Tech Terms

802.1xAn IEEE standard: Used for port based NAC (PNAC), typically uses one or more EAP, Certificates, or MSCHAPv2.
 3-2-13-2-1: Industry rule applicable to backups which states, you should have 3 COPIES , of your data, 2 COPIES on different storage media, and 1 COPY held off-site.
3DESTriple Data Encryption Standard: A method of encryption (168 bit).
AAAAuthentication, Authorisation, and Accounting: Security system Authentication proves who you are, Authorisation says what you can do, and Accounting logs what you have done.
AACAdvanced Audio Codec: A file format for storing music in ‘lossless’ quality. Used heavily by Apple.

1. Access Control Entry: One element of an ACL

2. RSA ACE Server is the old name for RSA Authentication Manager.

ACLAccess Control List:Rules applied on a network device that allow communication over numbered ports to and from certain IP addresses.
ACSAccess Control System (used be called Access Control Server), is the Cisco implementation of the TACACS+ AAA system.
ADActive Directory: Introduces with Windows Server 2000, this is Microsoft’s domain directory services role.
ADAMActive Directory Application Mode: This was replaced in Server 2008 with LDS
ADCApplication Delivery Controller:A Citrix NetScaler device that acts like a load balancer for applications and services.
ADKWindows Assessment and Deployment Kit: A suite of tools for customizing and deploying Windows operating systems, has replaced the WAIK.
ADMXA file extension used for files that can be imported into Microsoft Group Policy Objects.
ADSLAsymmetric Digital Subscriber Line: An Internet connection ran over copper wire (usually a telephone line). It tends to have faster download than upload speed.
AESAdvanced Encryption Standard 128,192, or 256bit.
AHAuthentication Header: A member of the IPSec suite of protocols provides integrity and authentication of data packets.
AMDAdvanced Micro Devices: A company that makes microprocessors and CPU’s. Main rival to Intel.
 AMPAdvanced Malware Protection: Anti Malware solution provided by Cisco Firepower.
APIApplication Programming Interface: Allows software to talk to other software.
ARMAdvanced RISC Machine: A ‘cut down’ processor used in mobile computing products
ARPAddress Resolution Protocol: A network protocol used to translate physical addresses to IP addresses, and vice versa using RARP (Reverse ARP).
ASAutonomous System: An AS number is used with routing protocols (like EIGRP and OSPF), all routers that share information with each other in a group are members of the same AS number, (an AS number can be 1-65535).
ASAAdaptive Security Appliance: Range of Cisco firewalls.
ASCIIAmerican Standard Code For Information Interchange: (Pronounced ass-key). A method of transferring strings of characters digitally
ASDMAdaptive Security Device Manager: Web management console for Cisco firewalls running OS 7 and above.
ASRAggregation Services Router: Cisco Routers used by enterprise size networks, and service providers.
ATAAdvanced Technology Attachment: Used to connect drives to a computer.
ATMAsynchronous Transfer Mode: Used to move computer data, video, or audio over a network. It embeds the data in ‘cells’ which all travel along a fixed path to their destination. This differs from TCP/IP ‘packets’ which can travel over many different routed to their destination.
AVAnti Virus.
AVCApplication Visibility and Control: Cisco solution to restrict and block traffic based on applications (OSI Layer 7)
AVIAudio Video Interleave: A File format used for video files.
BBWCBattery Backed Write Cache: A small power source that lived on a hardware RAID controller, the battery supplies power to the cache so in the event of power loss, information that is about to written to disk is not lost.
BINDBerkeley Internet Name Daemon: DNS software commonly used in Unix and Linux distributions.
BIOSBasic Input Output system: This is bootable firmware that live on most modern PC’s and Servers you access this before the OS loads usually by pressing F1, F2, F10, or Esc.
BITBinary Digit: Either a one or a zero, the smallest unit of digital storage and bandwidth.
BITSBackground Intelligent Transfer Service: A system that uses idle bandwidth to download data (usually updates).
BSODBlue Screen Of Death: Seen on a Windows Machine after a crash, if it has not been set to reboot in the event of a crash, it takes it name from the blue background and white text. (Also see PSOD).
BSSIDBasic Service Set Identifier: A unique name that specifies a wireless access point or router. Used in an Infrastructure wireless network *See SSID and ESSID)
BTBritish Telecom, the largest ISP in the UK,
 BT SyndromeYou have an Internet problem, so you ring BT, they tell you they can’t see anything wrong, and magically it starts working while you are on the phone.
BYODBring Your Own Device: A name given to the practice of allowing employees and visitors access to a corporate network from their own personal devices i.e tablets, phones, and laptops.
CACertification Authority: An entity that produces digital certificates.
CALClient Access License: A License used to access server services, used a lot on Microsoft Networks where licenses are “per seat”, “per user”, or “per device”.
CASClient Access Server: A role used by Microsoft Exchange server. A CAS server typically runs OWA and ActiveSync
CBACContext-Based Access Control: Introduced on Cisco Router and referred to as Classic IOS Firewall. It provides layer 4 and layer 7 stateful inspection.
CCNACertified Cisco Network Associate: Entry level Cisco networking qualification.
CCMPCounter Mode/CBC-MAC Protocol: Security system that uses a 128 bit key for encryption. Seen on HP Wireless controllers.
CCOCisco Connection Online: You can create a login free at Cisco to log into this service, once set up you can add valid support agreements to you account to enable you to get support and download updates.
CCPCisco Configuration Professional: A Java based graphical management software tool for deploying and configuring Cisco Routers, and wireless access points etc.
CCRCluster Continuous Replication: Introduced in Exchange 2007, this provides a second copy of the exchange database that can be used in a disaster recovery situation.
CDCompact Disk
CDACisco Context Directory Agent: A small virtual machine that maintains mappings of users to devices, it gets this information form Active Directory or from Cisco ISE.

Cisco Discovery Protocol: Used to determine what network devices are on the other end of a network link (Cisco’s implementation of LLDP)

Certificate Distribution Point: Usually a file share, or a virtual directory in IIS that is used to hold a CRL.

CGICommon Gateway Interface: A method use to both generate dynamic web content, and pass information between a web server and a browser or application a visitor is using.
CHAPChallenge Handshake Authentication Protocol: Used to authenticate a remote user or hot.
CIFSCommon Internet File system: A Microsoft system for sharing files on a network that was developed from SMB.
CLICommand Line Interface: The command interface for various network devices, usually accessed by a console cable SSH or Telnet.
CMCCertificate Management over CMS: Is the transport protocol for CMS.
CMOSComplementary Metal Oxide Semiconductor: this is actually a technology used in integrated circuits, but some people still refer to a machines BIOS/RBSU as CMOS
CMSCryptographic Message Syntax: A standard for signing, encryption or authenticating data.

1. Common Name: {digital certificates} When a digital certificate is signed by a CA, this proves the common name (the name presented on the certificate) is correct.

2. Common Name: {Active Directory AD} The name of an object in active directory i.e. “CN=Fred Bloggs”.

CNAMECanonical Name: A Type of DNS record that points to another record, it is also sometimes referred to as an ‘alias’ record.
CODECCOder-DECoder (or Compressor-DECompressor). A small piece of software that lets a computer “Understand” a particular video/audio encoding.
COMCommunication Port: A serial comminucation port on a device, usually a 9 pin (or 25 pin on old equipment) socket. Or on networking equipment presented as a female RJ45 or femail Mini USB socket.
cPanelcPanel is a suite of tools that a company hosting your website can provide you access to, to manage your own website. It is used on Apache web servers
CPUCentral Processing Unit: The “Brain” and main chip that provides a machines number crunching capability.
CRLCertificate Revocation List: Is a list published by a CA for certificates that have been canceled or revoked. It uses OCSP.
CRMCustomer Relationship Management: A system used primarily by sales marketing, and customer services. It’s usually a database of customers and potential customers.
CSCContent and Security Control: A Plug in module for ASA 5510 and above platforms that provides scanning and anti spam facilities from an embedded Trend Micro Server.
CSEClient Side Extensions: A set of extra GPP settings built into Windows 7, (need to be manually installed on older versions of Windows).

Certificate Signing Request: A request sent to a CA to apply for a digital certificate.

Carrier Routing System: Cisco enterprise and ISP level routing system.

CSVComma Separated Values: A common file format that can be opened by Microsoft Excel. Also used for importing and exporting bulk data.
CSVDEComma Separated Value Data Export: A method of bulk importing or exporting data from a CSV file to perform a task – commonly used for bulk import/export of users or computers with AD
 CVSSCommon Vulnerability Scoring System (CVSS) is a standard for assessing the severity of computer system security vulnerabilities. CVSS assigns severity scores to vulnerabilities, allowing responders to prioritise responses and resources according to threat. Scores range from 0 to 10, with 10 being the most severe.
CXContext:Terminology used by Cisco in their ‘Next Generation’ firewalls. A context is based on who the identity of a user is, what they are trying to access, when they are trying to access it, and how they are accessing it.
DAGDatabase Availability Group: A system used by Microsoft Exchange to maintain database availability by keeping copies of the mail database(s) on different mail servers.
DCDomain Controller: The logon server that’s present in Microsoft Server domains.
Data Center
DDOSDistributed Denial Of Service Attack: A DOS attack form multiple machines, usually innocent user computers that have been compromised with spyware.
DERDistinguished Encoding Rules: A set of rules to govern the format and layout of information within a digital certificate.
DESData Encryption Standard: A method of encryption (56 bit) is considered very weak for modern communication – in 1999 it was broken in 22 hours and 15 minutes by the EFF
DHDiffie Hellman: A system used to swap keys securely over a public network.
DHCPDynamic Host Configuration Protocol: A method used to lease an IP address to a device so it can communicate on a network.
DMVPNDynamic Multipoint Virtual Private Network: A solution to build dynamic GRE tunnels to multiple sites with NHRP.
DMZDe-Militarised Zone: A network segment attached usually to a less secure network, traditionally the home of web servers and edge servers.
DNDistinguished Name: The complete path to an object in Active Directory
DNSDomain Name system: The system that translates network names into IP addresses.
DNSBLDNS based Block List (or Black-hole List depending on what documentation you read) Is dynamic list of known email spammers.

Disk Operating System: Very basic operating system, an example is Microsoft MSDOS

Denial of Service: An attack on a networked system designed to slow it down, impede it, or take it Offline.

DRACDell Remote Access Card: Similar to an iLO on a HP server or an IMM on a Lenovo server. Allows remote ‘console’ access to the server.
DSDirectory Services: Using a central repository of network assets for management
DSLDigital Subscriber Line: A network connection, usually to the Internet, the speed of traffic “down” is usually fast, and the speed of traffic “up” is slow, this makes it ideal for home Internet connections.
DSNData Source Name: Usually used with ODBC connections these refer to a data source (usually a database).
DTPDynamic Trunking Protocol: A Cisco proprietary protocol for negotiating trunking on a link between two VLAN aware switches.
DVDDigital Versatile Disk or Digital Video Disk
DVDROMDigital Versatile Disk or Digital Video Disk Read Only Memory
DVIDigital Visual Interface: Connector used for PC Monitors typically white, replaced the older RGB connector
EAPExtensible Authentication Protocol: Used with both wireless protocols like WPA, it’s part of the PPP suite of protocols
ECCError-Correcting Code Memory: Typically more expensive than normal RAM, it uses a parity system to error check corruption in the data it holds.
ECDHElliptical Curve Diffie Hellman: An anonymous key agreement protocol used in cryptography.
ECDSAElliptical Curve Digital Signature Algorithm.
ECPExchange Control Panel: Web based administrative console for Exchange, it was brought in with Exchange 2010. With Exchange 2013 the Exchange Administrative Center runs form the same location.
EDNSExtension mechanisms for DNS: Essentially DNS but in network packets greater than 512KB
EFFElectronic Frontier Foundation: Non profit US organisation.
EIGRPEnhanced Interior Gateway Routing Protocol: Cisco proprietary distance vector routing protocol. Routers share their routing information with neighbouring routers in a logical area called an autonomous system.
EMCExchange Management Console: The Graphical user management console for Microsoft Exchange.
ePOe Policy Orchestrator: McAfee’s product for managing deployment and updates to its anti virus products.
EPTExtended Page Tables: A technology used by Intel VT-x for CPU virtualization.
ESMTPExtended Simple Mail Transfer Protocol (SMTP) As users wanted to send extra data attached to their emails, this system was developed to let that happen. It lets a client and mail server negotiate what capabilities it can use.
ESPEncapsulation Security Payload: A member of the IPsec suite of protocols provides authenticity integrity and confidentiality of data packets.
ESSIDExtended Service Set Identifier is an SSID used in ad-hoc networks

Originally Stood for Elastic Sky, ESX is VMware’s hypervisor virtualisation server platform developed from GSX

the i in ESXi is is for “Integrated” and can be ran from a flash drive or chip on a PC/Server.

EULAEnd User License Agreement: the legal contract between the user and the person/company who has produced some software. Typically the EULA is the section in an install where you tick “I Agree..”.
FATFile Allocation Table: A disk partitioning system typically used with older Microsoft Operating Systems. Is still used or partitioning of USB and flash media.
 FDMFirepower Device Manager: Web based management GUI for managing an FTD device locally.
FEPForefront Endpoint Protection: Microsoft’s Client AV solution released 2010
FIPSFederal Information Processing Standards: A set of standards to describe document processing, encryption algorithms and information technology standards for use within non-military government agencies.
 FMCFirepower Management Center: An appliance used to manage and deploy configurations to Cisco ASA FirePOWER, and FTD Devices.
FQDNFully Qualified Domain Name, usually a PC or server-name followed by the domain DNS name i.e.
FSMOFlexible Single Master Operation: pronounced “Fiz-mo” These are 5 roles held by Active Directory domain controllers.
FSRMFile System Resource Manager: Introduced with Server 2008 R2, this server role handles file quotas and screening rules.
FTDFirepower Threat Defence: The operating system that runs on newer Cisco firewalls, it provides AMP, AVC, NGFW, IDS/IPS URL filtering and stateful firewall capabilities.
FTPFile Transfer Protocol: As the name suggests, a protocol for transferring files over a network uses TCP Port 21.
FTTCFibre to the Cabinet: An Internet connection that provides a fibre optic cable from either a telephone exchange (Or Comms distribution point), to the cabinets that are in the street. From the cabinet to the home/business will usually be standard copper (POTS) cable.
FTTHFibre to the Home: An Internet connection that provides a fibre optic cable from either a telephone exchange (Or Comms distribution point), directly to a consumers home or place of business.
GALGlobal Address List: Used on a Microsoft Exchange server a list of email addresses generated by the server that clients can search.
GBGig a Byte: Giga means 10 to the power 9, or 1,000,000,000 bytes, however in computing terms we work in binary so it worked out as 2 to the power 30, which equals 1,073,741,824 bytes.
GbpsGiga bits per second 9 a bit is one binary digit (0 or 1) there are 8 bits in one Byte.
GDOIGroup Domain Of Interpretation: A group of network devices that maintain a common set of VPN/ISAKMP settings from a central ‘key server’.
GNS3Graphical Network Simulator: Is open source network simulation software, for replicating routers and network equipment.
GOLRGateway Of Last Resort: On a router this is the equivalent of a default gateway. If no other routes in a routers routing table match the traffic, this is where it will get sent.
GPOGroup Policy Object: This is a template used to lock down or enforce a policy on a computer or a user.
GPPGroup Policy Preference: Brought in with Windows Server 2008 designed to compliment GPO network management.
GREGeneric Routing Encapsulation: A Cisco protocol for encapsulating other protocols over a network.
GRTGranular Recovery Technology: A term used by Symantec to describe their backup technology, that lets you restore a single item from a large backup job, e.g. one email from and Exchange backup, or one user from Active Directory.
GSXFrom its development name GSX is VMware’s Ground Storm Virtualisation platform, was replaced by ESX
GUIGraphical User Interface.
GUIDGlobal Unique Identifier: Used to identify active directory objects, and also a hard coded serial number built into computers so they can be identified on a network when they pXe boot.
HAHigh Availability: An attribute given to a VMware cluster so that if any ESX host fails, it’s guest machines automatically get migrated to another host. Also the term used to describe multiple exchange databases deployed for fail-over.
HDDHard Disk Drive.
HDMIHigh Definition Multimedia Interface: Method for sending digital video and sound signals, used for TV’s, Monitors, and digital cameras.
HIPSHost Intrusion Detection System: A software package which monitors a single host for suspicious activity, by analysing events occurring within that host.
HSRPHot Standby Routing Protocol: A Cisco protocol that provides a fault tolerant default gateway solution.
HTMLHyper Text Markup Language: Is a language used to create documents on the world wide web.
HTPCHome Theatre Personal Computer.
HTTPHyper Text Transfer Protocol: Traditionally the protocol of web pages, runs over TCP port 80, however multiple vendors abuse this by trying to get their software to run on the same port as this port is usually open on corporate firewalls.
HTTPSHyper Text Transfer Protocol Secure: This is web traffic that is secured, using SSL
IASInternet Authentication Server: Microsoft Implementation of RADIUS
ICMPInternet Control Message Protocol: Part of the IP suite of protocols, ICMP is used to send errors and connection states.
IDSIntrusion Detection System
IEInternet Explorer: Microsoft’s web browser.
IEEEInstitute of Electrical and Electronics Engineers (or IEEE-SA Standards Association) : Set Standards for IT and Telecoms (amongst others).
IESCInternet Enhanced Security Configuration: A Tighter set of browser stings applicable to a Windows Server.
IETFInternet Engineering Task Force: Develops and promotes Internet Standards
IISInternet Information Server: The Microsoft web server platform, included with Windows server systems.
IKEInternet Key Exchange: A protocol used to set up SA’s in the IPsec protocol
iLOIntegrated Lights Out: Let you connect to the console of a HP Proliant Server, even if its powered off, the iLO is presented as a standard RJ45 network socket on the back of the server.
IMAPInstant Message Access Protocol: Method of retrieving messages from a mail server, runt over TCP port 143
IMMIntegrated Management Module: Seen on IBM X Series Servers (now Lenovo). This is similar to a HP iLO or a Dell DRAC.
IOSInternetwork Operating System: OS used by Cisco devices and Apple Devices.
IPInternet Protocol: A protocol for communicating across a switched network (like the Internet).
IPSIntrusion Protection System
IPSECInternet Protocol Security: A suite of protocols for securing IP communications.
IPv4IP Version 4: IP addressing scheme which can have  2 to the power 32 (4,294,967,296) possible addresses.
IPv6IP Version 6: Replacing IPv4, IPv6 uses 128-bit addresses, for an address space of 2 to the power 128 (approximately 340 undecillion or 3.4×10 to the power 38).
ISAMicrosoft Internet Security and Acceleration Server: replaced MS Proxy 2.0, it provides web proxy services and Enterprise Firewall capabilities.
ISAKMPInternet Security Association and Key Management Protocol: A system for establishing Security Association and secure keys, usually used for VPN communication.
iSCSIInternet Small Computer System Interface: System used to carry SCSI commands over an IP network, used for small SAN infrastructures.
ISE(Pronounced ICE) Identity Services Engine: A Cisco product, it’s a security policy management & control platform that automates and simplifies access control, and security compliance for wired, wireless, and VPN connectivity. Cisco ISE is primarily used to provide secure access and guest access, support BYOD initiatives, and enforce usage policies in conjunction with Cisco TrustSec.
ISOA type of file format that’s used for storing CD/DVD Images, it takes its name from the International Organization for Standardization.
ISPInternet Service Provider: The Person or company that provides a link to an external network (usually the Internet).
ISRIntegrated Services Router: A series of Cisco Routers used by small to medium sized customers.
IVInitialization Vector: Used in cryptography, its a ‘fixed size’ input.
IWSSInter Scan Web Security Suite: A suite of products by Trend Micro, for AV and URL filtering.
JNLPJava Network Launching Protocol: Used to deliver “Java Web Start” and run an application from a web server.
KbKilobit: 1 kilobit = 10(to the power 3)bits = 1000bits
KBKilo means 10 to the power 3, or 1,000 bytes, however in computing terms we work in binary so it worked out as 2 to the power 10, which equals 1,024 bytes.
KMSKey Management Server/Service: With the release of Windows Vista/2008 Microsoft changed their software license method. Previous VLK keys were replaced by both MAK and KMS Keys. Software with a KMS key must get its activation from a KMS server (installed on its local network) every 180 days.
L2TPLayer Two Tunneling Protocol: Developed from PPTP used to authenticate remote VPN clients
LACPLink Aggregation Control Protocol: A protocol that allows you to bundle together more than one network link and treat it as it id is one link.
LANLocal Area Network: A computer network that connects multiple PC’s to each other and local resources. Also the inside port on a router or firewall.
LAPSLocal Administrator Password Solution: Microsoft Software used to periodically change the local administrator password on machines and set them differently, as defined in Group Policy. Those passwords are then stored securely in AD.
LBFOLoad Balancing and Fail Over: New with Server 2012, this provides NIC teaming/aggregation and standby NIC support.
LDAPLightweight Directory Access Protocol: Designed for accessing and editing directories over an IP network, Microsoft LDAP commonly runs over TCP port 389
LDAPSSecure LDAP, usually over TCP port 636, and secured by a PKI certificate.
LDSLightweight directory Services: A small subset of AD that’s used for applications, (on versions of Windows before 2008 it was called ADAM)
LLDPLink Layer Discovery Protocol: Similar to Cisco’s CDP, this is a vendor-neutral protocol designed to tell you what devices are directly connected to you at the ‘other-end’ of a network link.
LTOLinear Tape Open: A standard of magnetic tape storage, developed by Quantum/Seagate. Commonly used by HP, IBM and Certance
LUNLogical Unit Number: used in SAN storage, each piece of “storage” is represented by a LUN that’s presented to other devices on the storage network/fabric.
M4AMPEG 4 Audio:Essentially an MP4 file that is audio and not multimedia. Used by Apple and iTunes.
MABMAC Address bypass: Not all devices support 802.1x authentication, so MAB is enabled for those devices to bypass normal authentication
MACMedia Access Control: The “Burned in” hardware address used on all Ethernet network devices.
MACSECMAC Security Standard is the common name for IEEE Standard 802.1AE. It provides ‘point to point’ encryption at layer 2 of the OSI model (Data Link layer)
MAKMultiple Activation Key: A Microsoft software unlock code, designed to be used multiple times. Took over from a VLK key, its either entered manually, from a script or unattended file, or using the VAMT tool.
MAPIMessaging Application Programming Interface: A Set of standards and instructions that allow programs to talk to Microsoft Mail applications like Exchange Server.
MbMegabit: 1 megabit = 10(to the power 6)bits = 1000000bits = 1000 Kb
MBMegabyte: Mega means 10 to the power 6, or 1,000,000 bytes, however in computing terms we work in binary so it worked out as 2 to the power 20, which equals 1,048,576 bytes.
MD5Message digest algorithm 5: Produces a fixed 128 bit hash commonly used to check integrity of files
MKVMatroska Files: these are video files, similar to AVI files, but with extra features.
MMCMicrosoft Management Console: A front end that accepts various “Snap ins” for managing items in a windows environment.
MOVEManagement for Optimized Virtual Environments: McAfee AV solution for Virtual machines and VDI environments.
MP3MPEG-1 Audio Level 3: A popular format for storing and playing digital music.
MP4MPEG-1 Audio Level 4: A popular format for storing and playing digital video, audio, images, animations and menus.
MPEGMoving Picture Expert Group
MPFModular Policy Framework: A system for applying policies on a Cisco Firewall they can be applied globally or per interface.
MSAModular Storage Array: A range of SAN devices by Hewlett Packard
MSDOSMicrosoft Disk Operating System: what we had from Microsoft before Windows. Still seen on older Novell Servers.
MSCEPMicrosoft version of SCEP
MSCHAPThe Microsoft Implementation of CHAP
MSDEMicrosoft SQL Desktop Edition: A cut down version of Microsoft SQL Server,that is free. Has now been replaced by SQL Express.
MSDNMicrosoft Developer Network (here).
MSIMicrosoft Installer File: A type of file extension that denotes a piece of setup software for an application, the advantage of .msi files is that they can be installed on clients via GPO
MSMMultiservice Mobility Controller: An HP Product Line of Wireless Controllers.
MTUMaximum Transmission Unit: The maximum size (in bytes) that a single packet can be, for transmission over a network.
MXMail exchanger record: Is a DNS record that it used so that someone can query a domain to find the name/address of its mail server.
NACNetwork Access Control: A more generic (non Microsoft) form of NAP. May or may not be used to ‘Posture Asses’ a network client based on AV status, Updates, HIPS, or Certificate information etc.
NAPNetwork Access Protection: A Microsoft technology for controlling network access based on policies.
NASNetwork Attached Storage: Hard drive storage that’s presented to a network with its own address.
NATNetwork Address Translation: Translating many IP addresses to few IP addresses.
NDESNetwork Device Enrollment Service: The name given to the Microsoft Server role that replaced MSCEP/SCEP. It’s a service that allows network devices to enroll for digital certificates.
NDRNon Delivery Report: Produced by a mail server, and sent to the sender, when an email cannot be delivered.
NetBIOSNetwork Basic Input/Output System: Is NOT a networking protocol its an API, can be likened to DNS insofar at it maps names to IP addresses.
NFRNot For Resale: Software or Hardware supplied by a vendor, (usually to a reseller) to use for demonstration, test or training purposes.
NFSNetwork File system: Developed by Sun Microsytems this is a protocol for allowing a client to access files on a shared datastore/system, currently at version 4 and is defined in RFC 3530.
NGFWNext Generation Firewall: A term used to describe a firewall that can perform inspection up to layer 7, and provide other services like anti-malware, URL filtering and IDS.
 NGINXPronounced Engine-X (or En-jinks): It’s an open source (high performance) software, for web servers, reverse proxies, and load balancing.
NHRPNext Hop Resolution Protocol: A protocol which lets network endpoints know what the ‘real’ IP addresses of the ‘next hop’ to a destination is, e.g. If a router asks the NHS server ‘I need to build a tunnel to’ it will reply with ‘The public IP address of that site is’.
NHSNext Hop Server: Usually Router running NHRP, this device tells remote sites where there ‘Next Hop’ is to establish a GRE Tunnel in a DMVPN environment.
NICNetwork Interface Card: The device that connects a PC/Server to a network this can be wired or wireless.
NNTPNetwork News Transfer Protocol: An old protocol used for posting usenet articles runs on TCP port 119
NPAPINetscape Plugin Application Programming Interface.
NSELNetFlow Secure Event Logging
NTFSNew Technology File system: Introduced with Windows NT4, a method of securing files on storage media.
NTNew Technology: Released as Windows NT 3.1 (1993). The most well known is Windows NT4 (1996). Its still a system in use today (Windows 7 and Server 2008 R2 is denoted as NT 6.1).
NTLMNT LAN Manager: A Microsoft suite of protocols that provide authentication, integrity and confidentiality.
NTPNetwork Time Protocol: Used to synchronise system clocks on network devices. It runs over UDP port 123.
NVRAMNon-Volatile RAM: A term usually used with routers to describe RAM that contains information that will not be lost when the device is powered off, these days we would call it flash memory. But you will still see this term used in router documentation.
OABOffline Address Book: Generated by Microsoft Exchange Server and downloaded to Microsoft Outlook clients for use in cached mode.
OCSPOnline Certificate Status Protocol: Used by a CA to answer certificate revocation requests.
ODBCOpen Database Connectivity: A standard method of accessing a database. Usually configured on a client that has software that needs a database ‘back-end’ on another server or machine,
OEMOriginal Equipment Manufacturer: Someone who produces computer equipment that comes pre-bundled with a Windows operating system. Note: A Windows OEM code will NOT work on Volume Licensed Software
OOBEOut Of Box Experience: The name Microsoft gives to the process you go through when you first setup a copy of Windows.
OSOperating System: The software between the hardware and you, on a PC it would be Windows or Linux, on a Hardware device it is probably vendor specific i.e. Cisco ASA OS 7.2(2)

Open Systems Interconnect: Is a conceptual model used to teach/design and build networked systems. It is an seven layer model;

1. Physical
2. Data Link
3. Network
4. Transport
5. Session
7. Application

I memorise the layers using the following Mnemonics;

Please, Do , Not, Throw, Sausage, Pizza, Away.
All, People, Seem, To, Need, Data, Processing.

OSPFOpen Shortest Path First: An ‘interior’ routing protocol for IP networks. It is a ‘link state’ protocol that groups networks into groups called AS groups.
OTPOne Time Password: Used in cryptography to obtain a certificate.
OUOrganisational Unit: This is a container used in Directories like Active Directory or Novell Directory Services, can be used to hold directory objects like users, servers or printers etc. They can also be used to apply GPO
OVAOpen Virtualisation Appliance: A packaged OVF folder, (compressed via TAR).
OVFOpen Virtualisation Format: A method of “Transporting” virtual machines, used so that they can be made “Portable”. Normally packaged into an OVA File.
OWAOutlook Web Access: The web front end to Microsoft Exchange. After Exchange 2010 this is now called Outlook Web App.
P2VPhysical to Virtual: The act of converting a real machine top a virtual one.
PAKProduct Activation Key: a License key used by Cisco, to enable/add features to a Cisco device.
PAPPassword Authentication Protocol: Used to authenticate users before network access is allowed.
PATPort Address Translation: Translating many IP addresses to a single IP address (Used on Cisco firewalls for port forwarding).
PCLPrinter Control Language: Is a command language that is used with printer drivers so that applications can send data to a printer.
PCoIPCreated by a firm called Teradici, it is a similar protocol to RDP, insofar as it lets you view the desktop of a remote machine and interact with it. It’s the preferred protocol to use with VMware View (after version 4.6).
PDCPrimary Domain Controller: Used in Windows NT4 environments, though now in new Active Directory you will still have a domain controller that holds the PDC Emulator FSMO role.
PDFPortable Document Format: Usually opened with Adobe Acrobat (Though other pdf readers exist).
PDMPIX Device Manager: Web management console for Cisco firewalls running OS 6 and below.
PEAPProtected Extensible Authentication Protocol: Takes normal EAP traffic and encapsulates it in a secure TLS tunnel.
PEMPrivacy Enhanced Mail: A format for showing a digital certificate, can be sent via email or pasted into a devices configuration looks like this.
PERCPowerEdge Expandable RAID card: Dell’s name for its server RAID cards.
PFSPerfect Forward Secrecy is a method by which new keys are generated, each new key is mathematically linked to the key that came before it, the prior key being a “Grandfather” key. With PFS enabled this link is broken so a key can not be forward/reverse engineered to guess a previous/new key value). Every new negotiation produces a new fresh key.
 PFXPersonal Information Exchange Format: File format that enables the transfer of certificates, (and their private keys) from one computer to another, or to removable media.
PHPPHP:Hypertext Processor (confusing eh? The first word of the acronym is the acronym, this is called a recursive acronym). Its an embedded scripting language commonly used in HTML.
PIDProcess Identifier: The number allocated to processes on a computer running an OS like windows or UNIX.
PINGPing is a command utility that uses the “echo request” part of the ICMP suite of communications protocols, it is used to test network connectivity and the “round trip” time packets take over a network.
PIXPacket Internet eXchange: Cisco’s firewall platform before the ASA was released.
PKCSPublic Key Cryptography Standards: A set of encryption and crypto standards published by RSA.
PKIPublic Key Infrastructure: A system that uses public and private keys for cryptography. Commonly used for digital certificates.
POEPower Over Ethernet: A method of delivering electric power over a network cable. Used to power devices like IP Phones and Wireless Access Points
POODLEPadding Oracle On Downgraded Legacy Encryption: A ‘Man in the Middle’ SSL Exploit that forces communication over SSLv3. Once done the attacker can initiate multiple SSL connections and decrypt the data. Note: In December 2014, it was discovered were also susceptible to POODLE attacks on TLSv1.0 and TLSv1.2.
POPPost Office Protocol: Method for retrieving mail from a public mail server runs over TCP port 110
POTSPlain Old Telephone System.
PPPPoint to Point Protocol: This is a communication protocol that is designed to establish a link between two places, it provides authentication, encryption and compression.
PPPoAPoint to Point Protocol over ATM: This is a communication protocol that uses PPP and places , it’s commonly used with ADSL routers.
PPPoEPoint to Point Protocol over Ethernet: This is a communication protocol that uses PPP and places that information into normal Ethernet frames, it’s commonly used with DSL and FTTC connections.
PPTPPoint to Point Tunneling Protocol: Used to establish a VPN tunnel it runs in IP protocol 47 and TCP port 1723.
PRFPseudo Random Function: A system used in modern cryptography, that allows information to be exchanged securely across an insecure network.
PRSMCisco Prime Security Manager: A Management platform for Cisco Next Generation firewalls and CX devices.
PSODPink Screen Of Death: Seen on VMware servers after a crash (like a Windows BSOD only the screen background is pink).
PSTA Microsoft Personal Folder File: Usually used by Microsoft Outlook to store mail locally in a file. These can go corrupt/get deleted and cause loss of data, which unlike the data in your email server may not be backed up!
PSTNPublic Switched Telephone Network: Old fashioned phone system sometimes referred to as POTS
PuTTYA free popular SSH/Telnet and terminal emulation software.
PXEPre eXecute Environment: A system in modern PC’s that enable them to be booted from their NIC.
R2Release 2 (or Second Release), used by Microsoft for major OS releases e.g. Windows Server 2003 R2 and Windows Server 2008 R2
RARegistration Authority: Used on a CA Server running SCEP/MSCEP/NDES.
Remote Access: When used with VPN terminology
RAIDRedundant Array of Independent Disks (or Inexpensive Disks depending on who you are talking to). This is a blanket term, for any method of presenting multiple physical disks, and making them appear as a single piece of storage.
RADIUSRemote access Dial In User System: A method of authenticating access to a network.
RAMRandom Access Memory: Or volatile memory, provides a PC/server with short term high speed memory.
RBACRole Based Access Control: Used with Exchange 2010, makes delegating Exchange tasks easier.
RBLRelay Block List / Realtime Black-hole List: A dynamic list of IP addresses and host-names that have been suspected/reported as being either an open relay, or are generating spam.
RBSUROM Based Setup Utility: Typically found on HP Servers the RBSU is a small BIOS chip for holding the system settings.
RC4Is a cypher developed by RSA it is easily broken by modern computers thus considered insecure.
RDRemote Desktop, See RDP
RDPRemote Desktop Protocol: A Microsoft protocol that allows the desktop of one machine, to be shown on another machine over a network, can be used for remote assistance, remote administration, or Terminal Services. Runs over TCP port 3389
RDSRemote Desktop Services the new name in Windows 2008 for Terminal Services (TS).
RDXRemovable Disk Storage/Backup System (No I don’t know why it has an X!) a Hard Drive based backup solution that behaves like a tape drive.
RFCRequest For Comments: These are a collection of memorandums published by the IETF as a method of trying to standardise communication standards and protocols.
RGBRed Green Blue: 15 pin video cable connector (typically blue in color). Used for Monitors and projectors.
RIPRouting Information Protocol: A distance vector IP routing protocol. It works by calculating the number of ‘hops’ to a destination, because of this it does not scale well.
RISRemote Installation Services: Introduced in Windows 2000, system for deploying (imaging) PC’s and Servers from a central Windows Server (Replaced by WDS).
 RISCReduce Instruction Set Computer: A CPU architecture that is small and fast because it only runs a smaller set of commands.
RJ45Registered Jack 45: Is a standard 8 pin network connection.
RODCRead Only Domain Controller (Server 2008 only). A domain controller with a “Read Only” database it caches credentials rather than storing then in case it is stolen.
ROMRead Only Memory: Memory that can not (normally) be written to i.e. CD ROM.
ROMMONROM Monitor, is a low level bootstrap program used on Cisco devices to check and initialise the hardware then load the operating system.
RPCRemote Procedure Call: A system used on random communication ports to let systems talk to each other.
RRASRouting and Remote Access: Is a Windows server role, that provides the following, Remote access, Dial up, VPN, NAT, Routing, and Demand Dial services.
RSARivest, Shamir and Adleman: An algorithm for public key cryptography.
RSATRemote Server Administration Tools: Suite of Microsoft MMC consoles for managing servers and domains.
RSOPResultant Set Of Policy: rsop.msc is a trouble shooting tool on Windows machines to help resolve group policy problems.
RSSReally Simple Syndication: A web based news feed system.
RTFMRead the F***ing Manual!
RTFQRead the F***ing Question!
RTMReleased To Manufacturing
SASecurity Association: a secured peer in a site to site VPN

Storage area Network: A Network of storage/disks that is presented as central storage to many devices.

Subject Alternative Name: These are additional names added to a digital certificate, they are used on web server certificates, and unified communications certificates.


Serial attached SCSI used for connecting computer peripherals, currently runs at about 3 Gbps but can run up to 10 Gbps.

Cisco Software Application Support: Support contract for Cisco Software

SASUCisco Software Application Support plus Upgrades, same as Cisco SAS but with the right to upgrade to the latest version.
SATASerial ATA: A Standard for connection drives, (Hard Drives and optical drives) its a seven pin socket that connects them to the computers motherboard.
SBLMPAAMHSit Back, Light My Pipe, And Admire My Handywork: Last stage of any technical project.
SBSSmall Business Server: A Microsoft Server platform that includes Exchange (and with some flavours ISA and SQL Server) as the name suggests, for small corporate deployments with less than 75 users/devices
SCCMSystem Center Configuration Manager: Formally (SMS) Systems Management Server this is a tool for managing large numbers of Windows Machines.
SCCPSkinny Client Control Protocol: A Cisco proprietary telephony protocol.
SCEPSimple Certificate Enrollment Protocol: Designed to make the issuing of digital certificates as scalable as possible.
SCOMSystem Center Operation Manager: Microsoft monitoring and management solution previously called MOM uses management packs to remotely monitor and manage clients.
SCPSecure Copy: Is a system the relies on SSH and runs over TCP Port 22 to move files from/to a machine securely
SCSISmall Computer System Interface: A set of commands for transferring data between hardware devices, traditionally 8 or 16 devices can be attached to a SCSI bus.

Secure Digital: A memory card format developed by Panasonic .Basically a small flash memory card also comes as miniSD and microSD. In addition you can also get SDHC and SDXC.

Software Defined: Used with a networking type e.g. SDN Software Defined Networking, or Software Defined WAN.

SDHCSD High Capacity – up to 32 GB capacity.
SDMSecurity Device Manager: A web based management tool for Cisco Routers.
 SDNSoftware Defined Networking
SDXCSD Extended Capacity – up to 2 TB capacity.
SFPSmall Form Factor Pluggable: This is a transceiver, for Gigabit Ethernet or fiber connections. SFP+ connections can run at 10Gb.

Signature Fidelity Rating: Used in IDS/IPS used to define the degree of attack certainty.

Software FirepoweR Module: Used in Cisco ASA5506-X and ASA5508-X Next Generation firewalls for firePOWER services.

SHASecure Hashing algorithm: SHA/SHA1 Produces a fixed 160 bit hash commonly used to check integrity of files. Now superseded by SHA254.
SIDSecurity Identifier: A string of letters and numbers assigned to a windows client as it joins a domain. with older machines there was much panic about needing to strip the SID fro cloned or imaged machines. These days its less of a problem (click here.)
SIMSystem Image Manager: Is both part of the ADK and the WAIK and used to produce unattended XML answer files for Windows deployment
SIPSession Initiation Protocol: Used for video, voice, and chat networking.

1. Small to Medium sized Business: Also a Cisco Partner Level.

2. Server Message Block: An old Microsoft file sharing protocol, now renamed CIFS

SMSSystems Management Server: this is a tool for managing large numbers of Windows Machines, it’s now been replaced with SCCM.
SMTPSimple Mail Transfer Protocol: Common protocol used for email runs on TCP port 25
SNMPSimple Network Management Protocol A widely used network monitoring and control protocol. Uses UDP ports 162 and 161.
SOHOSmall Office / Home Office
SPANSwitch Port ANaliser: A process used on Cisco switches, to copy all the traffic traversing the switch and copying it out of a monitoring port.
SPAPShiva Password Authentication Protocol: A simple password encryption protocol, used with Windows Server 2003 onwards.
SPFSender Policy Framework:
SPNService Principle Name: The name Windows associates itself with when advertising a service.
SPxService Pack x: Usually written as SP1 for Service Pack 1, SP2 for Service Pack 2 etc.
SPISecurity Parameter Index: Label used by IPsec for the end of a VPN tunnel in phase 2 of IKE 2 unidirectional tunnels are created each will have its own SPI number.
SQLStructured Query Language: Typically a Database system/server, most well known is Microsoft SQL server, or the free MySQL alternative.
SRVService Locator: A type of DNS record that lets clients on a network, know where services are, and how to access them.
SRXRange of Juniper firewalls, bizarrely stands for Security Routing and Switching.
SSDSolid State Disk: A disk without moving parts, usually using non volatile (keeps whats stored on it when the power is removed,) flash storage.
SSHSecure Sockets Handshake: A secure method of console access, think of it as secure telnet.
SSIDService Set Identifier: Then name of a Wi-Fi network. can be set to either broadcast (visible), or be hidden. But it is still visible in the wireless packets that can be ‘sniffed’ so even a half determined attacker will be able to get it.
SSLSecure Socket Layer: A cryptographic system that used public and private keys to transmit data over a network securely.
SSPSecurity Services Processor: A Hardware card of device that plugs into a Cisco Firewall, like a CSC or a CX module.
SSTPSecure Socket Tunneling Protocol: This essentially allows the use of L2TP and PPP protocols, but does it over TCP port 443 (usually for https). This means it is usually an open port at remote/home locations.
Suite B

Defined in RFC 4869, a set of standards for encryption;

Encryption AES (128 or 256 bit).
Key Exchange ECDH Curve P-256 or Curve P-384
Digital Signature
ECDSA Curve P-256 or Curve P-384
Hashing SHA-254 or SHA-384

SLAService Level Agreement: An agreement between an IT support organisation and a user of its/their services. OR a command used in Cisco IOS to set up a monitor.
STPSpanning Tree Protocol: A system used on network switches to avoid “loops”
SVISwitched Virtual Interface: An interface that presents an IP address to a group of ports that share the same VLAN.
TACTechnical Assistance Center: Cisco’s third line support, be sure to have a valid support agreement before you ring.
TACACS+Terminal Access Controller Access Control System Plus: A method of authenticating users to a device, one of the supported AAA options for Cisco devices.
TARTape Archive: A file extension for compressed files common formats are .tgz .gzip, or .bzip2
TBTerabyte: Tera means 10 to the power 12, or 1,000,000,000,000 bytes, however in computing terms we work in binary so it worked out as 2 to the power 40, which equals 1,099,511,627,776 bytes.
TCPTransmission Control Protocol: Connection oriented protocol for data transfer, uses a “3 way handshake” to make sure the traffic gets where its supposed to go.
TELNETTerminal NETwork: A TCP protocol that allows remote users to enter commands on a device runs over TCP port 23.
TFTPTrivial File Transfer Protocol: A Little like FTP, but uses UDP Port 69, commonly used for updating firmware on network devices.
TKIPTemporal Key Integrity Protocol: Used on Wi-Fi networks, usually with WPA to improve the security of the earlier WEP protocol.
TLSTransport Layer Security:Similar to SSL provides encrypted data transfer
TrustSecA Cisco network segmentation technology, it’s used to protect assets, such as data, applications, and mobile devices from unauthorized access.
TSTerminal Services: Microsoft’s “Thin Client” solution for sharing applications. Now called Remote Desktop Services on Server 2008.
UACUser Account Control: Introduced with Windows Vista, a system designed to stop you running normally with an administrative account
UCSUniversal Character Set: A method of encoding characters so they can be sent digitally.
UDPUser Datagram Protocol: This is a a transport protocol which operates at the same layer as TCP but unlike TCP it is not connection based, it’s a “Fire and forget” protocol if it does not get to the other end it’s not important.

User Interface: Usually a GUI that with every iteration, someone with change, rename or move things around, rendering your notes, blog posts, and even the vendors own documentation out of date. (Cheers Guys!)

UNCUniversal Naming Convention: Used to map network drives and resources e.g. server_nameshare_namefile_name
UPNUser Principle Name: Microsoft call this an ‘internet style name’. It is a user and a domain seperated by an @ symbol.
UPSUninterruptible Power Supply: A device that provides battery backup power when the electrical power fails or drops to an unacceptable level.
URIUniform Resource Indicator: Used a lot in vSphere to identify ports and services
URLUniform Resource Locator: A Web address like
USBUniversal Serial Bus: A Method of connecting computer peripherals (up to a maximum of 127 devices). USB 1.0 is 1.5Mbps, USB 1.1 is 12Mbps, USB 2 is 480 Mbps and USB 3.0 is 4800 Mbps.
UTCUniversal Time Coordinated (Commonly Coordinated Universal Time) is the time taken from Greenwich this can also be called “Zulu Time”.
UTF-8UCS Transformational Format (8bit) A system for encoding characters so they can be sent digitally
vASAVirtual ASA: A virtual appliance that performs the same fictions as a Cisco ASA firewall.
VAMTVolume Activation Management Tool: A Microsoft tool for managing MAK software license keys. This can also change KMS keys to MAK keys.
VBVisual Basic: A Microsoft programming language. Also used with VBScripting, which uses files with a .vbs extension to run scripts
VCVirtual Center: A Server that manages your VMware ESX hosts
VI3Vmware virtual infrastructure version 3
VIVirtual Infrastructure.
VIBVMware installation bundle: software and driver packages needed for installing ESX5
VIMVirtual Infrastructure Manager: or VMware vCenter
VLANVirtual LAN: A group of network devices that appear to be on a separate network segment, also called a broadcast domain.
VLKVolume License Key: Windows XP/Windows Server 2003 (And earlier) used these keys for multiple activations, they have been replaced with MAK and KMS Keys
VLSCThe Microsoft Volume License Service Center, formally called eOpen (here)
VLSMVariable Length Subnet Mask(ing): The process of taking a ‘classfull’ subnet mask, and the ‘borrowing’ further bits from the host portion to make more subnets.
VMVirtual Machine: A group of files that when read by some software like VMware, VirtualPC, Hyper-V, or XenServer looks and behaves like a real physical machine.
VMDKVirtual Machine Disk: VMware format for storing hard drives for virtual machines.
VMFSVmware file system: Used so that multiple hosts can access the same storage at the same time, it uses a system of “Locks” on each file so only one host access the data at any one time.
VmotionA Vmware system for moving a running virtual machine from one ESX host to another ESX host. You can also use “Storage Vmotion” to move a running virtual machine’s files and hard disks to another piece of storage.
vNICVirtual NIC
VPNVirtual Private Network: A secure link that carries sensitive data over a public network, the data is protected by encryption.
VPSVirtual Private Server: A VM that provided for you for a monthly or yearly fee.
VRFVirtual Routing and Forwarding: A technology that allows routers/switches to host multiple routing tables at the same time.
vSphereVMware’s cloud operating system formally called VI3
VSCVirtual Service Community: Used on HP wireless networks this is a collection of network settings.
VSSWindows Volume Shadow Services: System used by Microsoft for backing up data.
VT-xIntel’s processor Visualization technology, Originally code named “Vanderpool” it needs to be enabled on some machines in their BIOS/RBSU/CMOS
WAIKWindows Automated Installation Kit: A suite of tools from Microsoft for imaging and deploying Windows systems. With Windows 8 this has now been replaced with the ADK
WANWide Area Network: A network that connects geographically distributed LANs. Also the external port on a router or firewall.
WAPWireless Access Point,: A Device for connecting wireless network hosts to a wired network, or for ‘bridging’ them onto another network.
WCFWindows Communication Framework: This is a Windows Server 2008 feature that runs under .net
WDSWindows Deployment Services: A system for deploying (imaging) PC’s and Servers from a central Windows Server (Replacement for RIS).
WEPWired Equivalent Privacy: A security protocol used by Wi-Fi networks. Its not considered as secure as WPA, because of an inherent fault in the way it uses RC4 to generate keys. Its easily defeated and should NOT be used to protect sensitive data.
WIDWindows Internal Database: Sometimes referred to as ‘SQL embedded’, it’s the database engine built into Windows Operating systems.
Wi-FiWireless Fidelity: A term used to describe various net worked devices on a WLAN connected wirelessly.
WindowsPEWindows Pre-Execution Environment: A cut down version of Windows that can be run from USB drive, CD, or deployed from WDS.
WINSWindows Internet Naming Service: A legacy Microsoft method of resolving computer NETBIOS names on a network.
WLANWireless Local Area Network (See LAN)
WMIWindows Management Instrumentation: Is a system that programmers can use to talk to and get information from Windows systems. And also to remotely manage those systems.
WPAWi-Fi Protected Access: A security protocol used to secure wireless networks, its considered more secure than its predecessor WEP, because WPA uses TKIP integrity to change the secure key used. It can also use EAP.
WSUSWindows Server Update Services: Free update and patch management system for Windows servers and applications.

World Wide Web: A collection of text and graphics displayed in a web browser, what most people would call the Internet

www is also the Cisco reference to TCP Port 80 (http)

x509A Standard for PKI and digital certificates.

XBOX Media Center: Software originally developed for the XBox, but now available for install to Windows and Linux as a Media Center Suite.

Also available as XBMCbuntu (a complete XBMC install built on a cut down version of Ubuntu Linux).

XMLeXtensible Markup Language:A structured way of presenting information, that uses tags much like HTML
ZAKZero Administration Kit: Introduced with Windows NT4.
ZIPA term used to describe the process of compressing many files/folders and putting then in a compressed “Archive” folder. “.zip” is a file extension for an archive though there are more archive types, e.g. .RAR, .CAB, and .TAR are common examples.