VMWare Vocabulary List / Flash Card Terms
This set of flash cards / vocabulary words was originally designed for the VMWare VCP4 exam, but would be useful to anyone looking to reference VMWare terms.
| ACE Instance | An instance where the virtual machines created by ACE administrators associate to Virtual Rights Management (VRM) policies. |
| Activation | A step in an ACE instance setup which protects the package and sets up the ACE instance’s runtime authentication policy. |
| 802.3ad | A vSwitch functionality that bonds two or more pNICs together with a single IP address. |
| Administrative Lockout | A global password protection setting that restricts users from creating new virtual machines, editing virtual machine configurations or changing networks settings for Windows hosts. |
| Admission Control | The process of checking the system for CPU and memory resources when the virtual machine powers on. This check determines if the system can guarantee the Reservation for which virtual machine is configured. |
| Alarm | An entity that monitors one or a set of properties of a virtual machine. It also sends notifications. |
| Anomaly | A Capacity Planner indicator that detects the difference between the server performance and industry performance averages. More than three standard deviations from the industry average notes an anomaly. |
| Append Mode | A disk mode in ESX Server 2.x where software running in the virtual machine appears to write changes to the disk. |
| Array-based Replication | A replication of virtual machine that is managed and executed by storage subsystem than the virtual machine or the service console. |
| Asynchronous I/O (AIO) | A form of input and output processing that allows other processing to continue before the transmission finishes. |
| Boot from SAN | The ability of an ESX server system to load its operating system over a storage area network. The boot image is stored on a remote storage array. . |
| Bridged Networking | A type of network connection between the host’s physical network and a virtual machine. The virtual machine appears to be an additional computer on the same physical Ethernet network as a host. |
| Burst Size | It represents the maximum size of the data to be transmitted at any given time. It is the size of a burst of data over the network targeted for the vSwitch, |
| Child | A managed entity grouped by a folder object or another managed entity. |
| CIM Object Manager (CIMOM) | A component that stores class definitions and populates requests for CIM operations. It returns information from specific data providers. |
| Cluster Compute Resource | An extended compute resource that denotes a cluster of hosts available for backing virtual machines. |
| Cold Cloning | A process of cloning a local physical machine, running in WinPE from vCenter Converter Boot CD. |
| Concurrent Migrations | The task manager’s ability to direct conversions and migration of multiple virtual machines simultaneously. |
| Custom Networking | A type of network connection between virtual machines and the host that does not use Network Address Translation (NAT) configurations. |
| Data Source Name | An Open Database Connectivity object that must be configured to enable vCenter Server to access a database. |
| Datacenter Folder | An optional inventory grouping structure within the datacenter structure that supports multiple datacenter folders. |
| Datastore | The virtual representations of underlying physical storage resources in a datacenter. It is a storage location for virtual machine files. |
| Deployment Settings | A set of rules and settings in ACE associated with a package. To change package setting, a new package has to be created. |
| Differential Backup | A type of backup that backs up only files that have changed since the last full backup. |
| Disk Array | A group of multiple disk devices that is a typical SAN disk storage device. This array may vary in design, capacity, and performance. |
| Disk Mode | A property of virtual disk that identifies its external behaviour such as how virtualization layer treats its data. This mode is invisible to the guest operating system. |
| Distributed Resource Scheduler (DRS) | A feature which aggregates computing capacity across servers into logical resource pools. It allocates available resources among the virtual machines based on pre-defined rules. |
| Distributed Virtual Port (dvPort) | A vDS port that connects to host’s service console, VMkernal or to a virtual machine’s network adapter. |
| Distributed Virtual Switch (vDS) | An abstract representation which explains the concept of multiple hosts defining the same Vswitch and the port group. |
| dvPort Group | A port group associated with a vDS.It specifies port configuration options for each member port associated with a vDS. |
| Enumeration | The act of discovering resources available in a virtual machine environment. It relates to discovering all resources of a specific type. |
| Event | An action that triggers an event message. All event messages are archived in the vCenter Server database. |
| Fabric | A Fiber Channel network topology where the devices pass data to each other through interconnecting switches. |
| Favorites | The list in the main VMware workstation window that shows the names of virtual machines that a user has added. This can be used to start a virtual machine or connect to the configuration file. |
| Fibre Channel over IP (FCIP) | A method which uses IP over the Internet to interconnect SAN arrays for replication. |
| File System Cache | A storage mechanism that provides speedy access to files stored on a disk by caching frequently accessed data. |
| Full Clone | A complete copy of the original virtual machine that includes all associated virtual disks. |
| Full Screen Switch Mode | A display mode where the virtual machine’s display fills the entire screen. The user has no access to the user interface. |
| Full Virtual Machine Backup | A process that backs up all files including disk images and .vmx files which make up the entire virtual machine. |
| Growable Disk | A kind of virtual disk where the disk space is not allocated to its full size. They increase in size with time. |
| Guest User | An unauthenticated user with restricted access who logs into the system with temporary user name and password. |
| Handle | A temporary token used by the Web service client to invoke Web service operations that require reference to an object. |
| Headless | A program that runs in the background without disturbing the interface connected to it. |
| Heartbeat | A process where a software emits a signal at regular intervals to show that it is still active. |
| Host Agent | Software that performs actions on behalf of a remote client when installed on a virtual machine host. |
| Host-based Licensing | One of the two modes for licensing ESX/ESXi software. in VMware Infrastructure 3. |
| Hosted Machine | The computer where VMware Workstation software (virtual machine) is installed. |
| Host-only Networking | A type of network connection between a virtual machine and a host. |
| Hot Cloning | A process of cloning a local or remote physical machine when it is running in its own operating system. |
| Hot Fix | An installable file that resets a user’s password, renews a virtual machine, enables a copy protected machine to run from a new location. |
| Hyperthreading | A technology that allows a single physical processer to behave like two logical processors that can run two independent applications. |
| Hypervisor | Software that controls virtual machines, managing resources and ensuring that guests are properly isolated. |
| Hypervisor | A platform that allows multiple operating systems to run on a host computer simultaneously. |
| In-Band Virtualizer Profile (IBVP) | A standard profile that VMware Migration Server adapts to describe ESX/ESXi server. |
| Incremental Backup | A type of backup which backs up only those files that have changed since the last backup. |
| Independent Disk | A kind of virtual disk that is not affected by snapshots. This disk can be configured in persistent and non-persistent modes. |
| Instance Customization | The process of customizing an ACE instance to make it unique from all other instances. |
| Internet Small Computer System Interface (iSCSI) | An IP-based storage networking standard used to link data storage infrastructure. It is used to facilitate data transfers over the intranet. |
| Inventory Mapping | The mapping between resource pools, networks and virtual machine folders on the protection site and their destination counterparts on the recovery site. |
| IP Storage | Any form of storage on the ESX/ESXi server that uses TCP/IP network communication. |
| Iptables | A packet-filtering firewall that is inherent in the Linux kernel. It is part of the ESX distribution. |
| Kerberos | An authentication protocol which allows nodes communicating over a non-secure network to authenticate in a secure manner. The messages used in Kerberos are protected against eavesdropping and replay attacks. |
| Legacy Virtual Machine | A virtual machine supported by the product in use, but not current for that product. |
| License activation code (LAC) | A unique code associated with one or more VMware products. It is sent to the purchaser after the purchase order is processed. |
| License Key | An encrypted text block in the license file. This determines the entitlement to one specific licensed feature. |
| License Mode | A method used to license VMware software. The license file is located either on ESX/ESXi server or the license server. |
| License Redemption Portal | A self-service Web portal that redeems your license activation codes and downloads license files for VMware Infrastructure. |
| Linked Clone | A copy of the original virtual machine which should have access to the virtual disks on the parent virtual machine. |
| Local Cloning | The process of making a copy of the virtual machine, or the physical machine to convert the physical machine to a virtual machine. |
| LUN Masking | A process for managing permissions to make LUN available only to some hosts. |
| Managed Object | An object that resides on a server. This object is passed between the client and the Web service only by reference. |
| Managed Object Format (MOF) | A language used to describe Common Information Model (CIM) classes. |
| Migration | The process of moving a virtual machine between hosts. The virtual machine should be in the power off mode while migrating. |
| Migration with vMotion | The process of moving a powered on virtual machine with vMotion activated on both source and target hosts This ensures that the virtual machine can continue without interruption. |
| Nbtstat | A tool used to troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses. It does this through several options for NetBIOS name resolution, including local cache lookup, WINS server query, broadcast, LMHOSTS lookup, Hosts lookup, and DNS server query. |
| Network Address Translation (NAT) | A process of modifying network address information in the packet headers while in transit across a traffic routing device. This is done to remap one IP address space into another. |
| Network Attached Storage (NAS) | Computer data storage connected to a computer network that provides data access to diverse network clients. This type of storage is commonly used for backing up data. |
| Network Attached Storage (NAS) | A storage device which is attached to a network. It stores data for clients and is used for performing backups. |
| Network Interface Card (NIC) | An expansion card that plugs into the PCI slot; used to connect the computer to a network. It is connected to the network cabling used to transfer data on the network. |
| Network Interface Card (NIC) | An expansion card that plugs into the PCI slot; used to connect the computer to a network. It is connected to the network cabling used to transfer data on the network. |
| Network Quarantine | A group of controls which are governed by policies to ensure only up-to-date virtual machines have access to specific resources on the network. |
| NIC Teaming | The association of multiple NIC adapters with a single virtual switch that provides passive failover and shares traffic loads. |
| Non-persistent Mode | A disk mode where all disk writes issued by the software running inside a virtual machine appear to be written to the independent disk. |
| Not-shared storage | An amount of storage used by a single virtual machine and not shared with other virtual machines. |
| Open Virtual Appliance (OVA) | A distribution format that uses existing packaging tools to combine one or more virtual machines with a standards-based XML wrapper. It gives the virtualization platform a portable package containing all required installation and configuration parameters. |
| Open Virtualization Format (OVF) | A distribution format for virtual appliances that uses existing packaging tools to combine one or more virtual machines. |
| Page File | A component of an operating system that provides virtual memory for the system. This swaps off the recently used pages from the memory and makes way for newer memory pages. |
| Paravirtual Appliance | Free virtual machines that are used to demonstrate the Virtual Machine Interface (VMI) for virtual machine hypervisors. |
| Parent | The source virtual machine that takes a snapshot or makes a clone. If the parent virtual machine is deleted, the snapshot is disabled. |
| Partner Activation Code | A unique code identifying orders placed through VMware partners. This code can be used to register the purchase and obtain a license activation code. |
| Performance Counter | The directory where information about an entity such as a host or a virtual machine is collected and stored. The information includes group to which the counter belongs, counter ID, and counter name. |
| Persistent Mode | A disk mode where all disk writes issued by the software running inside a virtual machine are permanently written to the independent disk. |
| Physical Disk | A hard disk in the virtual machine which is mapped to a physical disk drive or a partition on the host machine. |
| Plain Disk | A file that contains an exact image of a raw disk. Plain disks can combine more than one raw disk into a single plain disk. |
| Pocket ACE | An ACE feature that allows the ACE administrator to distribute an ACE instance on a removable device like a USB key. |
| Point-in-time (PIT) Restoration | The process of recovering a usable copy of a defined data set from a specified time duration in the past. |
| Port Group | A construct used to configure virtual network options like bandwidth limitations, VLAN tagging policies for each member port. |
| Power Cycle | The process of disconnecting the power from a device and then adding the power again to the device. |
| Pre-allocated Disk | A type of virtual disk where all disk space for a virtual machine is allocated at the time the disk is created. |
| Preview Mode | An operating and viewing mode where the administrator can preview the ACE instance as well as run it on the user’s machine. |
| Property | An attribute of an object. The property can nested, or a managed object reference |
| Property Collector | A managed object used to control the reporting of managed object properties |
| Quick Switch Mode | A display mode where the virtual machine’s display fills most of the screen on the computer. The tabs at the top of the screen enable switching from one virtual machine to another. |
| Quiescing | The process of bringing the on-disk data of a physical computer or a virtual computer into a suitable state for backups. |
| Raw Device Mapping (RDM) | A mechanism that enables a virtual machine to have a direct access to a LUN on the physical storage sub system. |
| Raw Disk | A virtual disk where the contents are stored directly on a partition on the physical machine. |
| Record/replay Feature | A feature that lets you record all Workstation 5 or 6 virtual machine’s activity over a period of time. |
| Recovery Point Objective (RPO) | An acceptable amount of data loss measured in time. It is the point in time before which an organization should be able to recover all data lost during a disaster. |
| Redo-log File | The file that stores changes made to the disk in all modes except for persistent and independent-persistent modes. |
| Redundant Array of Inexpensive Disk (RAID) | A technology that allows high levels of storage reliability using a technique of arranging the devices into arrays for redundancy. The different RAID levels are RAID 0, RAID 1, RAID 3 and so on. The three key concepts in RAID are mirroring, striping, and error correction. |
| Remote Cloning | The process of making a copy of a virtual or physical machine which is easily accessible over the network by the VMware vCenter Converter. |
| Remote Console | An interface which provides nonexclusive access to a virtual machine from the server on which the virtual machine is running. |
| Resume | The process of returning a virtual machine to operation from its suspended state with all its application in the same state. |
| Revert to Snapshot | The process of restoring the status of the active virtual machine to its immediate parent snapshot. |
| Sar | A tool that records process data which can be used to determine how much resource and computing power a process is using. |
| Scheduled Task | An activity configured to occur at a specific time. Scheduled task include migration and configurations of virtual machines. |
| Serial ATA | A computer bus interface to connect host bus adapters to mass storage devices such as hard disk drives and optical drives. It uses cabling that is cost effective, faster and more efficient for data transfer. It also supports hot swapping. |
| Server-based Licensing | A VMware licensing mode in which all license keys are administrated by a license server managing a central license pool. |
| Service Console | A command-line ESX server system interface that enables an administrator to configure the system. |
| Service Instance | The managed entity that enables access to all other managed entities in the VMware vSphere SDK. All clients must access the service instance to begin a session. |
| Shared Storage | The amount of used storage space minus the not-shared storage that a virtual machine can share with other virtual machines. |
| Shrink | The process of reclaiming the unused space in a virtual disk. Shrinking is way to update an older virtual disk to the new format. |
| Simple Object Access Protocol (SOAP) | A standard way to encode parameters and return values using a XML based communication protocol that provides messaging framework for Web services. |
| Small Computer System Interface (SCSI) | A set of standards for physically connecting and transferring data between computers and peripheral devices. It is used for hard disks and tape drives, scanners and CD drives. |
| Snapshot | The process of reproducing the virtual machine at the time of the snapshot in the powered on, off or suspended state. |
| Standalone ACE Instance | An ACE instance that is not managed by an ACE management server. Changes to this instance is done by the administrator. |
| Storage Area Network (SAN) | A mechanism of attaching remote computer storage devices to servers in such a way that the devices function as though they are locally attached to the operating system. |
| Storage Virtualization Device | A device that combines the capacity from multiple arrays and manages a logical representation of the combined capacity. |
| Stub | A local procedure that implements the client side of a remote procedure call. A client calls the stub to perform a task. |
| Sudo | A tool that provides root like access to individuals using their own passwords. It logs all activity and can be configured to limit which commands individual users can use. |
| Supported Partition | A virtual disk partition that the VMware Tools prepare for shrinking. |
| Suspend | A state in which the settings of a virtual machine are preserved and no further actions are performed. |
| Swapping | A process in which a corresponding swap file is created and placed in the same location as the virtual machine configuration file. (.vmx file). |
| Team | A group of virtual machines configured to operate as one object enabling power on / off and suspend mode with a single command. |
| Template | A master image of a virtual machine that includes an operating system and configuration that provides virtual counterparts to hardware components. |
| Templates List | A list of virtual machines that provide a means to import and store virtual machines as templates. These can be deployed to create new virtual machines. |
| Uncommitted Storage | Amount of unused physical and logical capacity. It is the amount of provisioned storage minus used storage. |
| Undoable Mode | A disk mode where all write operations are stored in a temporary .REDO file for the duration of the session. |
| Unsupported Partition | Virtual disk partitions on removable and remote devices and read-only drive partitions that VMware tools cannot prepare for shrinking. |
| Used Storage | A measure of storage used at the virtual machine or data store level. It includes space used by disks, swaps, and logs.. |
| vCenter Agent | Software installed on each virtual machine host that coordinates actions received from vCenter Server. |
| vCenter Converter Boot CD | An installation method through which a user performs a local cold clone of a physical machine. |
| vCenter Server Database | A persistent storage area for maintaining the status of each virtual machine and user in vCenter Server environment. |
| Vhandle | A reference to specific memory state of an object at a certain time. It is an object handle that has a version number. |
| Vintage Server | A server in the Capacity Planner Dashboard that does not meet the minimum CPU speed requirements. |
| Virtual Appliance | A software solution that includes one or more virtual machines packaged as a unit by an appliance vendor. |
| Virtual Disk | A set of files that appear as a physical disk drive to a guest operating system on the host machine or remote file system. |
| Virtual Guest Tagging (VGT) | A vSwitch functionality where the trunk goes from the pSwitch to the pNIC to the vSwitch and then to the vNIC for the VM in use. |
| Virtual Hardware | A device that makes up a virtual machine. It includes virtual hardware components and virtual Ethernet adapter. |
| Virtual LAN (VLAN) | A network arrangement created to provide the segmentation services provided by routers in LAN configurations. It allows hosts to be grouped together even if they are not located on the same network switch. |
| Virtual Machine | A software computer that works like a physical machine with an operating system and applications hosted on the computer. |
| Virtual Machine Communication Interface (VMCI) | An interface that provides communication between two or more virtual machines on the host operating system. |
| Virtual Machine Configuration | The configuration which specifies virtual devices such as disks, memory are present in a virtual machine and their mapping to host files and devices. |
| Virtual Machine Configuration File | A file that contains a virtual machine configuration used to identify and run a specific virtual machine. |
| Virtual Machine File System (VMFS) | A file system which is optimized for storing virtual machines. |
| Virtual Machine Group | An optional grouping structure and subset of a farm that contains more than one virtual machine. |
| Virtual Machine Monitor (VMM) | Software responsible for virtualizing the processors. A single VMM runs in kernel space for each running virtual machine. |
| Virtual Machine Settings Editor | A point-and-click control panel that is used to view and modify the settings of a virtual machine setting. |
| Virtual Network | A network connecting virtual machines that are not dependent on physical hardware connections. |
| Virtual Rights Management (VRM) | The centralized management of security policies and access rights applied to VMware ACE running on an end-user PC. |
| Virtual Switch | A virtualized network switch that manages traffic between virtual machines, server console, and physical network adapters on the ESX/ESXi host. |
| VLAN Tagging | A networking standard that allows multiple bridged networks to transparently share the same physical network link without leaking data between networks. |
| Vmkernel | A high performance operating system that occupies the virtualization layer and manages most physical resources on the hardware. |
| VMware Consolidated Backup proxy (VCB proxy) | A physical or virtual machine running MS-Windows 2003 Consolidated Backup software. It performs file and image level virtual machine backups. |
| VMware Guest Operating System Service | A component installed with VMware Tools that runs commands in the virtual machine, shuts down, and restarts the virtual machine. |
| VMware Management Interface | A web-based management tool that enables you to control, configure and monitor virtual machines and the server on which they run. |
| VMware Registration Service | The service that manages connection between virtual machines and the management interface. |
| VMware Server Console | A virtual machine interface that provides access to one more virtual machine on the local or remote host running vCenter Server. |
| VMware Virtual Machine Agent (VMA) | A web service that provides an interface to enable client programs to talk to each other using the SOAP protocol. |
| VMware Virtual Machine Console | An interface that provides access to one or more virtual machines on the local or remote host running vCenter Server. |
| vNIC | A virtual network interface card configured on the top of a system’s physical Network adapter. |
| World | A logical partition of processes which support virtual machines. Each world contains a single vmm implementing a single virtual machine. |
| Zoning | The process of providing access control in the SAN topology. Zoning defines which HBAs can connect to which storage processors. |
Posted in Uncategorized | No Comments
Checkpoint CCSA Vocabulary / Glossary
Vocabulary list that was developed for students working on their Checkpoint CCSA certification.
| Accept | A task identified for security purposes in VPN-1 or FireWall-1 which authorizes and enables the connection between units while abiding by the specified security regulations. |
| Access Control List (ACL) | A list of permissions attached to an object in a computer. ACL specifies the users or system processes that are granted access to objects. It also specifies what actions can be performed on the given objects. |
| Account Management Module | A module with the VPN-1/ FireWall-1 which allows the Smart- Dashboard to control the LDAP directories. |
| Accounting | A secure process of logging or auditing the tasks performed by a user where every connection is recorded with the number of bytes that were transmitted in the connection. |
| Acknowledgment (ACK) | A message confirming that a data packet was received at the Transport layer of the Open Systems Interconnection (OSI) and TCP/IP models. |
| Active Connections Log | A log file or a record which consists of the present connections that are active through the VPN-1/FireWall-1 enforcement sections. |
| Active Mode | A display in SmartView Tracker which illustrates the Active Connections Log file. |
| Actualize | A mechanism that helps a SmartMap to generate network objects based on the implied network objects produced by an enforcement module or external gateway topology configuration. |
| Address Range Object | A security object used to denote all contiguous arrays of IP addresses, without conforming the subnet boundaries. This object can be used to configure a collection of valid IP addresses which correspond to every private IP address in the address range object. |
| Address Resolution Protocol (ARP) | The Network layer protocol that IP uses to ascertain the MAC address of a known IP address. The address is resolved and the protocol is used when IP determines that the destination is on the local subnet and communication must therefore occur at the Data Link layer. |
| Address Translation Rule | A collection of specifications which categorize the original parameters of a connection that must be matched. It also classifies the NAT-related tasks that must be performed on every packet. |
| Address Translation Rule Base | A group of address translation regulations that are implemented from the top to the bottom. |
| Administrative Log | A log file which consists of audit data comprising of administrative tasks executed by security officials in the VPN-1/FireWall-1 security policy. |
| Administrator Object | An object type which is present in the users database that defines VPN-1/ FireWall-1 administrators. |
| Alerts Window | A dialog box in the user interface of the SmartView Status that displays pop-up alerts that are produced by the security rules and security events configured to produce pop-up alerts. |
| Amplification Attack | The process of attacking the target system by a regular DoS attack. The attack takes advantage of the drawbacks in an IP protocol to amplify the number of packets to hundred or thousand times. |
| Anti-spoofing | A security mechanism utilized on the VPN-1/ FireWall-1 which secures the network from unauthorized users trying to generate IP packets with false or spoofed sources of IP addresses. |
| Application-layer Gateway | A firewall device which enables application-layer proxying of connections between a protected network and other external networks, and vice versa. |
| Application-Layer Gateways | A proxy-based firewall which proxies application-layer connections on behalf of other clients. In this firewall, all access is controlled at the application layer of the OSI model. |
| ARP Reply | An ARP message which specifies the Layer 2 address of the IP device which was queried in the initial ARP request message. This ARP message is sent to the requesting device. |
| ARP Request | An ARP message which queries every device on a local network for the Layer 2 address of an IP device. |
| ARP Table | A table used by the ARP to map the list of known TCP/IP addresses to their associated MAC addresses. The table is cached to avoid ARP looking up the table for frequently accessed TCP/IP addresses. |
| Audit Mode | A display setting in SmartView Tracker which illustrates the administrative log file. |
| Authentication Header | A protocol which provides connectionless integrity, data origin authentication, and an optional anti-replay service. AH protects the IP payload and all header fields of an IP datagram except for mutable fields. |
| Authentication Types | The different forms of validation means supported by the VPN-1/FireWall-1. These include users, clients, and session authentication. |
| Authorization Scope | A set of specifications for services and destination systems in a client authentication rule which an authorized user is allowed to utilize or access. |
| Authorization Timeout | The time taken for every authorized user to create a connection to specific services and destination systems identified within the client authentication rule. |
| Automatic ARP | An attribute that reduces the need to configure operating system ARP support for the NAT rules in VPN-1/FireWall-1 NG. |
| Automatic NAT | An attribute that enables the VPN-1/ FireWall-1 to configure a valid IP address on the object that represents the internal device. The VPN-1/FireWall-1 automatically configuring suitable NAT rules. |
| Before Last | A location in the Check Point security rule base that store implied security rules. An implied security rule configured to be positioned Before Last is positioned before the last explicit security rule. |
| Binding Order | A Microsoft Windows systems sequence in which network interfaces are organized and contained within the TCP/IP protocol stack. |
| Blocking | A technique used to secure a network against unauthorized access by blocking connections from the source of an active connection in the Active Connections Log. |
| Blocking Scope | The range of blocking capabilities that block a specific type of connection which can either be from the source of a blocked connection or to the destination of a blocked connection. |
| Blocking Timeout | The time period for which the block is to be applied. This can either be an indefinite period or can be a specific number of minutes. |
| Certificate authority (CA) | An entity that issues digital certificates for use by other companies or institutions. A CA is a characteristic of many Public Key Infrastructure (PKI) schemes. |
| Check Point Configuration Tool | A tool used to execute system-level configuration of VPN-1/FireWall-1, for example licenses, and GUI clients. This tool is also known as cpconfig. |
| Check Point Objects | A set of security objects used for security purposes in the SmartDashboard to represent the Check Point systems. Some Check Point objects include enforcement modules and Check Point hosts. |
| Circuit Switching | A switching method that establishes a dedicated connection between the sender and receiver throughout the communication session. ISDN establishes a circuit switched connection through a dialed number. |
| Cleanup Rule | A security rule which is matched last, in the security rule base. This rule ensures that any traffic which does not match the policies of the security rule base is dropped and logged. |
| Client Authentication | A form of authentication on VPN-1/FireWall-1 which authenticates services. By default this authentication needs to explicitly authenticate with the HTTP or the TELNET security server. |
| Client Side | The location where a packet is observed by the INSPECT module. Client-side inspection occurs immediately after a packet arrives at the ingress interface. |
| Connection Persistence | The measure of performance of an enforcement module after a new policy is installed. For active connections which are not allowed by a new policy, connection persistence determines if the existing connections are immediately dropped, or the existing connections are allowed to continue as long as it is required. |
| Content Vector Protocol (CVP) | The Check Point protocol which facilitates anti-virus checking and content filtering by allowing the enforcement modules to send HTTP, SMTP, and FTP content to external content security servers. |
| Control Decisions | A set of techniques that allow the stateful inspection engine of the VPN-1/FireWall-1 to determine how a packed should be handled. |
| CPShared | A base SVN foundation component with which all Check Point products are installed. The components of CPShared include, cpstart/cpstop, Check Point registry, Check Point daemon, Watchdog, cpconfig, and SNMP daemon. |
| cpstart | A utility which allow you to start Check Point component services. |
| cpstop | A utility which allow you to stop Check Point component services. |
| Critical Notifications Pane | A panel displayed in the user interface of the Smart-View Status which shows critical events. |
| Critical Notifications View | A display panel that allows critical notifications to be displayed in a separate section of the screen. This view is created to address the changing statuses of workstations or modules. |
| Custom Log Query | A mechanism that increases the speed of filtering using a personalized display in the SmartView Tracker. This tracker consists of various fields and filters that display data customized to the administrator’s requirements. |
| Customer Premises Equipment (CPE) | A terminal equipment located at a subscriber’s premises and connected with a carrier’s telecommunication channel at the demarc. It generally refers to customer owned telephones, routers, and switches. |
| Daemons | An application-layer service on the server-side which operates on a system. Application-layer gateways implement daemons for each application-layer. |
| Data Encryption Standard (DES) | A block cipher that was selected by the National Bureau of Standards as an official Federal Information Processing Standard. It uses a symmetric-key algorithm with a 56-bit key. |
| Database Revision Control | A feature used to rollback security policy changes. This can be done in the Global Properties option of the SmartDashboard menu. |
| Default Rule | A cryptic rule which is always implemented towards the end of a rule base. The default rule drops traffic matched by the security rule base. It does not log any data packet which does not match the security rule base. |
| Demilitarized Zone (DMZ) | A firewall setup where web and other servers are placed outside the firewall. This prevents outside users from getting direct access to a server that hosts company’s confidential data. |
| Denial of Service (DoS) | A type of attack that is aimed at making computer resources unavailable to its users. It is also directed at making websites or web services function inefficiently. |
| Deny | A task intended to facilitate the security rules in the VPN-1/FireWall-1. A connection request which matches a deny action of the security rule is dropped. |
| Destination NAT | The NAT which translates destination IP addresses for connections initiated to the valid IP address that represents an internal device. |
| Details Pane | A display in the Module window of the SmartView Status user interface which shows specific information of a section on a given workstation. |
| Details View | A display in the user interface of the SmartView Status which shows detailed data related to the present workstation or section that is selected in the Modules view. |
| Diffie-Hellman | A key generation algorithm that allows two parties to securely generate a shared session key. This key can be used for symmetric encryption. This algorithm is used in protocols such as IPSec. |
| Digital Signature | A field in the certificate which contains a hash of the certificate constituents which are encrypted using the signing certificate authoritiy’s private key. This signature provides authentication and data integrity services. |
| Disable a Rule | A mechanism which disables a particular rule in the security rule base. The rule will not be enforced by enforcement modules; however it will continue to exist in the security policy. |
| Distinguished Name | The entire path of an object specified by the certificate of an X.500 directory using the X.500 nomenclature. |
| Distributed Denial of Service (DDoS) | A magnified DoS attack where multiple systems which are already compromised by the attacker, attack a single target. This combines a DoS and Ping of Death attack and forces the target system to shut down. |
| DNS Zone | A portion of the global DNS namespace for which administrative responsibility has been delegated. It represents a boundary of authority subject to management by certain entities. |
| Domain Name System or Service (DNS) | A distributed Internet directory service used to map domain names to their IP addresses and vice versa. |
| Dst | A special option used to for configuring the Install On element of a rule. This is used to enforce the rule on the inbound direction for enforcement modules which are specified in the Destination element of the rule. |
| Dynamic Host Configuration Protocol (DHCP) | A networking protocol used to request, assign, maintain, and release IP addresses to clients connected to the DHCP server. |
| Eitherbound | The default mode of inspection in VPN-1/FireWall-1 NG. The other modes of inspection include inbound and outbound. These are inspected by the INSPECT mode. |
| Encapsulating Security Payload (ESP) | An IP transport-layer protocol that is a part of the IP Security (IPSec) standard. It provides authentication, confidentiality, data integrity, and non-repudiation services for IPSec packets. |
| Enforcement Module | A constituent of the VPN-1/FireWall-1which generates a gateway from the internal networks of an organization to the external networks. It enforces the security policy distributed by the SmartCenter Server component and generates security log events and forwards these to the SmartCenter Server. |
| Event Logging API (ELA) | An API which facilitates third-party developers to use OPSEC applications to generate security log events and save them in the VPN-1/FireWall-1security logs. |
| Explicit Rules | A security rule which is manually specified by the administrator. |
| Extranet Virtual Private Network (VPN) | A virtual private network which connects the internal networks of two different organizations in a secure manner, with the help of a public network. |
| Failed Authentication Attempts | The number of consecutive authentication attempts that were a failure. These attempts occur before the termination of a client’s authentication connection to the VPN-1/FireWall-1 security server. |
| File Transfer Protocol (FTP) | A network protocol used to exchange and manipulate files over a TCP/IP-based network. It uses separate control and data connections between the client and server applications. |
| Filters | A technique that is a part of a log query to determine the data that should be displayed in the SmartView Tracker records pane. |
| Fingerprint | A field on a certificate that includes of a hash of the components of the certificate. It identifies the system presenting the certificate and is used in VPN-1/FireWall-1 to enable SMART clients to ensure that the SmartCenter server they are connecting to is authentic. |
| Firewall | A generic device that creates a gateway from the internal networks of an organization and external networks. It uses permission controls in connections within connected networks. |
| Firewall | A security infrastructure used to block unauthorized access while permitting authorized users. It can be implemented in either hardware or software, or a combination of both. |
| Flows | The connection from one network device to another which indicates the direction of transmitted data from the client to the server. |
| Force This Blocking | A setting that indicates the location where the blocking must be implemented. It can be implemented on the enforcement module which hosts the blocked connection or on all enforcement modules. |
| Fragmentation | The mechanism break up IP packets into segments, to ensure that specific number of IP packets are placed on the MTU of the Layer 2 media. |
| Fully Automatic | A mechanism that enables the session authentication to authorize permissions to every service and destination specified in the client authentication rule. |
| fwc | A command line utility that instructs a SmartCenter server to verify an inspection script by compiling it into inspection code. |
| fwm logexport | A command line utility that allows you to export security log files into an ASCII format. This format can be viewed by an external application or can be exported into a database. |
| fwm logswitch | A command line utility that allows you to rotate security log files. This option terminates the current log file and creates a new log file. |
| FWZ Encryption | Check Point proprietary encryption protocol which only supports payload encryption. It has an IP protocol number of 94. |
| Gateway | A system which consists of multiple network interfaces and helps create a gateway from one network to another. Gateways are also known as enforcement models. |
| Group Object | An object in the customer’s database which groups user objects and administrator objects. Grouped objects can be defined in security rules. |
| H.323 | A standard which provides a foundation for audio, video, and data communications across IP-based networks. It is based on RTP, RTCP and other additional protocols used for call signaling, data and audiovisual communications. |
| Hide a Rule | The method used to hide a rule from being viewed. This method facilitates easy management of the security rule base. It implements the rule on enforcement modules. |
| Host Route | A route that defines a given host’s next hop IP address. Host routes are essential for manual NAT rules on a VPN-1/FireWall-1. |
| Hybrid Mode Authentication | An authentication process where two different authentication mechanisms are combined. Hybrid mode authentication allows remote access VPN connections to be authenticated at both a machine level and at a user level. |
| Hypertext Transfer Protocol Secure (HTTPS) | A combination of HTTP and the SSL/TLS protocol used to communicate between web server and a web browser. SSL/TLS makes the communication secure using TCP port 443 by default. |
| Implicit Client Authentication | An authentication mechanism which specifies the semi automatic client authentication rules and is used in conjunction with client authentication rules. |
| Implicit Drop Rule | A security rule base has an implicit drop rule at the end of the rule base. So any traffic not matched by a rule in the rule base is dropped. |
| Implied Network Object | An automatically created network object in the SmartMap which uses the topology configuration for enforcement modules or gateways. |
| Implied Rules | Any security rule that has been automatically generated by VPN-1/FireWall-1 NG. In the SmartDashboard, implied rules are configured via Policy _ Global Properties _ FireWall-1. |
| In-band Authentication | A form of authentication which happens in the application-layer protocol. VPN-1/ FireWall-1 facilitates in-band authentication for HTTP, TELNET, FTP, and RLOGIN connections. |
| Inbound | A phase in the enforcement module where data packets that are transmitted are inspected by the INSPECT module. |
| INSPECT | An advanced scripting language that specifies the security rules and policy on an enforcement module. |
| INSPECT Module | A kernel-mode constituent of the VPN-1/FireWall-1 enforcement module which intercepts data packets accepted from or transmitted from a network interface and applies security inspection on them. |
| Inspection Code | The low-level machine languages created by an inspection script, which helps in containing the CPU commands that help implement security policies. |
| Inspection Script | The INSPECT script which specifies the security policies implemented by the INSPECT section. |
| Installation Manager | A constituent of the SmartUpdate SMART client used to manage installing, upgrading of service pack and versions, and rollbacks of the VPN-1/FireWall-1. |
| Internal Certificate Authority (ICA) | The internal certificate authority that enables the VPN-1/ FireWall-1 NG to supply certificates to the Smart-Center servers and enforcement modules. This feature reduces the need to deploy a separate PKI. |
| Internet Control Message Protocol (ICMP) | A protocol for TCP/IP which provides maintenance and reporting functions. The Ping utility uses ICMP. ICMP will also report if a destination is unreachable. |
| Internet Gateway | A product of the VPN-1/FireWall-1 family which facilitates the integration of the SmartCenter server and enforcement module into a single platform. It is qualified to secure up to 250 IP addresses. |
| Internet Group Management Protocol (IGMP) | A protocol used to manage IP multicast groups. IP multicasts can send messages or packets to a specified group of hosts. |
| Internet Protocol (IP) | A network protocol used to communicate data across a packet switched network. It is the primary protocol in the Internet Layer and delivers packets from the source to the destination solely based on their addresses. |
| Intranet VPN | A virtual private network which links different departments or business units in a secure manner through a private or public network. |
| IP Security (IPSec) | A type of VPN which uses protocols that enable encryption, authentication, and integrity over an IP network. IPSec operates at Layer 3 of the OSI model. |
| Ipconfig | A command line utility used to get the IP address information on a Windows computer. It also allows some control over active TCP/IP connections. |
| IPsec (Internet Protocol Security) | A group of transport-layer protocols which allow a framework to facilitate secure communications over an IP network. It enables authentication, confidentiality of information, integrity of information, and many non-repudiation features. |
| Kerberos | An authentication protocol which allows nodes communicating over a non-secure network to authenticate in a secure manner. The messages used in Kerberos are protected against eavesdropping and replay attacks. |
| Kernel Mode | The state reached when a software application operates as part of the operating system kernel, resulting in high speed performance. |
| Kernel Side | A log event generation process that describes the enforcement module components which create the portions of the log. |
| License Manager | A SmartUpdate SMART client’s component that manages the VPN-1/FireWall-1 central licenses. |
| Lightweight Directory Access Protocol (LDAP) |
A protocol used to access X.500 databases. This protocol stores information about the entities within an organization. |
| Local.arp | A Windows systems file that enables the proxy ARP functionality. This functionality allows manual NAT installations. |
| Log Export API | An API which facilitates third-party developers to enable the OPSEC applications to obtain and analyze security log events. |
| Log Fragments | The data associated to a logging record created by different enforcement module components. Log fragments are consolidated into logging records, which ensure all logging information is associated with a connection. |
| Log Mode | A display mechanism in SmartView Tracker which shows the security log files. |
| Log Query | A set of attributes which illustrate a particular type of display in the SmartView Tracker Records pane. A log query defines the filters applied to the columns, the column’s visibility, and the column width. |
| Log Records | A unit of log fragments produced when data packets are transmitted through an enforcement module. Each log record is associated with a connection, and is transmitted to the SmartCenter server. |
| Log Unique Unification Identifier (LUUID) | A field attached to every log; this field is used to identify the log records transmitted by the enforcement module to the SmartCenter server. |
| Logical Server | A server that presents a virtual interpretation of an internal group or cluster of servers which provide a common service. |
| Manual NAT | A type of NAT implemented when administrators define their own NAT rules. Manual NAT rules enable fine-tuning of NAT rules. |
| Many-to-one | The NAT provided by the hide NAT where ‘many’ implies multiple private IP addresses and ‘one’ implies a single valid IP address. |
| Master | An entity in the enforcement module which defines the Smart- Center server from which the enforcement module obtains as security policies. It also denotes the location where the enforcement module transmits log records. |
| Maximum Transmission Unit (MTU) | The highest permitted size of frames that are allowed to be transmitted on a Layer 2 media, such as Ethernet or ATM. |
| Media Access Control (MAC) | A protocol used to provide the data link layer of the Ethernet LAN system. It encapsulates payload data by adding a 14 byte header before the data and appending a 4-byte CRC after the data. |
| Message Digest | The output of a hashing algorithm which is also called hash. It can be attached to a message to ensure that the original contents of the message are not altered in transit. |
| Modules | A particular Check Point product installed on Check Point systems. This product is monitored by the SmartView Status. |
| Modules Pane | A display window in SmartView Status which shows every workstations and module that is monitored by the SmartView Status. |
| Modules View | A hierarchical view in SmartView Status which shows every Check Point workstation managed by the Smart-Center server to which SmartView Status is connected. |
| Negate Cell | An option used for modifying the Service Element of a rule. IT negates the selected service for the service element of a rule. |
| Network Address Translation (NAT) | A mechanism that translates the source/destination IP addresses of data packets by ensuring that every private device can establish a connection with a device on the Internet using a valid IP address. |
| Network Address Translation (NAT) | A process of modifying network address information in the packet headers while in transit across a traffic routing device. This is done to remap one IP address space into another. |
| Network Interface Card (NIC) | An expansion card that plugs into the PCI slot; used to connect the computer to a network. It is connected to the network cabling used to transfer data on the network. |
| Node Objects | Security objects within the Smart-Dashboard that represent non–Check Point systems. The types of objects include gateway node object and host node object. |
| Noisy Rule | A security rule that reduces unnecessary cluttering of the security log files by dropping traffic which is frequent and normal in the network. It does not log the drop events. |
| Non-repudiation | A process that reduces the ability for a party to falsely claim that they were the generators or certain information. |
| Non-transparent Authentication | An authorization process that takes place when a user initiates an out-of-band connection for authentication purposes before initiating a connection to the desired destination system. |
| One-time Password (OTP) | A technique used for authorization purposes that requires users to specify a different password each time they authenticate. This technique is used by S/KEY and SecurID authentication schemes. |
| Open Platform for Security (OPSEC) | A Check Point framework which enables third-party to integrate their products with Check Point products to increase the efficiency of their products. |
| Open Security Extension (OSE) | A licensed feature which allows the SmartCenter server to manage access control lists of third-party routers. |
| Open Systems Interconnection (OSI) | A model defined by the ISO to categorize the process of communication between computers in terms of seven layers. The seven layers are Application, Presentation, Session, Transport, Network, Data Link, and Physical. |
| OS Password | The authentication policy of the VPN-1/FireWall-1 which uses the enforcement module’s operating system authentication database to authenticate users. |
| Outbound | The phase where data packets transmitted out of the network interface of an enforcement module are inspected by the INSPECT module. |
| Out-of-band Authentication | A form of authentication which takes place outside of the application-layer protocol connection which a user tries to initiate. Client authentication provides out-of-band authentication. |
| Packet Filtering | A firewall feature which selectively accepts or rejects packets as they pass through a network interface. Packets are filtered based on rules associated with the source and destination addresses, ports, or protocols that packets use. |
| Packet Filtering Firewall | A generic firewall which investigates Layer 3 or Layer 4 data packets and determines whether to allow or block the packet. It is the basic form of a firewall. |
| Packet Switching | The process of breaking messages into packets at the sending router for easier transmission over a WAN. |
| Partially Automatic | A mechanism that allows user authentication to be utilized for any HTTP, FTP, TELNET, or RLOGIN connections specified in the rule. This authorizes access to every service and destination automatically. |
| Permissions | A collection of rights specified for the administrators of the VPN-1/ FireWall-1 which identify the level of access for every user. |
| Point-to-Point Protocol (PPP) | A full-duplex line protocol that supersedes Serial Line Internet Protocol (SLIP). It’s part of the standard TCP/IP suite and is often used in dial-up connections. |
| Point-to-Point Tunneling Protocol (PPTP) | A network protocol that encapsulates PPP packets into IP datagrams for transmission over the Internet. It can also be used in private LAN-to-LAN networks. |
| Policy Definition Point | The phase at which security policy rules are specified and configured. SMART clients and SmartCenter server represent the policy definition point. |
| Policy Distribution Point | The phase at which security policy rules are transformed into a form that a policy enforcement point can understand. It is later circulated to every policy enforcement point. |
| Policy Enforcement Point | The phase at which security policy rules are enforced at gateways between the internal networks of an organization and external, untrusted networks. The enforcement module represents the policy enforcement point. |
| Port Address Translation | A feature which translates TCP/UDP communications made between hosts on a private network and hosts on a public network. It allows a single public IP address to be used by many hosts on a private network. |
| Port Address Translation (PAT) | A mechanism utilized by hide NAT which translates the source IP address and the source TCP/UDP port of a connection. This enables the translated source TCP/UDP port to uniquely identify the private device. |
| Predefined Log Query | A built-in view of the SmartView Tracker which shows fields and filters specific to a VPN-1/FireWall-1 component. |
| Product Details View | A display mechanism in SmartView Status which displays the different workstations with a specific type of installation of Check Point product and statistics particular to the product. |
| Proxy ARP | A device’s response to an ARP request on behalf of a different system. Proxy ARP is used by NAT to ensure that enforcement modules respond for the valid IP addresses configured for NAT. |
| Proxy Server | A server that acts as an intermediary for requests from clients from other servers. It evaluates the request according to the filtering rules. |
| Public Key Infrastructure (PKI) | An arrangement needed to create, manage, distribute, use, store, and revoke digital certificates. It is a two-key encryption system where messages are encrypted with a private key and decrypted with a public key. |
| Public/Private Key Pair | A pair of keys used to provide authentication, confidentiality of information, integrity of information, and non-repudiation services provided by certificates. |
| Quality of Service (QoS) | The level of a service given by the network to a particular application. It is defined in terms of bandwidth, packet loss, latency, and jitter. |
| Query Tree | A component of the SmartView Tracker application which lists all predefined queries and custom queries. A query is a set of parameters that defines how records are displayed in the Records pane. |
| RADIUS | The protocol that enables centralized authentication services for multiple enforcement modules to a RADIUS server which hosts a central authentication database. |
| Read-only | A permission defined for administrators that allows a specific component or function to be viewed but not modified. |
| Read-write | A permission defined for administrators that allows a specific component or function to be viewed and modified. |
| Records Pane | A pane in SmartView Tracker which shows the security log entries. |
| Reject | An action specified in the security rule of the VPN-1/FireWall-1. This drops any notification that is transmitted back to the requesting system. |
| Remote Access VPN | A virtual private network which connects remote users to the internal network of an organization through the Internet, in a secure manner. |
| Resource Object | A security object used for the SmartDashboard. This allows traffic forwarding common application- layer protocol traffic to security servers for inspection. |
| Routing Information Protocol (RIP) | A distance-vector route discovery protocol used by Internetwork Packet Exchange and Internet Protocol. IPX uses hops and ticks to determine the cost for a particular route. |
| Rule Elements | A collection of units that form the various components or fields of a security rule. Every security rule consists of source, destination, service, action, track, time, install on, and comment element. |
| Secure Internal Communications (SIC) | A technique that implements a secure connection between the components in VPN-1/FireWall-1 NG. It provides authentication, integrity and confidentiality services. |
| Secure Internal Communications (SIC) |
A feature in Check Point VPN-1/FireWall-1 NG which ensures that administrative communications between SVN components are secure. |
| Secure Sockets Layer (SSL) | A protocol that secures messages by operating between the Application layer (HTTP) and the Transport layer. |
| Secure Virtual Network (SVN) | A range of Check Point products which put together provide an end-to-end security solution for an organization. |
| Secure Virtual Network Architecture (SVN) | A security architecture that provides a unified framework for implementing and maintaining network security. Network security is maintained and implemented across networks, applications, and users. |
| Security Log (fw.log) | A log file which consists of every security event that took place on a VPN-1/ FireWall-1 enforcement module. This is managed by the SmartCenter server. |
| Security Objects | A set of components of the VPN-1/FireWall-1 security policy. The components include networks, systems, applications, and users. |
| Security Policy | A rule which specifies the network security policies and procedures of an organization. Security policies can cover a broad range of security rules. |
| Security Rule Base | A set of security policies that form the entire list of security rules which are enforced by an enforcement module. |
| Security Rules | A collection of policies or protocols that categorize particular types of connections. It also denotes the tasks that an enforcement module must execute for such connections. |
| Seed | A variable that introduces randomness in the output produced when seeds and encryption keys are combines and passed through an encryption algorithm. |
| Selections | A process used to specify the filter which must be used in displaying only specific data in a column of the SmartView Tracker. It also defines column width and column visibility. |
| Self-signed | The certificate of the root CA of a PKI. The root CA is the trusted entity in a PKI that generates a certificate that identifies itself and then signs the certificate itself. |
| Server Objects | A security object which specifies the backend services such as RADIUS authentication. Every server object needs a workstation object to be specified. |
| Server Side | A phase during which the INSPECT module inspects a data packet. This inspection occurs after a packet has been received and routed by the operating system to the appropriate egress interface. |
| Service Objects | The set of objects that represent the transport-layer and application layer protocols. |
| Session Authentication | A form of authentication which initiates per-connection authentication of any given service. It requires a session authentication agent to be present on the authenticating client. |
| Session Authentication Agent | Check Point software installed on a client workstation. It is required for session authentication. |
| Session State | A state of a session or a connection in a stateful inspection firewall. The session state information includes information about Layer 3 and Layer 4 parameters of a connection, such as source port, destination port, and TCP sequence number. |
| Simple Mail Transfer Protocol (SMTP) | A network protocol for e-mail transmission across IP networks. It is specified for outgoing mail transport and uses TCP port 25. |
| Simple Network Management Protocol (SNMP) | A UDP-based network protocol used to monitor network-attached device. It has a set of standards for network management which includes an application layer protocol, a database schema, and a set of data objects. |
| SMART Clients | A client used to provide a GUI for the VPN-1/FireWall-1 security policy specified on a SmartCenter server. It can also be used to access security logs, and control the status of VPN-1/FireWall-1 hosts and products. |
| SmartCenter Server | A central constituent of the VPN-1/FireWall-1 which saves the security policy database, sends suitable security policy to every enforcement module, and also saves security log events produced by the enforcement modules. |
| SmartDashboard | A Check Point GUI SMART client which configures security policies for a VPN-1/FireWall-1 SmartCenter server. |
| SmartMap | A graphical application which illustrates the IP topology of a complete internetwork as configured by the VPN-1/FireWall-1. |
| SmartUpdate | A Check Point SMART client that controls licenses centrally as well as for Check Point product versions and upgrades. |
| SmartView Status | A Check Point SMART client that generates a real-time monitoring mechanism and alert for Check Point systems. |
| SmartView Tracker | A Check Point SMART client used to control and view different Check Point security log files. |
| SmartView Tracker Mode | A SmartView Tracker which consists of different modes that define the security log file which is viewed in the SmartView Tracker. |
| Source NAT | A type of NAT that converts the source IP address for connections that are initiated from devices with private IP addresses. |
| Spoofing Attack | A type of attack where a person or a program successfully masquerades as another by falsifying data and gaining an illegitimate advantage. |
| Src | A special option used to for configuring the Install On element of a rule. This is used to enforce the rule on the outbound direction for enforcement modules specified in the Source element of the rule. |
| Stateful Inspection Technology | A type of technology provides the intelligence of the application layer gateways with the operating speed of packet filtering firewalls. |
| Stateful Packet Filtering | A firewall technology that monitors the state of active connections and determines which network packets to allow through the firewall. |
| Static NAT | A type of NAT which enables a single one-to-one mapping from a private IP address to an external valid IP address. It enables connections to be established from external devices to internal devices represented by their corresponding valid IP address. |
| Stealth Rule | A reliable security rule which must be situated at the top of the security rule base which helps protect enforcement modules from any intrusion. |
| Subnet Broadcast | A type of broadcast which is transmitted to every host in an IP subnet. It is represented by the last IP address available with an IP subnet. |
| Suspicious Activity Monitoring (SAM) | A monitoring mechanism used by enforcement modules to allow temporary security rules to be placed without any modifications made to the normal security policy. |
| SVN Foundation | A constituent of the Common Check Point that is shared across all Check Point NG products that facilitates common functionality, secure internal communications, and other monitoring features. |
| SYSLOG | A protocol often utilized by Unix-based systems. This protocol specifies the template according to which a system must generate errors and data messages. It also specifies how those messages must be stored. |
| System Alerts | A feature of the Check Point NG Feature Pack SmartView Status SMART client that enables personalized alerts to be applied for particular system management events. |
| TACACS | The Terminal Access Controller Access Control System protocol which operates like the RADIUS protocol and enables a centralized authentication service for various enforcement modules to a TACACS server which hosts a central authentication database. |
| TCP ACK Attack | A type of attack where the attacker sends TCP connections requests faster than a machine can process them. Any service that binds to and listens on a TCP socket is potentially vulnerable to TCP SYN flooding attacks. |
| TCP Sequence Attack | A type of attack where the attacker intercepts the communication between and authentic sender and receiver. The attacker then sends a sequence number similar to the one used in the original session and either disrupts or hijacks a valid session. |
| Telnet | A network protocol used to provide a bi-directional interactive text-oriented communication via a virtual terminal connection. It uses TCP port number 23. |
| Terminal Access Controller Access Control System (TACACS) | A remote authentication protocol used to communicate with an authentication server commonly used in UNIX networks. It allows a remote access server to communicate with an authentication server to determine if a user has access to the network. |
| Token | Software or hardware component used to generate one-time passwords for users who require one-time-passwords for authentication. |
| Transitive | The mechanism of inherent trust relationships between entities. This is an integral concept of a PKI. |
| Transmission Control Protocol (TCP) | A network protocol that operates at a higher level of the OSI model. It provides reliable, ordered delivery of data from a program on one computer to another program on another computer. |
| Transparent Authentication | An authorization process that takes place when a user initiates a connection to the desired destination system and is automatically prompted for authentication. |
| Triple DES | A block cipher which transforms each 64-bit plaintext block by applying the Data Encryption Algorithm three successive times. It uses either two or three different keys for an effective key length of 112 or 168 bits. |
| User Authentication Session Timeout | The amount of time an authenticated user authentication session can remain idle before the connection is deemed invalid and disconnected. |
| User Datagram Protocol (UDP) | A network protocol which enables computer applications to send messages to other hosts on an IP network. It does not require prior communication to set up special transmission channels or data path. |
| User Mode | A mode enabled when a software application operates outside the operating system kernel. This can slow the performance due to interaction with other applications and the network. |
| User Object | A type of object that is placed in the user’s database. It defines a particular user. |
| User Template Object | An object that defines a template to create user objects and administrator objects with similar attributes. It is placed in the users database. |
| Users Database | A database that stores information about the user, administrator, templates, and group objects for the VPN-1/FireWall-1. It is stored in files called $FWDIR/conf/fwauth.NDB*. |
| Virtual LAN (VLAN) | A network arrangement created to provide the segmentation services provided by routers in LAN configurations. It allows for hosts to be grouped together even if they are not located on the same network switch. |
| Virtual Private Network (VPN) | A network arrangement that encapsulates data transfers between networked devices which not on the same private network. It provides remote access to corporate resources over the public Internet. |
| Voice over IP (VoIP) | The technology that encapsulates voice traffic into IP packets and transmits it across a TCP/IP network. |
| VPN-1 & FireWall-1 Password | An authentication mechanism used by the VPN-1/ FireWall-1 which authorizes users by using the passwords stored for user objects in the user’s database. |
| Wide Area Network (WAN) | A computer network that connect LANs and other types of networks together. It enables the users and computers in one location to communicate with users and computers in other locations. |
| Workgroup | A defined group of users and network devices that are organized either by job function or by proximity to shared resources. |
| X.509 | An ITU-T standard for PKI for SSO and PMI. It specifies standard formats for public key certificates, certificate revocation lists, attribute certificates, and the certification path validation algorithm. |
Posted in Uncategorized | No Comments
World Capitals Study Sheet – List of Countries and Their Capitals
World Capitals
For study purposes, a list of a countries and their capitals. We are releasing this content into public domain, but would appreciate a link or citation back if you use it.
| Afghanistan | Kabul is the capital of Afghanistan. |
| Albania | Tirane is the capital of Albania. |
| Algeria | Algiers is the capital of Algeria. |
| Andorra | Andorra la Vella is the capital of Andorra. |
| Angola | Luanda is the capital of Angola. |
| Antigua and Barbuda | Saint John’s is the capital of Antigua and Barbuda. |
| Argentina | Buenos Aires is the capital of Argentina. |
| Armenia | Yerevan is the capital of Armenia. |
| Australia | Canberra is the capital of Australia. |
| Austria | Vienna is the capital of Austria. |
| Azerbaijan | Baku is the capital of Azerbaijan. |
| The Bahamas | Nassau is the capital of The Bahamas. |
| Bahrain | Manama is the capital of Bahrain. |
| Bangladesh | Dhaka is the capital of Bangladesh. |
| Barbados | Bridgetown is the capital of Barbados. |
| Belarus | Minsk is the capital of Belarus. |
| Belgium | Brussels is the capital of Belgium. |
| Belize | Belmopan is the capital of Belize. |
| Benin | Porto-Novo is the capital of Benin. |
| Bhutan | Thimphu is the capital of Bhutan. |
| Bolivia | La Paz is the administrative capital of Bolivia. Sucre is the judicial capital. |
| Bosnia and Herzegovina | Sarajevo is the capital of Bosnia and Herzegovina. |
| Botswana | Gaborone is the capital of Botswana. |
| Brazil | Brasilia is the capital of Brazil. |
| Brunei | Bandar Seri Begawan is the capital of Brunei. |
| Bulgaria | Sofia is the capital of Bulgaria. |
| Burkina Faso | Ouagadougou is the capital of Burkina Faso. |
| Burundi | Bujumbura is the capital of Burundi. |
| Cambodia | Phnom Penh is the capital of Cambodia. |
| Cameroon | Yaounde is the capital of Cameroon. |
| Canada | Ottawa is the capital of Canada. |
| Cape Verde | Praia is the capital of Cape Verde. |
| Central African Republic | Bangui is the capital of Central African Republic. |
| Chad | N’Djamena is the capital of Chad. |
| Chile | Santiago is the capital of Chile. |
| China | Beijing is the capital of China. |
| Colombia | Bogota is the capital of Colombia. |
| Comoros | Moroni is the capital of Comoros. |
| Congo, Republic of the | Brazzaville is the capital of Congo, Republic of the. |
| Democratic Republic of the Congo | Kinshasa is the capital of Democratic Republic of the Congo. |
| Costa Rica | San Jose is the capital of Costa Rica. |
| Cote d’Ivoire | Yamoussoukro (official) is the official capital of Cote dIvoice, but Abidjan is the de facto capital. |
| Croatia | Zagreb is the capital of Croatia. |
| Cuba | Havana is the capital of Cuba. |
| Cyprus | Nicosia is the capital of Cyprus. |
| Czech Republic | Prague is the capital of Czech Republic. |
| Denmark | Copenhagen is the capital of Denmark. |
| Djibouti | Djibouti is the capital of Djibouti. |
| Dominica | Roseau is the capital of Dominica. |
| Dominican Republic | Santo Domingo is the capital of Dominican Republic. |
| East Timor | Dili is the capital of East Timor. |
| Ecuador | Quito is the capital of Ecuador. |
| Egypt | Cairo is the capital of Egypt. |
| El Salvador | San Salvador is the capital of El Salvador. |
| Equatorial Guinea | Malabo is the capital of Equatorial Guinea. |
| Eritrea | Asmara is the capital of Eritrea. |
| Estonia | Tallinn is the capital of Estonia. |
| Ethiopia | Addis Ababa is the capital of Ethiopia. |
| Fiji | Suva is the capital of Fiji. |
| Finland | Helsinki is the capital of Finland. |
| France | Paris is the capital of France. |
| Gabon | Libreville is the capital of Gabon. |
| The Gambia | Banjul is the capital of The Gambia. |
| Georgia | Tbilisi is the capital of Georgia. |
| Germany | Berlin is the capital of Germany. |
| Ghana | Accra is the capital of Ghana. |
| Greece | Athens is the capital of Greece. |
| Grenada | Saint George’s is the capital of Grenada. |
| Guatemala | Guatemala City is the capital of Guatemala. |
| Guinea | Conakry is the capital of Guinea. |
| Guinea-Bissau | Bissau is the capital of Guinea-Bissau. |
| Guyana | Georgetown is the capital of Guyana. |
| Haiti | Port-au-Prince is the capital of Haiti. |
| Honduras | Tegucigalpa is the capital of Honduras. |
| Hungary | Budapest is the capital of Hungary. |
| Iceland | Reykjavik is the capital of Iceland. |
| India | New Delhi is the capital of India. |
| Indonesia | Jakarta is the capital of Indonesia. |
| Iran | Tehran is the capital of Iran. |
| Iraq | Baghdad is the capital of Iraq. |
| Ireland | Dublin is the capital of Ireland. |
| Israel | Jerusalem is the capital of Israel. |
| Italy | Rome is the capital of Italy. |
| Jamaica | Kingston is the capital of Jamaica. |
| Japan | Tokyo is the capital of Japan. |
| Jordan | Amman is the capital of Jordan. |
| Kazakhstan | Astana is the capital of Kazakhstan. |
| Kenya | Nairobi is the capital of Kenya. |
| Kiribati | Tarawa is the capital of Kiribati. |
| Korea, North | Pyongyang is the capital of Korea, North. |
| Korea, South | Seoul is the capital of Korea, South. |
| Kuwait | Kuwait City is the capital of Kuwait. |
| Kyrgyzstan | Bishtek is the capital of Kyrgyzstan. |
| Laos | Vientiane is the capital of Laos. |
| Latvia | Riga is the capital of Latvia. |
| Lebanon | Beirut is the capital of Lebanon. |
| Lesotho | Maseru is the capital of Lesotho. |
| Liberia | Monrovia is the capital of Liberia. |
| Libya | Tripoli is the capital of Libya. |
| Liechtenstein | Vaduz is the capital of Liechtenstein. |
| Lithuania | Vilnius is the capital of Lithuania. |
| Luxembourg | Luxembourg is the capital of Luxembourg. |
| Macedonia | Skopje is the capital of Macedonia. |
| Madagascar | Antananarivo is the capital of Madagascar. |
| Malawi | Lilongwe is the capital of Malawi. |
| Malaysia | Kuala Lumpur is the capital of Malaysia. |
| Maldives | Male is the capital of Maldives. |
| Mali | Bamko is the capital of Mali. |
| Malta | Valletta is the capital of Malta. |
| Marshall Islands | Majuro is the capital of Marshall Islands. |
| Mauritania | Nouakchott is the capital of Mauritania. |
| Mauritius | Port Louis is the capital of Mauritius. |
| Mexico | Mexico City is the capital of Mexico. |
| Federated States of Micronesia | Palikir is the capital of Federated States of Micronesia. |
| Moldova | Chisinau is the capital of Moldova. |
| Monaco | Monaco is the capital of Monaco. |
| Mongolia | Ulaanbaatar is the capital of Mongolia. |
| Morocco | Rabat is the capital of Morocco. |
| Mozambique | Maputo is the capital of Mozambique. |
| Myanmar (Burma) | Rangoon is the capital of Myanmar (Burma). |
| Namibia | Windhoek is the capital of Namibia. |
| Nauru | Yaren District is the capital of Nauru. |
| Nepal | Kathmandu is the capital of Nepal. |
| Netherlands | Amsterdam is the capital of Netherlands. |
| New Zealand | Wellington is the capital of New Zealand. |
| Nicaragua | Managua is the capital of Nicaragua. |
| Niger | Niamey is the capital of Niger. |
| Nigeria | Abuja is the capital of Nigeria. |
| Norway | Oslo is the capital of Norway. |
| Oman | Muscat is the capital of Oman. |
| Pakistan | Islamabad is the capital of Pakistan. |
| Palau | Koror is the capital of Palau. |
| Panama | Panama City is the capital of Panama. |
| Papua New Guinea | Port Moresby is the capital of Papua New Guinea. |
| Paraguay | Asuncion is the capital of Paraguay. |
| Peru | Lima is the capital of Peru. |
| Philippines | Manila is the capital of Philippines. |
| Poland | Warsaw is the capital of Poland. |
| Portugal | Lisbon is the capital of Portugal. |
| Qatar | Doha is the capital of Qatar. |
| Romania | Bucharest is the capital of Romania. |
| Russia | Moscow is the capital of Russia. |
| Rwanda | Kigali is the capital of Rwanda. |
| Saint Kitts and Nevis | Basseterre is the capital of Saint Kitts and Nevis. |
| Saint Lucia | Castries is the capital of Saint Lucia. |
| Saint Vincent and the Grenadines | Kingstown is the capital of Saint Vincent and the Grenadines. |
| Samoa | Apia is the capital of Samoa. |
| San Marino | San Marino is the capital of San Marino. |
| Sao Tome and Principe | Sao Tome is the capital of Sao Tome and Principe. |
| Saudi Arabia | Riyadh is the capital of Saudi Arabia. |
| Senegal | Dakar is the capital of Senegal. |
| Serbia and Montenegro (Yugoslavia) | Belgrade is the capital of Serbia and Montenegro. |
| Seychelles | Victoria is the capital of Seychelles. |
| Sierra Leone | Freetown is the capital of Sierra Leone. |
| Singapore | Singapore is the capital of Singapore. |
| Slovakia | Bratislava is the capital of Slovakia. |
| Slovenia | Ljubljana is the capital of Slovenia. |
| Solomon Islands | Honiara is the capital of Solomon Islands. |
| Somalia | Mogadishu is the capital of Somalia. |
| South Africa | Pretoria (administrative), Cape Town (legislative), Bloemfontein (judiciary) are the capitals of South Africa. |
| Spain | Madrid is the capital of Spain. |
| Sri Lanka | Colombo is the capital of Sri Lanka. |
| Sudan | Khartoum is the capital of Sudan. |
| Suriname | Paramaribo is the capital of Suriname. |
| Swaziland | Mbabana is the capital of Swaziland. |
| Sweden | Stockholm is the capital of Sweden. |
| Switzerland | Bern is the capital of Switzerland. |
| Syria | Damascus is the capital of Syria. |
| Taiwan | Taipei is the capital of Taiwan. |
| Tajikistan | Dushanbe is the capital of Tajikistan. |
| Tanzania | Dar es Salaam is the capital of Tanzania. |
| Thailand | Bangkok is the capital of Thailand. |
| Togo | Lome is the capital of Togo. |
| Tonga | Nuku’alofa is the capital of Tonga. |
| Trinidad and Tobago | Port-of-Spain is the capital of Trinidad and Tobago. |
| Tunisia | Tunis is the capital of Tunisia. |
| Turkey | Ankara is the capital of Turkey. |
| Turkmenistan | Ashgabat is the capital of Turkmenistan. |
| Tuvalu | Funafuti is the capital of Tuvalu. |
| Uganda | Kampala is the capital of Uganda. |
| Ukraine | Kiev is the capital of Ukraine. |
| United Arab Emirates | Abu Dhabi is the capital of United Arab Emirates. |
| United Kingdom | London is the capital of United Kingdom. |
| United States | Washington D.C. is the capital of United States. |
| Uruguay | Montevideo is the capital of Uruguay. |
| Uzbekistan | Tashkent is the capital of Uzbekistan. |
| Vanuatu | Port-Vila is the capital of Vanuatu. |
| Vatican City | Vatican City is the capital of Vatican City . |
| Venezuela | Caracas is the capital of Venezuela. |
| Vietnam | Hanoi is the capital of Vietnam. |
| Yemen | Sanaa is the capital of Yemen. |
| Zambia | Lusaka is the capital of Zambia. |
| Zimbabwe | Harare is the capital of Zimbabwe. |
Posted in Uncategorized | No Comments
Sleeveless pineapple
As test prep professionals, PracticeQuiz thinks the whole “Sleeveless Pineapple” controversy with New York standardized testing is pretty darn hilarious. Love the quote about kids raising their hands and saying the story doesn’t make sense. We felt like that so many times as kids, and that was just reading passages about the enlightenment.
Posted in Uncategorized | No Comments