home       basis       advanced       routing       switching       testen       overig      

GLOSSARY Network Security

3DES -- Triple Data Encryption Standard.

6to4 -- 6to4 was/is a transition mechanism for migrating from IPv4 to IPv6. 6to4 allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels. The method 6to4 makes use of protocol 41, instead of static configuration of the endpoints, the endpoint IPv4 address information is derived from the IPv6 addresses within the IPv6 packet header.

AAA -- authentication, authorization, and accounting. Pronounced "triple a."

ACE -- access control entry.

ACK -- acknowledgment. Notification sent from one network device to another to acknowledge that some event occurred (for example, the receipt of a message).

ACL -- access control list. A list kept by routers to control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router).

AES -- Advanced Encryption Standard.

AH -- Authentication Header. A security protocol that provides data authentication and optional antireplay services. AH is embedded in the data to be protected (a full IP datagram).

AIC -- Application Inspection and Control.

ARP -- Address Resolution Protocol. Internet protocol that is used to map an IP address to a MAC address. Defined in RFC 826.

AS -- autonomous system. A collection of networks under a common administration sharing a common routing strategy. Autonomous systems are subdivided by areas. An autonomous system must be assigned a unique 16-bit number by the IANA.

ASDM -- Cisco Adaptive Security Device Manager. Delivers security management and monitoring through a web-based management interface.

ASIC -- application-specific integrated circuit.

ATM -- Asynchronous Transfer Mode. The international standard for cell relay in which multiple service types (such as voice, video, or data) are conveyed in fixed-length (53-byte) cells. Fixed-length cells allow cell processing to occur in hardware, thereby reducing transit delays. ATM is designed to take advantage of high-speed transmission media, such as E3, SONET, and T3.

AUP -- acceptable use policy. Many transit networks have policies that restrict the use to which the network can be put. The enforcement of AUPs varies with the network.

AUX -- auxiliary.

AVC -- Application, Visibility, and Control.

BGP -- Border Gateway Protocol. Interdomain routing protocol that replaces EGP. BGP exchanges reachability information with other BGP systems. It is defined by RFC 1163.

BPDU -- bridge protocol data unit. Spanning Tree Protocol hello packet that is sent out at configurable intervals to exchange information among bridges in the network.

BYOD -- bring your own device.

Cisco ISE -- Cisco Identity Services Engine.

Cisco UCS -- Cisco Unified Computing System.

CoA -- Change of Authorization.

CoPP -- Control Plane Policing.

DAI -- Dynamic ARP Inspection.

DCA -- Dynamic Content Analysis.

DDoS -- distributed denial of service.

DES -- Data Encryption Standard. Standard cryptographic algorithm developed by the U.S. National Bureau of Standards.

DGT -- destination group tag.

DH -- Diffie-Hellman. The Diffie-Hellman algorithm, introduced by Whitfield Diffie and Martin Hellman in 1976, was the first system to utilize public key or asymmetric cryptographic keys. Today, Diffie-Hellman is part of the IPsec standard. A protocol known as OAKLEY uses Diffie-Hellman, as described in RFC 2412. OAKLEY is used by the Internet Key Exchange (IKE) protocol (see RFC 2401), which is part of the overall framework called Internet Security Association and Key Management Protocol (ISAKMP; see RFC 2408).

DHCP -- Dynamic Host Configuration Protocol (common term). Provides a mechanism for allocating IP addresses dynamically so that addresses can be reused when hosts no longer need them.

DLP -- data loss prevention.

DMZ -- demilitarized zone.

DNS -- Domain Name System. System used on the Internet for translating names of network nodes into addresses.

DSA -- Digital Signature Algorithm.

DSCP -- differentiated services code point.

DSL -- digital subscriber line (common term). Public network technology that delivers high bandwidth over conventional copper wiring at limited distances. There are four types of DSL: ADSL, HDSL, SDSL, and VDSL. All are provisioned via modem pairs, with one modem located at a central office and the other at the customer site. Because most DSL technologies do not use the whole bandwidth of the twisted pair, there is room remaining for a voice channel.

DTLS -- Datagram Transport Layer Security.

DTP -- Dynamic Trunking Protocol.

DoS -- denial of service. An intentional or unintentional attack on a device that makes the resource unavailable to perform its normal function.

EAP -- Extensible Authentication Protocol. Framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences.

EAP-TLS -- Extensible Authentication Protocol-Transport Layer Security

EAPOL -- Extensible Authentication Protocol over LAN.

ECC -- elliptic curve cryptography

ECDH -- Elliptic Curve Diffie-Hellman

ECDSA -- Elliptic Curve Digital Signature Algorithm. It is a variant of the Digital Signature Algorithm which uses elliptic curve cryptograph.

EIGRP -- Enhanced Interior Gateway Routing Protocol. It's the advanced version of IGRP developed by Cisco. It provides superior convergence properties and operating efficiency, and it combines the advantages of link-state protocols with those of distance vector protocols.

ESP -- Encapsulating Security Payload. It's a security protocol that provides data privacy services, optional data authentication, and antiplay services. ESP encapsulates the data to be protected.

FCS -- frame check sequence. Extra characters added to a frame for error control purposes. Used in HDLC, Frame Relay, and other data link layer protocols.

FDDI -- Fiber Distributed Data Interface. LAN standard, defined by ANSI X3T9.5, specifying a 100-Mbps token-passing network using fiber-optic cable, with transmission distances of up to 2 km. FDDI uses a dual-ring architecture to provide redundancy.

FIPS 140 -- Federal Information Processing Standards 140 Publication Series. U.S. government computer-security standards that specify requirements for cryptography modules.

FTP -- File Transfer Protocol. Protocol for exchanging files over the Internet.

GRE -- Generic Routing Encapsulation. It's a tunneling protocol that was developed by Cisco that can encapsulate a variety of protocol packet types inside IP tunnels. This process creates a virtual point-to-point link to Cisco routers at remote points over an IP network.

GUI -- graphical user interface (common term). It is a user environment that uses pictorial as well as textual representations of the input and the output of applications and the hierarchical or other data structure in which information is stored. Such conventions as buttons, icons, and windows are typical, and many actions are performed using a pointing device (such as a mouse). Microsoft Windows and the Apple Macintosh are prominent examples of platforms using a GUI.

HAT -- Host Access Table.

HIPAA -- Health Insurance Portability and Accountability Act.

HMAC -- Hashed Message Authentication Code. HMAC is a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function (for example, MD5 and SHA-1) in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function.

HMAC-MD5 -- Hashed Message Authentication Code-Message Digest 5. A keyed version of MD5 that enables two parties to validate transmitted information using a shared secret. Defined in RFC 2104.

HMAC-SHA1 -- Hashed Message Authentication Code-Secure Hash Algorithm 1.

HTML -- Hypertext Markup Language. Simple hypertext document formatting language that uses tags to indicate how a given part of a document should be interpreted by a viewing application, such as a web browser.

HTTP -- Hypertext Transfer Protocol (common term). The protocol that is used by web browsers and web servers to transfer files, such as text and graphic files.

HTTPS -- Hypertext Transfer Protocol Secure.

IANA -- Internet Assigned Numbers Authority. IANA, a department of Internet Corporation for Assigned Names and Numbers (ICANN), maintains the registries of the Internet's unique identifiers, such as global IP addresses, domain names, and protocol identifiers.

ICMP -- Internet Control Message Protocol. Network layer Internet protocol that reports errors and provides other information that is relevant to IP packet processing. Documented in RFC 792.

ICV -- Integrity Check Value.

IDS -- intrusion detection system.

IEEE -- Institute of Electrical and Electronics Engineers. Professional organization whose activities include the development of communications and network standards. IEEE LAN standards are the predominant LAN standards today.

IEEE 802.1AE -- The IEEE standard that specifies how all or part of a network can be secured transparently to peer protocol entities that use the MAC service provided by IEEE 802 LANs to communicate.

IEEE 802.1X -- An IEEE standard for port-based network access control.

IETF -- Internet Engineering Task Force. Task force consisting of over 80 working groups responsible for developing Internet standards. The IETF operates under the auspices of ISOC.

IGP -- interior gateway protocol. Internet protocol used to exchange routing information within an autonomous system. Examples of common Internet IGPs include IGRP, OSPF, and RIP.

IKE -- Internet Key Exchange. IKE establishes a shared security policy and authenticates keys for services (such as IPsec) that require keys. Before any IPsec traffic can be passed, each router, firewall, or host must verify the identity of its peer. Verification can be done by manually entering pre-shared keys into both hosts or by a CA service.

IKEv2 -- Internet Key Exchange version 2.

IOC -- indicator of compromise.

IP -- Internet Protocol. Network layer protocol in the TCP/IP stack offering a connectionless internetwork service. IP provides features for addressing, type-of-service specification, fragmentation and reassembly, and security. Defined in RFC 791.

IP address -- A 32-bit address assigned to hosts using TCP/IP. An IP address belongs to one of five classes (A, B, C, D, or E) and is written as 4 octets separated by periods (dotted decimal format). Each address consists of a network number, an optional subnetwork number, and a host number. The network and subnetwork numbers together are used for routing, and the host number is used to address an individual host within the network or subnetwork. A subnet mask is used to extract network and subnetwork information from the IP address. CIDR provides a new way of representing IP addresses and subnet masks. Also called an Internet address.

IPS -- intrusion prevention system.

IPsec -- IP Security. A framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers. IPsec provides these security services at the IP layer. IPsec uses IKE to handle the negotiation of protocols and algorithms based on local policy and to generate the encryption and authentication keys to be used by IPsec. IPsec can protect one or more data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

IPv4 -- IP version 4 (common term). Internet Protocol version 4 is the fourth version in the development of IP and the first version of the protocol to be widely deployed. Along with IPv6, IPv4 is at the core of standards-based internetworking methods of the Internet. IPv4 is still used to route most traffic across the Internet. IPv4 is a connectionless protocol for use on packet-switched link layer networks (for example, Ethernet). It operates on a best-effort delivery model in that it does not guarantee delivery and does not assure proper sequencing or avoidance of duplicate delivery.

IPv6 -- IP version 6 (common term). Replacement for the current version of IP (version 4). IPv6 includes support for flow ID in the packet header, which can be used to identify flows. Formerly called IPng (next generation).

IS-IS -- Intermediate System-to-Intermediate System. OSI link-state hierarchical routing protocol based on DECnet Phase V routing, whereby ISs (routers) exchange routing information based on a single metric to determine network topology.

ISAKMP -- Internet Security Association and Key Management Protocol. Internet IPsec protocol that negotiates, establishes, modifies, and deletes security associations. It also exchanges key generation and authentication data (independent of the details of any specific key generation technique), key establishment protocol, encryption algorithm, or authentication mechanism. Defined in RFC 2408.

ISATAP -- Intra-Site Automatic Tunnel Addressing Protocol.

ISDN -- Integrated Services Digital Network. Communication protocol offered by telephone companies that permits telephone networks to carry data, voice, and other source traffic.

ISE -- Cisco Identity Services Engine.

ISL -- Inter-Switch Link. Cisco proprietary protocol that maintains VLAN information as traffic flows between switches and routers.

ISP -- Internet service provider. Company that provides Internet access to other companies and individuals.

ISR -- integrated services router. An ISR specifies the elements to guarantee QoS on networks. For example, an ISR can be used to allow video and sound to reach the receiver without interruption. Every application that requires some kind of guarantee has to make an individual reservation.

L2TP -- Layer 2 Tunneling Protocol. An Internet Engineering Task Force (IETF) standards track protocol defined in RFC 2661 that provides tunneling of PPP. Based on the best features of Layer 2 Forwarding (L2F) Protocol and Point-to-Point Tunneling Protocol (PPTP), L2TP provides an industry-wide, interoperable method of implementing virtual private dialup network (VPDN).

L4TM -- Layer 4 Traffic Monitor.

LAN -- local-area network. High-speed, low-error data network covering a relatively small geographic area (up to a few thousand meters). LANs connect workstations, peripherals, terminals, and other devices in a single building or other geographically limited area. LAN standards specify cabling and signaling at the
physical and data link layers of the OSI model. Ethernet, FDDI, and Token Ring are widely used LAN technologies.

LDAP -- Lightweight Directory Access Protocol. A protocol that provides access for management and browser applications that provide read/write interactive access to the X.500 Directory.

LDAPS -- Lightweight Directory Access Protocol over Secure Sockets Layer/Transport Layer Security.

MAB -- MAC authentication bypass.

MAC -- Media Access Control. The lower of the two sublayers of the data link layer that is defined by the IEEE. The MAC sublayer handles access to shared media, such as whether token passing or contention will be used.

MAC address -- a standardized data link layer address that is required for every port or device that connects to a LAN. Other devices in the network use these addresses to locate specific ports in the network and to create and update routing tables and data structures. A MAC address is 6 bytes long and is controlled by the IEEE. It is also known as a hardware address, MAC layer address, and physical address.

MACsec -- Media Access Control Security. MACsec encryption provides MAC-layer encryption over wired networks using OOB methods for encryption keying.

MAN -- metropolitan-area network.

MD5 -- Message Digest 5. A one-way hashing algorithm that produces a 128-bit hash. Both MD5 and Secure Hash Algorithm (SHA) are variations on MD4 and are designed to strengthen the security of the MD4 hashing algorithm. Cisco uses hashes for authentication within the IPsec framework. Also used for message authentication in SNMP. MD5 verifies the integrity of the communication, authenticates the origin, and checks for timeliness.

MDM -- Mobile Device Management.

MIB -- Management Information Base. A database of network management information that is used and maintained by a network management protocol, such as SNMP or CMIP. The value of an MIB object can be changed or retrieved using SNMP or CMIP commands, usually through a GUI network management system. MIB objects are organized in a tree structure that includes public (standard) and private (proprietary) branches.

MPF -- Modular Policy Framework.

MPLS -- Multiprotocol Label Switching. Switching method that forwards IP traffic using a label. This label instructs the routers and the switches in the network where to forward the packets based on preestablished IP routing information.

MQC -- modular QoS CLI. A command line structure that allows modular configuration of QoS configuration elements to provide independence between classification and policy.

MSTP -- Multiple Spanning Tree Protocol.

MTA -- mail transfer agent.

MTU -- maximum transmission unit. The maximum packet size, in bytes, that a particular interface can handle.

NAD -- network access device.

NAT -- Network Address Translation. A mechanism for reducing the need for globally unique IP addresses. NAT allows an organization with addresses that are not globally unique to connect to the Internet by translating these addresses into globally routable address space. Also known as Network Address Translator.

NAT-T -- NAT Traversal.

NGFW -- Next Generation Firewall.

NGIPS -- next-generation intrusion prevention system.

NOC -- network operations center.

NSA -- U.S. National Security Agency.

NTLM -- NT LAN Manager. Also known as Windows Challenge/Response, NT LAN Manager is the authentication protocol that is used on Windows systems and networks.

NTP -- Network Time Protocol. A protocol that is built on top of UDP that ensures accurate local timekeeping with reference to radio and atomic clocks that are located on the Internet. This protocol is capable of synchronizing distributed clocks within milliseconds over long time periods.

OCSP -- Online Certificate Status Protocol. An Internet protocol used for obtaining the revocation status of an X.509 digital certificate.

OID -- object identifier. Values are defined in specific MIB modules. The Event MIB allows a user or an NMS to watch over specified objects and to set event triggers based on existence, threshold, and boolean tests. An event occurs when a trigger is fired; this means that a specified test on an object returns a value of true. To create a trigger, a user or an NMS configures a trigger entry in the mteTriggerTable of the Event MIB. This trigger entry specifies the OID of the object to be watched. For each trigger entry type, corresponding tables (existence, threshold, and boolean tables) are populated with the information required for carrying out the test. The MIB can be configured so that when triggers are activated (fired) either an SNMP Set is performed, a notification is sent out to the interested host, or both.

OSI -- Open Systems Interconnection. International standardization program created by ISO and ITU-T to develop standards for data networking that facilitate multivendor equipment interoperability.

OSI reference model -- Open Systems Interconnection reference model. Network architectural model developed by ISO and ITU-T. The model consists of seven layers, each of which specifies particular network functions, such as addressing, flow control, error control, encapsulation, and reliable message transfer. The lowest layer (the physical layer) is closest to the media technology. The highest layer (the application layer) is closest to the user. The OSI reference model is used universally as a method for teaching and understanding network functionality. Similar in some respects to SNA.

OSPF -- Open Shortest Path First. Link-state, hierarchical IGP routing algorithm proposed as a successor to RIP in the Internet community. OSPF features include least-cost routing, multipath routing, and load balancing. OSPF was derived from an early version of the IS-IS protocol.

OTP -- one-time password.

PACL -- port access control list.

PAT -- port address translation. Translation method that allows the user to conserve addresses in the global address pool by allowing source ports in TCP connections or UDP conversations to be translated. Different local addresses then map to the same global address, with port translation providing the necessary uniqueness. When translation is required, the new port number is picked out of the same range as the original following the convention of Berkeley Standard Distribution (BSD).

PCI DSS -- Payment Card Industry Data Security Standard.

PDA -- personal digital assistant.

PFS -- perfect forward secrecy.

PGP -- Pretty Good Privacy.

PII -- Personally Identifiable Information.

PKI -- public-key infrastructure. System of CAs (and, optionally, RAs and other supporting servers and agents) that perform some set of certificate management, archive management, key management, and token management functions for a community of users in an application of asymmetric cryptography.

POP -- Post Office Protocol. Protocol that client email applications use to retrieve mail from a mail server.

POP3 -- Post Office Protocol version 3.

POST -- power-on self test. Set of hardware diagnostics that runs on a hardware device when this device is powered on.

PSK -- preshared key. Shared secret key that is used during IKE authentication.

QoS -- quality of service. Measure of performance for a transmission system that reflects its transmission quality and service availability.

RADIUS -- Remote Authentication Dial-In User Service. Database for authenticating modem and ISDN connections and for tracking connection time.

RAT -- Recipient Access Table.

RDP -- Remote Desktop Protocol.

RFC -- Request for Comments. Document series that is used as the primary means for communicating information about the Internet. Some RFCs are designated by the IAB as Internet standards. Most RFCs document protocol specifications, such as Telnet and FTP, but some RFCs are humorous or historical. RFCs are available online from numerous sources.

RIPv2 -- Routing Information Protocol version 2.

ROMMON -- ROM monitor.

RSA -- Acronym stands for Rivest, Shamir, and Adleman, the inventors of the technique. Public-key cryptographic system that can be used for encryption and

RST -- reset. A type of message.

RTP -- Real-Time Transport Protocol. Commonly used with IP networks. RTP is designed to provide end-to-end network transport functions for applications transmitting real-time data, such as audio, video, or simulation data, over multicast or unicast network services. RTP provides such services as payload type identification, sequence numbering, timestamping, and delivery monitoring to real-time applications.

SA -- security association. Instance of security policy and keying material applied to a data flow.

SAID -- security association identifier.

SCP -- Secure Copy Protocol. SCP provides a secure and authenticated method for transferring files.

SEAL -- Software-Optimized Encryption Algorithm.

SGA -- Security Group Access.

SGACL -- security group access control list.

SGFW -- Secure Group Firewall.

SGT -- security group tag.

SHA -- Secure Hash Algorithm.

SHA-1 -- Secure Hash Algorithm 1. Algorithm that takes a message of less than 2^64 bits in length and produces a 160-bit message digest. The large message digest provides security against brute-force collision and inversion attacks. SHA-1 [NIS94c] is a revision to SHA that was published in 1994.

SHA-256 -- Secure Hash Algorithm. SHA-256 is part of the SHA-2 set of cryptographic hash functions.

SIEM -- security information and event management.

SIO -- Cisco Security Intelligence Operations.

SMS -- short message service.

SMTP -- Simple Mail Transfer Protocol. Internet protocol providing email services.

SNMP -- Simple Network Management Protocol. Network management protocol used almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security.

SNMPv3 -- Simple Network Management Protocol Version 3.

SOHO -- small office, home office. Networking solutions and access technologies for offices that are not directly connected to large corporate networks.

SPAN -- Switched Port Analyzer. SPAN is a feature that is available on switches based on Cisco IOS and NX-OS Software that allows traffic received on a port or VLAN
to be copied to another port for analysis. It is also referred to as "port mirroring."

SPI -- stateful packet inspection.

SQL -- Structured Query Language. International standard language for defining and accessing relational databases.

SSH -- Secure Shell Protocol. Protocol that provides a secure remote connection to a route through a TCP application.

SSHv1 -- Secure Shell Protocol version 1.

SSHv2 -- Secure Shell Protocol version 2.

SSID -- Service Set Identifier.

SSL -- Secure Socket Layer. Encryption technology for the Web used to provide secure transactions, such as the transmission of credit card numbers for e-commerce.

STP -- Spanning Tree Protocol. Bridge protocol that uses the spanning-tree algorithm, enabling a learning bridge to dynamically work around loops in a network topology by creating a spanning tree. Bridges exchange BPDU messages with other bridges to detect loops, and then remove the loops by shutting down selected bridge interfaces. Refers to both the IEEE 802.1 Spanning Tree Protocol standard and the earlier Digital Equipment Corporation Spanning Tree Protocol upon which it is based. The IEEE version supports bridge domains and allows the bridge to construct a loop-free topology across an extended LAN. The IEEE version generally is
preferred over the Digital version.

SVI -- switch virtual interface.

SXP -- Security Group Tag Exchange Protocol.

SYN -- synchronization.

SYN-ACK -- synchronization-acknowledgment.

SaaS -- software as a service.

TACACS -- Terminal Access Controller Access Control System. Authentication protocol, developed by the DDN community, that provides remote access authentication and related services, such as event logging. User passwords are administered in a central database rather than in individual routers, providing an easily scalable network security solution.

TACACS+ -- Terminal Access Controller Access Control System Plus. Proprietary Cisco enhancement to TACACS. Provides additional support for authentication, authorization, and accounting.

TCAM -- ternary content-addressable memory.

TCP -- Transmission Control Protocol. Connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack.

TCP/IP -- Transmission Control Protocol/Internet Protocol. Common name for the suite of protocols developed by the U.S. DoD in the 1970s to support the construction of worldwide internetworks. TCP and IP are the two best-known protocols in the suite.

TFTP -- Trivial File Transfer Protocol. Simplified version of FTP that allows files to be transferred from one computer to another over a network, usually without the use of client authentication (for example, username and password).

TLS -- Transport Layer Security. A successor to SSL.

TTL -- Time to Live. A mechanism that limits the lifespan or lifetime of data in a computer or network.

ToS -- type of service.

UDP -- User Datagram Protocol. Connectionless transport layer protocol in the TCP/IP protocol stack. UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery, requiring that error processing and retransmission be handled by other protocols. UDP is defined in RFC 768.

UNIX -- operating system developed in 1969 at Bell Laboratories. UNIX has gone through several iterations since its inception. These include UNIX 4.3 BSD (Berkeley Standard Distribution), developed at the University of California at Berkeley, and UNIX System V, Release 4.0, developed by AT&T.

URL -- uniform resource locator. Type of formatted identifier that describes the access method and the location of an information resource object on the Internet. [RFC 1738]

VACL -- VLAN access control list.

VLAN -- virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

VNC -- Virtual Network Computing.

VPN -- virtual private network. Enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another. A VPN uses tunneling to encrypt all information at the IP level.

VoIP -- Voice over IP. The capability to carry normal telephony-style voice over an IP-based internet with POTS-like functionality, reliability, and voice quality. VoIP enables a router to carry voice traffic (for example, telephone calls and faxes) over an IP network. In VoIP, the DSP segments the voice signal into frames, which then are coupled in groups of two and stored in voice packets. These voice packets are transported using IP in compliance with ITU-T specification H.323. A primary attraction of VoIP is its ability to reduce expenses, because phone calls travel over the data network rather than over the phone company network.

WAN -- wide-area network. Data communications network that serves users across a broad geographic area and often uses transmission devices provided by common carriers. Frame Relay, SMDS, and X.25 are examples of WANs.

WCCP -- Web Cache Communication Protocol. WCCP is a protocol for communication between routers and Web caches. Two versions exist: WCCP Version 1 (WCCPv1) and WCCP Version2 (WCCPv2). The two versions are incompatible. Cisco IOS images can support either of the two versions or both.

WebAuth -- web authentication.

XOR -- exclusive OR.

dACL -- downloadable access control list.

rcp -- remote copy protocol. Protocol that allows users to copy files to and from a file system residing on a remote host or server on the network. The rcp protocol uses TCP to ensure the reliable delivery of data.

syslog -- system logging.

vty -- virtual type terminal. Commonly used as virtual terminal lines.