Technical Definitions
  Did You Know?
Free and unlimited technical support Click here to learn more.


For non-geeks only: Here are some of the tech terms you’ll find scattered around our site—and what the heck they mean

AAA (Authentication, Authorization, and Accounting)
A framework on IP-based networks for controlling clients’ access to network resources. Authentication verifies the user’s identification (usually via username and password); authorization permits or denies individuals’ access based on parameters set by the organization (e.g., teachers can access different resources than students); and accounting tracks and records user activity.
Access Point (AP)
A station used in a wireless local area network (WLAN) that transmits and receives data and allows wireless devices to connect to the network.
Active Directory (AD)
Introduced in Windows 2000 and included in most Windows Server operating systems, Microsoft’s Active Directory securely stores client accounts, passwords, and other data and authenticates users. AD is a popular way to enforce the AAA protocol: authentication, authorization, and accounting.
Address Resolution Protocol
See Active Directory
See Access Point
ARP (Address Resolution Protocol)
This protocol maps an IP address to a physical machine address in the local network. The physical machine is also known as a media-access control (or MAC address). Systems maintain an ARP lookup table that reveals which IP addresses are associated with what MAC addresses. ARP is also used as a verb/command to describe the process of triggering the ARP protocol into action.
American Standard Code for Information Interchange
ASCII (American Standard Code for Information Interchange)
An international numerical code that enables computers around the world to understand each other; letters, numbers, punctuation and other characters are assigned a number from 0 to 127. For example, the ASCII code for uppercase B is 66. View the ASCII character table here.
Are you who you say you are? Authentication confirms that your credentials match those on file in the database and authorizes you to access the local operating system or server.
Bayesian Filtering
Named for English mathematician Thomas Bayes, Bayesian filtering examines the content of an email—including words, structure, header, and metadata—to calculate whether it’s spam or not. Working with two bodies of messages—spam and “ham” (legit email), it eventually discerns the difference between the two and comes to learn more about the user’s email patterns over time. Other filtering methods simply look for spammy words in the subject lines and headers. SpamTrakker uses Bayesian and other filtering methods to identify spam.
This Apple zero-configuration-networking technology performs service discovery, address assignment, and host-name resolution with no need for configuration. It locates devices—like printers and other computers—and their services on a local area network using multicast DNS service records.
Bring Your Own Device
BYOD (Bring Your Own Device)
This initiative allows students and staff to bring their wireless devices—such as smartphones, tablets, and laptops—to school and use them for educational purposes on the organization’s wireless network.
Cache Server (Caching Server, HTTP Cache, Web Cache)
A dedicated network server (or server within a server), the web cache temporarily stores (or caches) previously requested information—such as web pages and images. It can be accessed again quickly and reduces bandwidth demand, server load, and lag time.
Caching Server
See Cache Server
CIDR (Classless Inter-Domain Routing)
This IP-addressing scheme—also called supernetting—allows a single IP address to designate many unique IP addresses. A CIDR IP address resembles a normal IP address, except that it ends with a slash followed by a number, for example: It enables an organization to make more IP addresses available to users.
CIPA (Children’s Internet Protection Act)
CIPA is an acronym for the Children’s Internet Protection Act, a federal law enacted by the United States Congress in December 2000 to address concerns about access in schools and libraries to the Internet and other information.

For more in-depth information, click here.
Classless Inter-Domain Routing
Content Filter
See Internet Filter
COPPA (Children’s Online Privacy Protection Act)
COPPA is an acronym for Children’s Online Privacy Protection Act, a law to protect the privacy of children using the Internet. As of April 21, 2000, certain commercial Web sites must obtain parental consent before collecting, using, or disclosing personal information from children 13 or under. doesn’t want to collect information from children 13 or under, so you’ll find a checkbox next to our public signup forms that we want you to click on, certifying that you are over the age of 13.

You can read more about the COPPA laws here.
Demilitarized Zone
DHCP (Dynamic Host Configuration Protocol)
The DHCP software lives in the router or server and automatically assigns IP addresses to clients logging on to an IP network. It eliminates the time- and energy-sucking need to manually assign an IP address to each user.
DMZ (Demilitarized Zone)
Adds a layer of security to an organization’s LAN (local area network) by locating publicly accessible servers on an isolated network that can’t be reached by an untrusted network—usually the Internet. External-facing servers, resources, and services occupy the DMZ and can be accessed from the Web, while other parts of the LAN remain untouchable.
DNS (Domain Name Server)
The Internet’s version of a phone book, a domain name server maintains a directory of word-based addresses (like that humans understand and translates them into the numerical IP addresses—then the MAC addresses—that computers and other devices understand.
Domain Name Server
Dynamic Host Configuration Protocol
This IEEE standard is commonly known as Wi-Fi and is the wireless equivalent of Ethernet.
Part of the 802.11 family, this wireless-networking standard offers high-throughput WLANs and operates only on the 5GHz band. It’s commonly referred to as Gigabit Wi-Fi or 5GT Wi-Fi.
Administered by the Universal Service Administrative Company (USAC) under the direction of the FCC, the E-rate program provides discounted telecommunications, Internet access, and internal connections to eligible schools and libraries. Discounts range from 20 to 90 percent, with rural and poorer school districts receiving bigger rebates.
Ethernet Cable
A popular type of network cable that connects two high-speed devices, like computers, switches, and routers on local area networks.
Executable File
A file format that’s encoded to run an automatic task—for example, the program setup for some free software you download off the Internet. Non-executable files, on the other hand, simply contain data—they require an executable script of code to make them do what they’re supposed to (such as play a video or display text). Common executable-file extensions include:
  • BAT (batch)
  • BIN (binary)
  • COM (command)
  • EXE (executable)
Caution: Be sure the file comes from a trusted source, as viruses can be transmitted through executable files. For an overview of safe and potentially dangerous file extensions, check out PC Magazine’s list.
This is a network security system that allows or blocks traffic between the Internet and your school’s network to guard against spyware, malware, malicious software, and anything else you don’t want infiltrating your network. You can also set your firewall to prevent computers in your LAN from communicating outside your network.
HTTP Cache
See Cache Server
HTTPS (Hypertext Transport Protocol Secure)
The secure version of HTTP, HTTPS protocol encrypts communication between your browser and the website you’re accessing, giving you added protection.
Hypertext Transport Protocol Secure
Internet Filter (Content Filter, Website Filter)
Hardware or software that lets you restrict the content users can access online, shielding them from inappropriate language, images, and websites. SecureSchool is an Internet filter created specifically for K-12 schools.
Inter-VLAN (Virtual Local Area Network) Routing
Allows hosts in one VLAN to communicate with hosts in another VLAN by routing traffic between them.
Kerberos Authentication
An authentication process that requires users to secure an encrypted “ticket” that’s then used to request a service from a server. It provides strong authentication for client/server applications and does not require passwords to pass through the network.
LAN (Local-Area Network)
As opposed to a WAN (wide-area network), a LAN is a communications network that connects computers, printers, and other devices within a limited area, such as a school, office building, or home.
LDAP (Lightweight Directory Access Protocol)
This client/server protocol is used to access and manage directory information in a TCP/IP network. It queries network directories, email servers, and other information repositories.
Lightweight Directory Access Protocol
Load Balancer
One type of load balancer acts as a reverse proxy that evenly distributes incoming web traffic across a computer network so that no single device is overtaxed. It increases network capacity and boosts the reliability of your applications. The other type splits traffic between two Internet connections and/or offers a failover feature that switches to a working connection when your other connection goes down. (A good example of this is the optional load balancer we offer with SecureSchool Internet filter.
Local-Area Network
See Multicast DNS
See Multifactor Authentication
MIME (Multi-Purpose Internet Mail Extensions)
This official standard for formatting files—like text, graphics, video, spreadsheets, and audio—allows your email client or web browser to send attachments over the Internet.
MIME (Multi-Purpose Internet Mail Extensions) Filtering
Controls which types of files are allowed through a filter, like SecureSchool.
MIMO (Multiple Input, Multiple Output)
An antenna technology for wireless communication, MIMO increases the number of antennas at the source (transmitter) and the destination (receiver)—resulting in increased performance, throughput, and data speed.
Midspan Hub
See Power over Ethernet Injector
Multicast DNS (Domain Name System) (mDNS)
Like Bonjour, mDNS is part of zero-configuration networking. It allows identifiable information to be broadcast on any network in which an mDNS-enabled device is attached. There’s no need for an existing (unicast) managed DNS server.
Multifactor Authentication (MFA)
Provides an added layer of security by requiring users to present two or more credentials before logging in or making a transaction—typically something they know (e.g., a password); something they have in their possession (e.g., AccessTrakker); and/or something biometric (e.g., fingerprints, retina patterns, or DNA).
Multi-Purpose Internet Mail Extensions
NAT (Network Address Translation)
Allows a local area network (LAN) to use one set of IP addresses for internal traffic and another set for external traffic. This frees the school up to use more internal IP addresses and avoid conflict with IP addresses used by other organizations.

The dynamic form of NAT translates the private IP addresses assigned to personal computers into registered (public) IP addresses that can be seen on the Internet. It reverses the process when data comes back in from the Web. By keeping internal addresses hidden from the outside world, NAT adds a layer of security to home or business networks. It’s usually located on routers and other gateway devices at the network boundary.
Network Address Translation
NTLM (Windows NT LAN Manager) Authentication
This protocol was the default for networking authentication in the Windows NT 4.0 operating system and was retained in Windows 2000 for compatibility with down-level clients and servers. It’s also used to authenticate logons to standalone computers with Windows 2000. Clients must prove their identities without sending a password to the server.

NTLM is still supported in all Windows versions; however, Kerberos offers greater security and is the preferred authentication for Windows 2000 and beyond.
1U (2U, 3U, 4U, 5U, 6U, and 7U, etc.)
“U” stands for unit, and these represent different units of vertical measurement. A 1U appliance is about the height (1.75”) of a large pizza box; a 2U device is 3.5” high, and so forth. A full-size rack, (for housing appliances), is 42 rack units high, with space for mounting 42 1U appliances.
Packet Internet Groper
See Ping
Ping (Packet Internet Groper)
Used to test and debug networks—and to see if a user or server is online—this Internet utility determines if an IP address is reachable by sending out a packet and waiting for a response. If the request times out, the address is offline. Pinging multiple computers is a good way to locate Internet bottlenecks and reroute data-transfer paths more effectively. Ping, traceroute, and other diagnostic tools are built into the SecureSchool box.
See Power over Ethernet
PoE Injector
See Power over Ethernet Injector
Power over Ethernet (PoE)
This technology transmits both electricity and data through standard Ethernet cables and is used with small portable wireless devices, like access points, IP surveillance cameras, etc.
Power Over Ethernet (PoE) Injector (Midspan Hub)
A PoE injector adds Power over Ethernet capability to non-PoE network links, supplying a power and data connection to devices like IP cameras and wireless access points.
Proxy Server
Acting as a gateway between a local network and the Internet, the proxy server increases security and performance by: obscuring the user’s IP address when it goes out to the Web; blocking malicious traffic and blacklisted sites; logging user activity; and caching web pages.
Preshared Key (PSK)
A security mechanism in which secret passwords or encryption keys are exchanged between two parties prior to their message exchange.
See Preshared Key
Rack-Mounted Server
Also known as a rack server, this is a computer designated to act as a server; it typically doesn’t require a keyboard or monitor (can be accessed remotely) and can be installed in a rack.
RADIUS (Remote Authentication Dial-In User Service) Server
This client/server protocol allows remote-access servers to communicate with a central server to authenticate users (via username and password) and authorize their access to the ISP system.
Remote Authentication Dial-In User Service Server
See RADIUS Server
Directing traffic on the Internet, a router forwards data from one subnet to another.
Secure Socket Layer
Service Set Identifier
Simple Network Management Protocol
SNMP (Simple Network Management Protocol)
This popular protocol collects and organizes information from network devises on complex IP networks, including servers, printers, workstations, hubs, switches, and routers. SNMP allows you to manage and monitor these devices.
A caching and forwarding web proxy, this free, open-source software is prized for many reasons: speeds up your web server and accelerates downloads by caching repeated requests; caches web, DNS, and other computer-network lookups for users who share network resources; filters traffic and boosts security. Originally designed for Unix-like systems, Squid now runs on Windows, Linux, Mac OS X, and many other operating systems.
SSID (Service Set Identifier)
This is the unique, 32-character name assigned to a wireless network. The name visible to the public might be something like “guest” or “ABC School.”
SSL (Secure Socket Layer)
The Internet’s leading security protocol, SSL was developed by Netscape to allow authenticated information to be sent via an encrypted connection—prohibiting third parties from snooping on the transmission and/or tampering with sensitive information, like credit card and Social Security numbers.
Temporal Key Integrity Protocol
TCP/IP (Transmission Control Protocol/Internet Protocol)
Developed in the 1970s, TCIP/IP is the most widely used communication language (or protocol) used to connect hosts on the Internet.
See Two-Factor Authentication
TKIP (Temporal Key Integrity Protocol)
A more robust wireless-network security protocol than wired equivalent privacy (WEP), TKIP is used by WPA. It boosts encryption strength, dynamically generates a new key for each packet, and uses the RC4 stream cipher (128-bit encryption keys and 64-bit authentication keys).
Gauges the amount of data transferred from one place to another or processed within a given time period. The measurement takes into account internal processing speed (32-bit versus 64-bit, etc.) and peripheral speeds (I/O), along with the efficiency of the operating system, software, and applications that are working together. Throughput is commonly calculated with the TPS (transactions processed per second) metric.
Traceroute (Tracepath, Tracert)
Like ping, traceroute is an important diagnostic tool for identifying network glitches. It’s used when a ping fails and you want to locate the source of the issue. Traceroute pings every hop along the way, giving you a response—or no response—and ultimately leads you to the problem area. Both ping and traceroute are built into the SecureSchool box.
See Traceroute
See Traceroute
Transmission Control Protocol/Internet Protocol
Transparent Filtering
When BYOD gear like smartphones and tablets don’t support proxies (and they rarely do), transparent filtering is a great solution for these proxy-unfriendly portable devices. It can do exactly what an HTTPS proxy does, only it’s transparent and works by dynamically opening and closing firewall ports. There’s no need to install proxy-server settings on users’ equipment. Read more about SecureSchool’s transparent-filtering option.
Trojan Horse
Often posing as legitimate software, a Trojan horse is a type of malware that typically dupes the user into opening an innocent-looking email, downloading a free program (like a game), etc. Once the Trojan horse infects your computer, it can enable cyber criminals to spy on you, steal sensitive data, and gain unauthorized backdoor access to your system, where they can delete, modify, block, or copy data and disrupt your computer’s or your network’s performance. Unlike computer viruses and worms, Trojan horses don’t inject themselves into other files or replicate themselves.
See Two-Factor Authentication
Two-Factor Authentication (TFA, 2FA)
A type of multi-factor authentication, this security process requires that the user provide two means of identification, one of which is usually something you have—e.g., a physical token (like AccessTrakker)—and something you know, such as a security code, personal identification number (PIN), or password.
Uninterruptible Power Supply (UPS)
This apparatus provides temporary power to a device in the event of a power surge or failure so that equipment isn’t damaged or data’s not lost. PowerTrakker is an example of a managed UPS service.
See Uninterruptible Power Supply
Virtual Local Area Network
Virtual Private Network
VLAN (Virtual Local Area Network)
A network of workstations, servers, and network devices that appear to be connected to the same local area network (LAN) even though they may be located in other parts of the LAN. Configured through software rather than hardware, VLANs are extremely flexible, scalable, and easy to manage. They allow devices in multiple subnets to communicate as if they existed in a single LAN and share a broadcast and multicast domain. A major advantage of VLAN is that you can move computers to other locations without having to reconfigure hardware. There are typically five VLANS per AP—one for each SSID and the fifth for managing and “talking to” the AP.
VLAN Tagging
Used when you have more than one VLAN port to help distinguish which packet belongs to which VLAN on the other side. To enable identification, VLAN tagging inserts a VLAN ID into the packet header.
VPN (Virtual Private Network)
This is an encrypted, private network that’s configured within a public network (like the Internet) or an organization’s network). It allows only authorized users to securely access the data. Check out our SecureSchool Home-to-School VPN and School-to-School VPN.
WAN (Wide-Area Network)
A bigger, brawnier cousin to the local area network (LAN), the WAN is a long-distance communications network that connects many LANs and can span great distances via telephone lines, fiber-optic cables, or satellite links. Telephone companies and cell-phone carriers use WANs to service big areas. Other big organizations commonly deploy private WANs to link remote offices. The Internet is the largest WAN in the world. In between LAN and WAN is MAN—a metropolitan area network, which usually covers a city or suburb.
Web Cache
See Cache Server
Website Filter
See Internet Filter
WEP (Wired Equivalent Privacy)
Founded in 1997, this security protocol was developed for wireless local area networks (WLANs), since WLANS are inherently less secure than LANs. It encrypts data over radio waves as they travel from one point to another. However, serious weaknesses were found in this protocol—it does not provide end-to-end security—so WEP now takes a back seat to the more secure Wi-Fi Protected Access (WPA) and WPA2. WEP is still used at the two lowest layers of the OSI (Open Systems Interconnection) model.
Wide-Area Network
Wired Equivalent Privacy
Pronounced “who is,” this query and response protocol asks the question, “Who is responsible for this domain name or IP address?” A WHOIS lookup, will identify the administrator’s contact information, billing and technical contact for each domain name or IP in the WHOIS database, diagnose registration difficulties, investigate spam, and much more.
Wide-Area Network
Wi-Fi Protected Access
See WPA and WPA2
Windows NT LAN Manager
See NTLM Authentication
Wireless Local-Area Network (WLAN)
This local area network uses high-frequency radio waves (instead of wires) to communicate between two nodes—usually an access point and a client (computer, workstation, IP phone, smartphone, etc.)—within a designated space. It allows users to move around while connecting to the Internet.
Wireless Local-Area Network (WLAN) Controller
The central component of a wireless-network solution, the controller allows you to manage the large-scale deployment of a wireless network. Controllers come as hardware (such as WirelessTrakker) or in cloud-based versions.
See Wireless Local Area Network
WPA (Wi-Fi Protected Access)
Designed to improve upon the security features of WEP, this security standard features advanced data encryption via temporal key integrity protocol (TKIP), and user authentication.

WPA-Enterprise requires users to identify themselves through the Remote Authentication Dial-in User Service (RADIUS) protocol.
WPA2 (Wi-Fi Protected Access)
A government-grade security protocol that ensures users only authorized clients can access their wireless network. WPA2-Personal uses a setup password, while WPA2-Enterprise verifies users through a server.
See Zero-Configuration Networking
Zero-Configuration Networking (zeroconf)
As you can guess from its name, this IP network (like Apple’s Bonjour) requires no manual configuration or configuration servers—so someone with little networking expertise can connect computers, printers, and other network devices and get automatic functionality (such as allocating IP addresses, translating between domain names and IP addresses, locating printers without a directory service, etc.). Eliminates the need for DHCP and DNS servers. However, because zeroconf networks use multicast domain name service, they’re less secure.

Other excellent resources for tech terms:

Have questions about these terms or want to learn more about K12USA services? We’d love to chat. Shoot us an email now or call 877-225-0100.

 ©1999-2024  Networks & More! Inc.
Contact us!     Call Toll-Free 1-877-225-0100     Site Map     Privacy Policy