point-to-multipoint. Communication between a series of receivers and transmitters to a central location. Cisco p2mp typically is set up in three segments to enable frequency re-use. Cisco offers MMDS, U-NII, and LMDS systems in p2mp.
point-to-point. Communication between one receiver and one location. P2p has a higher bandwidth than p2mp for reasons including that it has less overhead to manage the data paths and there is only one receiver per transmitter. Cisco offers MMDS,
U-NII, and LMDS systems in p2p.
private automatic branch exchange. Telephone switch for use inside a corporation. PABX is the preferred term in Europe, whereas PBX is used in the United States.
Logical grouping of information that includes a header containing control information and (usually) user data. Packets most often are used to refer to network layer units of data. The terms datagram, frame, message, and segment also are used to describe logical information groupings at various layers of the OSI reference model and in various technology circles
Networking method in which nodes share bandwidth with each other by sending packets. Compare with circuit switching.
packet-switched data network
Password Authentication Protocol. Authentication protocol that allows PPP peers to authenticate one another. The remote router attempting to connect to the local router is required to send an authentication request. Unlike CHAP, PAP passes the password and the host name or username in the clear (unencrypted). PAP does not itself prevent unauthorized access but merely identifies the remote end. The router or access server then determines whether that user is allowed access. PAP is supported only on PPP lines. Compare with CHAP.
Secret data value, usually a character string, that is used as authentication information.
Passive wiretapping, usually on a local-area network, to gain knowledge of passwords.
Portion of a cell, frame, or packet that contains upper-layer information (data).
pulse code modulation. Technique of encoding analog voice into a 64-kbit data stream by sampling with eight-bit resolution at a rate of 8000 times per second.
packet data protocol. Network protocol used by external packet data networks that communicate with a GPRS network. IP is an example of a PDP supported by GPRS. Refers to a set of information (such as a charging ID) that describes a mobile wireless service call or session, which is used by mobile stations and GSNs in a GPRS network to identify the session.
Router or device that participates as an endpoint in IPSec and IKE.
Successful, repeatable, unauthorized access to a protected system resource.
perfect forward secrecy. Cryptographic characteristic associated with a derived shared secret value. With PFS, if one key is compromised, previous and subsequent keys are not compromised because subsequent keys are not derived from previous keys.
Pretty Good Privacy. Public-key encryption application that allows secure file and message exchanges. There is some controversy over the development and the use of this application, in part due to U.S. national security concerns.
See MAC address.
Form of active wiretapping in which the attacker gains access to a system via intervals of inactivity in another user’s legitimate communication connection. Sometimes called a “between-the-lines” attack.
Protocol Independent Multicast. Multicast routing architecture that allows the addition of IP multicast routing on existing IP networks. PIM is unicast routing protocol independent and can be operated in two modes: dense and sparse. See also PIM dense mode and PIM sparse mode.
PIM dense mode
One of the two PIM operational modes. PIM dense mode is data-driven and resembles typical multicast routing protocols. Packets are forwarded on all outgoing interfaces until pruning and truncation occurs. In dense mode, receivers are densely populated, and it is assumed that the downstream networks want to receive and will probably use the datagrams that are forwarded to them. The cost of using dense mode is its default flooding behavior. Sometimes called dense mode PIM or PIM DM. Contrast with PIM sparse mode. See also PIM.
PIM sparse mode
One of the two PIM operational modes. PIM sparse mode tries to constrain data distribution so that a minimal number of routers in the network receive it. Packets are sent only if they are explicitly requested at the RP (rendezvous point). In sparse mode, receivers are widely distributed, and the assumption is that downstream networks will not necessarily use the datagrams that are sent to them. The cost of using sparse mode is its reliance on the periodic refreshing of explicit join messages and its need for RPs. Sometimes called sparse mode PIM or PIM SM. Contrast with
PIM dense mode. See also PIM and rendezvous point.
packet internet groper. ICMP echo message and its reply. Often used in IP networks to test the reachability of a network device.
ping of death
Attack that sends an improperly large ICMP [R0792] echo request packet (a “ping”) with the intent of overflowing the input buffers of the destination machine and causing it to crash.
Attack that sends ICMP [RFC 0792] echo requests (“pings”) to a range of IP addresses with the goal of finding hosts that can be probed for vulnerabilities
public-key infrastructure. System of CAs (and, optionally, RAs and other supporting servers and agents) that perform some set of certificate management, archive management, key management, and token management functions for a community of users in an application of asymmetric cryptography.
Data that is input to and transformed by an encryption process, or that is output by a decryption process.
private line, automatic ringdown. Leased voice circuit that connects two single endpoints together. When either telephone handset is taken off-hook, the remote telephone automatically rings.
public land mobile network. Generic name for all mobile wireless networks that use earth-based stations rather than satellites. PLMN is the mobile equivalent of the PSTN.
One of two fundamental connection types. In ATM, a point-to-multipoint connection is a unidirectional connection in which a single source end-system (known as a root node) connects to multiple destination end-systems (known as leaves). Compare with point-to-point connection.
One of two fundamental connection types. In ATM, a point-to-point connection can be a unidirectional or bidirectional connection between two ATM end-systems. Compare with point-to-multipoint connection.
Any defined rule that determines the use of resources within the network. A policy can be based on a user, a device, a subnetwork, a network, or an application.
Routing scheme that forwards packets to specific interfaces based on user-configured policies. Such policies might specify that traffic sent from a particular network should be forwarded out one interface, and all other traffic should be forwarded out another interface.
Access method in which a primary network device inquires, in an orderly fashion, whether secondaries have data to transmit. The inquiry occurs in the form of a message to each secondary that gives the secondary the right to transmit.
Post Office Protocol. Protocol that client e-mail applications use to retrieve mail from a mail server.
In IP terminology, an upper-layer process that receives information from lower layers. Ports are numbered, and each numbered port is associated with a specific process. For example, SMTP is associated with port 25. A port number is also called
a well-known address.
port address translation
Translation method that allows the user to conserve addresses in the global address pool by allowing source ports in TCP connections or UDP conversations to be translated. Different local addresses then map to the same global address, with port translation providing the necessary uniqueness. When translation is required, the new port number is picked out of the same range as the original following the convention of Berkeley Standard Distribution (SD). This prevents end stations from seeing connection requests with source ports apparently corresponding to the Telnet, HTTP, or FTP daemon, for example. As a result, Cisco IOS PAT supports about 4000 local addresses that can be mapped to the same global address.
Attack that sends client requests to a range of server port addresses on a host with the goal of finding an active port and exploiting a known vulnerability of that service.
plain old telephone service. See PSTN.
Point-to-Point Protocol. Successor to SLIP that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. Whereas SLIP was designed to work with IP, PPP was designed to work with several network layer protocols, such as IP, IPX, and ARA. PPP also has built-in security mechanisms, such as CHAP and PAP. PPP relies on two protocols: LCP and NCP. See also CHAP, LCP, NCP, PAP, and SLIP.
Point-to-Point Tunneling Protocol. RFC 2637 describes the PPTP protocol.
Shared secret key that is used during IKE authentication.
Primary Rate Interface. ISDN interface to primary rate access. Primary rate access consists of a single 64-kbps D channel plus 23 (T1) or 30 (E1) B channels for voice or data. Compare with BRI.
Networked computer system that fields, manages, and executes (or sends for execution) print requests from other network devices.
Routing feature in which frames in an output queue are prioritized based on various characteristics, such as packet size and interface type.
Secret component of a pair of cryptographic keys used for asymmetric cryptography.
Authorization or set of authorizations to perform security-relevant functions, especially in the context of a computer operating system.
Time required for data to travel over a network from its source to its ultimate destination.
Formal description of a set of rules and conventions that govern how devices on a network exchange information.
Set of related communications protocols that operate together and, as a group, address communication at some or all of the seven layers of the OSI reference model. Not every protocol stack covers each layer of the model, and often a single protocol in the stack addresses a number of layers at once. TCP/IP is a typical protocol stack.
provider edge router (PE)
Router that is part of a service provider’s network and is connected to a customer edge (CE) router.
proxy Address Resolution Protocol. Variation of the ARP protocol in which an intermediate device (for example, a router) sends an ARP response on behalf of an end node to the requesting host. Proxy ARP can lessen bandwidth use on slow-speed WAN links. See also ARP.
Intermediary program that acts as both a server and a client for the purpose of making requests on behalf of other clients. Requests are serviced internally or by passing them on, possibly after translation, to other servers. A proxy interprets, and, if necessary, rewrites a request message before forwarding it.
public switched telephone network. General term referring to the variety of telephone networks and services in place worldwide. Sometimes called POTS.
Post, Telephone, and Telegraph. Government agency that provides telephone services. PTTs exist in most areas outside North America and provide both local and long-distance telephone services.
Publicly disclosable component of a pair of cryptographic keys used for asymmetric cryptography.
Digital certificate that binds a system entity’s identity to a public key value, and possibly to additional data items; a digitally signed data structure that attests to the ownership of a public key.
permanent virtual circuit (or connection). Virtual circuit that is permanently established. PVCs save bandwidth associated with circuit establishment and tear down in situations where certain virtual circuits must exist all the time. In ATM terminology, called a permanent virtual connection. Compare with SVC. See also
per-VLAN spanning tree. Support for Dot1q trunks to map multiple spanning trees to a single spanning tree.