. 13
( 19)


all types of people who interact with IT systems. Because users need training that relates directly
to their use of particular systems, it is necessary to supplement a large organization-wide program
by more system-specific courses.
Step 2. Identify and educate training staff. It is important that trainers have sufficient knowledge
of computer security issues, principles, and techniques. It is also vital that they know how to com-
municate information and ideas effectively.
Step 3. Identify target audiences. Not everyone needs the same degree or type of computer secu-
rity information to perform an assigned job. Security training courses that present only the infor-
mation that is needed by the particular audience and omit irrelevant information have the best
Step 4. Motivate management and employees. Consider using motivational techniques to show
management and employees how their participation in a training course benefits the organization.
Step 5. Administer the courses. Important considerations for administering the course include se-
lecting appropriate training methods, topics, materials, and presentation techniques.
Step 6. Maintain the courses. Stay informed of changes in computer technology and security re-
quirements. Training courses that meet the needs of an organization today can become ineffective
when the organization starts to use a new application or changes its environment, such as the de-
ployment of VoIP.
Step 7. Evaluate the courses. An evaluation seeks to ascertain how much information is retained,
to what extent computer security procedures are being followed, and the general attitude toward
computer security.
Education integrates all the security skills and competencies of the various functional specialties
into a common body of knowledge, adds a multidisciplinary study of concepts, issues, and princi-
ples (technological and social), and strives to produce IT security specialists and professionals ca-
pable of vision and proactive response.
An example of an educational program is a degree program at a college or university. Some people
take a course or several courses to develop or enhance their skills in a particular discipline. This is
training as opposed to education. Many colleges and universities offer certificate programs, in
which a student can take two or more classes in a related discipline and be awarded a certificate
290 CCNA Security Course Booklet, Version 1.0

upon completion. Often, these certificate programs are conducted as a joint effort between schools
and software or hardware vendors. These programs are more characteristic of training than educa-
tion. Those responsible for security training must assess both types of programs and decide which
one better addresses the identified needs.
A successfully implemented security awareness program measurably reduces unauthorized actions
by insiders, increases the effectiveness of existing controls, and helps fight waste, fraud, and abuse
of information systems resources.

9.7.6 Laws and Ethics
For many businesses today, one of the biggest considerations for setting security policies and im-
plementing awareness programs is compliance with the law. Network security professionals must
be familiar with the laws and codes of ethics that are binding on Information Systems Security
(INFOSEC) professionals. Most countries have three types of laws: criminal, civil (also called
tort), and administrative.
Criminal law is concerned with crimes, and its penalties usually involve fines or imprisonment, or
Civil law focuses on correcting situations in which entities have been harmed and an economic
award can help. Imprisonment is not possible in civil law. An example of a civil law case is if one
company sues another company for infringing on a patent. The penalty in civil law is usually mon-
etary, although there can also be performance requirements such as ceasing to infringe on the
Administrative law involves government agencies enforcing regulations. For example, a company
might owe its employees vacation pay. An administrative court could force the company to pay its
employees as well as levy a fine that is payable to the court.
Not all governments accept or classify their laws the same way. This can impede prosecution for
computer and networking crimes that cross international boundaries.
Ethics is a standard that is higher than the law. It is a set of moral principles that govern civil be-
havior. Ethical principles are often the foundation of many of the laws currently in place. These
principles are frequently formalized into codes of ethics. Individuals that violate the code of ethics
can face consequences such as loss of certification, loss of employment, and even prosecution by
criminal or civil court. The information security profession has a number of formalized codes:

International Information Systems Security Certification Consortium, Inc (ISC)2 Code of

Computer Ethics Institute (CEI)

Internet Activities Board (IAB)

Generally Accepted System Security Principles (GASSP)

(ISC)2 Code of Ethics
The (ISC)2 code of ethics consists of the preamble and the ethics canons. The canons are ex-
plained in more detail at the (ISC)2 website.
Code of Ethics Preamble
Chapter 9: Managing a Secure Network 291

Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and
be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this
Code is a condition of certification.
Code of Ethics Canons

Protect society, the commonwealth, and the infrastructure.

Act honorably, honestly, justly, responsibly, and legally.

Provide diligent and competent service to principals.

Advance and protect the profession.

Computer Ethics Institute Code of Ethics
The CEI formalized its code of ethics as the Ten Commandments of Computer Ethics:

Thou shalt not use a computer to harm other people.
Step 1.

Thou shalt not interfere with other people™s computer work.
Step 2.

Thou shalt not snoop around in other people™s computer files.
Step 3.

Thou shalt not use a computer to steal.
Step 4.

Thou shalt not use a computer to bear false witness.
Step 5.

Thou shalt not copy or use proprietary software which is not paid for.
Step 6.

Thou shalt not use other people™s computer resources without authorization or
Step 7.
proper compensation.
Thou shalt not appropriate other people™s intellectual output.
Step 8.

Thou shalt think about the social consequences of the program being written or
Step 9.
the system being designed.
Thou shalt always use a computer in ways that ensure consideration and respect
Step 10.
for fellow humans.
IAB Code of Ethics
The IAB issued a statement that constitutes its code of ethics:
The Internet is a national facility whose utility is largely a consequence of its wide availability and
accessibility. Irresponsible use of this critical resource poses an enormous threat to its continued
availability to the technical community. The U.S. government, sponsors of this system, suffers
when highly disruptive abuses occur. Access to and use of the Internet is a privilege and should be
treated as such by all users of this system. The IAB strongly endorses the view of the Division Ad-
visory Panel of the National Science Foundation Division of Network, Communications Research
and Infrastructure which, in paraphrase, characterized as unethical and unacceptable any activity
which purposely:

Seeks to gain unauthorized access to the resources of the Internet

Disrupts the intended use of the Internet

Wastes resources, such as people, capacity, and computer, through such actions

Destroys the integrity of computer-based information

Compromises the privacy of users

292 CCNA Security Course Booklet, Version 1.0

GASSP Code of Ethics
The GASSP Code of Ethics states that information systems and the security of information sys-
tems should be provided and used in accordance with the Code of Ethical Conduct of information
security professionals. The Code of Ethical Conduct prescribes the relationships of ethics, moral-
ity, and information.
As social norms for using IT systems evolve, the Code of Ethical Conduct will change and infor-
mation security professionals will spread the new concepts throughout their organizations and
products. Safeguards may require an ethical judgment for use or to determine limits or controls.
For example, entrapment is a process for luring someone into performing an illegal or abusive act.
As a security safeguard, a security professional might set up an easy-to-compromise hole in the ac-
cess control system, and then monitor attempts to exploit the hole. This form of entrapment is use-
ful in providing warning that penetration has occurred. It can also provide enough information to
identify the perpetrator. Due to laws, regulations, or ethical standards, it may be unethical to use
data that is collected via entrapment in prosecution, but it may be ethical to use entrapment as a
detection and prevention strategy. One should seek both legal and ethical advice when designing
network security.

9.7.7 Responding to a Security Breach
Laws and codes of ethics are in place to allow organizations and individuals a means of reclaiming
lost assets and preventing crimes. Different countries have different legal standards. In most coun-
tries and courts, to successfully prosecute an individual, it is necessary to establish motive, oppor-
tunity, and means.
Motive answers the question of why a person committed the illegal act. As a crime is investigated,
it is important to start with individuals who might have been motivated to commit the crime. For
example, employees who believe they were wrongly passed over for advancement may be moti-
vated to sell confidential company data to a competitor. Having identified likely suspects, the next
thing to consider is whether the suspects had the opportunity to commit the crime.
Opportunity answers the question of when and where the person committed the crime. For exam-
ple, if it can be established that three of the suspects were all participating in a wedding at the time
of the security breach, they might have been motivated, but they did not have the opportunity be-
cause they were busy doing something else.
Means answers the question of how the person committed the crime. It is pointless to accuse
someone who does not have the knowledge, skills, or access to accomplish the crime.
While establishing motive, opportunity, and means is a standard for finding and prosecuting indi-
viduals of all types of crimes, in computer crimes, it is fairly easy to manipulate and cover up evi-
dence because of the complexity of computer systems, global accessibility via the Internet, and the
knowledge of many attackers. For this reason, it is necessary to have strict protocols in place for
security breaches. These protocols should be outlined in an organizations security policy.
Computer data is virtual data, meaning that there are rarely physical, tangible representations. For
this reason, data can be easily damaged or modified. When working with computer data as part of
a forensics case, the integrity of the data must be maintained if it is to be used as evidence in a
court of law. For example, changing a single bit of data can change a timestamp from August 2,
2001 to August 3, 2001. A perpetrator can easily adjust data to establish a false alibi. Therefore,
strict procedures are required to guarantee the integrity of forensics data recovered as part of an in-
vestigation. Some of the procedures that must be established are proper data collection, data chain
of custody, data storage, and data backups.
Chapter 9: Managing a Secure Network 293

The process of collecting data must be done precisely and quickly. When a security breach occurs,
it is necessary to isolate the infected system immediately. Systems should not be shut down or re-
booted before the memory is dumped to a file because the system flushes the memory every time a
device is powered off. Additionally, a drive image should be taken before working with data on the
hard drive. Multiple copies of the hard drive are usually made after the device is powered down to
establish master copies. These master copies are usually locked up in a safe, and investigators use
working copies for both the prosecution and the defense. Investigators can determine if data tam-
pering has occurred by comparing working copies to the master copy that has been secured and
untouched since the beginning of the investigation.
After data is collected but before equipment is disconnected, it is necessary to photograph the
equipment in place. All evidence must be handled while maintaining a proper chain of custody,
meaning that only those individuals with authorization have access to evidence, and all access is
If security protocols are established and followed, organizations can minimize the loss and dam-
ages resulting from attacks.
294 CCNA Security Course Booklet, Version 1.0

Chapter Summary
Refer to Packet Refer to
Tracer Activity Lab Activity
for this chapter for this chapter

Your Chapter Notes
Chapter 9: Managing a Secure Network 295
296 CCNA Security Course Booklet, Version 1.0

10 Mbps 100BASE-X
10 million bits per second 100-Mbps baseband Fast Ethernet specification
A unit of information transfer rate. Ethernet car- that refers to the 100BASE-FX and 100BASE-
ries 10 Mbps. TX standards for Fast Ethernet over fiber-optic
cabling. Based on the IEEE 802.3 standard.
100-Mbps baseband Fast Ethernet specification
using two strands of multimode fiber-optic cable 100-Mbps Fast Ethernet and Token Ring media
per link. To guarantee proper signal timing, a technology using four pairs of Category 3, 4, or 5
100BASE-FX link cannot exceed 1310 feet (400 UTP cabling. This high-speed transport technol-
m) in length. Based on the IEEE 802.3 standard. ogy, developed by Hewlett-Packard, can be made
to operate on existing 10BASE-T Ethernet net-
100BASE-T works. Based on the IEEE 802.12 standard.
100-Mbps baseband Fast Ethernet specification
using UTP wiring. Like the 10BASE-T technol-
ogy on which it is based, 100BASE-T sends link 10-Mbps baseband Ethernet specification using
pulses over the network segment when no traffic 50-ohm thin coaxial cable. 10BASE2, which is
is present. However, these link pulses contain part of the IEEE 802.3 specification, has a dis-
more information than those used in 10BASE-T. tance limit of 600 feet (185 m) per segment.
Based on the IEEE 802.3 standard.
100BASE-T4 10-Mbps baseband Ethernet specification using
100-Mbps baseband Fast Ethernet specification standard (thick) 50-ohm baseband coaxial cable.
using four pairs of Category 3, 4, or 5 UTP 10BASE5, which is part of the IEEE 802.3 base-
wiring. To guarantee proper signal timing, a band physical layer specification, has a distance
100BASE-T4 segment cannot exceed 325 feet limit of 1640 feet (500 m) per segment.
(100 m) in length. Based on the IEEE 802.3 stan-
10-Mbps baseband Ethernet specification that
100BASE-TX refers to the 10BASE-FB, 10BASE-FL, and
100-Mbps baseband Fast Ethernet specification 10BASE-FP standards for Ethernet over fiber-
using two pairs of either UTP or STP wiring. optic cabling.
The first pair of wires is used to receive data; the
second is used to transmit. To guarantee proper
10-Mbps baseband Ethernet specification using
signal timing, a 100BASE-TX segment cannot
fiber-optic cabling. 10BASE-FB is part of the
exceed 325 feet (100 m) in length. Based on the
IEEE 10BASE-F specification. It is not used to
IEEE 802.3 standard.
connect user stations, but instead provides a syn-
chronous signaling backbone that allows addi-
tional segments and repeaters to be connected to
the network. 10BASE-FB segments can be up to
6560 feet (2000 m) long.
298 CCNA Security Course Booklet, Version 1.0

10BASE-FL 500-CS
10-Mbps baseband Ethernet specification using 500 series communication server
fiber-optic cabling. 10BASE-FL is part of the Cisco multiprotocol communication server that
IEEE 10BASE-F specification and, while able combines the capabilities of a terminal server, a
to interoperate with FOIRL, is designed to re- telecommuting server, a protocol translator, and
place the FOIRL specification. 10BASE-FL an asynchronous router in one unit.
segments can be up to 3280 feet (1000 m) long
if used with FOIRL, and up to 6560 feet (2000
Common transition mechanism to enable a
m) if 10BASE-FL is used exclusively.
smooth integration of IPv4 to IPv6. This mech-
10BASE-FP anism uses the reserved prefix 2002::/16 to
10-Mbps fiber-passive baseband Ethernet speci- allow an IPv4 Internet-connected site to create
fication using fiber-optic cabling. 10BASE-FP and use a /48 IPv6 prefix based on a single
is part of the IEEE 10BASE-F specification. It globally routable or reachable IPv4 address.
organizes a number of computers into a star 6to4 is also known as 6to4 tunneling.
topology without the use of repeaters.
8B/10B local fiber
10BASE-FP segments can be up to 1640 feet
8-byte/10-byte local fiber
(500 m) long.
Fiber channel physical media that supports
10BASE-T speeds up to 149.76 Mbps over multimode
10-Mbps baseband Ethernet specification using fiber.
two pairs of twisted-pair cabling (Category 3,
8-byte/10-byte local fiber
4, or 5): one pair for transmitting data and the
See 8B/10B local fiber.
other for receiving data. 10BASE-T, which is
part of the IEEE 802.3 specification, has a dis- AAA
tance limit of approximately 328 feet (100 m)
Authentication, Authorization, and Accounting
per segment.
AAA is a protocol, specified in RFC 2903 and
several other RFCs, for specifying who can ac-
cess a system or network, how they can access
10-Mbps broadband Ethernet specification
it, and what they did while they were connected.
using broadband coaxial cable. 10Broad36,
which is part of the IEEE 802.3 specification, ABR
has a distance limit of 11810 feet (3600 m) per
1) available bit rate. QOS class defined by the
ATM Forum for ATM networks. ABR is used
for connections that do not require timing rela-
370 block mux channel
tionships between source and destination. ABR
See block multiplexer channel.
provides no guarantees in terms of cell loss or
4B/5B local fiber delay, providing only best-effort service. Traffic
4-byte/5-byte local fiber sources adjust their transmission rate in re-
Fiber channel physical media used for FDDI sponse to information they receive describing
and ATM. Supports speeds of up to 100 Mbps the status of the network and its capability to
over multimode fiber. successfully deliver data. Compare with CBR,
UBR, and VBR.
4-byte/5-byte local fiber 2) area border router. Router located on the bor-
See 4B/5B local fiber. der of one or more OSPF areas that connects
those areas to the backbone network. ABRs are
considered members of both the OSPF back-
bone and the attached areas. They therefore
maintain routing tables describing both the
backbone topology and the topology of the
other areas.
Glossary 299

absorption accounting management
Absorption is the physical phenomenon that oc- One of five categories of network management
curs when radio frequency waves are absorbed defined by ISO for management of OSI net-
by objects such as walls. works. Accounting management subsystems are
responsible for collecting network data relating
Abstract Syntax Notation One to resource usage.
See ASN1.
AC acknowledgment
alternating current Notification sent from one network device to
Electrical current that reverses its direction reg- another to acknowledge that some event (for
ularly and continually. It is the form of electri- example, receipt of a message) has occurred.
cal power found in residential and commercial Compare to NAK.
access card See ACK.
I/O card in the LightStream 2020 ATM switch.
acknowledgment number
Together with their associated line cards, access
cards provide data transfer services for a switch Next expected TCP octet.
using physical interfaces such as OC-3c. A
LightStream 2020 switch can have up to 10 ac-
Access Control List
cess cards.
List kept by Cisco routers to control access to
Access card is also known as a paddle card.
or from the router for a number of services (for
access control list example, to prevent packets with a certain IP
List kept by Cisco routers to control access to address from leaving a particular interface on
or from the router for a number of services (for the router).
example, to prevent packets with a certain IP
address from leaving a particular interface on
allowed cell rate
the router).
Parameter defined by the ATM Forum for ATM
access gateway traffic management. ACR varies between the
A gateway that supports both bearer traffic and MCR and the PCR, and is dynamically con-
signaling traffic. For example, a gateway that trolled using congestion control mechanisms.
terminates ISDN is an access gateway.
access method association control service element
1) Generally, the way in which network devices An OSI convention used to establish, maintain,
access the network medium. or terminate a connection between two applica-
2) Software within an SNA processor that con- tions.
trols the flow of information through a network.
active hub
access point Multiported device that amplifies LAN trans-
See AP. mission signals.

access server ad hoc
Communications processor that connects asyn- Ad hoc describes a WLAN topology, also
chronous devices to a LAN or WAN through called independent basic service set, where mo-
network and terminal emulation software. Per- bile clients connect directly without an interme-
forms both synchronous and asynchronous diate access point.
routing of supported protocols. Sometimes
called a network access server. Compare with
See NIC (network interface card).
communication server.
300 CCNA Security Course Booklet, Version 1.0

adaptive routing ADU
See dynamic routing. Aironet Desktop Utility
ADU is a utility used by Cisco Aironet
address 802.11a/b/g network cards for wireless configu-
Data structure or logical convention used to ration.
identify a unique entity, such as a particular
Advanced Program-to-Program
process or network device.
address mapping See APPC.
Technique that allows different protocols to in-
Advanced Research Projects Agency
teroperate by translating addresses from one
format to another. For example, when routing
IP over X.25, the IP addresses must be mapped
Advanced Research Projects Agency
to the X.25 addresses so that the IP packets can
be transmitted by the X.25 network.
address mask
Bit combination used to describe which portion
Router process in which routing or service up-
of an address refers to the network or subnet
dates are sent at specified intervals so that other
and which part refers to the host.
routers on the network can maintain lists of us-
An address mask is also known as a mask.
able routes.
address resolution
Generally, a method for resolving differences
Advanced Encryption Standard
between computer addressing schemes. Ad-
AES replaced WEP as the most secure method
dress resolution usually specifies a method for
of encrypting data. AES is an option for WPA2.
mapping network layer (Layer 3) addresses to
data link layer (Layer 2) addresses. AFI
1) Authority and Format ID. One byte of the
Address Resolution Protocol
NSAP address, actually a binary value between
See ARP.
0 and 99, used to specify the IDI format and
DSP syntax of the address and the authority
that assigned the address. See NSAP address.
Relationship formed between selected neigh-
2) Address Family Identifier. A 2 byte field in a
boring routers and end nodes for the purpose of
RIP message. It identifies the routed protocol
exchanging routing information. Adjacency is
and is normally set to two for IP. The only ex-
based upon the use of a common media seg-
ception is a request for a router™s (or host™s) full
routing table, in which case it will be set to
administrative distance zero. AFI is set to all 1s if authentication is en-
A rating of the trustworthiness of a routing in- abled in RIPv2.
formation source. In Cisco routers, administra-
tive distance is expressed as a numerical value
1) Generally, software that processes queries
between 0 and 255. The higher the value, the
and returns replies on behalf of an application.
lower the trustworthiness rating.
2) In NMSs, process that resides in all managed
admission control devices and reports the values of specified vari-
See traffic policing. ables to management stations.
3) In Cisco hardware architecture, an individual
processor card that provides one or more media
ATM data service unit
Terminal adapter used to access an ATM net-
work via an HSSI-compatible device.
Glossary 301

AGS+ American National Standards Institute
Multiprotocol, high-end Cisco router optimized See ANSI.
for large corporate internetworks. The AGS+
American Standard Code for Information
runs the Cisco IOS software and features a
modular approach that provides for easy and ef-
ficient scalability.
alternate mark inversion
alarm indication signal
Line-code type used on T1 and E1 circuits. In
In a T1 transmission, an all-ones signal trans-
AMI, zeros are represented by 01 during each
mitted in lieu of the normal signal to maintain
bit cell, and ones are represented by 11 or 00,
transmission continuity and to indicate to the
alternately, during each bit cell. AMI requires
receiving terminal that there is a transmission
that the sending device maintain ones density.
fault that is located either at, or upstream from,
Ones density is not maintained independent of
the transmitting terminal.
the data stream. Compare with B8ZS.
alarm AMI is also know as binary coded alternate
mark inversion.
Message notifying an operator or administrator
of a network problem.
alarm indication signal Maximum value of an analog or a digital wave-
See AIS.

amplitude modulation
See AM.
The ITU-T companding standard used in the
conversion between analog and digital signals
analog transmission
in PCM systems. A-law is used primarily in Eu-
Signal transmission over wires or through the
ropean telephone networks and is similar to the
air in which information is conveyed through
North American mu-law standard.
variation of some combination of signal ampli-
algorithm tude, frequency, and phase.
Well-defined rule or process for arriving at a
solution to a problem. In networking, algo-
American National Standards Institute
rithms are commonly used to determine the
Voluntary organization comprised of corporate,
best route for traffic from a particular source to
government, and other members that coordi-
a particular destination.
nates standards-related activities, approves U.S.
alias national standards, and develops positions for
the United States in international standards or-
See entity.
ganizations. ANSI helps develop international
allowed cell rate and U.S. standards relating to, among other
See ACR. things, communications and networking. ANSI
is a member of the IEC and the ISO.
alternate mark inversion
See AMI. ANSI X3T9.5
See X3T9.5.
amplitude modulation anycast
Modulation technique whereby information is A type of IPv6 network addressing and routing
conveyed through the amplitude of the carrier scheme whereby data is routed to the “nearest”
signal. Compare with FM and PAM. or “best” destination as viewed by the routing
topology. A packet sent to an anycast address is
delivered to the closest interface, as defined by
302 CCNA Security Course Booklet, Version 1.0

the routing protocols in use, identified by the IBM SNA system software that allows high-
anycast address. It shares the same address for- speed communication between programs on
mat as an IPv6 global unicast address. different computers in a distributed computing
environment. APPC establishes and tears down
AON connections between communicating programs,
Application-Oriented Networking and consists of two interfaces, a programming
Technology that changes how applications are interface and a data-exchange interface. The
deployed, integrated, and managed. It does so former replies to requests from programs re-
by delivering common application infrastruc- quiring communication; the latter establishes
ture functions as network-based services. Cisco sessions between programs. APPC runs on LU
AON helps to dramatically lower the cost and 6.2 devices.
complexity of deploying applications and main-
taining application infrastructure by relocating
these repeatable functions, such as application Series of communications protocols designed
security, messaging, logging, and event capture, by Apple Computer. Two phases currently
into the network and onto routers and switches. exist. Phase 1, the earlier version, supports a
single physical network that can have only one
AP network number and be in one zone. Phase 2,
access point the more recent version, supports multiple logi-
Device that connects wireless communication cal networks on a single physical network and
devices together to form a wireless network, allows networks to be in more than one zone.
analogous to a hub connecting wired devices to
form a LAN. The AP usually connects to a
wired network, and can relay data between Program that performs a function directly for a
wireless devices and wired devices. Several user. FTP and Telnet clients are examples of
APs can link together to form a larger network network applications.
that allows roaming.
Application layer
APaRT Layer 7 of the OSI reference model. This layer
automated packet recognition/translation provides services to application processes (such
Technology that allows a server to be attached as electronic mail, file transfer, and terminal
to CDDI or FDDI without requiring the recon- emulation) that are outside of the OSI model.
figuration of applications or network protocols. The application layer identifies and establishes
APaRT recognizes specific data link layer en- the availability of intended communication
capsulation packet types and, when these partners (and the resources required to connect
packet types are transferred from one medium with them), synchronizes cooperating applica-
to another, translates them into the native for- tions, and establishes agreement on procedures
mat of the destination device. for error recovery and control of data integrity.
Corresponds roughly with the transaction serv-
API ices layer in the SNA model.
application programming interface
application programming interface
Specification of function-call conventions that
defines an interface to a service. See API.

Apollo Domain Application-Oriented Networking
Proprietary network protocol suite developed See AON.
by Apollo Computer for communication on
proprietary Apollo networks.
Attached Resource Computer Network
APPC A 2.5-Mbps token-bus LAN developed in the
Advanced Program-to-Program Communication late 1970s and early 1980s by Datapoint Corpo-
Glossary 303

area ASBR
Logical set of network segments (either CLNS- autonomous system boundary router
, DECnet-, or OSPF-based) and their attached ABR located between an OSPF autonomous
devices. Areas are usually connected to other system and a non-OSPF network. ASBRs run
areas via routers, making up a single au- both OSPF and another routing protocol, such
tonomous system. as RIP. ASBRs must reside in a nonstub OSPF
area border router
See ABR.
American Standard Code for Information Inter-
ARM change
asynchronous response mode 8-bit code for character representation (7 bits
HDLC communication mode involving one pri- plus parity).
mary station and at least one secondary station,
where either the primary or one of the second-
ary stations can initiate transmissions. Cisco multiprotocol communication server de-
signed to connect asynchronous devices to any
ARP LAN or WAN using TCP/IP, LAT, or SLIP. It
address resolution protocol. can be configured to interface with Ethernet or
Internet protocol used to map an IP address to a Token Ring LANs or synchronous serial net-
MAC address. Defined in RFC 826. Compare works.
with RARP.
ARPA Abstract Syntax Notation One
Advanced Research Projects Agency OSI language for describing data types inde-
Research and development organization that is pendent of particular computer structures and
part of DoD. ARPA is responsible for numerous representation techniques. Described by ISO
technological advances in communications and International Standard 8824.
networking. ARPA evolved into DARPA, and
then back into ARPA again in 1994.
A station is configured properly to allow it to
ARPANET wirelessly communicate with an access point.
Advanced Research Projects Agency Network
association control service element
Landmark packet-switching network estab-
lished in 1969. ARPANET was developed in See ACSE.
the 1970s by BBN and funded by ARPA (and
associative memory
later DARPA). It eventually evolved into the In-
Memory that is accessed based on its contents,
ternet. The term ARPANET was officially re-
not on its memory address.
tired in 1990.
Associative memory is also known as content
ARQ addressable memory (CAM).
1) automatic repeat request. Communication
technique in which the receiving device detects
automatic spanning tree.
errors and requests retransmissions.
Function that supports the automatic resolution
2) admission request. In VoIP, ARQ is used
of spanning trees in SRB networks, providing a
with the H.323 protocol.
single path for spanning explorer frames to tra-
AS verse from a given node in the network to an-
Collection of networks under a common ad- other. AST is based on the IEEE 802.1
ministration sharing a common routing strategy. standard.
Autonomous systems are subdivided by areas.
An autonomous system must be assigned a
unique 16-bit number by the IANA.
304 CCNA Security Course Booklet, Version 1.0

asynchronous response mode ATM management
See ARM. See ATMM.

asynchronous time-division multiplexing ATM UNI
See ATDM. See UNI.

Asynchronous Transfer Mode ATMM
See ATM. ATM management
Process that runs on an ATM switch that con-
asynchronous transmission trols VCI translation and rate enforcement.
Term describing digital signals that are trans-
Attached Resource Computer Network
mitted without precise clocking. Such signals
generally have different frequencies and phase See ARCnet.
relationships. Asynchronous transmissions usu-
attachment unit interface
ally encapsulate individual characters in control
See AUI.
bits (called start and stop bits) that designate
the beginning and end of each character. Com- attenuation
pare with isochronous transmission, plesiochro-
Loss of communication signal energy.
nous transmission, and synchronous
transmission. attribute
Configuration data that defines the characteris-
tics of database objects such as the chassis,
asynchronous time-division multiplexing
cards, ports, or virtual circuits of a particular
Method of sending information that resembles
device. Attributes might be preset or user-con-
normal TDM, except that time slots are allo-
figurable. On a LightStream 2020 ATM switch,
cated as needed rather than preassigned to spe-
attributes are set using the configuration pro-
cific transmitters. Compare with FDM,
gram or CLI commands.
statistical multiplexing, and TDM.
attachment unit interface
Asynchronous Transfer Mode
IEEE 802.3 interface between an MAU and a
International standard for cell relay in which
network interface card (NIC). The term AUI
multiple service types (such as voice, video, or
can also refer to the rear panel port to which an
data) are conveyed in fixed-length (53-byte)
AUI cable might attach, such as those found on
cells. Fixed-length cells allow cell processing
a Cisco LightStream Ethernet access card.
to occur in hardware, thereby reducing transit
AUI is also known as transceiver cable.
delays. ATM is designed to take advantage of
high-speed transmission media such as E3, authentication
SONET, and T3. In security, the verification of the identity of a
person or process.
ATM data service unit
See ADSU. authority zone
Associated with DNS, an authority zone is a
ATM Forum
section of the domain-name tree for which one
International organization jointly founded in
name server is the authority.
1991 by Cisco Systems, NET/ADAPTIVE,
Northern Telecom, and Sprint that develops and Automated Packet Recognition/Translation
promotes standards-based implementation See APaRT.
agreements for ATM technology. The ATM
automatic call reconnect
Forum expands on official standards developed
Feature permitting automatic call rerouting
by ANSI and ITU-T, and develops implementa-
away from a failed trunk line.
tion agreements in advance of official standards.
Glossary 305

automatic repeat request consecutive zeros are sent through the link.
This code is then interpreted at the remote end
See ARQ.
of the connection. This technique guarantees
automatic spanning tree ones density independent of the data stream.
See AST. Sometimes called bipolar 8-zero substitution.
Compare with AMI.
autonomous access point
An autonomous access point is the type used in back end
a distributed WLAN solution. Each au- Node or software program that provides serv-
tonomous access point is configured individu- ices to a front end.
ally and does not rely on a wireless controller.
autonomous system The part of a network that acts as the primary
See AS. path for traffic that is most often sourced from,
and destined for, other networks.
autonomous system boundary router
See ASBR. backbone cabling
Cabling that provides interconnections between
wiring closets, wiring closets and the POP, and
Cisco AutoQoS is a feature that automates con-
between buildings that are part of the same
sistent deployment of QoS features across
Cisco routers and switches to ensure high-qual-
Backbone cabling is also known as vertical ca-
ity application performance. Once enabled, it
automatically configures the device with QoS
features and variables which are based on Cisco backoff
best-practice recommendations. Users can sub- The retransmission delay enforced when a col-
sequently tune parameters that are generated by lision occurs.
Cisco AutoQoS to suit their particular applica-
tion needs, as desired.
Physical connection between an interface
autoreconfiguration processor or card and the data buses and power
Process performed by nodes within the failure distribution buses inside a Cisco chassis.
domain of a Token Ring network. Nodes auto-
backward explicit congestion notification
matically perform diagnostics in an attempt to
reconfigure the network around the failed areas.

balanced configuration
available bit rate
In HDLC, a point-to-point network configura-
See ABR.
tion with two combined stations.
average rate
The average rate, in kilobits per second (kbps),
The difference between the highest and lowest
at which a given virtual circuit will transmit.
frequencies available for network signals.
B channel Bandwidth is also used to describe the rated
bearer channel throughput capacity of a given network
In ISDN, a full-duplex, 64-kbps channel used medium or protocol.
to send user data. Compare to D channel, E
bandwidth allocation
channel, and H channel.
See bandwidth reservation.
bandwidth reservation
binary 8-zero substitution
Process of assigning bandwidth to users and ap-
Line-code type, used on T1 and E1 circuits, in
plications served by a network. Involves sign-
which a special code is substituted whenever 8
306 CCNA Security Course Booklet, Version 1.0

ing priority to different flows of traffic based on Basic Rate Interface
how critical and delay-sensitive they are. This See BRI.
makes the best use of available bandwidth, and
basic service area
if the network becomes congested, lower-prior-
See BSA.
ity traffic can be dropped.
Bandwidth reservation is also known as band-
basic service set
width allocation.
See BSS.
Banyan VINES
Unit of signaling speed equal to the number of
discrete signal elements transmitted per second.
Baud is synonymous with bits per second (bps),
Bay Area Regional Research Network
if each signal element represents exactly 1 bit.
Regional network serving the San Francisco
Bay Area. The BARRNet backbone is com-
Bay Area Regional Research Network
posed of four University of California cam-
See BARRNet.
puses (Berkeley, Davis, Santa Cruz, and San
Francisco), Stanford University, Lawrence Liv- BBN
ermore National Laboratory, and NASA Ames Bolt, Beranek, and Newman, Inc.
Research Center. BARRNet is now part of High-technology company located in Massa-
BBN Planet. chusetts that developed and maintained the
ARPANET (and later, the Internet) core gate-
way system.
Characteristic of a network technology where
only one carrier frequency is used. Ethernet is BBN Planet
an example of a baseband network. Contrast Subsidiary company of BBN that operates a na-
with broadband. tionwide Internet access network composed in
Baseband is also known as narrowband. part by the former regional networks BARR-
Bourne-again shell Bc
Interactive UNIX shell based on the traditional committed burst
Bourne shell, but with increased functionality. Negotiated tariff metric in Frame Relay inter-
The LynxOS bash shell is presented when you networks. The maximum amount of data (in
log in to a LightStream 2020 ATM switch as bits) that a Frame Relay internetwork is com-
root (bash#) or fldsup (bash$). mitted to accept and transmit at the CIR.
basic configuration BE
The minimal configuration information entered excess burst
when a new router, switch, or other config- Negotiated tariff metric in Frame Relay inter-
urable network device is installed on a network. networks. The number of bits that a Frame
The basic configuration for a LightStream 2020 Relay internetwork will attempt to transmit
ATM switch, for example, includes IP ad- after Bc is accommodated. Be data is, in gen-
dresses, the date, and parameters for at least eral, delivered with a lower probability than Bc
one trunk line. The basic configuration enables data because Be data can be marked as DE by
the device to receive a full configuration from the network.
the NMS.

basic encoding rules
See BER.
Glossary 307

beacon BERT
1) Frame from a Token Ring or FDDI device Bit error rate tester
indicating a serious problem with the ring, such Device that determines the BER on a given
as a broken cable. A beacon frame contains the communications channel.
address of the station assumed to be down. See
best-effort delivery
failure domain.
Describes a network system that does not use a
2) In wireless technology, a beacon is a wire-
sophisticated acknowledgment system to guar-
less LAN packet that signals the availability
antee reliable delivery of information.
and presence of the wireless device. Beacon
packets are sent by access points and base sta- BGP
tions; however, client radio cards send beacons
Border Gateway Protocol
when operating in computer to computer (Ad
Interdomain routing protocol that replaces EGP.
Hoc) mode.
BGP exchanges reachability information with
other BGP systems. BGP is defined by RFC
bearer channel
See B channel.
Because It™s Time Network
BGP Version 4
Version 4 of the predominant interdomain rout-
BECN ing protocol used on the Internet. BGP4 sup-
Backward Explicit Congestion Notification ports CIDR and uses route aggregation
Bit set by a Frame Relay network in frames mechanisms to reduce the size of routing ta-
traveling in the opposite direction of frames en- bles.
countering a congested path. DTE receiving
frames with the BECN bit set can request that
Method of storing or transmitting data in which
higher-level protocols take flow control action
the most significant bit or byte is presented
as appropriate. Compare with FECN.
first. Compare with little-endian.
Bell Communications Research
See Bellcore.
A numbering system characterized by ones and
Bell operating company zeros (1 = on, 0 = off).
See BOC.
binary 8-zero substitution
Bellcore See B8ZS.
Bell Communications Research
binary coded alternate mark inversion
Organization that performs research and devel-
See AMI.
opment on behalf of the RBOCs.
binary synchronous communication
Bellman-Ford routing algorithm
See BSC.
See distance vector routing algorithm.
biphase coding
Bipolar coding scheme originally developed for
1) bit error rate. The ratio of received bits that
use in Ethernet. Clocking information is em-
contain errors.
bedded into and recovered from the synchro-
2) basic encoding rules. Rules for encoding
nous data stream without the need for separate
data units described in the ISO ASN.1 standard.
clocking leads. The biphase signal contains no
Berkeley Standard Distribution direct current energy.
See BSD.
bipolar 8-zero substitution
See B8ZS.
308 CCNA Security Course Booklet, Version 1.0

BISDN is also referred to as OEMI channel and 370
block mux channel.
Broadband ISDN. ITU-T communication stan-
dards designed to handle high-bandwidth appli-
cations such as video. BISDN currently uses
In a switching system, a condition in which no
ATM technology over SONET-based transmis-
paths are available to complete a circuit. Block-
sion circuits to provide data rates from 155 to
ing is also used to describe a situation in which
622 Mbps and beyond. Contrast with N-ISDN.
one activity cannot begin until another has been
bit completed.
Binary digit used in the binary numbering sys-
tem. A bit can be 0 or 1.
Internal cooling fan used in larger router and
bit error rate switch chassis such as the Cisco AGS+, the
Cisco 7000, and the LightStream 2020.
See BER.

BNC connector
bit error rate tester
Standard connector used to connect IEEE 802.3
10BASE2 coaxial cable to an MAU.
bit rate
Speed at which bits are transmitted, usually ex-
boundary network node
pressed in bits per second (bps).
In SNA terminology, a subarea node that pro-
BITNET vides boundary function support for adjacent
Because It™s Time Network peripheral nodes. This support includes se-
Low-cost, low-speed academic network con- quencing, pacing, and address translation.
sisting primarily of IBM mainframes and 9600- BNN is also known as a boundary node.
bps leased lines. BITNET is now part of
Abbreviation for Bell Operating Company.
Bolt, Beranek, and Newman, Inc.
Dial-up service providing connectivity for
See BBN.
members of CREN.

boot programmable read-only memory
bit-oriented protocol
See boot PROM.
Class of data link layer communication proto-
cols that can transmit frames regardless of
boot PROM
frame content. Compared with byte-oriented
boot programmable read-only memory
protocols, bit-oriented protocols provide full-
Chip mounted on a printed circuit board used to
duplex operation and are more efficient and re-
provide executable boot instructions to a com-
liable. Compare with byte-oriented protocol.
puter device.
bits per second
Abbreviated bps.
Bootstrap Protocol
black hole Protocol used by a network node to determine
the IP address of its Ethernet interfaces, in
Routing term for an area of the internetwork
order to affect network booting.
where packets enter, but do not emerge, due to
adverse conditions or poor system configura-
Bootstrap Protocol
tion within a portion of the network.
block multiplexer channel
border gateway
IBM-style channel that implements the FIPS-60
Router that communicates with routers in other
channel, a U.S. channel standard. This channel
autonomous systems.
Glossary 309

Border Gateway Protocol bridge protocol data unit
See BGP. See BPDU.

bot bridge static filtering
Application that runs automated tasks. Process in which a bridge maintains a filtering
database consisting of static entries. Each static
boundary network node entry equates a MAC destination address with a
See BNN. port that can receive frames with this MAC des-
tination address and a set of ports on which the
boundary node
frames can be transmitted. Defined in the IEEE
See BNN.
802.1 standard.
Bridge-Group Virtual Interface
bridge protocol data unit
See BVI.
Spanning-Tree Protocol hello packet that is sent
out at configurable intervals to exchange infor- broadband
mation among bridges in the network. Transmission system that multiplexes multiple
independent signals onto one cable. In telecom-
munications terminology, any channel having a
Basic Rate Interface
bandwidth greater than a voice-grade channel
ISDN interface composed of two B channels
(4 kHz). In LAN terminology, a coaxial cable
and one D channel for circuit-switched commu-
on which analog signaling is used. Also called
nication of voice, video, and data. Compare
wideband. Contrast with baseband.
with PRI.
Broadband ISDN
Device that connects and passes packets be-
tween two network segments that use the same broadcast
communications protocol. Bridges operate at Data packet that will be sent to all nodes on a
the data link layer (layer 2) of the OSI refer- network. Broadcasts are identified by a broad-
ence model. In general, a bridge will filter, for- cast address. Compare with multicast and uni-
ward, or flood an incoming frame based on the cast.
MAC address of that frame.
broadcast address
bridge forwarding Special address reserved for sending a message
Process that uses entries in a filtering database to all stations. Generally, a broadcast address is
to determine whether frames with a given MAC a MAC destination address of all ones. Com-
destination address can be forwarded to a given pare with multicast address and unicast address.
port or ports. Described in the IEEE 802.1 stan-
broadcast domain
The set of all devices that will receive broad-
bridge group cast frames originating from any device within
Cisco bridging feature that assigns network in- the set. Broadcast domains are typically
terfaces to a particular spanning-tree group. bounded by routers because routers do not for-
Bridge groups can be compatible with the IEEE ward broadcast frames.
802.1 or the DEC specification.
broadcast search
bridge number Propagation of a search request to all network
Number that identifies each bridge in an SRB nodes if the location of a resource is unknown
LAN. Parallel bridges must have different to the requester.
bridge numbers.
310 CCNA Security Course Booklet, Version 1.0

broadcast storm burst tolerance
Undesirable network event in which many See BT.
broadcasts are sent simultaneously across all
network segments. A broadcast storm uses sub-
1) Common physical signal path composed of
stantial network bandwidth and, typically,
wires or other media across which signals can
causes network time-outs.
be sent from one part of a computer to another.
browser Bus is also known as highway.
See WWW browser. 2) See bus topology.

BSA bus and tag channel
basic service area IBM channel, developed in the 1960s, incorpo-
Area of radio frequency coverage provided by rating copper multiwire technology. Replaced
an access point. To extend the BSA, or to sim- by the ESCON channel.
ply add wireless devices and extend the range
bus topology
of an existing wired system, you can add an ac-
Linear LAN architecture in which transmis-
cess point.
sions from network stations propagate the
A BSA is also known as a microcell.
length of the medium and are received by all
BSD other stations. Compare with ring topology, star
Berkeley Standard Distribution topology, and tree topology.
Term used to describe any of a variety of
bypass mode
UNIX-type operating systems based on the UC
Operating mode on FDDI and Token Ring net-
Berkeley BSD operating system.
works in which an interface has been removed
BSS from the ring.
basic service set
bypass relay
WLAN infrastructure mode whereby mobile
Allows a particular Token Ring interface to be
clients use a single access point for connectiv-
shut down and thus effectively removed from
ity to each other or to wired network resources.
the ring.
burst tolerance
Term used to refer to a series of consecutive bi-
Parameter defined by the ATM Forum for ATM
nary digits that are operated upon as a unit (for
traffic management. For VBR connections, BT
example, an 8-bit byte).
determines the size of the maximum burst of
contiguous cells that can be transmitted. byte reversal
Process of storing numeric data with the least-
significant byte first. Used for integers and ad-
Storage area used for handling data in transit.
dresses on devices with Intel microprocessors.
Buffers are used in internetworking to compen-
sate for differences in processing speed be- byte-oriented protocol
tween network devices. Bursts of data can be
Class of data-link communications protocols
stored in buffers until they can be handled by
that use a specific character from the user char-
slower processing devices.
acter set to delimit frames. These protocols
A buffer is also known as a packet buffer.
have largely been replaced by bit-oriented pro-
tocols. Compare with bit-oriented protocol.
Storing data until it can be handled by other de- CA
vices or processes. Buffering is typically used
congestion avoidance
when there is a difference between the rate at
The mechanism by which a LightStream-based
which data is received and the rate at which it
ATM network controls traffic entering the net-
can be processed.
work to minimize delays. In order to use re-
Glossary 311

sources most efficiently, lower-priority traffic is user bandwidth is being robbed by the network
discarded at the edge of the network if condi- for other purposes.
tions indicate that it cannot be delivered.
Catalyst 1600 Token Ring Switch
cable Cisco Token Ring switch that offers full-duplex
Transmission medium of copper wire or optical dedicated LAN segments to individual servers
fiber wrapped in a protective cover. and other workstations that require high-speed
switching access. The Catalyst 1600 provides
cable television up to 12 switched Token Ring interfaces and
See CATV. low latency switching between servers and
clients across a backbone.
Form of replication in which information Catalyst 5000
learned during a previous transaction is used to Cisco modular switching system that allows
process later transactions. connection to Ethernet, CDDI, FDDI, and ATM
LANs and backbones. The Catalyst 5000
call admission control
switch performs store-and-forward packet
Traffic management mechanism used in ATM
switching and allows the user to dedicate 10- or
networks that determines whether the network
100-Mbps connections to existing LAN seg-
can offer a path with sufficient bandwidth for a
ments or high-performance end stations.
requested VCC.
Catalyst Workgroup Switch
call priority
Series of Cisco workgroup switches that en-
Priority assigned to each origination port in cir-
hance the network performance of Ethernet
cuit-switched systems. This priority defines the
client/server workgroups. The Catalyst Work-
order in which calls are reconnected. Call prior-
group Switch integrates software enhancements
ity also defines which calls can or cannot be
for network management and provides a 100-
placed during a bandwidth reservation.
Mbps interface to servers and dedicated Ether-
net-to-desktop workstations.
call setup time
The time required to establish a switched call
catchment areas
between DTE devices.
Zone that falls within an area that can be served
by an internetworking device such as a hub.
Content-addressable memory. See associative
Category 1 cabling
One of five grades of UTP cabling described in
the EIA/TIA-568B standard. Category 1 ca-
bling is used for telephone communications and
Electromagnetic wave or alternating current of
is not suitable for transmitting data. Compare
a single frequency, suitable for modulation by
with Category 2 cabling, Category 3 cabling,
another, data-bearing signal.
Category 4 cabling, and Category 5 cabling.
carrier detect
Category 2 cabling
See CD.
One of five grades of UTP cabling described in
carrier sense multiple access/collision detect the EIA/TIA-568B standard. Category 2 ca-
See CSMA/CD. bling is capable of transmitting data at speeds
up to 4 Mbps. Compare with Category 1 ca-
bling, Category 3 cabling, Category 4 cabling,
channel-associated signaling
and Category 5 cabling.
The transmission of signaling information
within the voice channel. CAS signaling often
is referred to as robbed-bit signaling because
312 CCNA Security Course Booklet, Version 1.0

Category 3 cabling CBWFQ
One of five grades of UTP cabling described in class-based weighted fair queueing
the EIA/TIA-568B standard. Category 3 ca- Extends the standard WFQ functionality to pro-
bling is used in 10BASE-T networks and can vide support for user-defined traffic classes. For
transmit data at speeds up to 10 Mbps. Com- CBWFQ, you define traffic classes based on
pare with Category 1 cabling, Category 2 ca- match criteria including protocols, access con-
bling, Category 4 cabling, and Category 5 trol lists (ACLs), and input interfaces.
Category 4 cabling Consultative Committee for International Tele-
One of five grades of UTP cabling described in graph and Telephone
the EIA/TIA-568B standard. Category 4 ca- International organization responsible for the
bling is used in Token Ring networks and can development of communications standards.
transmit data at speeds up to 16 Mbps. Com- CCITT is now known as the ITU-T.
pare with Category 1 cabling, Category 2 ca-
bling, Category 3 cabling, and Category 5
complementary code keying
CCK is a modulation technique used in IEEE
Category 5 cabling 802.11b-compliant wireless LANs for transmis-
One of five grades of UTP cabling described in sion at 5.5 and 11 Mbps.
the EIA/TIA-568B standard. Category 5 ca-
bling is used for running CDDI and can trans-
common channel signaling
mit data at speeds up to 100 Mbps. Compare
Signaling system used in telephone networks
with Category 1 cabling, Category 2 cabling,
that separates signaling information from user
Category 3 cabling, and Category 4 cabling.
data. A specified channel is exclusively desig-
catenet nated to carry signaling information for all
Network in which hosts are connected to di- other channels in the system.
verse networks, which themselves are con-
nected with routers. The Internet is a prominent
Cisco Compatible Extensions


. 13
( 19)