally
incompatible with each other.

Point-to-Point Tunneling Protocol (PPTP)

Several corporations worked together to create the PPTP specification. People generally
associate PPTP with Microsoft because nearly all flavors of Windows include built-in
client support for this protocol. The initial releases of PPTP for Windows by Microsoft
contained security features that some experts claimed were too weak for serious use.
Microsoft continues to improve its PPTP support, though.

Layer Two Tunneling Protocol (L2TP)

The original competitor to PPTP for VPN tunneling was L2F, a protocol implemented
primarily in Cisco products. In an attempt to improve on L2F, the best features of it and
PPTP were combined to create a new standard called L2TP. Like PPTP, L2TP exists at
the data link layer (Layer Two) in the OSI model -- thus the origin of its name.

Internet Protocol Security (IPsec)

IPsec is actually a collection of multiple related protocols. It can be used as a complete


VPN protocol solution or simply as the encryption scheme within L2TP or PPTP. IPsec
exists at the network layer (Layer Three) of the OSI model.

PPTP

Definition: PPTP is a network protocol used in the implementation of Virtual Private


Networks (VPN) . RFC 2637 is the PPTP technical specification.

PPTP works on a client server model. PPTP clients are included by default in Microsoft
Windows and also available for both Linux and Mac OS X. Newer VPN technologies like
L2TP and IPsec may replace PPTP someday, but PPTP remains a popular network
protocol especially on Windows computers.

PPTP technology extends the Point to Point Protocol (PPP) standard for traditional dial-
up networking. PPTP operates at Layer 2 of the OSI model. As a network protocol,
PPTP is best suited for the remote access applications of VPNs, but it also supports
LAN internetworking.

Also Known As: Point-to-Point Tunneling Protocol

Introduction to PPTP - Point-to-Point Tunneling Protocol

PPTP - Point-to-Point Tunneling Protocol - extends the Point to Point Protocol (PPP)
standard for traditional dial-up networking. PPTP is best suited for the remote access
applications of VPNs, but it also supports LAN internetworking. PPTP operates at Layer

Using PPTP
PPTP packages data within PPP packets, then encapsulates the PPP packets within IP
packets (datagrams) for transmission through an Internet-based VPN tunnel. PPTP
supports data encryption and compression of these packets. PPTP also uses a form of
General Routing Encapsulation (GRE) to get data to and from its final destination.

PPTP-based Internet remote access VPNs are by far the most common form of PPTP
VPN. In this environment, VPN tunnels are created via the following two-step process:

1. The PPTP client connects to their ISP using PPP dial-up networking
(traditional modem or ISDN ).
2. Via the broker device (described earlier), PPTP creates a TCP control
connection between the VPN client and VPN server to establish a tunnel. PPTP
uses TCP port 1723 for these connections.
PPTP also supports VPN connectivity via a LAN. ISP connections are not required in
this case, so tunnels can be created directly as in Step 2 above.

Once the VPN tunnel is established, PPTP supports two types of information flow:

• control messages for managing and eventually tearing down the VPN
connection. Control messages pass directly between VPN client and server.
• data packets that pass through the tunnel, to or from the VPN client

PPTP Control Connection

Once the TCP connection is established in Step 2 above, PPTP utliizes a series of
control messages to maintain VPN connections. These messages are listed below.
Number Name Description

1 StartControlConnectionRequest Initiates setup of the VPN session; can be


sent by either client or server.
Sent in reply to the start connection request
(1); contains result code indicating success or
2 StartControlConnectionReply
failure of the setup operation, and also the
protocol version number.
3 StopControlConnectionRequest Request to close the control connection.
Sent in reply to the stop connection request
4 StopControlConnectionReply (3); contains result code indicating success or
failure of the close operation.

5 EchoRequest Sent periodically by either client or server to


"ping" the connection (keep alive).

6 EchoReply Sent in response to the echo request (5) to


keep the connection active.

7 OutgoingCallRequest Request to create a VPN tunnel sent by the


client.

8 OutgoingCallReply Response to the call request (7); contains a


unique identifier for that tunnel.

9 IncomingCallRequest Request from a VPN client to receive an


incoming call from the server.
Response to the incoming call request (9),
10 IncomingCallReply indicating whether the incoming call should be
answered.
Response to the incoming call reply (10);
11 IncomingCallConnected provides additional call parameters to the
VPN server.
12 CallClearRequest Request to disconnect either an incoming or
Number Name Description
outgoing call, sent from the server to a client.

13 CallDisconnectNotify Response to the disconnect request (12); sent


back to the server.
Notification periodically sent to the server of
14 WANErrorNotify CRC, framing, hardware and buffer overruns,
timeout and byte alignment errors.

15 SetLinkInfo Notification of changes in the underlying PPP


options.

With control messages, PPTP utlizes a so-called magic cookie . The PPTP magic
cookie is hardwired to the hexadecimal number 0x1A2B3C4D. The purpose of this
cookie is to ensure the receiver interprets the incoming data on the correct byte
boundaries.

PPTP Security
PPTP supports authentication , encryption , and packet filtering . PPTP authentication
uses PPP-based protocols like EAP, CHAP, and PAP. PPTP supports packet filtering on
VPN servers. Intermediate routers and other firewalls can also be configured to
selectively filter PPTP traffic.

PPTP and PPP

In general, PPTP relies on the functionality of PPP for these aspects of virtual private
networking.

• authenticating users and maintaining the remote dial-up connection


• encapsulating and encrypting IP, IPX, or NetBEUI packets

PPTP directly handles maintaining the VPN tunnel and transmitting data through the
tunnel. PPTP also supports some additional security features for VPN data beyond what
PPP provides.

PPTP Pros and Cons

PPTP remains a popular choice for VPNs thanks to Microsoft. PPTP clients are freely
available in all popular versions of Microsoft Windows. Windows servers also can
function as PPTP-based VPN servers.

One drawback of PPTP is its failure to choose a single standard for authentication and
encryption. Two products that both fully comply with the PPTP specification may be
totally incompatible with each other if they encrypt data differently, for example.
Concerns also persist over the questionable level of security PPTP provides compared
to alternative
Virtual private network

Definition: A VPN utilizes public telecommunications networks to conduct private data


communications. Most VPN implementations use the Internet as the public infrastructure
and a variety of specialized protocols to support private communications through the
Internet.

VPN follows a client and server approach. VPN clients authenticate users, encrypt data,
and otherwise manage sessions with VPN servers utilizing a technique called tunneling .

VPN clients and VPN servers are typically used in these three scenarios:

1. to support remote access to an intranet ,


2. to support connections between multiple intranets within the same
organization, and
3. to join networks between two organizations, forming an extranet.

The main benefit of a VPN is the lower cost needed to support this technology compared
to alternatives like traditional leased lines or remote access servers.

VPN users typically interact with simple graphical client programs. These applications
support creating tunnels, setting configuration parameters, and connecting to and
disconnecting from the VPN server. VPN solutions utilize several different network
protocols including PPTP, L2TP, IPsec, and SOCKS.

VPN servers can also connect directly to other VPN servers. A VPN server-to-server
connection extends the intranet or extranet to span multiple networks.

Many vendors have developed VPN hardware and software products. Some of these do
not interoperate due to the immaturity of some VPN standards.

Also Known As: virtual private network

Question: What Are the Key VPN Security Technologies?


Virtual private networks (VPNs) are generally considered to have very strong protection
for data communications. What are the key VPN security technologies?
Answer: So-called secure VPNs provide both network authentication and encryption .
Secure VPNs are most commonly implemented using IPsec or SSL .

Using IPsec for VPN Security

IPsec has been the traditional choice for implementing VPN security on corporate
networks. Enterprise-class network appliances from companies like Cisco and Juniper
implement the essential VPN server functions in hardware. Corresponding VPN client
software is then used to log on to the network. IPsec operates at the layer 3 (the
Network layer) of the OSI model.

Using SSL for VPN Security


SSL VPNs are an alternative to IPsec that rely on a Web browser instead of custom
VPN clients to log on to the private network. By utilizing the SSL network protocols built
into standard Web browsers and Web servers, SSL VPNs are intended to be cheaper to
set up and maintain than IPsec VPNs. Additionally, SSL operates at a higher level than
IPsec, giving administrators more options to control access to network resources.
However, configuring SSL VPNs to interface with resources not normally accessed from
a Web browser can be difficult.

Wi-Fi vs VPN Security

Some organizations use an IPsec (or sometimes SSL) VPN to protect a Wi-Fi local area
network. In fact, Wi-Fi security protocols like WPA2 and WPA-AES are designed to
support the necessary authentication and encryption without the need for any VPN
support.

IPsec

Definition: IPsec is a technology standard for implementing security features in Internet


Protocol (IP) networking. IPsec network protocols support encryption and authentication.
IPsec is most commonly used in so-called "tunnel mode" with a Virtual Private Network
(VPN) . However, IPsec also supports a "transport mode" for direct connection between
two computers.

Technically, IPsec functions at the network layer (Layer 3) of the OSI model . IPsec is
supported in Microsoft Windows (Win2000 and newer versions) as well as most forms of
Linux / Unix.

Network performance tools

netpipe-tcp

Definition: netpipe-tcp : A network performance tool using the TCP protocol NetPIPE is
a protocol independent performance tool that encapsulates the best of ttcp and netperf and
visually represents the network performance under a variety of conditions. By taking the
end-to-end application view of a network, NetPIPE clearly shows the overhead associated
with different protocol layers. NetPIPE answers such questions as: how soon will a given
data block of size k arrive at its destination? Which network and protocol will transmit
size k blocks the fastest? What is a given network's effective maximum throughput and
saturation level? Does there exist a block size k for which the throughput is maximized?
How much communication overhead is due to the network communication protocol layer
(s)? How quickly will a small (( 1 kbyte) control message arrive, and which network and
protocol are best for this purpose? This package uses a raw TCP protocol to measure
network performance.
Computer Glossary
Packet filters: security method that filter by IP address; not adequate security for a
network

Packets: data structures that collectively represent the transmission stream (headers and
data); associated with the network layer when the communication protocol is connection-
oriented

PAD (packet assembler/disassembler): assembles X25 packets on the sending end for
transmission over the X25 PSDN, or disassembles X25 packets on the receiving end for
onward transmission to the local network

Parallel port: port where the bits travel down parallel paths, arriving one byte at a time;
can supply more bytes of data per unit time

Passive hubs: used in a LAN environment; special form of repeater that allow multiple
devices to be wired into a central location and share the same media; do not regenerate
(repeat) the signal

Path layer: layer of the OSI physical layer that is responsible for reliable end-to-end
transport and payload delivery, including automatic recovery from failure points

PBX (private branch exchange): a telephone exchange that serves a particular business
or office

PC (personal computer): a microcomputer whose price, size, and capabilities make it


useful for individuals

PCI (peripheral component interconnect): a computer bus for attaching peripheral


devices to a computer motherboard

PCM (pulse code modulation): process for converting from analog to digital

PDA (personal digital assistant): hand-held computer with a touch screen

PDU (protocol data unit): information that is delivered as a unit among peer entities of
a network; in layered systems, a unit of data that is specified in a protocol of a given layer

Phase: where in the wave cycle the wave currently is; measured in degrees

Peer-to-peer networks: network in which each computer is capable of functioning as a


client and a server; users on the network can freely share resources on their computer or
access shared resources on other computers
Photonic layer: layer of the OSI physical layer that specifies fiber cable with optical
light sources and receivers

Physical segmentation devices: divide collision domains to improve network


performance

Ping: sonar concept implemented with the Echo Request and Echo Reply application;
basic connectivity test between two TCP/IP network devices

POP (Post Office Protocol): how clients access their mailboxes on the messaging
server; usually done in its third version, POP3

POPs (points of presence): an artificial demarcation point or interface point between


communications entities

POST (power-on self-test): the pre-boot sequence for a computer, router, or printer

POTS (plain old telephone service): standard telephone service, the basic form of
residential and small business telephone service

PRI (primary rate interface): an integrated services digital network (ISDN)


configuration, usually intended for large users (see also BRI)

Process and application layer: Part of the TCP/IP model that performs the same
functions as the application, presentation, and session layers of the OSI model

Processor: brain of the computer system where calculations and decisions are made; also
referred to as the CPU

Processor memory: referred to as the L1 (level 1), an interface between the processor
and the cache

Protocol: set of rules used to control the exchange of information that is understood by
the transmitter and receivers

Proxy server: sits between the network router and the Internet; talks to the Internet on
behalf of a network’s resources, allowing real network addresses to be hidden

PSDN (packet-switched data network): a publicly available network supporting


packet-switched data, separate from PSTN

PSTN (public switched telephone network): the network of the world’s public circuit-
switched telephone networks; in much the same way the Internet is the network of the
worlds’ public IP-based packet switched networks
PU (physical unit): a value or magnitude conventionally adopted as a unit or standard of
physical measurements (e.g., length, mass, and time); identifies a network node that
supports communication sessions between logical units (LU) which represent end users
in IBM's SNA

Pure play: newly developed business built on advantages afforded by e-commerce

PVCs (permanent virtual circuits): use a real, shared circuit in the service provider’s
backbone

QoS (quality of service): the capability of a network to provide better service to selected
network traffic over various technologies

RAM (random access memory): chips capable of storing and later dumping data in
preparation for other uses

RARP (reverse address resolution protocol): protocol used to resolve an IP address


from a given hardware address (e.g., an Ethernet address)

RAS (remote access service): allows users to access the network through dial-up modem
connections

Receiver: destination of the message or data

Recovery routine: enables a computer to resume operation after encountering a problem,


such as a power outage or program error

Remote login: allows a user at one computer to interact with another, as if the user’s
computer is directly attached to the remote computer

Removable storage: a way to store information on disks that can be removed and used
on different systems; most removable drives (also known as floppy drives) use a hard 3.5
inch disk

Repeaters: regenerate and reshape digital pulses and allow a signal to be transmitted
further than a single circuit can achieve

RIP (routing information protocol): used by routers connecting LANs to exchange


routing table information to determine the best path through the network at any point in
time

ROM (read-only memory): chips that store data that needs to be maintained constantly

Routers: basic piece of network hardware necessary to connect one network to another;
makes decisions about packet forwarding based on IP address information in the packet;
directs traffic between network segments
RTMP (routing table maintenance protocol): a communication protocol used by
AppleTalk to ensure that all routers on the network have consistent routing information

SAPs (service access points): represent internal software addresses in the sending or
receiving computer

SAR (segmentation and reassembly): the process used to fragment and rebuild packets
that allows them to be transported across asynchronous transfer mode (ATM)

SDH (synchronous digital hierarchy): international counterpart of SONET

SDRAM (synchronous dynamic random access memory): version of DRAM that


allows for increased speed

SEAL (simple and efficient AAL): method of relaying ATM (asynchronous transfer
mode) cells between ATM Layer and a higher layer

Section layer: layer of the OSI physical layer that creates frames, monitors the
conditions of the transmission between the SONET equipment, and converts optical
signals to and from electrical signals

Security routines: protect data and applications from unauthorized use, execution, or
change

Semaphores: messages sent when a file is opened that prevent other users from opening
the same file at the same time and compromising the integrity of the data

Serial port: handles data one bit at a time traveling sequentially across a single line from
one device to the next

Server: a computer that provides services to the other workstations

Simplex transmission: the information always flows from the transmitter to one or more
receivers with no provision for a return signal; like radio and TV broadcasts

SMLI (stateful multi-layer inspection): similar to application gateways; however, no


proxy is used between the network and the Internet

SMLIS (stateful multilayer inspection servers): sophisticated firewalls that inspect


each frame for suspicious communications

SMTP (simple mail transfer protocol): electronic mail service that allows a user to
send or receive messages

SNA (systems network architecture): IBM’s mainframe network standards


SNMP (simple network management protocol): application layer protocol in the
TCP/IP family; provides remote network management capabilities to a network
administrator; implemented with centralized management stations that collect network
information from agents throughout the network; can also send commands to the agents
to alter the configuration or status of remote devices

SOCKS (an abbreviation of SOCKetS): protocol for handling TCP though a proxy
server; library of software added to an individual application for secure communication
through the firewall

SOCKS servers: specialized servers for prearranged communications through a firewall

TDM (time-division multiplexing): used in the T1 frame format; different channels are
multiplexed by being assigned their own individual time slots

Threads: individual processes within a single application

Three-layer Network Model: shows network communications as a set of three


conversations

Transmitter: source that generates the message or data

Transport layer: layer that is responsible for delivering information in sequence and to
the correct end-user

Trap: SNMP protocol function used by the agent in a managed device to report
important events or alarms

Topology: the physical (how the wires are laid out) and/or logical (how the wires work)
arrangement of the devices on the network

UART (universal asynchronous receiver/transmitter): a computer component that


handles asynchronous serial communication; pronounced U-art

UDP (user datagram protocol): connectionless, unreliable protocol that exchanges


datagrams without acknowledgments or guaranteed delivery; requires error processing
and retransmission by other protocols

USB (universal serial bus) port: designed to replace the RS-232 connection with one
that can handle up to 127 devices; comes in 15 Mbps or 12 Mbps speed

USENET (USEr NETwork): Internet service that enables open forum discussions with
people all over the world through newsgroups

User interface: how you interact with the computer


Utility routines: diagnostic, tracing, monitoring, and resource housekeeping functions

UTP (unshielded twisted-pair): the most common cable used in computer networking

VBR (variable bit rate): transmissions that are not time sensitive - the receiving
computer can reconstruct the information regardless of how quickly or in what order the
parts are received; also called “bursty” transmission

VCI (virtual channel identifier): identifies the virtual channel between ATM switch
nodes

VoIP (Voice over Internet Protocol): routing of voice conversations over the Internet or
through any other IP-based network; also called telephone, broadband phone

Volatile memory: chips that lose whatever information they are holding if power is
interrupted

VPI (virtual path identifier): traces the virtual path, from endpoint-to-endpoint, through
the ATM network

WDM (wavelength-division multiplexing): when two or more different wavelengths of


light each carrying information are multiplexed together on a fiber link, and
demultiplexed at the receiving end to recapture the individual information carried by each
wavelength used

WAN (wide area network): geographically dispersed network of computers

WC3 (World Wide Web Consortium): user and developer forum dedicated to
developing interoperable Web technologies (specifications, guidelines, software, and
tools)

Wi-Fi: describes the underlying technology of wireless local area networks (WLAN)
based on IEEE specifications; originally developed for mobile computing devices in
LANs, but is now used for more services, including Internet and VoIP phone access

Wireless: telecommunications in which electromagnetic waves (rather than some form of


wire) carry the signal over part or all of the communication path

Word size: number of bits that a processor can manipulate at a time

WPAN (wireless personal area networks): wireless network for interconnecting


devices centered around an individual person's workspace; typically limited to a 10 meter
range
WLAN (wireless local area network): computer network used for wireless
communications among computer devices (including telephones and PDAs); also known
as LAWN (local area wireless network)

WWW (World Wide Web): server-based application that organizes information using
hypermedia

xDSL (digital subscriber line): technologies that provide digital data transmission over
the wires of a local telephone network

XML (extensible markup language): W3C (World Wide Web consortium)-


recommended general-purpose markup language that supports a wide variety of
applications

You might also like