VPN stands for Virtual Private Network and is a method to increase security as well as privacy for an organization or an individual. It allows you to connect to the internet through a secure tunnel with data being usually encrypted. In an enterprise environment, it is usually used to access local network resources remotely.
IPSec stands for Internet Protocol Security. It is the most traditional mode of VPN which works on the network layer 3 of the OSI model. It secures all data between two endpoints and once connected, the user will be seen as "part" of the network and have full access to it. It usually requires a specific software client.
SSL stands for Secure Sockets Layer. It is a common protocol used by most of the web browsers and based on network layer 7 of the OSI model. It also allows an organization to only open access to a specific application or web server instead of the whole network. It usually does not require client software to connect to an SSL VPN.
QoS stands for Quality of Service, which is a term used to describe a method/technology to measure and improve transmission rates over the network by managing packet loss, delay, and etc. It is especially useful in an enterprise environment for which they need to improve a specific application such as video conference streaming.
IoT refers to the Internet of Things, which is a new trend of physical objects (smart devices, vehicles, buildings, etc.) being connected over the internet, which enables them to communicate between each of them, collect and exchange data.
BYOD is the abbreviation for Bring Your Own Device. This is a new trend in the workplace where employees bring their own devices (e.g.: tablets, laptops, etc.) for work purposes and use it to connect to the enterprise network.
Internet bandwidth refers to the maximum throughput (or amount of data) that can be carried over a network line, from one point to another in a given period of time. It is usually expressed in Mbps or Gbps.
Network throughput refers to the amount of data moved from one point to another in a specific amount of time.
Domestic Bandwidth refers to data exchanged between two local points, for example in the same country. It is important for countries where Internet Service Providers charge different rates for domestic and international bandwidth.
Bandwidth management is how you can measure and control all traffic and packets within your network for purpose such as avoiding bandwidth congestion, which can result in slow performance and affect the network's users.
Internet Filtering is a method or software that allows IT administrators to control a list of permitted or blocked websites (e.g.: Facebook) as well as applications (e.g.: eMule) to be used within the network.
Similar to Internet Filtering, but the filtering method is mainly based on a specific website URL such as www.sangfor.com, which can allow IT administrators to decide which website URL the users can visit.
Traffic quota represents the total amount of data that can be utilized (upload and download) by a specific user or group. This is usually used in enterprises with limited bandwidth available to avoid network congestion.
In the work place, an illegal Wi-Fi represents is a wireless access point that is insecure and opened by an employee or a third party. It can be divided into two main categories: hotspot opened by employees to have access to the internal network with their own devices and hotspot opened by third-party with the intend to attack/steal information from an employee.
User Authentication refers to the process of allowing a specific device which need to connect to the network by checking the identity of a user before allowing him to use the resources.
Endpoints control refers to the process of managing & controlling endpoint devices (such as smartphones, tablets, laptops, etc.).
High availability refers to a system or network that is continuously operational and never failing. It is usually done by using two similar appliances. If one of them stop working, the other appliance will take over and ensure the continuity of the operation.
In network management, a policy is a set of conditions and settings that IT administrators use to restrain the access of a specific user or group to the network, internet, application, etc.
The meaning of Next Generation Firewall differs between each vendor. According to Gartner, Next Generation Firewall are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.
A Web Application Firewall (WAF) is a firewall used to protect web application/server (also known as HTTP applications). It provides protection for the layer 7, especially against attacks such as SQL injection and Cross-Site scripting.
An intrusion prevention system (IPS) monitors network traffic to detect attacks and prevent them. It is mainly based on signature-matching and anomaly detection. Unlike WAF, IPS cannot protect the web application layer, known as layer 7. It is especially vulnerable to new and emerging attacks that do not have signatures.
The definition varies from a vendor to another vendor, however it generally refers to a security solutions that protect users against sophisticated malware or hacking attacks.
An Advanced Persistent Threat is an attack usually made against organizations (public/private). The characteristics of this attack is that it is using malware that can stay hidden for a long time before it is detected. The main purpose is to steal information instead of causing damage like the other type of malwares.
A malware is a piece of software that is designed to damage or gain unauthorized access to a computer or server. It includes a broad range of varieties such as virus, worm, trojan horse, spyware, ransomware, etc.
A virus is a type of malware that is designed to infect a user, execute and replicate itself to infect other users. It will result in the infection of programs and files, alter your system settings and ultimately stop it from working (depending on the virus).
Ransomware is a type of malware used to block the access to a computer system or files. If the user wants to unlock the system or files, he/she must pay a certain sum of money.
SQL injection is an attack that is targeting to destroy a specific database. This is done through code injection technique by placing malicious code in the SQL statements for execution.
Cross-Site Scripting refers to a type of injection attack where an attacker injects malicious scripts into a trusted websites or web application vulnerabilities. Instead of targeting directly the user, the attacker is targeting the website (or web application) vulnerability in order to reach the victim. This can result in the attacker stealing the victim's credentials and sensitive data (e.g.: credit card information).
The DoS abbreviation stands for Denial-of-Service Attack, is a type of attack that is flooding a targeted machine or resource connected to the internet with so many requests that it will overload the systems and make it unavailable.
The DDoS abbreviation stands for Distributed-Denial-of-Service Attack, is similar to DoS attack. The main difference is that in a DDoS attack, the attacker(s) is using more than one source with multiple computers and internet connections to floor the victim with requests.
LAN stands for local area network, and is a computer network with a group of computers and devices that are interconnected within a limited area through a common link.
WAN refers to Wide Area Network, which is a computer network that expand to a large geographical area, and usually consists of two or more LANs. WAN is used to connect LANs together so users in different locations can be gathering into one location to communicate and exchange data. It is usually done through leaded lines or satellite.
Packet loss occurs when a packet of data fails to reach a specific destination. This can cause obvious effect in certain scenarios such as video conference by affecting its quality.
Network latency is the time it takes for a packet of data to reach a specific destination. Low network latency describes small delay times, while a high network latency describes long delay times.
Protocol Chattiness (or Chatty Protocol) is an application or protocol that requires an acknowledgment between a client or server before the next packet can be send.
PIn data transmission, data redundancy refers to data additionally created to the actual data. This is usually used to correct errors in transmitted data. However sometimes it can create large amount of data and affect the network speed.
Transmission Control Protocol (TCP) is one of the main transport layer
protocol which applications are using to exchange data packets over the
TCP will ensure that the data packets sent are received in its entirety, and recover them if any packet is lost during the transmission.
User Datagram Protocol (UDP) is an alternative to TCP used for applications that do not requires error checking and can accept some packet loss. It is not as reliable as the TCP protocol, however its low-latency and loss tolerating characteristics make it suited for applications such as streaming and VoIP.
HTP (High-Speed Transmission Protocol) technology is an optimization technology based on the transmission layer. It can improve link quality and transmission performance of applications and therefore help users gain better experience.
Forward Error Correction (FEC) technology is an optimization technology to enhance data reliability. It can correct data errors prior to data transmission.