Docstoc

Glossary of Terms

Document Sample
Glossary of Terms Powered By Docstoc
					                                Control Systems
                Procurement & Maintenance Specifications Terms List

                              SCADA Procurement Project
                          Procurement Specifications Terms List
  The list of terms is critical to ensure there is a common understanding in developing procurement language. The
 objective was to provide definitions that are clear, concise and applicable to the procurement effort. This common
                   terms document will be a living document and can grow and change over time.


ACL (Access Control List) — An access control list is a concept in computer security,
used to enforce privilege separation. It is a means of enforcing the appropriate access rights to a
given object given certain aspects of the user process that is requesting them, principally the
process's user identity. On a router an access list specifies which addresses are allowed to access
services. Access lists can be used to control both inbound and outbound traffic on a router.

Active Directory — Active Directory is an implementation of LDAP directory services by
Microsoft for use in Windows environments. Active Directory allows administrators to assign
enterprise-wide policies, deploy programs to many computers, and apply critical updates to an
entire organization. An Active Directory stores information and settings relating to an
organization in a central, organized, accessible database. Active Directory networks can vary
from a small installation with a few hundred objects, to a large installation with millions of
objects.

AES — AES is the Advanced Encryption Standard (AES) that is a block cipher adopted as an
encryption standard by the US government. It is expected to be used worldwide and analyzed
extensively, as was the case with its predecessor, the Data Encryption Standard (DES). AES was
adopted by National Institute of Standards and Technology (NIST) as US FIPS PUB 197 in
November 2001.

AP (Access Point) — A wireless access point (WAP or AP) is a device that "connects"
wireless communication devices together to create a wireless network. The WAP is usually
connected to a wired network, and can relay data between devices on each side.

API (Application Programming Interface) — APIs are a set of definitions of the
ways in which one piece of computer software communicates with another. It is a method of
achieving abstraction, usually (but not necessarily) between lower-level and higher-level
software.

Asynchronous Transfer Mode (ATM) — ATM is a cell relay network protocol
which encodes data traffic into small fixed-sized (53 byte; 48 bytes of data and 5 bytes of header
information) cells instead of variable sized packets as in packet-switched networks (such as the
Internet Protocol or Ethernet). It is a connection-oriented technology, in which a connection is
established between the two endpoints before the actual data exchange begins.




3/1/2010                                                                                    Page 1 of 13
                              Control Systems
              Procurement & Maintenance Specifications Terms List

Authentication — Authentication is the process of verifying an identity claimed by or for a
system entity. Also, any security measure designed to establish the validity of a transmission,
message, or originator, or a means of verifying and individual’s eligibility to receive specific
categories of information [http://www.its.bldrdoc.gov/fs-1037/]. As perceived by a computer
user, authentication is generally associated with a password and/or token(s) entered into a host
system for the purpose of gaining access to computer application(s). As examples of user
authentication to a host computer, the authentication mechanism might be a password or string of
characters provided by the user at a prompt (something you know), and/or a token (something
you have), and/or a fingerprint (something you are).

Authorization — Authorization is a right or a permission that is granted to a system entity to
access a system resource.

BPL (Broadband over Power Lines) — Also known as Power Line Communications
(PLC), can transmit data at up to 200Mbps by utilizing normal electrical power lines. Users of
the service would plug their broadband modem into a normal power receptacle.

CHAP — The Challenge-Handshake Authentication Protocol (CHAP) authenticates a user to
an Internet access provider. RFC 1994: PPP Challenge Handshake Authentication Protocol
(CHAP) defines the protocol.


Cleartext — Data in which the semantic information content (i.e., the meaning) is intelligible
or is directly available as opposed to ciphertext which is encrypted.

Client — A Client is any computer whose identification and authorization privileges for
network connection are hosted by a server. An HMI interface (e.g., at operator desks in a
Control Room) is an example of a client computer configuration.

Common Criteria (CC) — ISO/IEC 15408, a standard for evaluating information
technology products and systems, such as operating systems, computer networks, distributed
systems, and applications. It states requirements for security functions and for assurance
measures, which
     addresses data confidentiality, data integrity, and availability,
     focuses on threats to information arising from human activities, malicious or otherwise,
     applies to security measures implemented in hardware, firmware, or software

Configuration Management — The term configuration management has the following
meanings:
    The management of features and assurances (including security) through control of
      changes made to hardware, software, firmware, documentation, test, test fixtures and test
      documentation of an automated information system, throughout the development and
      operational life of a system. Source Code Management or revision control is part of this.


3/1/2010                                                                     Page 2 of 13
                              Control Systems
              Procurement & Maintenance Specifications Terms List

      The control of changes made to the hardware, software, firmware, and documentation
       throughout the system lifecycle.

Control System — An interconnection of components (computers, sensors, actuators,
communication pathways, etc.) connected or related in such a manner as to command, direct, or
regulate itself or another system (e.g., chemical process plant equipment/system, oil refinery
equipment/systems, electric generation/distribution equipment/systems, water/waste water
systems, manufacturing control systems, etc.).

Data Acquisition — The sampling of the real world to acquire data that can be recorded
and/or manipulated by a computer. Sometimes abbreviated DAQ, data acquisition typically
involves acquisition of signals and waveforms and processing the signals to obtain desired
information.

Database Server — A server hosting a database system (usually an RDBMS) typically used
as a historian and/or business link to the process control environment.

Data Logger — A data logger is an electronic instrument that records digital or analog
measurements over time.

DCS (Distributed Control System) — Distributed control systems are used in
industrial and civil engineering applications to monitor and control distributed equipment with
remote human intervention.

DES — The Data Encryption Standard (DES) is a cipher (a method for encrypting
information) selected as an official Federal Information Processing Standard (FIPS) for the
United States in 1976, and which has subsequently enjoyed widespread use internationally. It is
being replaced by AES.

DNP3 (Distributed Network Protocol) — DNP3 is an open, standards-based
communication protocol commonly used in the utility industry. DNP3 provides multiplexing,
data fragmentation, error checking, link control, prioritization, and layer 2 addressing services
for user data.

DoS (Denial of Service) — An attack on a computer system or network that causes a loss
of service to users, typically the loss of network connectivity and services by consuming the
bandwidth of the victim network or overloading the computational resources of the victim
system. A DDoS (Distributed Denial of Service) attack consists of hundreds or thousands of
globally distributed sources.

Direct-sequence spread spectrum (DSSS) — In telecommunications, direct-
sequence spread spectrum is a modulation technique where the transmitted signal takes up



3/1/2010                                                                       Page 3 of 13
                              Control Systems
              Procurement & Maintenance Specifications Terms List
more bandwidth than the information signal that is being modulated, which is the reason that it is
called spread spectrum.

Discretionary Access Control (DAC) — Discretionary access control defines basic
access control policies to objects in a file system. Generally, these are done at the discretion of
the object owner -- file/directory permissions and user/group ownership.

Demilitarized Zone (DMZ) — Isolation zone between a protected control network (CN)
and external users, such that all production traffic ―flowing‖ between the CN and those external
users actually flows through an access control device, such as a firewall.

DSL — Digital Subscriber Line (also, ADSL, RDSL) is the typical technology used for
delivering broadband communications over copper circuits. Widely used for home and small
office broadband connection.

EAP — Extensible Authentication Protocol, or EAP (pronounced "eep"), is a universal
authentication mechanism, frequently used in wireless networks and Point-to-Point connections.
Although the EAP protocol is not limited to wireless LAN networks and can be used for wired
LAN authentication, it is most often used in wireless LAN networks. The WPA and WPA2
standard has officially adopted five EAP types as its official authentication mechanisms.

Embedded System/OS — A special-purpose computer controlled electro-mechanical
system in which the computer is completely encapsulated by the device it controls. An embedded
system has specific requirements and performs pre-defined tasks, unlike a general-purpose
personal computer.

Encryption — In cryptography, encryption is the process of obscuring information to make
it unreadable without special knowledge.

Ethernet — Ethernet is a frame-based computer networking technology for local area
networks (LANs). It defines wiring and signaling for the physical layer, and frame formats and
protocols for the media access control (MAC)/data link layer of the OSI model. Ethernet is
mostly standardized as IEEE 802.3.

Factory Acceptance Test — A test conducted at the vendor premise usually by a third-
party to ensure operability of a system according to specifications.

Front End Processor (FEP) — A computer which handles communications processing
for a larger computer. Data collection systems may include a front end processor which accepts
data from instruments and partially processes it before transfer to a larger computer.




3/1/2010                                                                        Page 4 of 13
                              Control Systems
              Procurement & Maintenance Specifications Terms List

Frequency-hopping spread spectrum (FHSS) — Frequency-hopping spread
spectrum (FHSS) is a spread-spectrum method of transmitting radio signals by rapidly
switching a carrier among many frequency channels, using a pseudorandom sequence known to
both transmitter and receiver.

FIELDBUS — Fieldbus control system is a form of decentralized control which links
PLC's via a Controller Area Network (CAN) to control the manufacturing processes at the
workshop-floor level. Such systems include Profibus, Netbus, LonWorks, Industrial Ethernet
and many others.

Firewall — Firewall is hardware and/or software which functions in a networked environment
to prevent some communications forbidden by the security policy. It has the basic task of
controlling traffic between different zones of trust. Typical zones of trust include the Internet (a
zone with no trust) and an internal network (a zone with higher trust).

FTP (File Transfer Protocol) — The File Transfer Protocol is a software standard for
transferring computer files between machines. It belongs to the application layer of the TCP/IP
protocol suite. Since FTP is non-secure it is being replaced by sftp - Secure File Transfer
Protocol.

Gateway — Gateway in a communications network is a network node equipped for
interfacing with another network that uses different protocols.

GPRS — GPRS is the General Packet Radio Service a standard for digital overlay on the GSM
digital cellular system. It allows high speed digital and IP connections to be established using
existing GSM voice infrastructure and is generally used to provide IP connectivity to RTUs.

GSM — GSM is Global System for Mobile communications. It is the most common digital
cellular system. GSM can be used for both voice and data applications. It is also used to provide
serial communications to RTUs.

Hardened System/OS — Hardened hardware and/or software that has been modified with
high security and hardening features, packages and enhanced toolkits, kernel patches and other
cryptography and security related enhancements.

HMI (Human-Machine Interface) — A term that refers to the "layer" that separates a
human that is operating a machine from the machine itself. One example of a HMI is the
computer hardware and software that enables a single operator to monitor and control large
machinery remotely.




3/1/2010                                                                        Page 5 of 13
                              Control Systems
              Procurement & Maintenance Specifications Terms List

Host-based intrusion detection system (HIDS) — HIDS is an application that
detects possible malicious activity on a host from characteristics such as change of files (file
system integrity checker), operating system call profiles, etc.


Hyper-text Transfer Protocol (HTTP) — HTTP is a request/response protocol
between clients and servers. The originating client, such as a web browser, spider, or other end-
user tool, is referred to as the user agent. The destination server, which stores or creates
resources such as HTML files and images, is called the origin server.

ICMP — Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet
protocol suite. It is chiefly used by networked computers' operating systems to test other systems
and return error messages—indicating, for instance, that a requested service is not available or
that a host or router could not be reached.

IDS (Intrusion Detection System) — An IDS is software or an appliance used to
detect unauthorized access or malicious or abnormal operation to a computer system or network.
IDS systems that operate on a host to detect malicious activity are called host-based IDS systems
or HIDS, and IDS systems that operate on network data flows are called network-based IDS
systems or NIDS.

IEC — International Electrotechnical Commission, is a European standards body which has
developed IEC60870-5 series of SCADA protocols. IEC is now working on IEC-62351 a secure
protocol envelope for DNP3 and IEC60870-5.

IED (Intelligent Electronic Device) — A device on the network that contains an
embedded system (an embedded system is a special-purpose computer system, which is
completely encapsulated by the device it controls).

Inter-Control Center Communications Protocol (ICCP) — A standard real-
time network protocol for data exchange over wide area networks. ICCP is the most common
communications protocol between RTO/ISO and control centers (aka, Telecontrol Application
Service Element.2 (TASE.2)).

IP (Internet Protocol) — A data-oriented protocol used by source and destination hosts
for communicating data across a packet-switched internetwork. Data in an IP internetwork are
sent in blocks referred to as packets or datagrams (the terms are basically synonymous in IP).

IPS (Intrusion Prevention System) — Any hardware and/or software system that
proactively exercises access control to protect computers from exploitation. "Intrusion
prevention" technology is considered by some to be an extension of intrusion detection (IDS)




3/1/2010                                                                        Page 6 of 13
                              Control Systems
              Procurement & Maintenance Specifications Terms List
technology, but it is actually another form of access control, like an application layer firewall,
that uses knowledge of malicious behavior.

IPSec — IPsec is a set of cryptographic protocols for securing packet flows and key exchange.
Of the former, there are two: Encapsulating Security Payload (ESP) provides authentication, data
confidentiality and message integrity; Authentication Header (AH) provides authentication and
message integrity, but does not offer confidentiality. Originally AH was only used for integrity
and ESP was used only for encryption; authentication functionality was added subsequently to
ESP.

IPv6 (Internet Protocol version 6) — IPv6 is version 6 of the Internet Protocol; IPv6
is intended to replace the current standard, IPv4.

ISO (International Organization for Standardization) — The International
Organization for Standardization, also known as ISO, is global network of the national
standards bodies of 156 countries dedicated to technical standards development.

L2TP — The Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support
virtual private networks (VPNs). L2TP can be described as "PPP over IP" with additional
features.


LAN (Local Area Network) — A LAN is a computer network that spans a relatively
small area. Most LANs are confined to a single building or group of buildings (campus).

LDAP — The Lightweight Directory Access Protocol, or LDAP, is a networking protocol for
querying and modifying directory services running over TCP/IP. An LDAP directory usually
follows the X.500 model: It is a tree of entries, each of which consists of a set of named
attributes with values.


LINUX — LINUX is a computer operating system. It is among the most famous examples of
free software and of open-source development.

MAC (Media Access Control) Address — A media access control address (MAC
address) is a unique identifier attached to most forms of networking equipment. It is used at
layer 2 of the OSI protocol. Most layer 2 network protocols use one of three numbering spaces
managed by the IEEE: MAC-48, EUI-48, and EUI-64, which are designed to be globally
unique.

Malware — Malware is malicious software designed to infiltrate or damage a computer
system, without the owner's consent. Malware is commonly taken to include computer viruses,
worms, Trojan horses, rootkits, spyware and adware.



3/1/2010                                                                        Page 7 of 13
                               Control Systems
               Procurement & Maintenance Specifications Terms List

MODEM — A modem is a device that modulates an analog carrier signal (sound), to encode
digital information, and that also demodulates such a carrier signal to decode the transmitted
information.

NAT — NAT is the process of network address translation and involves re-writing the
source and/or destination address of IP packets as they pass through a router or firewall. NAT is
used to enable multiple hosts on a private network to access the Internet using a single public IP
address.

Network-based intrusion detection system (NIDS) — Application that reads all
packets, not just those sent to it, from a network and detects potentially malicious packets based
on rules or algorithms.

Network Topology — Network topology is the network structure (logical and/or physical)
that may be represented as a collection of nodes, some of which are connected by links. Bus
topology: A bus network is such that there is a single line (the bus) to which all nodes are
connected and the nodes connect only to this bus. Mesh topology: A network topology in which
there are at least two nodes with two or more paths between them. Ring topology: A network
topology in which every node has exactly two branches connected to it. Star topology: A
network topology in which peripheral nodes are connected to a central node only when using a
hub. The more commonly used switch does not rebroadcast to all nodes, including the
originating node. Tree topology: A network topology in which the nodes are arranged as a tree.
A hybrid topology is a combination of any two or more network topologies in such a way that
the resulting network does not have one of the standard forms.

Network File System (NFS) — NFS is a file system which allows a computer to access
files over a network as easily as if they were on its local disks.

NIDS — Network Intrusion Detection System is a hardware tool which monitors IP traffic on
a network segment (or segments) to detect unauthorized access to a computer system or network.

OPC (Open Connectivity via Open Standards) — OPC is open connectivity in
industrial automation and the enterprise systems that support industry. Interoperability is assured
through the creation and maintenance of open standards specifications. OPC has been termed
―OLE for Process Control‖.

Open Systems Interconnection Reference Model (OSI) — The Open Systems
Interconnection Reference Model is a layered abstract description for communications and
computer network protocol design, developed as part of the Open Systems Interconnect
initiative. It is also called the OSI seven layer model as follows: Physical layer Layer 1; Data
link layer Layer 2; Network layer Layer 3; Transport layer Layer 4; Session layer Layer 5;
Presentation layer Layer 6; Application layer Layer 7.



3/1/2010                                                                       Page 8 of 13
                              Control Systems
              Procurement & Maintenance Specifications Terms List

Patch — A fix for a software program where the actual binary executable and related files are
modified.

PCI Express — PCI Express is an implementation of the PCI computer bus that uses existing
PCI programming concepts and communications standards, but bases it on a much faster serial
communications system.

PCS (Process Control System) — A generic term applied to the hardware, firmware,
communications, and software used to enable automation of the physical systems.

PEAP — Protected Extensible Authentication Protocol, Protected EAP, or simply PEAP
(pronounced "peep"), is a method to securely transmit authentication information, including
passwords, over wireless networks. It was jointly developed by Microsoft, RSA Security and
Cisco Systems. It is an IETF open standard.


PID (Proportional-Integral-Derivative controller) — A standard feedback loop
component in industrial control applications. It measures an "output" of a process and controls
an "input", with a goal of maintaining the output at a target value, which is called the "setpoint".

PLC (Programmable Logic Controller) — A small computer used for automation
of real-world processes, such as control of machinery on factory assembly lines.

Port — Hardware Port:     A hardware port is an outlet on a piece of equipment into which a
plug or cable connects. Network port: A network port is an interface for communicating with
a computer program over a network. I/O or machine port - port-mapped I/O: Nearly all
processor families use the same assembly instructions for both memory access and hardware I/O.
Software port: Software is sometimes written for specific processors, operating systems, or
programming interfaces. A software port is software that has been changed to work on another
system.

PPP — The Point-to-Point Protocol, or PPP, is commonly used to establish a direct connection
between two nodes. It can connect computers using serial cable, phone line, trunk line, cellular
telephone, specialized radio links, or fiber optic links. Most internet service providers use PPP
for dial-up access to the Internet.


Process Control — An engineering discipline that deals with architectures, mechanisms,
and algorithms for controlling the output of a specific process. For example, heating up the
temperature in a room is a process that has the specific, desired outcome to reach and maintain a
defined temperature (e.g. 20°C), kept constant over time. Here, the temperature is the controlled
variable. At the same time, it is the input variable since it is measured by a thermometer and
used to decide whether to heat or not to heat. The desired temperature (20°C) is the set point.



3/1/2010                                                                        Page 9 of 13
                               Control Systems
               Procurement & Maintenance Specifications Terms List
The state of the heater (e.g., the setting of the valve allowing hot water to circulate through it) is
called the manipulated variable since it is subject to control actions.

PROFIBUS (Process Field Bus) — PROFIBUS is the most popular type of fieldbus
for factory and industrial automation with worldwide more than 10 million nodes (2004) in use.

Proxy Server — Computer process – often used as, or as part of, a firewall – that relays a
protocol between client and server computer systems, by appearing to the client to be the server
and appearing to the server to be the client.

PSTN (Public Switched Telephone Network) — The public telephone system in
the United States used for voice and data communications.

Public Key Infrastructure (PKI) — In cryptography, a public key infrastructure (PKI)
is an arrangement using digital certificates which provides for third-party vetting of, and
vouching for, user identities.

QoS (Quality of Service) — In packet-switched networks QoS refers to the probability
of the network meeting a given traffic contract, or in many cases is used informally to refer the
probability of a packet passing between two points in the network.

RADIUS — Remote Authentication Dial-In User Service is an authentication, authorization
and accounting protocol for applications such as network access or IP mobility. It is intended to
work in both local and roaming situations. The RADIUS server checks that the information is
correct using authentication schemes like PAP, CHAP or EAP.

RBAC (Role Based Access Control) — An approach to restricting system access to
authorized users. It is a newer and alternative approach to Mandatory Access Control (MAC) and
Discretionary Access Control (DAC).

Rootkits — Rootkits are sets of programs which are introduced into a computer system
without permission of the computer operator to obtain privileged access which would allow
control of the computer, usually with capabilities to avoid detection.

Router — A router is a computer networking device that forwards data packets toward their
destinations between disparate networks through a process known as routing. Routing occurs at
layer 3 of the OSI seven-layer model. Routers can implement other functions and the

RTU (Remote Terminal Unit) — An RTU, or Remote Terminal Unit is a device
which interfaces objects in the physical world to a DCS or SCADA system by transmitting
telemetry data to the system and/or altering the state of connected objects based on control
messages received from the system.



3/1/2010                                                                        Page 10 of 13
                               Control Systems
               Procurement & Maintenance Specifications Terms List


SCADA (Supervisory Control and Data Acquisition) — A SCADA computer
system is developed for gathering and analyzing real time data. SCADA systems are used to
monitor and control a plant or equipment in industries such as telecommunications, water and
waste control, energy, oil and gas refining and transportation.

Serial Communications — Serial communications is the process of sending data one bit
at one time, sequentially, over a communications channel or computer bus. Serial
communications is used for all long-haul communications and most computer networks, where
the cost of cable and synchronization difficulties makes parallel communications impractical.
Serial computer busses are becoming more common as improved technology enables them to
transfer data at higher speeds.

Server — A server is a computer or device on a network that manages network resources.         For
example, a file server is a computer and storage device dedicated to storing files, a web server
for access to web content, a DNS server for domain name services, a database server for access
to relational tables, an email server for access to email, etc.

Server Message Block (SMB) — Server Message Block (SMB) is a network protocol
mainly applied to share files, printers, serial ports, and miscellaneous communications between
nodes on a network. It also provides an authenticated Inter-process communication mechanism.

Synchronous optical networking (SONET) — The Synchronous optical
network, commonly known as SONET, is a standard for communicating digital information
using lasers or light emitting diodes (LEDs) over optical fiber as defined by GR-253-CORE from
Telcordia.

SPP-ICS (System Protection Profile – Industrial Control Systems) — A
document developed by the National Institute of Standards and Technology (NIST) that
identifies a starting point for formally stating the security requirements for industrial control
systems in a logical and structured manner.

SSH — Secure Shell Terminal Emulation communications protocol widely used for remote
RTU configuration/ diagnostic.

SSID (Service Set Identifier) — A service set identifier (SSID) is a code attached to
all packets on a wireless network to identify each packet as part of that network.

SSL (Secure Sockets Layer) — Secure Sockets Layer (SSL) and Transport Layer
Security (TLS), its successor, are cryptographic protocols which provide secure
communications over TCP/IP.




3/1/2010                                                                        Page 11 of 13
                              Control Systems
              Procurement & Maintenance Specifications Terms List

Stateful Firewall — A stateful firewall is a firewall that keeps track of the state of network
connections (such as TCP streams) traveling across it. Source packets are entered into the state
table. Response packets are checked against the state table and only those packets constituting a
proper response are allowed through the firewall.

Switch — A network switch is a computer networking device that serves as a connection
point for devices in a network. A switch forwards packets to the appropriate port based on the
packet’s address.

TCP (Transmission Control Protocol) — TCP is one of the main protocols in
TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to
establish a connection and exchange streams of data over many packets. TCP includes
mechanisms and protocols to ensure delivery of the data in the correct sequence from source to
destination.

Telnet — Telenet is a terminal emulation communications protocol widely used for remote
RTU configuration/ diagnostic. Telenet is being replaced by SSH.

Terminal Server — A device used as an interface between Network (IP) communications
and serial communication communications.

TLS (Transport Layer Security) — See SSL.

UDP (User Datagram Protocol) — UDP is a connection-less transport layer protocol
that is currently documented in IETF RFC 768. In the TCP/IP model, UDP provides a very
simple interface between a network layer below and an application layer above. UDP has no
mechanism to ensure delivery of the data in the packets nor can it ensure that delivery of the
packets is in the proper sequence. If desired, this must be performed by the application layer.

Upgrade — Generally an upgrade is a new release of software, hardware and/or firmware
replacing the original components to fix errors and/or vulnerabilities in software and/or provide
additional functionality and/or improve performance.

URL (Uniform Resource Locator) — URL is a standardized address for some
resource (such as a document or image) on the Internet (or elsewhere).


USB (Universal Serial Bus) — Universal Serial Bus (USB) provides a serial bus
standard for connecting devices, usually to a computer, but it also is in use on other devices.

Virus — See Malware.


3/1/2010                                                                      Page 12 of 13
                              Control Systems
              Procurement & Maintenance Specifications Terms List

VLAN (Virtual LAN) — A virtual LAN, commonly known as a VLAN, is a logically
segmented network mapped over physical hardware.

VPN (Virtual Private Network) — A private, encrypted communications network
usually used within a company, or by several different companies or organizations, used for
communicating in a software tunnel over a public network.

VoIP — Voice over Internet Protocol (also called VoIP, IP Telephony, Internet telephony,
and Digital Phone) is the routing of voice conversations over the Internet or any other IP-based
network. The voice data flows over a general-purpose packet-switched network, instead of
traditional dedicated, circuit-switched voice transmission lines.

WEP (Wired Equivalent Privacy) — WEP is part of the IEEE 802.11 standard, and is
a protocol used to secure wireless networks (WiFi).

WiFi (Wireless Fidelity) — Short for wireless fidelity and is meant to be used
generically when referring of any type of 802.11 network, whether 802.11b/a/g dual-band, etc.

WiMax (Worldwide Interoperability of Microwave Access) — WiMax is
the name commonly given to the IEEE 802.16 standard. A wireless protocol designed for
distances as far as 30 miles but more commonly 3 – 5 miles.

WPA — Wi-Fi Protected Access (WPA and WPA2) are wireless standards providing higher
levels of security than WEP. WPA2 is based on IEEE 802.11i and provides government grade
security based on NIST standards and AES encryption.




3/1/2010                                                                    Page 13 of 13