(Active Directory) An advanced, hierarchical directory service that comes with Windows 2000/2003 servers. It is LDAP compliant and built on the Internet's Domain Naming System (DNS). Workgroups are given domain names, just like Web sites, and any LDAP-compliant client (Windows, Mac, Unix, etc.) can gain access to it.

Active Directory can function in a heterogeneous, enterprise network and encompass other directories including NDS and NIS+. Cisco supports Active Directory in its IOS router operating system.

Software that diverts incoming spam. Spam filters can be installed in the user's machine or in the mail server, in which case, the user never receives the spam in the first place. Spam filtering can be configured to trap messages based on a variety of criteria, including sender's e-mail address, specific words in the subject or message body or by the type of attachment that accompanies the message. Address lists of habitual spammers (blacklists) are maintained by various organizations, ISPs and individuals as well as lists of acceptable addresses (whitelists) that might be misconstrued as spam. Spam filters reject blacklisted messages and accept whitelisted ones.

Sophisticated spam filters use AI techniques that look for key words and attempt to decipher their meaning in sentences in order to more effectively analyze the content and not trash a real message. Spam filters can also divert mail that comes to you as "Undisclosed Recipients," instead of having your e-mail address spelled out in the "to" or "cc" field.

Software that searches for known viruses. Also known as a "virus scanner." As new viruses are discovered by the antivirus vendor, their binary patterns are added to a signature database that is downloaded periodically to the user's antivirus program via the Web.

Two Different Approaches
Virus scanners work two ways. The more common method scans the file against all known viruses each time the file is opened. The second method, such as used by the Sophos antivirus program, takes a blueprint of every file ahead of time. It computes a checksum of each file's contents and stores it in a database. The next time a file is opened, the software recomputes the checksum and compares it to the one in the database to see if the file has changed. If it has, the program scans the file for viruses. If not, the file is considered virus free. Since most files are virus free, this method is faster because recomputing a checksum is considerably faster than comparing the file with all the binary signatures.

Also called Enhanced Category 5. A performance classification for twisted pair cables, connectors and systems. Specified to 100 MHz. Suitable for voice and data applications up to 1000 Mbps.

A performance classification for twisted pair cables, connectors and systems. Specified up to 250 MHz.

A performance classification for twisted pair cable. Specified for greater than 250 MHz.

Blocking access to unwanted Internet content. Businesses can block content based on traffic type. For example, Web access might be allowed, but file transfers may not. Content can also be blocked by site, using lists of URLs cataloged by content that are updated frequently. Parents can restrict their children's access with special browsers and filtering programs.

Method for providing managed services where the client and End to End share responsibility for the delivery of the service.

(ElectroMagnetic Interference) An electrical disturbance in a system due to natural phenomena, low-frequency waves from electromechanical devices or high-frequency waves (RFI) from chips and other electronic devices. Allowable limits are governed by the FCC.

(Enterprise Resource Planning) An integrated information system that serves all departments within an enterprise. Evolving out of the manufacturing industry, ERP implies the use of packaged software rather than proprietary software written by or for one customer. ERP modules may be able to interface with an organization's own software with varying degrees of effort, and, depending on the software, ERP modules may be alterable via the vendor's proprietary tools as well as proprietary or standard programming languages.

An ERP system can include software for manufacturing, order entry, accounts receivable and payable, general ledger, purchasing, warehousing, transportation and human resources. The major ERP vendors are SAP, PeopleSoft, Oracle, Baan and J.D. Edwards. Lawson Software specializes in back-end processing that integrates with another vendor's manufacturing system.

Exchange is a popular Microsoft messaging system that includes a mail-server, an e-mail program, (e-mail client), and groupware applications. Designed for use in a business setting, the Exchange server is often used in conjunction with Microsoft Outlook to take advantage of Outlook's collaborative features, such as the ability to share calendars and contact lists.

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten.

(Intrusion Detection and Prevention) A type of security management system for computers and networks. An IDP system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). IDP uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network.
Intrusion detection functions include:

• Monitoring and analyzing both user and system activities
• Analyzing system configurations and vulnerabilities
• Assessing system and file integrity
• Ability to recognize patterns typical of attacks
• Analysis of abnormal activity patterns
• Tracking user policy violations

IDP systems are being developed in response to the increasing number of attacks on major sites and networks, including those of the Pentagon, the White House, NATO, and the U.S. Defense Department. The safeguarding of security is becoming increasingly difficult, because the possible technologies of attack are becoming ever more sophisticated; at the same time, less technical ability is required for the novice attacker, because proven past methods are easily accessed through the Web.

Typically, an IDP system follows a two-step process. The first procedures are host-based and are considered the passive component, these include: inspection of the system's configuration files to detect inadvisable settings; inspection of the password files to detect inadvisable passwords; and inspection of other system areas to detect policy violations. The second procedures are network-based and are considered the active component: mechanisms are set in place to reenact known methods of attack and to record system responses.

In 1998, ICSA.net, a leading security assurance organization, formed the Intrusion Detection Systems Consortium (IDSC) as an open forum for IDP product developers with the aim of disseminating information to the end user and developing industry standards.

(Internet Information Services) Microsoft's Web server. IIS runs under the server versions of NT and 2000, adding full HTTP capability to the Windows operating system. Formerly known as "Internet Information Server," IIS is also available for the Windows 2000 client version.

(Internet Security and Acceleration) Microsoft's ISA Server is the successor to Microsoft's Proxy Server 2.0 (see proxy-server) and is part of Microsoft's .NET support. ISA Server provides the two basic services of an enterprise firewall and a Web proxy/cache-server. ISA Server's firewall screens all packet-level, circuit-level, and application-level traffic. The Web cache stores and serves all regularly accessed Web content in order to reduce network traffic and provide faster access to frequently accessed Web pages. ISA Server also schedules downloads of Web page updates for non-peak times.

Method for providing managed services where End to End is solely responsible for delivering the service to the client.

(Outlook Web Access) Allows any client with a compatible browser to access Exchange Server folders.

(Remote Access Service) The ability to get access to a computer or a network from a remote distance. In corporations, people at branch offices, telecommuters, and people who are traveling may need access to the corporation's network. Home users get access to the Internet through remote access to an Internet service provider (ISP). Dial-up connection through desktop, notebook, or handheld computer modem over regular telephone lines is a common method of remote access. Remote access is also possible using a dedicated line between a computer or a remote local area network and the "central" or main corporate local area network. A dedicated line is more expensive and less flexible but offers faster data rates. Integrated Services Digital Network (ISDN) is a common method of remote access from branch offices since it combines dial-up with faster data rates. Wireless, cable modem, and Digital Subscriber Line (DSL) technologies offer other possibilities for remote access.

An option in Windows NT and 2000 that enables an application to be run simultaneously by multiple users at different Windows PCs. In NT, it is known as the Terminal Server Edition.

Windows Terminal Server turns the server into a centralized, timeshared computer like the good old days of mainframes and dumb terminals. The difference is that Windows provides a graphical interface, whereas mainframes provided only character-based interfaces. All the data processing (business logic) is performed in the server, and the client PCs display only the user interface and screen changes. Windows Terminal Server uses Citrix's MultiWin technology to provide the timesharing of the application and Microsoft's RDP access protocol for governing screen changes.

Support for Different Clients
Using Citrix's Presentation Server software on top of Terminal Server adds the ICA protocol, which is supported by a huge number of client types, including Windows, OS/2, DOS, Linux, Unix, Macintosh, Java-based apps as well as Web browsers. In addition, ICA provides the flexible, resizable graphical windows that users are accustomed to.

(Uniform Resource Locator) The address that defines the route to a file on an Internet server (Web server, FTP server, mail server, etc.). URLs are typed into a Web browser to access Web pages and files, and URLs are embedded within the pages themselves as hypertext links. The URL contains the protocol prefix, port number, domain name, subdirectory names and file name. If a port number is not stated in the address, port 80 is used as the default for HTTP traffic.

Downloading the Home Page
To access a home page on a Web site, only the protocol and domain name are required. For example, HTTP://WWW.COMPUTERLANGUAGE.COM retrieves the home page of The Computer Language Company's Web site. The HTTP is the Web protocol, and WWW.COMPUTERLANGUAGE.COM is the domain name. Browsers default to the http:// prefix so only the www.computerlanguage.com needs to be typed in. In fact, you can usually omit the WWW and dot, because most Web sites treat blank host names as "www" host names. Sometimes, you can even omit the .com, and the browser fills it in automatically.

(Virtual Local Area Network) A logical subgroup within a local area network that is created via software rather than manually moving cables in the wiring closet. It combines user stations and network devices into a single unit regardless of the physical LAN segment they are attached to and allows traffic to flow more efficiently within populations of mutual interest.

VLANs are implemented in port switching hubs and LAN switches and generally offer proprietary solutions. VLANs reduce the time it takes to implement moves, adds and changes.

VLANs function at layer 2. Since their purpose is to isolate traffic within the VLAN, in order to bridge from one VLAN to another, a router is required. The router works at the higher layer 3 network protocols, which requires that network layer segments are identified and coordinated with the VLANs. This is a complicated job, and VLANs tend to break down as networks expand and more routers are encountered. The industry is working towards "virtual routing" solutions, which allows the network manager to view the entire network as a single routed entity.

(Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. VPNs are widely used by enterprises to create wide area networks (WANs) that span large geographic areas, to provide site-to-site connections to branch offices and to allow mobile users to dial up their company LANs.

For years, common carriers have built VPNs that appear as a private national or international network to each customer, but, in fact, are sharing the same physical backbone trunks with many customers. VPNs have been built over X.25, Switched 56, frame relay and ATM technologies as well as IP networks. For added security, encryption is often used.
Encrypting data that travels between a remote user and the corporate LAN over the Internet is very popular. It is much more economical than using private, leased lines or making long distance data calls via modem. Today, in fact, many people think that "VPN" and "encrypted connections over the Internet" are synonymous.