X Window System
Distributed, network-transparent, device-independent, multitasking windowing and graphics system originally developed by MIT for communication between X terminals and UNIX workstations. See also X terminal.

X.121
ITU-T standard describing an addressing scheme used in X.25 networks. X.121 addresses are sometimes called IDNs.

X.21
ITU-T standard for serial communications over synchronous digital lines. The X.21 protocol is used primarily in Europe and Japan.

X.21bis
ITU-T standard that defines the physical layer protocol for communication between DCE and DTE in an X.25 network. Virtually equivalent to EIA/TIA-232. See also EIA/TIA-232 and X.25.

X.25
ITU-T standard that defines how connections between DTE and DCE are maintained for remote terminal access and computer communications in PDNs. X.25 specifies LAPB, a data link layer protocol, and PLP, a network layer protocol. Frame Relay has to some degree superseded X.25. See also Frame Relay, LAPB, and PLP.

X.400
ITU-T recommendation specifying a standard for e-mail transfer.

X.500
ITU-T recommendation specifying a standard for distributed maintenance of files and directories.

xDSL
Group term used to refer to ADSL, HDSL, SDSL, and VDSL. All are emerging digital technologies using the existing copper infrastructure provided by the telephone companies. xDSL is a high-speed alternative to ISDN.

XML
extensible markup language. A standard maintained by the World Wide Web Consortium (W3C). It defines a syntax that lets you create markup languages to specify information structures. Information structures define the type of information, for example, subscriber name or address, not how the information looks (bold, italic, and so on). External processes can manipulate these information structures and publish them in a variety of formats. Text markup language designed to enable the use of SGML on the World Wide Web. XML allows you to define your own customized markup language.

XOT
X.25 over TCP.

WDM
wavelength division multiplexing. Multiple optical wavelengths can share the same transmission fiber. The spectrum occupied by each channel must be adequately separated from the others.

Web
World Wide Web (also called WWW). A client/server system based on HTML and HTTP.

WFQ
weighted fair queuing. Congestion management algorithm that identifies conversations (in the form of traffic streams), separates packets that belong to each conversation, and ensures that capacity is shared fairly between these individual conversations. WFQ is an automatic way of stabilizing network behavior during congestion and results in increased performance and reduced retransmission.

WIC
WAN interface card. Connects the system to the WAN link service provider. See also WAN.

wireless access protocol
A language used for writing Web pages that uses far less overhead, which makes it more preferable for wireless access to the internet. WAP’s corresponding OS is that created by 3Com in its Palm Pilot. Nokia has recently adopted the Palm OS for its Web-capable cellular phone.

WiFi Protected Access WPA
a specification for a security enhancement to provide confidentiality and integrity for wireless communications; it includes the temporal key implementation protocol (TKIP). WPA is the successor of WEP.

Wired Equivalent Privacy WEP
a cryptographic protocol offering stream cipher encryption with a key length of 128 bits; it is defined within the IEEE 802.11 Wireless LAN specifications

Wireless Fidelity WiFi
a trademark provided by the WiFi Alliance promoting the use of wireless LAN equipment

Wireless LAN WLAN
a network using radio frequencies. The most common standards in use are IEEE 802.11b and 802.11g with up to 11 Mbps respectively 54 Mbps transfer rate utilising the 2,4 GHz frequency band.

worm
A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and can consume computer resources destructively.

WRED
weighted random early detection. Queueing method that ensures that high-precedence traffic has lower loss rates than other traffic during times of congestion.

WWW
World Wide Web. Large network of Internet servers providing hypertext and other services to terminals running client applications, such as a browser. See also browser.

V.25bis
ITU-T specification describing procedures for call setup and tear down over the DTE-DCE interface in a PSDN.

V.32
ITU-T standard serial line protocol for bidirectional data transmissions at speeds of 4.8 or 9.6 kbps. See also V.32bis.

V.32bis
ITU-T standard that extends V.32 to speeds up to 14.4 kbps. See also V.32.

V.34
ITU-T standard that specifies a serial line protocol. V.34 offers improvements to the V.32 standard, including higher transmission rates (28.8 kbps) and enhanced data compression. Compare with V.32.

V.35
ITU-T standard describing a synchronous, physical layer protocol used for communications between a network access device and a packet network. V.35 is most commonly used in the United States and in Europe, and is recommended for speeds up to 48 kbps.

V.42
ITU-T standard protocol for error correction using LAPM. See also LAPM.

VAD
voice activity detection. When enabled on a voice port or a dial peer, silence is not transmitted over the network, only audible speech. When VAD is enabled, the sound quality is slightly degraded but the connection monopolizes much less bandwidth.

VCI
virtual channel identifier. 16-bit field in the header of an ATMcell. The VCI, together with the VPI, is used to identify the next destination of a cell as it passes through a series of ATM switches on its way to its destination. ATM switches use the VPI/VCI fields to identify the next network VCL that a cell needs to transit on its way to its final destination. The function of the VCI is similar to that of the DLCI in Frame Relay. Compare with DLCI. See also VCL and VPI.

VDSL
very-high-data-rate digital subscriber line. One of four DSL technologies. VDSL delivers 13 to 52 Mbps downstream and 1.5 to 2.3 Mbps upstream over a single twisted copper pair. The operating range of VDSL is limited to 1,000 to 4,500 feet
(304.8 to 1,372 meters). Compare with ADSL, HDSL, and SDSL.

virtual circuit
Logical circuit created to ensure reliable communication between two network devices. A virtual circuit is defined by a VPI/VCI pair, and can be either permanent (PVC) or switched (SVC). Virtual circuits are used in Frame Relay and X.25. In ATM, a virtual circuit is called a virtual channel. Sometimes abbreviated VC. See also
PVC, SVC, VCD, virtual route, and VPI.

virtual connection
In ATM, a connection between end users that has a defined route and endpoints. See also PVC and SVC.

virus
Hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting—that is, inserting a copy of itself into and becoming part of—another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.

VLAN
virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

VLSM
variable-length subnet mask. Capability to specify a different subnet mask for the same network number on different subnets. VLSM can help optimize available address space.

VoD
video on demand. System using video compression to supply video programs to viewers when requested via broadband connections.

VoIP
Voice over IP. The capability to carry normal telephony-style voice over an IP-based internet with POTS-like functionality, reliability, and voice quality. VoIP enables a router to carry voice traffic (for example, telephone calls and faxes) over an IP network. In VoIP, the DSP segments the voice signal into frames, which then are coupled in groups of two and stored in voice packets. These voice packets are transported using IP in compliance with ITU-T specification H.323.

VoIP dial peer
Dial peer connected via a packet network; in the case of Voice over IP, this is an IP network. VoIP peers point to specific VoIP devices.

VPDN
virtual private dial-up network. Also known as virtual private dial network. A VPDN is a network that extends remote access to a private network using a shared infrastructure. VPDNs use Layer 2 tunnel technologies (L2F, L2TP, and PPTP) to extend the Layer 2 and higher parts of the network connection from a remote user
across an ISP network to a private network. VPDNs are a cost effective method of establishing a long distance, point-to-point connection between remote dial users and a private network. See also VPN.

VPI
virtual path identifier. 8-bit field in the header of an ATMcell. The VPI, together with the VCI, identifies the next destination of a cell as it passes through a series of ATM switches on its way to its destination. ATM switches use the VPI/VCI fields to identify the next VCL that a cell needs to transit on its way to its final destination. The function of the VPI is similar to that of the DLCI in Frame Relay. Compare with DLCI. See also VCD and VCL.

VPN
Virtual Private Network. Enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another. A VPN uses“tunneling” to encrypt all information at the IP level.

VRF
A VPN routing/forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE router.

UDP
User Datagram Protocol. Connectionless transport layer protocol in the TCP/IP protocol stack. UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery, requiring that error processing and retransmission be handled by other protocols. UDP is defined in RFC 768.

U-law
Companding technique commonly used in North America. U-law is standardized as a 64-kbps CODEC in ITU-T G.711.

UMTS
Universal Mobile Telephone Service. A 3G mobile wireless telecommunications system whose standards are being developed by the Third Generation Partnership Project (3GPP).

unicast
Message sent to a single network destination. Compare with broadcast and multicast.

unicast address
Address specifying a single network device. Compare with broadcast address and multicast address. See also unicast.

Unicast RPF
Unicast Reverse Path Forwarding is an input function and is applied only on the input interface of a router at the upstream end of a connection.

URI
uniform resource identifier. Type of formatted identifier that encapsulates the name of an Internet object, and labels it with an identification of the name space, thus producing a member of the universal set of names in registered name spaces and of
addresses referring to registered protocols or name spaces. [RFC 1630]

URL
uniform resource locator. Type of formatted identifier that describes the access method and the location of an information resource object on the Internet. [RFC 1738] See also browser.

UTP
unshielded twisted-pair. Four-pair wire medium used in a variety of networks. UTP does not require the fixed spacing between connections that is necessary with coaxial-type connections. Five types of UTP cabling are commonly used: Category 1 cabling, Category 2 cabling, Category 3 cabling, Category 4 cabling, and Category 5 cabling. Compare with STP. See also EIA/TIA-586 and twisted pair.

T.30
Describes the overall procedure for establishing and managing communication between two fax machines.

T.38
Defines procedures for real-time Group 3 facsimile communication over IP networks.

T1
Digital WAN carrier facility. T1 transmits DS-1–formatted data at 1.544 Mbps through the telephone-switching network, using AMI or B8ZS coding. Compare with E1. See also AMI, B8ZS, and DS-1.

T3
Digital WAN carrier facility. T3 transmits DS-3-formatted data at 44.736 Mbps through the telephone switching network. Compare with E3. See also DS-3.

TACACS
Terminal Access Controller Access Control System. Authentication protocol, developed by the DDN community, that provides remote access authentication and related services, such as event logging. User passwords are administered in a central database rather than in individual routers, providing an easily scalable network
security solution

tag switching
High-performance, packet-forwarding technology that integrates network layer (Layer 3) routing and data link layer (Layer 2) switching and provides scalable, high-speed switching in the network core. Tag switching is based on the concept of label swapping, in which packets or cells are assigned short, fixed-length labels that tell switching nodes how data should be forwarded.

TCP
Transmission Control Protocol. Connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack. See also TCP/IP.

TCP/IP
Transmission Control Protocol/Internet Protocol. Common name for the suite of protocols developed by the U.S. DoD in the 1970s to support the construction of worldwide internetworks. TCP and IP are the two best-known protocols in the suite.

TDM
time-division multiplexing. Technique in which information from multiple channels can be allocated bandwidth on a single wire based on preassigned time slots. Bandwidth is allocated to each channel regardless of whether the station has data to transmit.

TDMA
time division multiplex access. Type of multiplexing where two or more channels of information are transmitted over the same link by allocating a different time interval (“slot” or “slice”) for the transmission of each channel, that is, the channels take turns to use the link. Some kind of periodic synchronizing signal or distinguishing identifier usually is required so that the receiver can tell which channel is which. See also TDM.

TE
terminal equipment. Any ISDN-compatible device that can be attached to the network, such as a telephone, a fax, or a computer.

Telnet
Standard terminal emulation protocol in the TCP/IP protocol stack. Telnet is used for remote terminal connection, enabling users to log in to remote systems and use resources as if they were connected to a local system. Telnet is defined in RFC 854.

terminal server
Communications processor that connects asynchronous devices, such as terminals, printers, hosts, and modems, to any LAN or WAN that uses TCP/IP, X.25, or LAT protocols. Terminal servers provide the internetwork intelligence that is not available
in the connected devices.

TFTP
Trivial File Transfer Protocol. Simplified version of FTP that allows files to be transferred from one computer to another over a network, usually without the use of client authentication (for example, username and password).

traceroute
Program available on many systems that traces the path a packet takes to a destination. It is used mostly to debug routing problems between hosts. A traceroute protocol is also defined in RFC 1393.

traffic engineering
Techniques and processes that cause routed traffic to travel through the network on a path other than the one that would have been chosen if standard routing methods were used.

traffic engineering tunnel
A label-switched tunnel that is used for traffic engineering. Such a tunnel is set up through means other than normal Layer 3 routing; it is used to direct traffic over a path different from the one that Layer 3 routing could cause the tunnel to take.

transform
The list of operations done on a dataflow to provide data authentication, data confidentiality, and data compression. For example, one transform is the ESP protocol with the HMAC-MD5 authentication algorithm; another transform is the AH protocol with the 56-bit DES encryption algorithm and the ESP protocol with the
HMAC-SHA authentication algorithm.

Transport Layer Security Protocol
TLS
the successor of SSL is an official Internet Protocol (RFC 2246)

trap
Message sent by an SNMP agent to an NMS, a console, or a terminal to indicate the occurrence of a significant event, such as a specifically defined condition or a threshold that was reached.

Trojan horse
Computer program that appears to have a useful function but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

trunk
1. Physical and logical connection between two switches across which network traffic travels. A backbone is composed of a number of trunks.
2. In telephony, a phone line between two COs or between a CO and a PBX.

trusted certificate
Certificate upon which a certificate user relies as being valid without the need for validation testing; especially a public-key certificate that is used to provide the first public key in a certification path.

trusted key
Public key upon which a user relies; especially a public key that can be used as the first public key in a certification path.

tunnel
Secure communication path between two peers, such as two routers.

tunneling
Architecture that is designed to provide the services necessary to implement any standard point-to-point encapsulation scheme. See also encapsulation.

twisted pair
Relatively low-speed transmission medium consisting of two insulated wires arranged in a regular spiral pattern. The wires can be shielded or unshielded. Twisted pair is common in telephony applications and is increasingly common in data networks. See also STP and UTP.

SAP
1. service access point. Field defined by the IEEE 802.2 specification that is part of an address specification. Thus, the destination plus the DSAP define the recipient of a packet. The same applies to the SSAP. See also DSAP and SSAP.
2. Service Advertising Protocol. IPX protocol that provides a means of informing network clients, via routers and servers, of available network resources and services. See also IPX.

scan
Scan is a nonintrusive analysis technique that identifies the open ports found on each live network device and collects the associated port banners found as each port is scanned. Each port banner is compared against a table of rules to identify the network device, its operating system, and all potential vulnerabilities.

SDH
Synchronous Digital Hierarchy. European standard that defines a set of rate and format standards that are transmitted using optical signals over fiber. SDH is similar to SONET, with a basic SDH rate of 155.52 Mbps, designated at STM-1. See also SONET and STM-1.

SDLC
Synchronous Data Link Control. SNA data link layer communications protocol. SDLC is a bit-oriented, full-duplex serial protocol that has spawned numerous similar protocols, including HDLC and LAPB. See also HDLC and LAPB.

SDP
1. Session Definition Protocol. An IETF protocol for the definition of Multimedia Services. SDP messages can be part of SGCP and MGCP messages.
2. Session Data Protocol. SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation. [RFC 2327]

SDSL
single-line digital subscriber line. One of four DSL technologies. SDSL delivers 1.544 Mbps both downstream and upstream over a single copper twisted pair. The use of a single twisted pair limits the operating range of SDSL to 10,000 feet (3048.8 meters). Compare with ADSL, HDSL, and VDSL.

Secure Shell Protocol
Protocol that provides a secure remote connection to a router through a Transmission Control Protocol (TCP) application.

security association
An instance of security policy and keying material applied to a data flow. Both IKE and IPSec use SAs, although SAs are independent of one another. IPSec SAs are unidirectional and are unique in each security protocol. An IKE SA is used by IKE only, and unlike the IPSec SA, it is bidirectional. IKE negotiates and establishes SAs on behalf of IPSec. A user also can establish IPSec SAs manually. A set of SAs are needed for a protected data pipe, one per direction per protocol. For example, if you have a pipe that supports ESP between peers, one ESP SA is required for each direction. SAs are identified uniquely by destination (IPSec endpoint) address, security protocol (AH or ESP), and security parameter index (SPI).

security management
One of five categories of network management defined by ISO for the management of OSI networks. Security management subsystems are responsible for controlling access to network resources. See also accounting management, configuration
management, fault management, and performance management.

security parameter index
See SPI. This is a number that, together with a destination IP address and a security protocol, uniquely identifies a particular security association. When using IKE to establish the security associations, the SPI for each security association is a pseudo-randomly derived number. Without IKE, the SPI is specified manually for each security association.

segment
1. Section of a network that is bounded by bridges, routers, or switches.
2. In a LAN using a bus topology, a segment is a continuous electrical circuit that often is connected to other such segments with repeaters.
3. Term used in the TCP specification to describe a single transport layer unit of information. The terms datagram, frame, message, and packet also are used to describe logical information groupings at various layers of the OSI reference model and in various technology circles.

server
Node or software program that provides services to clients.

service class
Collection of service types required for a specific service offered. Each service class includes the attributes and values that define the type or quality of service associated with a given class. For example, data connectivity is a service class you might define that includes the service type data-bandwidth.

session
Related set of communications transactions between two or more network devices.

SHA-1
Secure Hash Algorithm 1. Algorithm that takes a message of less than 264 bits in length and produces a 160-bit message digest. The large message digest provides security against brute-force collision and inversion attacks. SHA-1 [NIS94c] is a revision to SHA that was published in 1994.

shortest-path routing
Routing that minimizes distance or path cost through the application of an algorithm

signaling
1. Process of sending a transmission signal over a physical medium for the purposes of communication.
2. In telephony, a term that refers to sending call information across a telephone connection. This information can be transmitted by many techniques, such as opening and closing a loop to stop and start the flow of DC loop current (used to indicate on-hook and off-hook state and to transmit dial-pulsing of digits), sending of ringing voltage to alert the other side of an incoming call, sending digit information in the form of DTMF or MF tones, or sending call state information on a DS0 timeslot by using robbed-bits.

simplex
Capability for transmission in only one direction between a sending station and a receiving station. Broadcast television is an example of a simplex technology. Compare with full duplex and half duplex.

single-mode fiber
Fiber-optic cabling with a narrow core that allows light to enter only at a single angle. Such cabling has higher bandwidth than multimode fiber, but requires a light source with a narrow spectral width (for example, a laser). Also called monomode fiber. See
also multimode fiber.

SIP
session initiation protocol. Protocol developed by the IETF MMUSIC Working Group as an alternative to H.323. SIP features are compliant with IETF RFC 2543, published in March 1999. SIP equips platforms to signal the setup of voice and multimedia calls over IP networks.

sliding window flow control
Method of flow control in which a receiver gives the transmitter permission to transmit data until a window is full. When the window is full, the transmitter must stop transmitting until the receiver advertises a larger window. TCP, other transport protocols, and several data link layer protocols use this method of flow control.

SLIP
Serial Line Internet Protocol. Standard protocol for point-to-point serial connections using a variation of TCP/IP. Predecessor of PPP. See also CSI and PPP.

SM fiber
single-mode fiber. Fiber with a relatively low diameter through which only one mode can propagate.

SMTP
Simple Mail Transfer Protocol. Internet protocol providing e-mail services.

SNA
Systems Network Architecture. Large, complex, feature-rich network architecture developed in the 1970s by IBM. Similar in some respects to the OSI reference model but with a number of differences. SNA essentially is composed of seven layers. See
also data flow control layer, data-link control layer, path control layer, physicalcontrol layer, presentation services layer, transaction services layer, and transmission control layer.

SNAP
Subnetwork Access Protocol. Internet protocol that operates between a network entity in the subnetwork and a network entity in the end system. SNAP specifies a standard method of encapsulating IP datagrams and ARP messages on IEEE networks. The SNAP entity in the end system makes use of the services of the subnetwork and performs three key functions: data transfer, connection management, and QoS selection.

SNMP
Simple Network Management Protocol. Network management protocol used almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security. See also SGMP and SNMP2.

SNMP communities
Authentication scheme that enables an intelligent network device to validate SNMP requests.

SNMP2
SNMP Version 2. Version 2 of the popular network management protocol. SNMP2 supports centralized as well as distributed network management strategies, and includes improvements in the SMI, protocol operations, management architecture,
and security. See also SNMP.

SOHO
small office, home office. Networking solutions and access technologies for offices that are not directly connected to large corporate networks.

SONET
Synchronous Optical Network. A standard format for transporting a wide range of digital telecommunications services over optical fiber. SONET is characterized by standard line rates, optical interfaces, and signal formats. High-speed (up to 2.5 Gbps) synchronous network specification developed by Bellcore and designed to run on optical fiber. STS-1 is the basic building block of SONET. Approved as an international standard in 1988. See also SDH, STS-1, and STS-3c.

source address
Address of a network device that is sending data. See also destination address.

spam
Term used to describe unsolicited e-mail or newsgroup posts, often in the form of commercial announcements. The act of sending a spam is called, naturally, spamming.

SPAN
Switched Port Analyzer. A port on an Ethernet switch used to monitor traffic.

spanning tree
Loop-free subset of a network topology. See also spanning-tree algorithm and Spanning-Tree Protocol.

spanning-tree algorithm
Algorithm used by the Spanning-Tree Protocol to create a spanning tree. Sometimes abbreviated as STA. See also spanning tree and Spanning-Tree Protocol.

SPF
shortest path first algorithm. Routing algorithm that iterates on length of path to determine a shortest-path spanning tree. Commonly used in link-state routing algorithms. Sometimes called Dijkstra’s algorithm. See also link-state routing algorithm.

SPI
security parameter index. This is a number that, together with a destination IP address and security protocol, uniquely identifies a particular security association. When using IKE to establish the security associations, the SPI for each security association
is a pseudo-randomly derived number.Without IKE, the SPI is manually specified for each security association.

SPID
service profile identifier. Number that some service providers use to define the services to which an ISDN device subscribes. The ISDN device uses the SPID when accessing the switch that initializes the connection to a service provider.

split-horizon updates
Routing technique in which information about routes is prevented from exiting the router interface through which that information was received. Split-horizon updates are useful in preventing routing loops.

spoofing
1. Scheme used by routers to cause a host to treat an interface as if it were up and supporting a session. The router spoofs replies to keepalive messages from the host in order to convince that host that the session still exists. Spoofing is useful in routing environments, such as DDR, in which a circuit-switched link is taken down when there is no traffic to be sent across it in order to save toll charges. See also DDR.
2. The act of a packet illegally claiming to be from an address from which it was not actually sent. Spoofing is designed to foil network security mechanisms, such as filters and access lists.

spooler
Application that manages requests or jobs submitted to it for execution. Spoolers process the submitted requests in an orderly fashion from a queue. A print spooler is a common example of a spooler.

SPX
Sequenced Packet Exchange. Reliable, connection-oriented protocol that supplements the datagram service provided by network layer (Layer 3) protocols. Novell derived this commonly used NetWare transport protocol from the SPP of the XNS protocol suite.

SQL
Structured Query Language. International standard language for defining and accessing relational databases.

SS7
Signaling System 7. Standard CCS system used with BISDN and ISDN. Developed by Bellcore. See also CCS.

SSG
Service Selection Gateway. Gateway that offers service providers a means for menu-based service selection. End users can select services from the Dashboard menu, and the Cisco SSG can set up and tear down proxy and passthrough network connections based on a selection of a user. The Cisco SSG accounts for the services
selected so that service providers can bill for individual services.

Secure Shell
SSH
a protocol that provides secure remote login utilising an insecure network. SSH is proprietary but will become an IETF standard in the near future. SSH was originally developed by SSH Communications Security.

SSL
Secure Socket Layer. Encryption technology for the Web used to provide secure transactions, such as the transmission of credit card numbers for e-commerce.

SSM
Source Specific Multicast. A datagram delivery model that best supports one-to-many applications, also known as broadcast applications. SSM is the core networking technology for the Cisco implementation of the IP Multicast Lite suite of solutions targeted for audio and video broadcast application environments.

standard
Set of rules or procedures that are either widely used or officially specified.

static route
Route that is explicitly configured and entered into the routing table. Static routes take precedence over routes chosen by dynamic routing protocols.

STM-1
Synchronous Transport Module level 1. One of a number of SDH formats that specifies the frame structure for the 155.52-Mbps lines used to carry ATM cells. See also SDH.

store and forward
Function whereby a message is transmitted to some intermediate relay point and temporarily stored before forwarding to the next relay point.

store and forward packet switching
Packet-switching technique in which frames are completely processed before being forwarded out the appropriate port. This processing includes calculating the CRC and checking the destination address. In addition, frames must be stored temporarily until network resources (such as an unused link) are available to forward the message. Contrast with cut-through packet switching.

STP
1. shielded twisted-pair. Two-pair wiring medium used in a variety of network implementations. STP cabling has a layer of shielded insulation to reduce EMI. Compare with UTP. See also twisted pair.
2. Spanning-Tree Protocol. Bridge protocol that uses the spanning-tree algorithm, enabling a learning bridge to dynamically work around loops in a network topology by creating a spanning tree. Bridges exchange BPDU messages with other bridges to
detect loops, and then remove the loops by shutting down selected bridge interfaces. Refers to both the IEEE 802.1 Spanning-Tree Protocol standard and the earlier Digital Equipment Corporation Spanning-Tree Protocol upon which it is based. The IEEE version supports bridge domains and allows the bridge to construct a loop-free topology across an extended LAN. The IEEE version generally is preferred over the Digital version. Sometimes abbreviated as STP. See also Bpdu, learning bridge, MAC address learning, spanning tree, and spanning-tree algorithm.
3. signal transfer point. Element of an SS7-based Intelligent Network that performs routing of the SS7 signaling.

Stratum
Hierarchical clock reference in the PSTN network, where 1 represents the highest possible quality of clocking.

Stratum 3
Precision timing reference that provides a free-run accuracy of plus or minus 4.6 parts per million (PPM), pull-in capability of 4.6 PPM, and holdover stability of fewer than 255 slips during first day. Thorough descriptions can be found in ANSI T1.101-1994 and the Bellcore document GR-1244-CORE.

STS-1
Synchronous Transport Signal level 1. Basic building block signal of SONET, operating at 51.84 Mbps. Faster SONET rates are defined as STS-n, where n is a multiple of 51.84 Mbps. See also SONET.

STS-3c
Synchronous Transport Signal level 3, concatenated. SONET format that specifies the frame structure for the 155.52-Mbps lines used to carry ATM cells. See also SONET.

stub area
OSPF area that carries a default route, intra-area routes, and interarea routes, but does not carry external routes. Virtual links cannot be configured across a stub area, and they cannot contain an ASBR. Compare with nonstub area. See also ASAM and
OSPF.

stub network
Network that has only a single connection to a router.

subinterface
One of a number of virtual interfaces on a single physical interface.

subnet address
Portion of an IP address that is specified as the subnetwork by the subnet mask. See also IP address, subnet mask, and subnetwork.

subnet mask
32-bit address mask used in IP to indicate the bits of an IP address that are being used for the subnet address. Sometimes referred to simply as mask. See also address mask
and IP address.

subnetwork
1. In IP networks, a network sharing a particular subnet address. Subnetworks are networks arbitrarily segmented by a network administrator in order to provide a multilevel, hierarchical routing structure while shielding the subnetwork from the addressing complexity of attached networks. Sometimes called a subnet. See also IPaddress, subnet address, and subnet mask.
2. In OSI networks, a collection of ESs and ISs under the control of a single administrative domain and using a single network access protocol.

supernet
Aggregation of IP network addresses advertised as a single classless network address. For example, given four Class C IP networks—192.0.8.0, 192.0.9.0, 192.0.10.0, and 192.0.11.0—each having the intrinsic network mask of 255.255.255.0, one can advertise the address 192.0.8.0 with a subnet mask of 255.255.252.0.

SVC
switched virtual circuit. Virtual circuit that is dynamically established on demand and is torn down when transmission is complete. SVCs are used in situations where data transmission is sporadic. See also virtual circuit. Called a switched virtual connection in ATM terminology. Compare with PVC.

switch
Network device that filters, forwards, and floods frames based on the destination address of each frame. The switch operates at the data link layer of the OSI model.

Switching
Process of taking an incoming frame from one interface and delivering it through another interface. Routers use Layer 3 switching to route a packet, and Layer 2 switches use Layer 2 switching to forward frames. See also Layer 2 switching and
Layer 3 switching.

symmetric cryptography
Branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification).

symmetric key
Cryptographic key that is used in a symmetric cryptographic algorithm.

SYN flood
Denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.

RADIUS
Remote Authentication Dial-In User Service. Database for authenticating modem and ISDN connections and for tracking connection time.

random early detection
Congestion avoidance algorithm in which a small percentage of packets are dropped when congestion is detected and before the queue in question overflows completely.

RARP
Reverse Address Resolution Protocol. Protocol in the TCP/IP stack that provides a method for finding IP addresses based on MAC addresses. Compare with ARP.

RAS
1. Registration, Admission, and Status Protocol. Protocol that is used between endpoints and the gatekeeper to perform management functions. RAS signalling function performs registration, admissions, bandwidth changes, status, and disengage procedures between the VoIP gateway and the gatekeeper.
2. remote access server.

reassembly
The putting back together of an IP datagram at the destination after it has been fragmented either at the source or at an intermediate node. See also fragmentation.

redirect
Part of the ICMP and ES-IS protocols that allows a router to tell a host that using another router would be more effective.

redistribution
Allowing routing information discovered through one routing protocol to be distributed in the update messages of another routing protocol. Sometimes called route redistribution.

redundancy
In internetworking, the duplication of devices, services, or connections so that, in the event of a failure, the redundant devices, services, or connections can perform the work of those that failed. See also redundant system.

redundant system
Computer, router, switch, or other system that contains two or more of each of the most important subsystems, such as two disk drives, two CPUs, or two power supplies.

rendezvous point
Router specified in PIM sparse mode implementations to track membership in multicast groups and to forward messages to known multicast group addresses. See also PIM sparse mode.

repeater
Device that regenerates and propagates electrical signals between two network segments. See also segment.

replay attack
Attack in which a valid data transmission is maliciously or fraudulently repeated, either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack.

replication
Process of keeping a copy of data, either through shadowing or caching. See also caching and shadowing.

repudiation
Denial by a system entity that was involved in an association (especially an association that transfers information) of having participated in the relationship.

RFC
Request For Comments. Document series used as the primary means for communicating information about the Internet. Some RFCs are designated by the IAB as Internet standards. Most RFCs document protocol specifications, such as Telnet and
FTP, but some are humorous or historical. RFCs are available online from numerous sources.

RFP
request for proposal.

RIP
Routing Information Protocol. IGP supplied with UNIX BSD systems. The most common IGP in the Internet. RIP uses hop count as a routing metric. See also hop count, IGP, and OSPF.

RISC
reduced instruction set computing.

risk assessment
Process that systematically identifies valuable system resources and threats to those resources, quantifies loss exposures (that is, loss potential) based on estimated frequencies and costs of occurrence, and (optionally) recommends how to allocate
resources to countermeasures so as to minimize total exposure.

risk management
Process of identifying, controlling, and eliminating or minimizing uncertain events that might affect system resources.

RJ connector
registered jack connector. Standard connectors originally used to connect telephone lines. RJ connectors are now used for telephone connections and for 10BaseT and other types of network connections. RJ-11, RJ-12, and RJ-45 are popular types of RJ connectors.

rlogin
remote login. Terminal emulation program, similar to Telnet, offered in most UNIX implementations.

RMON
remote monitoring. MIB agent specification described in RFC 1271 that defines functions for the remote monitoring of networked devices. The RMON specification provides numerous monitoring, problem detection, and reporting capabilities.

root account
Privileged account on UNIX systems used exclusively by network or system administrators.

root bridge
Exchanges topology information with designated bridges in a spanning-tree implementation to notify all other bridges in the network when topology changes are required. This prevents loops and provides a measure of defense against link failure.

root CA
Ultimate CA, which signs the certificates of the subordinate CAs. The root CA has a self-signed certificate that contains its own public key.

root certificate
Certificate for which the subject is a root. Hierarchical PKI usage: The self-signed public-key certificate at the top of a certification hierarchy.

root key
Public key for which the matching private key is held by a root.

route
Path through an internetwork.

route distinguisher
An 8-byte value that is concatenated with an IPv4 prefix to create a unique VPN IPv4 prefix. This is used in MPLS networks.

route map
Method of controlling the redistribution of routes between routing domains.

route summarization
Consolidation of advertised addresses in OSPF and IS-IS. In OSPF, this causes a single summary route to be advertised to other areas by an area border router.

routed protocol
Protocol that can be routed by a router. A router must be able to interpret the logical internetwork as specified by that routed protocol. Examples of routed protocols include AppleTalk, DECnet, and IP.

router
Network layer device that uses one or more metrics to determine the optimal path along which network traffic should be forwarded. Routers forward packets from one network to another based on network layer information. Occasionally called a gateway (although this definition of gateway is becoming increasingly outdated). Compare with gateway. See also relay.

routing
Process of finding a path to a destination host. Routing is very complex in large networks because of the many potential intermediate destinations a packet might traverse before reaching its destination host.

routing domain
Group of end systems and intermediate systems operating under the same set of administrative rules. Within each routing domain is one or more areas, each uniquely identified by an area address.

routing metric
Method by which a routing algorithm determines that one route is better than another. This information is stored in routing tables. Metrics include bandwidth, communication cost, delay, hop count, load, MTU, path cost, and reliability. Sometimes referred to simply as a metric. See also cost.

routing protocol
Protocol that accomplishes routing through the implementation of a specific routing algorithm. Examples of routing protocols include IGRP, OSPF, and RIP.

routing table
Table stored in a router or some other internetworking device that keeps track of routes to particular network destinations and, in some cases, metrics associated with those routes.

routing update
Message sent from a router to indicate network reachability and associated cost information. Routing updates typically are sent at regular intervals and after a change in network topology.

RPC
remote-procedure call. Technological foundation of client/server computing. RPCs are procedure calls that are built or specified by clients and are executed on servers, with the results returned over the network to the clients. See also client/server computing.

RPF
Reverse Path Forwarding. Multicasting technique in which a multicast datagram is forwarded out of all but the receiving interface if the receiving interface is the one used to forward unicast datagrams to the source of the multicast datagram.

RS-232
Popular physical layer interface. Now known as EIA/TIA-232. See also EIA/TIA-232.

RS-422
Balanced electrical implementation of EIA/TIA-449 for high-speed data transmission. Now referred to collectively with RS-423 as EIA-530. See also EIA-530 and RS-423.

RS-423
Unbalanced electrical implementation of EIA/TIA-449 for EIA/TIA-232 compatibility. Now referred to collectively with RS-422 as EIA-530. See also EIA-530 and RS-422.

RS-449
Popular physical layer interface. Now known as EIA/TIA-449. See also EIA/TIA-449.

RSA
Acronym stands for Rivest, Shamir, and Adelman, the inventors of the technique. Public-key cryptographic system that can be used for encryption and authentication.

rsh
remote shell protocol. Protocol that allows a user to execute commands on a remote system without having to log in to the system. For example, rsh can be used to remotely examine the status of a number of access servers without connecting to each
communication server, executing the command, and then disconnecting from the communication server.

RSVP
Resource Reservation Protocol. Protocol that supports the reservation of resources across an IP network. Applications running on IP end systems can use RSVP to indicate to other nodes the nature (bandwidth, jitter, maximum burst, and so on) of
the packet streams they want to receive. RSVP depends on IPv6. Also known as Resource Reservation Setup Protocol. See also IPv6.

RTCP
RTP Control Protocol. Protocol that monitors the QOS of an IPv6 RTP connection and conveys information about the on-going session. See also RTP (Real-TimeTransport Protocol).

RTP
Real-Time Transport Protocol. Commonly used with IP networks. RTP is designed to provide end-to-end network transport functions for applications transmitting real-time data, such as audio, video, or simulation data, over multicast or unicast network services. RTP provides such services as payload type identification, sequence numbering, timestamping, and delivery monitoring to real-time applications.

RTSP
Real Time Streaming Protocol. Enables the controlled delivery of real-time data, such as audio and video. Sources of data can include both live data feeds, such as live audio and video, and stored content, such as pre-recorded events. RTSP is designed to work with established protocols, such as RTP and HTTP.

RTT
round-trip time. Time required for a network communication to travel from the source to the destination and back. RTT includes the time required for the destination to process the message from the source and to generate a reply. RTT is used by some routing algorithms to aid in calculating optimal routes.

Q.920/Q.921
ITU-T specifications for the ISDN UNI data link layer. See also UNI

Q.922A
ITU-T specification for Frame Relay encapsulation.

Q.931
ITU-T specification for signaling to establish, maintain, and clear ISDN network connections. See also Q.93B.

Q.93B
ITU-T specification for signaling to establish, maintain, and clear BISDN network connections. An evolution of ITU-T recommendation Q.931. See also Q.931.

QoS
quality of service. Measure of performance for a transmission system that reflects its transmission quality and service availability.

QSIG
Q (point of the ISDN model) Signaling. Signaling standard. Common channel signaling protocol based on ISDN Q.931 standards and used by many digital PBXs.

query
Message used to inquire about the value of some variable or set of variables.

queue
1. Generally, an ordered list of elements waiting to be processed.
2. In routing, a backlog of packets waiting to be forwarded over a router interface.

queuing delay
Amount of time that data must wait before it can be transmitted onto a statistically multiplexed physical circuit.

p2p
point-to-point. Communication between one receiver and one location. P2p has a higher bandwidth than p2mp for reasons including that it has less overhead to manage the data paths and there is only one receiver per transmitter. Cisco offers MMDS,
U-NII, and LMDS systems in p2p.

PABX
private automatic branch exchange. Telephone switch for use inside a corporation. PABX is the preferred term in Europe, whereas PBX is used in the United States.

packet
Logical grouping of information that includes a header containing control information and (usually) user data. Packets most often are used to refer to network layer units of data. The terms datagram, frame, message, and segment also are used to describe logical information groupings at various layers of the OSI reference model and in various technology circles

packet switching
Networking method in which nodes share bandwidth with each other by sending packets. Compare with circuit switching.

PSDN
packet-switched data network

PAP
Password Authentication Protocol. Authentication protocol that allows PPP peers to authenticate one another. The remote router attempting to connect to the local router is required to send an authentication request. Unlike CHAP, PAP passes the password and the host name or username in the clear (unencrypted). PAP does not itself prevent unauthorized access but merely identifies the remote end. The router or access server then determines whether that user is allowed access. PAP is supported only on PPP lines. Compare with CHAP.

password
Secret data value, usually a character string, that is used as authentication information.

password sniffing
Passive wiretapping, usually on a local-area network, to gain knowledge of passwords.

payload
Portion of a cell, frame, or packet that contains upper-layer information (data).

PCM
pulse code modulation. Technique of encoding analog voice into a 64-kbit data stream by sampling with eight-bit resolution at a rate of 8000 times per second.

PDP context
packet data protocol. Network protocol used by external packet data networks that communicate with a GPRS network. IP is an example of a PDP supported by GPRS. Refers to a set of information (such as a charging ID) that describes a mobile wireless service call or session, which is used by mobile stations and GSNs in a GPRS network to identify the session.

peer
Router or device that participates as an endpoint in IPSec and IKE.

penetration
Successful, repeatable, unauthorized access to a protected system resource.

PFS
perfect forward secrecy. Cryptographic characteristic associated with a derived shared secret value. With PFS, if one key is compromised, previous and subsequent keys are not compromised because subsequent keys are not derived from previous keys.

PGP
Pretty Good Privacy. Public-key encryption application that allows secure file and message exchanges. There is some controversy over the development and the use of this application, in part due to U.S. national security concerns.

physical address
See MAC address.

piggyback attack
Form of active wiretapping in which the attacker gains access to a system via intervals of inactivity in another user’s legitimate communication connection. Sometimes called a “between-the-lines” attack.

PIM
Protocol Independent Multicast. Multicast routing architecture that allows the addition of IP multicast routing on existing IP networks. PIM is unicast routing protocol independent and can be operated in two modes: dense and sparse. See also PIM dense mode and PIM sparse mode.

PIM dense mode
One of the two PIM operational modes. PIM dense mode is data-driven and resembles typical multicast routing protocols. Packets are forwarded on all outgoing interfaces until pruning and truncation occurs. In dense mode, receivers are densely populated, and it is assumed that the downstream networks want to receive and will probably use the datagrams that are forwarded to them. The cost of using dense mode is its default flooding behavior. Sometimes called dense mode PIM or PIM DM. Contrast with PIM sparse mode. See also PIM.

PIM sparse mode
One of the two PIM operational modes. PIM sparse mode tries to constrain data distribution so that a minimal number of routers in the network receive it. Packets are sent only if they are explicitly requested at the RP (rendezvous point). In sparse mode, receivers are widely distributed, and the assumption is that downstream networks will not necessarily use the datagrams that are sent to them. The cost of using sparse mode is its reliance on the periodic refreshing of explicit join messages and its need for RPs. Sometimes called sparse mode PIM or PIM SM. Contrast with
PIM dense mode. See also PIM and rendezvous point.

ping
packet internet groper. ICMP echo message and its reply. Often used in IP networks to test the reachability of a network device.

ping of death
Attack that sends an improperly large ICMP [R0792] echo request packet (a “ping”) with the intent of overflowing the input buffers of the destination machine and causing it to crash.

ping sweep
Attack that sends ICMP [RFC 0792] echo requests (“pings”) to a range of IP addresses with the goal of finding hosts that can be probed for vulnerabilities

PKI
public-key infrastructure. System of CAs (and, optionally, RAs and other supporting servers and agents) that perform some set of certificate management, archive management, key management, and token management functions for a community of users in an application of asymmetric cryptography.

plaintext
Data that is input to and transformed by an encryption process, or that is output by a decryption process.

PLAR
private line, automatic ringdown. Leased voice circuit that connects two single endpoints together. When either telephone handset is taken off-hook, the remote telephone automatically rings.

PLMN
public land mobile network. Generic name for all mobile wireless networks that use earth-based stations rather than satellites. PLMN is the mobile equivalent of the PSTN.

point-to-multipoint connection
One of two fundamental connection types. In ATM, a point-to-multipoint connection is a unidirectional connection in which a single source end-system (known as a root node) connects to multiple destination end-systems (known as leaves). Compare with point-to-point connection.

point-to-point connection
One of two fundamental connection types. In ATM, a point-to-point connection can be a unidirectional or bidirectional connection between two ATM end-systems. Compare with point-to-multipoint connection.

policy
Any defined rule that determines the use of resources within the network. A policy can be based on a user, a device, a subnetwork, a network, or an application.

policy routing
Routing scheme that forwards packets to specific interfaces based on user-configured policies. Such policies might specify that traffic sent from a particular network should be forwarded out one interface, and all other traffic should be forwarded out another interface.

polling
Access method in which a primary network device inquires, in an orderly fashion, whether secondaries have data to transmit. The inquiry occurs in the form of a message to each secondary that gives the secondary the right to transmit.

POP3
Post Office Protocol. Protocol that client e-mail applications use to retrieve mail from a mail server.

port
In IP terminology, an upper-layer process that receives information from lower layers. Ports are numbered, and each numbered port is associated with a specific process. For example, SMTP is associated with port 25. A port number is also called
a well-known address.

port address translation
Translation method that allows the user to conserve addresses in the global address pool by allowing source ports in TCP connections or UDP conversations to be translated. Different local addresses then map to the same global address, with port translation providing the necessary uniqueness. When translation is required, the new port number is picked out of the same range as the original following the convention of Berkeley Standard Distribution (SD). This prevents end stations from seeing connection requests with source ports apparently corresponding to the Telnet, HTTP, or FTP daemon, for example. As a result, Cisco IOS PAT supports about 4000 local addresses that can be mapped to the same global address.

port scan
Attack that sends client requests to a range of server port addresses on a host with the goal of finding an active port and exploiting a known vulnerability of that service.

POTS
plain old telephone service. See PSTN.

PPP
Point-to-Point Protocol. Successor to SLIP that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. Whereas SLIP was designed to work with IP, PPP was designed to work with several network layer protocols, such as IP, IPX, and ARA. PPP also has built-in security mechanisms, such as CHAP and PAP. PPP relies on two protocols: LCP and NCP. See also CHAP, LCP, NCP, PAP, and SLIP.

PPTP
Point-to-Point Tunneling Protocol. RFC 2637 describes the PPTP protocol.

preshared key
Shared secret key that is used during IKE authentication.

PRI
Primary Rate Interface. ISDN interface to primary rate access. Primary rate access consists of a single 64-kbps D channel plus 23 (T1) or 30 (E1) B channels for voice or data. Compare with BRI.

print server
Networked computer system that fields, manages, and executes (or sends for execution) print requests from other network devices.

priority queue
Routing feature in which frames in an output queue are prioritized based on various characteristics, such as packet size and interface type.

private key
Secret component of a pair of cryptographic keys used for asymmetric cryptography.

privilege
Authorization or set of authorizations to perform security-relevant functions, especially in the context of a computer operating system.

propagation delay
Time required for data to travel over a network from its source to its ultimate destination.

protocol
Formal description of a set of rules and conventions that govern how devices on a network exchange information.

protocol stack
Set of related communications protocols that operate together and, as a group, address communication at some or all of the seven layers of the OSI reference model. Not every protocol stack covers each layer of the model, and often a single protocol in the stack addresses a number of layers at once. TCP/IP is a typical protocol stack.

provider edge router (PE)
Router that is part of a service provider’s network and is connected to a customer edge (CE) router.

proxy ARP
proxy Address Resolution Protocol. Variation of the ARP protocol in which an intermediate device (for example, a router) sends an ARP response on behalf of an end node to the requesting host. Proxy ARP can lessen bandwidth use on slow-speed WAN links. See also ARP.

proxy server
Intermediary program that acts as both a server and a client for the purpose of making requests on behalf of other clients. Requests are serviced internally or by passing them on, possibly after translation, to other servers. A proxy interprets, and, if necessary, rewrites a request message before forwarding it.

PSTN
public switched telephone network. General term referring to the variety of telephone networks and services in place worldwide. Sometimes called POTS.

PTT
Post, Telephone, and Telegraph. Government agency that provides telephone services. PTTs exist in most areas outside North America and provide both local and long-distance telephone services.

public key
Publicly disclosable component of a pair of cryptographic keys used for asymmetric cryptography.

public-key certificate
Digital certificate that binds a system entity’s identity to a public key value, and possibly to additional data items; a digitally signed data structure that attests to the ownership of a public key.

PVC
permanent virtual circuit (or connection). Virtual circuit that is permanently established. PVCs save bandwidth associated with circuit establishment and tear down in situations where certain virtual circuits must exist all the time. In ATM terminology, called a permanent virtual connection. Compare with SVC. See also
virtual circuit.

PVST+
per-VLAN spanning tree. Support for Dot1q trunks to map multiple spanning trees to a single spanning tree.

OC
optical carrier. Series of physical protocols (OC-1, OC-2, OC-3, and so on), defined for SONET optical signal transmissions. OC signal levels put STS frames onto multimode fiber-optic line at a variety of speeds. The base rate is 51.84 Mbps (OC-1); each signal level thereafter operates at a speed divisible by that number (thus, OC-3 runs at 155.52 Mbps). See also SONET, STS-1, and STS-3c.

ODBC
Open DataBase Connectivity. Standard application programming interface for accessing data in both relational and nonrelational database management systems. Using this application programming interface, database applications can access data stored in database management systems on a variety of computers even if each database management system uses a different data storage format and programming interface. ODBC is based on the call level interface specification of the X/Open SQL Access Group and was developed by Digitial Equipment Corporation, Lotus, Microsoft, and Sybase.

OID
object identifier. Values are defined in specific MIB modules. The Event MIB allows a user or an NMS to watch over specified objects and to set event triggers based on existence, threshold, and boolean tests. An event occurs when a trigger is fired; this means that a specified test on an object returns a value of true. To create a trigger, a user or an NMS configures a trigger entry in the mteTriggerTable of the Event MIB. This trigger entry specifies the OID of the object to be watched. For each trigger entry type, corresponding tables (existence, threshold, and boolean tables) are populated with the information required for carrying out the test. The MIB can be configured so that when triggers are activated (fired) either an SNMP Set is performed, a notification is sent out to the interested host, or both.

one-time password
OTP
a password only used once thus countering replay attacks.

OSI reference model
Open System Interconnection reference model. Network architectural model developed by ISO and ITU-T. The model consists of seven layers, each of which specifies particular network functions, such as addressing, flow control, error control, encapsulation, and reliable message transfer. The lowest layer (the physical layer) is closest to the media technology. The lower two layers are implemented in hardware and software whereas the upper five layers are implemented only in software. The highest layer (the application layer) is closest to the user. The OSI reference model is used universally as a method for teaching and understanding network functionality. Similar in some respects to SNA. See also application layer, data link layer, network layer, physical layer, presentation layer, session layer, and transport layer.

OSPF
Open Shortest Path First. Link-state, hierarchical IGP routing algorithm proposed as a successor to RIP in the Internet community. OSPF features include least-cost routing, multipath routing, and load balancing. OSPF was derived from an early
version of the IS-IS protocol. See also IGP, IS-IS, and RIP.

OSS
Operations Support System. Network management system supporting a specific management function, such as alarm surveillance and provisioning, in a carrier network. Many OSSs are large centralized systems running on mainframes or minicomputers.