NETASQ - we secure IT

100BaseT
Also known as "Fast Ethernet," 100BaseT is Ethernet in 100 Mbps (IEEE 802.3u standard) instead of 10 Mbps. Like regular Ethernet, Fast Ethernet is a shared media LAN in which all nodes share the 100 Mbps bandwidth.

Access control list
A set of data associated with a file, directory or other resource that defines the permissions that users, groups, processes or devices have for accessing it.

Address translation
Changing an address into another. For example, assemblers and compilers translate symbolic addresses into machine addresses. Virtual memory systems translate a virtual address into a real address (address resolution)

Advanced mode
Mode in which the network to which the interface is linked is in a specific network.

AES (Advanced Ecryption Standard)
A secret key cryptography method that uses keys ranging from 128 to 256-bits and replaces the Triple DES. AES encrypts packets in one pass instead of three, with a key size greater than 168 bits in Triple DES.

AH (Authentication Header)
Set of data allowing verification that contents of a packet have not been modified and also to validate the identity of a sender.

Alias IP
A virtual address assigned to an interface, which has a primary IP address. When the alias is contacted, it will redirect packets to the host with the corresponding associated IP address.

Anti-virus (Kaspersky)
An integrated antivirus program developed by Kaspersky Labs which detects and eradicates viruses in real time. As new viruses are discovered, the signature database has to be updated in order for the antivirus program to be effective.

ARP (Address Resolution Protocol)
A TCP/IP protocol used to obtain a node's physical address. This is done when a client station broadcasts an ARP request onto the network using the IP address of the node it wishes to communicate with. The node with that address responds by sending back its physical address so that packets can be transmitted.

ASQ (Active Security Qualification)
Technology which offers NETASQ Firewalls not only a very high security level but also powerful configuration help and administration tools. This intrusion prevention and detection engine integrates an IPS which detects and gets rid of any malicious activity in real time.

Asymmetrical cryptography
A type of cryptographic algorithm that uses different keys for encryption and decryption. Asymmetrical cryptography is often slower than symmetrical cryptography and is used for key exchange and digital signatures. RSA and Diffie-Hellman are examples of asymmetrical algorithms.

Authentication
The process of verifying a user's identity or origin of a transmitted message, providing the assurance that the entity (user, host, etc.) requesting access is really the entity it claims to be. Authentication can also refer to the procedure of ensuring that a transaction has not been tampered with.

Back door
see trapdoor

Backup
A resource or duplicate copy of data on a different storage medium for emergency purposes.

Backup appliance
Formerly known as a "slave", a backup appliance is used in high availability. It transparently takes over the master appliance's operations when the former breaks down, thereby ensuring the system to continue functioning with minimum inconvenience to the network's users.

Bandwidth
The transmission capacity of an electronic pathway (e.g. communications lines, computer buses or computer channels). It is measured in bits per second or bytes per second in a digital line and in an analog line, it is measured in Hertz (cycles per second).

Bastion host
Type of firewall deployment equipped with enforced security which acts as a gateway between an inside network and an outside network. It is designed to protect the inside network from attacks aimed at it, and is usually used for services such as web site hosting, mail, DNS lookups and FTP transfers.

Blowfish
A secret key cryptography method that uses keys ranging from 32 to 448 bits as a free replacement for DES or IDEA.

BOOTP (BOOTstrap Protocol)
A TCP/IP protocol used by a diskless workstation or network computer (NC) to obtain its IP address and other network information such as server address and default gateway. Upon startup, the client station sends out a BOOTP request in a UDP packet to the BOOTP server, which returns the required information. Unlike RARP, which uses only the layer 2 (Ethernet) frame for transport, the BOOTP request and response use an IP broadcast function that can send messages before a specific IP address is known.

Bridge
Device connecting 2 LAN segments together, which may be of similar or dissimilar types (eg, Ethernet and Token Ring). The bridge is inserted into a network to segment it and keep traffic contained within segments to improve performance. Bridges learn from experience and build and maintain address tables of the nodes on the network. By keeping track of which station acknowledged receipt of the address, they learn which nodes belong to the segment.

Brute force attack
An exhaustive and determined method of using all possibilities to break a security system by trial and error.

Buffer overflow
An attack which usually works by sending more data than a buffer can contain so as to make a program crash (a buffer is a temporary memory zone used by an application). The aim of this attack is to exploit the crash and overwrite part of the application's code and insert malicious code, which will be run after it has entered memory.

CA Certificate (or Certification)
Authority - A trusted third-party company or organization which issues digital certificates. Its role is to guarantee that the holder of the certificate is indeed who he claims to be. CAs are critical in data security and electronic commerce because they guarantee that parties exchanging information are really who they claim to be.

Certificate
see digital certificate

Challenge / response
An authentication method for verifying the legitimacy of users logging onto the network wherein a user is prompted (the challenge) to provide some private information (the response). When a user logs on, the server uses account information to send a "challenge" number back to the user. The user enters the number into a credit-card sized token card that generates a response which is sent back to the server.

Chassis
Also called a case, it is a physical structure that serves as a support for electronic components. At least one chassis is required in every computer system in order to house circuit boards and wiring.

Common Criteria
The common criteria, a multi-national standard, evaluate (on an Evaluation Assurance Level or EAL scale of 1 to 7) a product’s capacity to provide security functions for which it had been designed, as well as the quality of its life cycle (development, production, delivery, putting into service, update).

Context
The current status, condition or mode of a system.

Cracker
A person who breaks into a computer system illegally, with the aim of doing damage (stealing confidential information, destroying files, inserting viruses, etc). Although there is a difference between what crackers and hackers do, mass media has failed to understand the difference, and therefore both terms are often used interchangeably.

CRL (Certificate Revocation List)
A list identifying expired certificates or those that are no longer valid. It is published and regularly maintained by a CA to ensure the validity of existing certificates.

Cryptography
The practice of encrypting and decrypting data.

Data evasion
Also known as IDS evasion, it is a hacker's method of tricking an intrusion detection system by presenting to it packets formed from similar headers but which contain data different from what the client host will receive.

DES (Data Encryption Standard)
Cryptographic algorithm whose use is generally for the encryption of commercial data, and which exists in several encryption modes. It uses the block cipher method, which means that text is broken down into 64 bits before being encrypted.

DHCP (Dynamic Host Configuration Protocol)
Software that automatically assigns IP addresses to client stations logging onto a TCP/IP network. This dispenses with having to manually assign permanent IP addresses. DHCP software typically runs in servers and is also found in network devices such as ISDN routers and modem routers that allow multiple users access to the Internet. Newer DHCP servers dynamically update the DNS servers after making assignments.

Diffie-Hellmann key exchange algorithm
An algorithm that enables parties to exchange public keys securely in order to arrive at a shared secret key at both ends, without ever having to transmit the secret key, thereby avoiding the risk of the secret key being intercepted. It does not carry out data encryption, and can even be used over untrusted channels.

Digital certificate
The digital equivalent of an identity card for use in a public key encryption system, these are mainly used to verify that a user sending a message is who he claims to be, and to provide the receiver of a message with a way to encrypt his reply. The X.509 format is most typically used and contains information regarding the user and the certification authority.

Digital signature
Method of verifying identities on a network based on public key encryption.

DMZ (DeMilitarized Zone)
Buffer zone of an enterprise's network, situated between the local network and the internet, behind the firewall. It corresponds to an intermediary network grouping together public servers (HTTP, SMTP, FTP, etc.) and whose aim is to avoid any direct connection with the internal network in order to warn it of any external attack from the web.

DNS (Domain Name System)
Distributed database and server system which ensures the translation of domain names used by internet users into IP addresses to be used by computers.

DoS (Denial of Service) attack
An attack which floods a network with so many requests that regular traffic is slowed down or completely interrupted, preventing legitimate requests from being processed.

Dynamic routing
A router's ability to forward data via a different route based on the current conditions of the communications circuits. For example, it can adjust for overloaded traffic or failing lines and is much more flexible than static routing, which uses a fixed forwarding path.

Encapsulation
A method of transmitting multiple protocols within the same network. The frames of one type of protocol are carried within the frames of another.

Encryption
The process of translating raw data (known as plaintext) into a seemingly meaningless version (ciphertext) to protect the confidentiality, integrity and authenticity of the original data. A secret key is usually needed to unscramble (decrypt) the ciphertext.

Failover
A backup operation that automatically switches to a standby database, server or network if the primary system becomes unusable or is temporarily shut down for servicing. Failover is an important fault tolerance function for systems that rely on constant accessiblity. The switch from one system to another is automatic and transparent to the user.

Filter rule
A rule created to perform several possible actions on incoming or outgoing packets. Possible actions include blocking, letting through or disregarding a packet. Rules may also be configured to generate alarms which will inform the administrator of a certain type of packet passing through.

Filter policy
An organization's rules and regulations concerning filters.

filtering router
Router which implements packet filters.

Fingerprinting
A method of determining the operating system and other characteristics of a remote host using tools such as queso or nmap.

FTP (File Transfer Protocol)
Common internet protocol used for exchanging files between systems. Unlike other TCP/IP protocols, FTP uses two connections – one for exchanging parameters and another for the actual data.

Gateway
Host which acts as an entrance or connection point between two networks (such as an internal network and the internet) which use the same protocols.

GBIC (GigaBit Interface Converter)
A hardware module used to attach network devices to fiber-based transmission systems such as Fibre Channel and Gigabit Ethernet. The GBIC converts the serial electrical signals to serial optical signals and vice versa. GBIC modules are hot swappable and contain ID and system information that a switch can use to determine the device's capabilities. As a plug-in module, the GBIC enables networking devices to be upgraded in the field to support optical signals.

Gigabit ethernet
An Ethernet technology that raises transmission speed to 1 Gbps (1000Mbps).

Granularity
The extent to which a system contains separate components. Higher granularity, ie, more components, implies more flexibility in the system, because there are more, smaller increments (granules) from which to choose.

GRE (Generic Encapsulation Routing)
This protocol redimensions encapsulated packets so that the process itself can be encapsulated in an IP packet.

Hacker
A computer enthusiast who writes programs in assembly language or in system-level languages. This may mean any programmer, but it implies very tedious "hacking away" at the bits and bytes. Unfortunately, this term has become synonymous with "cracker", a person who performs an illegal act.

Hash function
An algorithm that converts text of a variable length to an output of fixed size. The hash function is often used in creating digital signatures.

Header
A temporary set of information that is added to the beginning of the text in order to transfer it over the network. A header usually contains source and destination addresses as well as data that describe the content of the message.

High availability
A solution based on a cluster, a group of two identical IPS-Firewalls, which monitor each other. If there is a malfunction in the IPS-Firewall software or hardware during use, the second IPS-Firewall takes over. This switch from one IPS-Firewall to the other is wholly transparent to the user. While there may be a minute or two of downtime during the switch, processing continues.

Host
A computer connected to a TCP/IP network, possessing a unique IP address, which acts as a source of information and signals. It is often accessed by users at remote locations.

Hot swapping
The ability to pull out a device from a system and plug in a new one while the power is still on and the unit is still running, all while having the operating system recognize the change automatically.

HTTP (HyperText Transfer Protocol)
Protocol used for transferring hypertext documents between a web server and a web client.

HTTP proxy
A proxy server that specializes in HTML (Web page) transactions.

Hub
A central connection point in a network that links segments of a LAN.

Hub and spoke
Any architecture that uses a central connecting point, similar to a star topology in a network. A network hub is hardware that functions as a central hub to all nodes.

Hybrid mode
Mode which combines two operation modes - transparent mode (bridge principle) and advanced mode (independent interfaces). The purpose of the hybrid mode is to operate several interfaces in the same address class and others in different address classes.

Hypertext
Term used for text which contains links to other related information. Hypertext is used on the World Wide Web to link two different locations which contain information on similar subjects.

ICMP (Internet Control Message Protocol)
A TCP/IP protocol used to send error and control messages and for exchanging control information. ICMP is part of IP (Internet Protocol).

iCAP (Internet Content Adaptation Protocol)
A high-level protocol for requesting services from an Internet-based server.

IDS (Intrusion Detection System)
Software that detects attacks on a network or computer system by inspecting all inbound and outbound network activity and identifying suspicious patterns which may indicate an attack from a possible intruder.

IKE (Internet Key Exchange)
A method for establishing an SA which authenticates users, negotiates the encryption method and exchanges the secret key.

Interface
The border between two independent systems which communicate with and meet each other. There are several types of interface : hardware interfaces - plugs, sockets, wires; software (or programming) interfaces - languages, codes, messages used by programs to communicate with each other and hardware user interfaces - keyboards, mice, commands, menus used to communicate with the computer.

IP address( Internet Protocol Address)
A computer's or device's identifier to which messages are routed on a TCP/IP network. An IP address is expressed in four sets of numbers (from 0 to 255) separated by dots, eg, 10.0.1.6, and may be in one of three classes - A, B or C.

IPSec (Internet Protocol Security)
A set of security protocols that provides authentication and encryption over the internet and supports secure exchanges. It is largely used for the setup of VPNs (Virtual Private Networks).

IPS-Firewall (Intrusion Prevention System Firewall)
Purpose-built network security devices that combine firewall, VPN and real-time intrusion prevention functionalities. Based on NETASQ's revolutionary ASQ technology, they ensure the highest level of security.

ISAKMP (Internet Security Association and Key Management Protocol)
A protocol through which trusted transactions between TCP/IP entities are established.

LAN (Local Area Network)
A communications network that is spread out over a limited area, usually a building or a group of buildings and uses clients and servers - the "clients" being a user's PC which makes requests and the "servers" being the machine that supplies the programs or data requested.

Latency
The length of time from the initiation of a request for data to the beginning of the actual data transfer. In the context of malicious software, latency means the period between infection and the first obvious damage to the host system.

LDAP (Lightweight Directory Access Protocol)
A protocol or set of protocols used to access directory listings.

Leased line
A permanent telephone connection between two points, as opposed to dialup. Typically used by enterprises to connect remote offices.

Load balancing
Distribution of processing and communications activity across a computer network to available resources so that servers do not face the risk of being overwhelmed by incoming requests.

Logs
Chronological record of computer activity, constituting a history of the use of programs and systems over a given period.

MAC address (Media Access Control Address)
A hardware address that uniquely identifies each node of a network.

Man-in-the-middle attack
Also known as a "replay attack", this consists of a security breach in which information is stored without the user's authorization and retransmitted, giving the receiver the impression that he is participating in an authorized operation. As a result of this, an attacker can intercept keys and replace them with his own without the legitimate parties' knowledge that they are communicating with an attacker in the middle.

Mesh
A term often used to describe an architecture in which devices are connected with many redundant connections between network nodes.

Modularity
Term describing a system that has been divided into smaller subsystems which interact with each other.

MSS (Maximum Segment Size)
MSS value represents the largest amount of data that TCP will send to the other end. Since this is controlled by the initiating socket (the computer that connected to the remote host), attackers can set the MSS size to a very small value. For example if an attacker sets the value of MSS to 1, it will cause the remote host to send back a large amount of packets with each containing just one byte of information.

NAT (Network Address Translation)
Translation of IP addresses at the border between two networks. Typically used when an enterprise has an unregistered internal addressing range.

NAT traversal
Passing through network address translation (NAT) to reach a user. IPSec NAT Traversal allows VPN tunnels to traverse intervening devices that perform NAT.

Network snooping/sniffing
The use of a particular device or software to capture all the information transmitted on a common network support (such as Ethernet). This technique is often used by hackers to capture passwords.

Non-repudiation
The capacity of parties involved in a transaction to attest to the participation of the other person in the said transaction. For example, if A signs a contract, B would be able to prove that A is a party to the contract by presenting his physical signature in court.

Packet
A block of data that is transmitted over a network in a packet-switching network. "Frame", "packet" and "datagram" are terms which are often used interchangeably.

Packet filter
Hardware or software which forwards or rejects a packet according to the packet’s header contents. Packet filters are a technique used by firewalls.

Partition
A section of disk or memory that is reserved for a particular application.

PAT (Port Address Translation)
Modification of the addresses of the sender and recipient on data packets. Changes in IP address involve the PAT device's external IP address, and port numbers, instead of IP addresses, are used to identify different hosts on the internal network. PAT allows many computers to share one IP address.

PFS (Perfect Forward Secrecy)
A condition in cryptography in which compromising a session key or private key after a given session does not cause the compromise of any earlier session. It is highly advantageous in a security protocol and/or algorithm as it protects past encrypted data in the event future encrypted data is compromised. The Diffie-Hellman algorithm is an example of a system which uses PFS.

Ping (Packet INternet Groper)
An internet utility used to determine whether a particular IP address is accessible (or online). It is used to test and debug a network and to troubleshoot internet connections by sending out a packet to the specified address and waiting for a response.

PKI (Public Key Infrastructure)
Also called a trust hierarchy, it is a system of digital certificates, Certificate Authorities and other registration authorities which verify and authenticate the validity of parties involved in an internet transaction. Encryption keys can be managed and digital certificates can be issued while ensuring security in the exchange of information by way of a network. PKIs are viewed as vital to the expansion of electronic commerce.

Platform
A hardware or software architecture, which defines a standard around which a system can be developed. Platform also refers to an operating system, in which case the hardware may or may not be implied. Once a platform has been defined, appropriate software can be produced and appropriate hardware and applications can be purchased. The terms platform, environment and operating system are often used synonymously.

Plugin
An auxiliary program that adds a specific feature or service to a larger system and works with a major software package to enhance its capacity.

Point-to-point
Refers to a communications line that provides a path from one location to another (Point A to Point B).

Port scanning
A port scan operates by sending packets to an IP address with a different port each time, in the hopes of finding open ports through which malicious data can be passed and discovering flaws in the targeted system.

PPP (Point-to-Point Protocol)
A method of connecting a computer to the internet. It provides point-to-point connections from router to router and from host to network above synchronous and asynchronous circuits. It is the most commonly used protocol for connecting to the internet on normal telephone lines.

PPPoE (Point-to-Point Protocol Over Ethernet)
A standard for incorporating PPP into a cable modem connection that uses Ethernet as its transport to the carrier's facilities. Used by many cable modem providers, PPPoE supports the protocol layers and authentication widely used in PPP and enables a point-to-point connection to be established in the normally multipoint architecture of Ethernet.

PPTP (Point-to-Point Tunneling Protocol)
A protocol used to create a virtual private network (VPN) over the Internet. The internet being an open network, PPTP is used to ensure that messages transmitted from one VPN node to another are secure.

Private key
One of two necessary keys in a public or asymmetrical key system. The private key is usually kept secret by its owner.

Proxy server
A server situated between a client application and a real server which intercepts a requests bound for the real server to see if it can process them itself. If not, it forwards the requests to the real server. The purposes of proxy servers are mainly to improve performance and to filter requests.

Public key
One of two necessary keys in a public or asymmetrical key cryptography. The public key is usually made known to the public.

QoS (Quality Of Service)
A guaranteed throughput level in a data communications system which is indicative of its transmission quality and service ability.

RADIUS (Remote Authentication Dial-In User Service)
An access control protocol that uses a challenge/response method for authentication. User information is forwarded to a RADIUS server, which verifies the information, then authorizes or prohibits access.

Real time
An immediate response, term used to describe features which respond immediately to input. It can also mean the simulation of events at the same speed they would occur in real life.

Rredundancy
The duplication of devices, computer systems and services so that they can take over in the event of a failure of other units.

Reverse DNS (Reverse Domain Name System)
Name resolution software that looks up an IP address to obtain a domain name. It performs the opposite function of the DNS server, which turns names into IP addresses.

RFC (Request for Comments)
A series of documents which communicates information about the internet. Anyone can submit a comment, but only the Internet Engineering Task Force (IETF) decides whether the comment should become an RFC. A number is assigned to each RFC, and it does not change after it is published. Any amendments to an original RFC are given a new number.

Robust
Refers to software without bugs that handles abnormal conditions well. It is often said that there is no software package totally bug free. Any program can exhibit odd behavior under certain conditions, but a robust program will not lock up the computer, cause damage to data or send the user through an endless chain of dialog boxes without purpose. Whether or not a program can be totally bug free will be debated forever.

Root
Top level of a hierarchy.

Router
A device that forwards data packets from one network to another based on network layer information. They are also used in the segmentation of LANs to balance traffic within each segment and to filter traffic for security purposes and policy management. Routers are also used at the edge of the network to connect remote offices.

Routing protocol
A formula used by routers to determine the appropriate path onto which data should be forwarded. With a routing protocol, a network can respond dynamically to changing conditions, otherwise all routing decisions have to be predefined.

RPC (Remote Procedure Call)
A programming interface that allows one program to use the services of another program in a remote machine. The calling program sends a message and data to the remote program. The program is then executed, and results are sent back to the calling program.

Scalability
The extent to which a system can be expanded.

Security policy
An organization's rules and regulations governing the properties and implementation of a network security architecture.

Server
A computer system in a network that is shared by multiple users and which manages network resources.

Session hijacking
An attempt at seizing control of an established communication between two hosts by inserting fraudulent traffic into the data stream.

Session key
A cryptographic key which is good for only one use and for a limited period. Upon the expiry of this period, the key is destroyed, so that if the key is intercepted, data will not be compromised.

Single-use password
A secure authentication method which deters the misuse of passwords by issuing a different password for each new session.

Signature
A code that can be attached to a message, uniquely identifying the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he claims to be.

SKIP algorithm
During analysis of rules, this algorithm groups together rules (minimum 3 rules) which are coherent and which have a common criterion. The aim is to skip the evaluation of several rules which contain an eliminatory criterion. Given the eliminatory criterion, the evaluation of these rules would be unnecessary (a negative response would inevitably be returned).

SMTP (Simple Mail Transfer Protocol)
TCP/IP communication protocol used for electronic mail exchange over the internet.

SMTP proxy
A proxy server that specializes in SMTP (mail) transactions.

SNMP (Simple Network Management Protocol)
A set of protocols for managing complex networks, which sends messages to different parts of a network. SNMP-compliant components, called agents, store data about themselves in MIBs (Management Information Bases) and return this information to requesters.

SQL (Structured Query Language)
An international standard language used to access, define, interrogate and process data in a relational database (e.g. Microsoft Access).

SRP (Secure Remote Password Protocol)
A secure password-based authentication and key-exchange protocol which limits the possibility of user impersonation. In a successful authentication, SRP exchanges a secret which allows parties to communicate securely.

SSH (Secure Shell)
Software providing secure logon for Windows and UNIX clients and servers.

SSL (Secure Sockets Layer)
A security protocol on the Internet which enables secure transactions (eg, transmission of credit card numbers in e-commerce) by the use of a private key to encrypt data transferred during an SSL connection.

Star topology / network
A LAN in which all terminals are connected to a central computer, hub or switch by point-to-point links. A disadvantage of this method is that all data has to pass through the central point, thus raising the risk of saturation.

Stateful Inspection
A firewall technology that monitors a transaction's status so that it can verify that the destination of an inbound packet matches the source of a previous outbound request. The firewall stores in a status table a log of connections made with authorized clients. It then uses this connection log to dynamically verify the conformity of the contents of each IP packet passing through the local network without interrupting the connection.

Static routing
Forwarding data in a network via a fixed path. As opposed to dynamic routing, static routing cannot adjust to changing conditions.

Subnetwork
A network within a larger network

Switch
A network device that directs the flow of packets between LAN segments based on the destination address of each frame.

Symmetrical key cryptography
A type of cryptographic algorithm in which the same key is used for encryption and decryption. The difficulty of this method lies in the transmission of the key to the legitimate user. DES, IDEA, RC2 and RC4 are examples of symmetrical key algorithms.

TCP (Transmission Control Protocol)
Part of the TCP/IP stack. It ensures that a message is delivered, and in the same order in which it was sent.

TCP/IP (Transmission Control Protocol/Internet Protocol)
A communications protocol developed to internetwork dissimilar systems. TCP provides transport functions, which ensures that the total amount of bytes sent is received correctly at the other end. TCP/IP is a routable protocol, and the IP part of TCP/IP provides this capability.

Throughput
The speed at which a computer processes data, or the rate of information arriving at a particular point in a network system.

Transparent mode
Mode which allows your IPS-Firewall to be installed without changing anything in your network configuration.

Transparent bridge
A common type of network bridge, in which bridges in the network are invisible to host stations. A transparent bridge memorizes the node connected to each port through the experience of examining which node responds to each new station address that is transmitted.

Trapdoor
A program built into the software in order to obtain special access to a program or online service.

Trojan horse
A code inserted into a seemingly benign programme, which when executed, will perform fraudulent acts such as information theft.

UDP (User Datagram Protocol)
A TCP/IP protocol used in place of TCP when a reliable delivery is not necessary. Used primarily for realtime audio and video traffic, UDP sends out packets in a unidirectional transmission and does not provide acknowledgements of receipt.

URL (Uniform Resource Locator)
The address indicating the route towards a file on an HTTP server. URLs typically contain (in this order) the protocol type and the IP address or domain name where the file can be found.

VLAN (Virtual Local Area Netowrk)
Network of computers which behave as if they are connected to the same network even if they may be physically located on different segments of a LAN. VLAN configuration is done by software instead of hardware, thereby making it very flexible.

VPN (Virtual Private Network)
Private network established by creating specialised links between enterprise networks through public networks in order to meet users’ resource sharing needs.

VPN keepalive
A feature in IPS-Firewalls that allows keeping track of VPN tunnels which have failed and reestablishing them.

WAN (Wireless Area Network)
A system of LANs connected via telephone lines or radio waves