arp command
Can beused in either the Microsoft Windows or the UNIX environment to see what a Layer 2 MAC address corresponds to in a Layer 3 IP address.
dig command
Can resolve a FQDN to an IP address on UNIX hosts.
host command
Can resolve a FQDN to an ip address on hosts.
ipconfig command
A Microsoft Windows command that can be used to display IP address configuration parameters on a PC. In addition, if DHCP is used by the PC, the ipconfig command can be used to release and renew a DHCP lease, which is often useful during troubleshooting.
nbtstat command
Displays NetBIOS information for IP based networks. The nbt prefix of the nbtstat command refers to NetBIOS over TCP/IP, which is called NBT. This command can, for example, display a listing of NetBIOS device names learned by a Microsoft Windows based PC.
netstat command
Can display a variety of information about IP based connections on a Windows or UNIX host.
nslookup command
Can resolve a FQDN to an IP address on Microsoft Windows and Unix hosts.
ping command
One of the most commonly used command line commands. It can check IP connectivity between two network devices. Multiple platforms support the ping command.
route command
Can add, modify, or delete routes in the IP routing table of Microsoft Windows and UNIX hosts. In addition, the route command can be used to view the IP routing table of Microsoft Windows hosts.
traceroute command
A UNIX command that displays every router hop along the path from a source host to a destination host on an IP network. Imformation about the router hop can include the IP address of the router hop and the round trip delay of that router hop.
tracert command
A Microsoft Windows based command that displays every router hop along the path from a source host to a destination host on an IP network. Information about a router hop can include such information as the IP address of the router hop and the round trip d
Asset Management
As related to networks, this is a formalized system of tracking network components and managing the lifecycle of those components.
Baseline
A collection of data portraying the characteristics of a network under normal operating conditions. Data collected while troubleshooting can then be contrasted against baseline data.
Bit error rate tester (BERT)
When troubleshooting a link where you suspect a high bit error rate (BER), you can use a piece of test equipment called a bit error rate tester, which contains bot a pattern generator and an error detector and can calculate a BER for the tested transmissi
Butt set
A piece of test equipment typically used by telephone technicians. The clips on a butt set can connect to the tip and ring wires on a punch down block connecting to a telephone. This allows the technician to check the line for a dial tone.
Cable certifier
If you are working with existing cable and want to determine its category, or if you simply want to test the supported frequency range of the cable, you can use a cable certifier.
Cable tester
A cable tester can test the conductors in an Ethernet cable. It contains two parts. By connecting these parts of the cable tester to each end of a cable under test, you can check the wires in the cable for continuity. In addition, you can verify that an R
Crimper
Used to attach a connector to the end of an unshielded twisted pair cable.
Electrostatic discharge (ESD) wrist strap
To prevent static electricity in your body from damagin electrical components on a circuit board. The strap has a clip that you attach to ground.
Optical time domain reflectometer (OTDR)
Detects the location of a fault in a fiber cable by sending light down the fiber optic cable and measuring the time required for the light to bounce back from the cable fault. The OTDM can then mathematically calculate the location of the fault.
Punch down tool
When terminating wires on a punch down block, you should use a punch down tool, which is designed to properly insert an insulated wire between two contact blades in a punch down block, without damaging the blades.
Simple Network Management Protocol (SNMP)
A protocol used to monitor and manage network devices, such as routers, switches, and servers.
Syslog
A syslog logging solution consists of two primary components: syslog servers, which receive and sote log messages sent form syslog clients; and syslog clients, which can be a variety of network devices that send logging information to a syslog server.
Time domain reflectometer (TDR)
Detects the location of a fault in a copper cable by sending an electric signal down the copper cable and measuring the time required for the signal to bounce back from the cable fault. A TDM can tehn mathematically calculate the location of the fault.
Toner Probe
Sometimes called a fox and hound, a toner probe allows you to place a tone generator at one end of the connection and use a probe on the punchdown block to audibly detect which wire the tone generator is connected.
Acceptable use policy (AUP)
Identifies what users of a network are and are not allowed to do on that network. For example, retrieving sports scores during working hours via an organization's Internet connection might be deemed inappropriate by an AUP.
Access control list (ACL)
Rules typically applied to router interfaces, which specify permitted and denied traffic.
Advanced Encryption Standard (AES)
Released in 2001, AES is typically considered the preferred symmetric encryption algorithm. AES is available in 128-bit key, 192-bit key, and 256-bit key versions.
Asymmetric encryption
With asymmetric encryption, the sender and receiver of a packet use different keys.
Authentication Header (AH)
An IPsec protocol that provides authentication and integrity services. However, it does not provide encryption sevices.
Buffer overflow
This attack occurs when an attacker leverages a vulnerability in an application, causing data to be written to a memory area thats being used by a different application.
Challemge-Response Authentication Mechanism Message Digest 5 (CRAM-MD5)
A common variant of HMAC frequently used in email systems. Like CHAP, CRAM-MD5 only preforms one way authentication. (The server authenticates the client)
Client to site VPN
Also known as a remote access VPN, a client to site VPN interconnects a remote user with a site, as an alternative to dial up or ISDN connectivity, at a reduced cost.
demilitarized zone (DMZ)
Often contains servers that should be accessible from the Internet. This approach would, for example, allow users on the Internet to initiate an email or a web session coming into an organizations email or web server. However, other protocols would be blo
Denial of service (DoS)
A DoS attack floods a system with an excessive amount of traffic or requests, which consumes the systems processing resources and prevents the system from responding to many legitimate requests.
Distributed denial of service (DDoS)
These attacks can increase the amount of traffic flooded to a target system. Specifically, an attacker compromises multiple systems, and those compromised systems, called zombies, can be instructed by the attacker to simultaneously launch a DDoS attack ag
Encapsulating Security Payload (ESP)
An IPsec protocol that provides authentication, integrity, and encryption services.
FTP bounce
An FTP bounce attack uses the FTP PORT command to covertly open a connection with a remote system. Specifically, an attacker connects to an FTP server and uses the PORT command to cause the FTP server to open a communications channel with the intended vic
GNU privacy guard (GPG)
A free variant of pretty good privacy (PGP), which is an asymmetric encryption algorithm.
Hardware firewall
A network appliance dedicated to the purpose of acting as a firewall. This appliance can have multiple interfaces for connecting to areas of a network requiring varying levels of security.
Honey net
A network containing more than one honey pot.
Host based IPS (HIPS)
A HIPS system is a computer running intrusion prevention software for the purpose of protecting the computer from attacks.
Internet Key Exchange (IKE)
A protocol used to set up an IPsec session.
Internet Security Association and Key Management Protocol (ISAKMP)
Negotiates parameters for an IPsec session.
Intrusion detection system (IDS)
IDS devices can recognize the signature of a well known attack and respond to stop the attack. However, an IDS sensor does not reside in line with the traffic flow. Therefore, ine or more malicious packets might reach an intended victim before the traffic
Intrusion prevention system (IPS)
IPS devices can recognize the signature of a well known attack and respond to stop the attack. An IPS device resides in line with the traffic flow, unlike an IDS sensor.
IP Security (IPsec)
A type of VPN that provides confidentiality, integrity, and authentication.
Kerberos
A client server authentication protocol that supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party that hands out tickets to be used instead of a username and password combination.
Layer 2 Forwarding (L2F)
A VPN protocol designed with the intent of providing a tunneling protocol for PPP. Like L2TP, L2F lacks native security features.
Layer 2 Tunneling Protocol (L2TP)
A VPN protocol that lacks security features, such as encryption. However, L2TP can still be used for a secure VPN connection if it is combined with another protocol that provides encryption.
Multifactor authentication
Similar to two factor authentication, multifactor authentication requires two or more types of successful authentication before granting access to a network.
Nessus
A network vulnerability scanner available from Tenable Network Security.
Network based IDS (NIDS)
A NIDS device is a network appliance dedicated to the purpose of acting as an IDS sensor.
Network based IPS (NIPS)
A NIPS device is a network appliance dedicated to the purpose of acting as an IPS sensor.
Nmap
A network vulnerability scanner.
Point to Point Tunneling Protocol (PPTP)
An older VPN protocol. Like L2TP and L2F, PPTP lacks native security features. However, Microsoft's versions of PPTP bundled with various versions of Microsoft Windows were enhanced to offer security features.
Pretty good privacy (PGP)
PGP is a widely deployed asymmetric encryption algorithm and is ofter used to encrypt email traffic.
Public key infrastructure (PKI)
A PKI system uses digital certificates and a certificate authority to allow secure communication across a public network.
Remote Authentication Dial In User Service (RADIUS)
A UDP based protocol used to communicate with a AAA server. Unlike TACACS+, RADIUS does not encrypt an entire authentication packet, but only the password. However, RADIUS offers more robust accounting features than TACACS+. Also, RADIUS is a standards ba
Remote access VPN
Also known as a remote access VPN, a client to site VPN interconnects a remote user with a site, as an alternative to dial up or ISDN connectivity, at a reduced cost.
RSA
A popular and widely deployed asymmetric encryption algorithm.
Secure Sockets Layer (SSL)
Provides cryptography and reliability for upper layers (Layers 5-7) of the OSI model. SSL, which was introduced in 1995, has largely been prelaced by Transport Layer Security (TLS). However, recent versions of SSL have been enhanced to be more comparable
Security association (SA)
An agreement between the two IPsec peers about the cryptographic parameters to be used in an ISAKMP session.
Security Policy
A continually changing document that dictates a set of guidlines for network use. These guidelines complement organizational objectives by specifying rules for how a network is used.
Single sign on (SSO)
Allows a user to authenticate once to gain access to multiple systems, without requiring the user to independently authenticate with each system.
Site to site VPN
Interconnects two sites, as an alternative to a leased line, at a reduced cost.
Social engineering
Attackers sometimes use social techniques to obtain confidential information. For example, an attacker might pose as a member of an IT deparment and ask a company employ for her login credentials in order for the "IT staff to test the connection." This ty
Software firewall
A computer running firewall software. For example, the software firewall could protect the computer itself. Alternatively, a software firewall could be a computer with more than one network interface card that runs firewall software to filter traffic flow
Stateful firewall
Inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session attempts to enter the inside network, the stateful firewall permits that traffic. The process of inspecting traffic to identify
Symmetric encryption
With symmetric encryption, both the sender and the receiver of a packet use the same key for encryption and decryption.
Terminal Access Controller Access Control System Plus (TACACS+)
A TCP based protocol used to communicate with a AAA server. Unlike RADIUS, TACACS+ encrypts an entire authentication packet rather than just the password. TACACS+ offers authentication features, but they are not as robust as the accounting features found
Two factor authentication (TFA)
Requires two types of authentication from a user seeking admission to a network. For example, a user might need to know something and have something.
Unified threat management (UTM)
A firewall or gateway that attempts to bundle multiple security functions into a single physical or logical device.
Virtual private network (VPN)
Some VPNs can support secure communication between two sites over an untrusted network.
Black hole router
A router that drops packets that cannot be fragmented and are exceeding the MTU size of an interface without notifying the sender.
Decibel (dB) loss
A loss of signal power. If a transmission's dB loss is too great, the transmission cannot be properly interpreted by the intended recipient.
Maximum transmission unit (MTU)
The largest packet size supported on an interface.
Open
A broken strand of copper that prevents current from flowing through a circuit.
Short
A short occurs when two copper connectors touch each other, resulting in current flowing through that short rather than the attached electrical circuit, because the short has lower resistance.
Trouble ticket
A problem report explaining the details of an issue being experienced in a network.