This glossary contains a list of terms, abbreviations, and acronyms frequently used when discussing the Infinity Shield product.
ADSL: Asymmetric Digital Subscriber Line is a data communications technology that enables faster data transmission over copper telephone lines than a conventional voiceband modem can provide.
Blacklist: A list of web addresses that allows a person to filter out specific types of web sites.
DHCP: The Dynamic Host Configuration Protocol is an auto configuration protocol used on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other computers on the network. DHCP allows a computer to be configured automatically, eliminating the need for intervention by a network administrator. It also provides a central database for keeping track of computers that have been connected to the network. This prevents two computers from accidentally being configured with the same IP address.
DMZ: A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization’s external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by IT professionals. It is sometimes referred to as a perimeter network. The purpose of a DMZ is to add an additional layer of security to an organization’s LAN; an external attacker only has access to equipment in the DMZ, rather than any other part of the network.
DNS: The Domain Name System is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com translates to the addresses 22.214.171.124
DynDNS: Dynamic DNS service allows users to have a subdomain that points to a computer with a regularly-changing IP address, such as those served by many consumer-level Internet service providers. An update client installed on the user’s computer, or built into a networked device such as a router, keeps the hostname up to date with its current IP address.
Exim: Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet.
Failover: Failover is the capability to switch over automatically to a redundant network connection upon the failure or abnormal termination of the previously active network connection.
Firewall: A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices that is configured to permit or deny network transmissions based upon a set of rules and other criteria.
GRE: Generic Routing Encapsulation is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocol packet types inside IP tunnels, creating a virtual point-to-point link to various brands of routers at remote points over an Internet Protocol (IP) internetwork.
HTTP: The HyperText Transfer Protocol is the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.
HTTPS: The Hypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems.
ICMP: The Internet Control Message Protocol is one of the core protocols of the Internet Protocol Suite. It is chiefly used by the operating systems of networked computers to send error messages – indicating, for instance, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. It is usually not used directly by user network applications, with some notable exceptions being the ping tool and traceroute.
IMAP: The Internet Message Access Protocol is a protocol that allows an e-mail client to access e-mail on a remote mail server. The current version, IMAP version 4 revision 1. IMAP supports both on-line and off-line modes of operation. E-mail clients using IMAP generally leave messages on the server until the user explicitly deletes them. This and other characteristics of IMAP operation allow multiple clients to manage the same mailbox.
IRC: Internet Relay Chat is a form of real-time Internet text messaging (chat) or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer (including file sharing).
LAN: A local area network is a computer network that connects computers and devices in a limited geographical area such as home, school or office building.
NAT: Network address translation is the process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device for the purpose of remapping one IP address space into another.
OpenVPN: OpenVPN is a free and open source software application that implements virtual private network techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators and firewalls. OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features.
POP: Post Office Protocol is a protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection. The POP protocol has been developed through several versions, with version 3 (POP3) being the current standard.
Port forwarding: Port forwarding is the technique of forwarding a TCP/IP packet traversing a network address translator (NAT) gateway to a predetermined network port on a host within a NAT-masqueraded, typically private network based on the port number on which it was received at the gateway from the originating host.
Port hijacking: When you are connected to the internet via a device that employs this technique, you will always use the services on that device. It does not matter what details you use in your Internet settings, the device intercepts (hijacks) all traffic destined for a particular service e.g. when you send an email the device will intercept that email no matter what settings are configured in your emai client.
PPP: Point-to-Point Protocol, is a data link protocol commonly used in establishing a direct connection between two networking nodes. It can provide connection authentication, transmission encryption privacy, and compression.
PPPOE: The Point-to-Point Protocol over Ethernet is a network protocol for encapsulating Point-to-Point Protocol frames inside Ethernet frames. It is used mainly with DSL services where individual users connect to the DSL modem over Ethernet.
PPTP: The Point-to-Point Tunneling Protocol is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. The PPTP specification does not describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality. However the most common PPTP implementation, shipping with the Microsoft Windows product families, implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack.
Proxy: A proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers.
PuTTY: PuTTY is a free and open source terminal emulator application which can act as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols and as a serial console client. The name “PuTTY” has no definitive meaning, though ‘tty’ is the name for a terminal in the Unix tradition, usually held to be short for teletype.
RDP: Remote Desktop Protocol is a proprietary protocol developed by Microsoft, which concerns providing a user with a graphical interface to another computer. Clients exist for most versions of Microsoft Windows, Linux, Unix, Mac OS X, Android, and other modern operating systems. By default the server listens on TCP port 3389.
Router: Routers forward data packets across computer networks. A Router checks the data packet for its destination address and protocol format details. If the router finds a match in its address tables, it routes it to that destination address.
SMTP: Simple Mail Transfer Protocol is an Internet standard for electronic mail transmission across Internet Protocol (IP) networks. SMTP is specified for outgoing mail transport. While electronic mail servers and other mail transfer agents use SMTP to send and receive mail messages, user-level client mail applications typically only use SMTP for sending messages to a mail server for relaying.
Squid: Squid is a proxy server and web cache daemon. It has a wide variety of uses, from speeding up a web server by caching repeated requests; to caching web, DNS and other computer network lookups for a group of people sharing network resources; to aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including TLS, SSL, Internet Gopher and HTTPS.
SSH: Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. The two major versions of the protocol are referred to as SSH1 or SSH-1 and SSH2 or SSH-2. Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, rendering them susceptible to packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet.
SSL: The Secure Sockets Layer is a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers.
Stateful firewall: A stateful firewall keeps track of the state of network connections travelling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.
TCP: The Transmission Control Protocol is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
UDP: The User Datagram Protocol is a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It’s used primarily for broadcasting messages over a network.
VPN: A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization’s network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization.
Web filtering rules: Are rules designed and optimized for controlling what content is permitted to a browsing the Web.
Whitelist: A list of machines on your LAN, that are not monitored.