This Microsoft's proprietary technology is used for creation of dynamic objects for web pages. This technology provides many features, such as writing to disk or execution of commands at the client (i.e. on the host where the Web page is opened). This technology provides a wide range of features, such as saving to disk and running commands at the client (i.e. at the computer where the Web page is opened). Using ActiveX, virus and worms can for example modify telephone number of the dial-up.
ActiveX is supported only by Internet Explorer in Microsoft Windows operating systems.
A group of two or more workstations representing one virtual host (server). Requests to the virtual server are distributed among individual hosts in the cluster, in accordance with a defined algorithm. Clusters empower performance and increase reliability (in case of dropout of one computer in the cluster, the virtual server keeps running).
A virtual bidirectional communication channel between two hosts.
See Also TCP.
DDNS (Dynamic Domain Name System) is DNS with the feature of automatic update of records.
A network device or a host where so called default path is located (the path to the Internet). To the address of the default gateway such packets are sent that include destination addresses which do not belong to any network connected directly to the host and to any network which is recorded in the system routing table.
In the system routing table, the default gateway is shown as a path to the destination network 0.0.0.0 with the subnet mask 0.0.0.0.
Note: Although in Windows the default gateway is configured in settings of the network interface, it is used for the entire operating system.
DHCP (Dynamic Host Configuration Protocol) Serves automatic IP configuration of computers in the network. IP addresses are assigned from a scope. Besides IP addresses, other parameters can be associated with client hosts, such as the default gateway address, DNS server address, local domain name, etc.
DMZ (demilitarized zone) is a reserved network area where services available both from the Internet and from the LAN are run (e.g. a company's public web server). DMZ provides an area, where servers accessible for public are be located separately, so they cannot be misused for cracking into the LAN.
More information can be found for example at Wikipedia.
DNS (Domain Name System) A worldwide distributed database of Internet hostnames and their associated IP address. Computers use Domain Name Servers to resolve host names to IP addresses. Names are sorted in hierarchized domains.
Software or hardware device that protects a computer or computer network against attacks from external sources (typically from the Internet).
In this guide, the word firewall represents the WinRoute host.
File Transfer Protocol. The FTP protocol uses two types of TCP connection: control and data. The control connection is always established by a client. Two FTP modes are distinguished according to a method how connection is established:
active mode — data connection is established from the server to a client (to the port specified by the client). This mode is suitable for cases where the firewall is at the server's side, however, it is not supported by some clients (e.g. by web browsers).
passive mode — data connection is established also by the client (to the port required by the server). This mode is suitable for cases where the firewall is at the client's side. It should be supported by any FTP client.
Note: WinRoute includes special support (protocol inspector) for FTP protocol. Therefore, both FTP modes can be used on LAN hosts.
Network device or a computer connecting two different subnets. If traffic to all the other (not specified) networks is routed through a gateway, it is called the default gateway.
See Also Default gateway.
A method of protection of SMTP servers from spam. If an email message sent by an unknown sender is delivered to the server, the server rejects it for the first time (so called temporary delivery error). Legitimate senders attempt resend the message after some time. SMTP server lets the message in and considers the sender as trustworthy since then, not blocking their messages any longer. Most spam senders try to send as great volume in as short time as possible and stay anonymous. Therefore, they usually do not repeat sending the message and focus on another SMTP server.
More information (in English) can be found for example at Wikipedia.
The Ident protocol is used for identification of user who established certain TCP connection from a particular (multi-user) system. TheIdent service is used for example by IRC servers, FTP servers and other services.
More information (in English) can be found for example at Wikipedia.
Internet Message Access Protocol (IMAP) enables clients to manage messages stored on a mail server without downloading them to a local computer. This architecture allows the user to access his/her mail from multiple locations (messages downloaded to a local host disk would not be available from other locations).
IP address is a unique 32-bit number used to identify the host in the Internet. It is specified by numbers of the decimal system (0-255
) separated by dots (e.g. 195.129.33.1
). Each packet contains information about where it was sent from (source IP address) and to which address it is to be delivered (destination IP address).
IPsec (IP Security Protocol) is an extended IP protocol which enables secure data transfer. It provides services similar to SSL/TLS, however, these services are provided on a network layer. IPSec can be used for creation of encrypted tunnels between networks (VPN) — so called tunnel mode, or for encryption of traffic between two hosts— so called transport mode.
Kerberos is a system used for secure user authentication in network environments. It was developed at the MIT university and it is a standard protocol used for user authentication under Windows 2000/2003/2008. Users use their passwords to authenticate to the central server (KDC, Key Distribution Center) and the server sends them encrypted tickets which can be used to authenticate to various services in the network. In case of the Windows 2000/2003/2008 domains, function of KDC is provided by the particular domain server.
LDAP (Lightweight Directory Access Protocol) is an Internet protocol used to access directory services. Information about user accounts and user rights, about hosts included in the network, etc. are stored in the directories.
NAT (Network Address Translation ) stands for substitution of IP addresses in packets passing through the firewall:
source address translation (Source NAT, SNAT) — in packets going from local networks to the Internet source (private) IP addresses are substituted with the external (public) firewall address. Each packet sent from the local network is recorded in the NAT table. If any packet incoming from the Internet matches with a record included in this table, its destination IP address will be substituted by the IP address of the appropriate host within the local network and the packet will be redirected to this host. Packets that do not match with any record in the NAT table will be dropped.
destination address translation (Destination NAT, DNAT, it is also called port mapping) — is used to enable services in the local network from the Internet. If any packet incoming from the Internet meets certain requirements, its IP address will be substituted by the IP address of the local host where the service is running and the packet is sent to this host.
The NAT technology enables connection from local networks to the Internet using a single IP address. All hosts within the local network can access the Internet directly as if they were on a public network (certain limitations are applied). Services running on local hosts can be mapped to the public IP address.
Detailed description (in English) can be found for example at Wikipedia.
The equipment that connects hosts to a traffic medium. It can be represented by an Ethernet adapter, TokenRing adapter, by a modem, etc. Network adapters are used by hosts to send and receive packets. They are also referred to throughout this document as a network interface.
Peer-to-Peer (P2P) networks are world-wide distributed systems, where each node can represent both a client and a server. These networks are used for sharing of big volumes of data (this sharing is mostly illegal). DirectConnect and Kazaa are the most popular ones.
Basic data unit transmitted via computer networks. Packets consist of a header which include essential data (i.e. source and destination IP address, protocol type, etc.) and of the data body,. Data transmitted via networks is divided into small segments, or packets. If an error is detected in any packet or a packet is lost, it is not necessary to repeat the entire transmission process, only the particular packet will be re-sent.
Advanced routing technology using additional information apart from IP addresses, such as source IP address, protocols etc.
See Also Routing table.
Post Office Protocol is an email accessing protocol that allows users to download messages from a server to a local disk. It is suitable for clients who don't have a permanent connection to the Internet.
16-bit number (1-65535
) used by TCP and UDP for application (services) identification on a given computer. More than one application can be run at a host simultaneously (e.g. WWW server, mail client, FTP client, etc.). Each application is identified by a port number. Ports 1-1023
are reserved and used by well known services (e.g. 80
= WWW). Ports above 1023
can be freely used by any application.
Microsoft's proprietary protocol used for design of virtual private networks.
See Also VPN.
Local networks which do not belong to the Internet (private networks) use reserved ranges of IP addresses (private addresses). These addresses cannot be used in the Internet. This implies that IP ranges for local networks cannot collide with IP addresses used in the Internet.
The following IP ranges are reserved for private networks:
10.0.0.0/255.0.0.0
172.16.0.0/255.240.0.0
192.168.0.0/255.255.0.0
WinRoute's subroutine, which is able to monitor communication using application protocols (e.g. HTTP, FTP, MMS, etc.). Protocol inspection is used to check proper syntax of corresponding protocols (mistakes might indicate an intrusion attempt), to ensure its proper functionality while passing through the firewall (e.g. FTP in the active mode, when data connection to a client is established by a server) and to filter traffic by the corresponding protocol (e.g. limited access to Web pages classified by URLs, anti-virus check of downloaded objects, etc.).
Unless traffic rules are set to follow a different policy, each protocol inspector is automatically applied to all connections of the relevant protocol that are processed through WinRoute.
Older, but still wide-spread method of Internet connection sharing. Proxy servers connect clients and destination servers.
A proxy server works as an application and it is adapted for several particular application protocols (i.e. HTTP, FTP, Gopher, etc.). It requires also support in the corresponding client application (e.g. web browser). Compared to NAT, the range of featured offered is not so wide.
A computer or device with one or more network interfaces between which it handles packets by following specific rules (so called routes). The router's goal is to forward packets only to the destination network, i.e. to the network which will use another router which would handle it on. This saves other networks from being overloaded by packets targeting another network.
See Also Routing table.
The information used by routers when making packet forwarding decisions (so called routes). Packets are routed according to the packet's destination IP address. On Windows, routing table can be printed by the route print
command, while on Unix systems (Linux, Mac OS X, etc.) by the route
command.
A code that is run on the Web page by a client (Web browser). Scripts are used for generating of dynamic elements on Web pages. However, they can be misused for ads, exploiting of user information, etc. Modern Web browsers usually support several script languages, such as JavaScript and Visual Basic Script (VBScript).
Simple Mail Transfer Protocol is used for sending email between mail servers. The SMTP envelope identifies the sender/recipient of an email.
Undesirable email message, usually containing advertisements.
Spoofing means using false IP addresses in packets. This method is used by attackers to make recipients assume that the packet is coming from a trustworthy IP address.
SSL is a protocol used to secure and encrypt network communication. SSL was originally designed in order to guarantee secure transfer of Web pages over HTTP protocol. Nowadays, it is used by almost all standard Internet protocols (SMTP, POP3, IMAP, LDAP, etc.).
At the beginning of communication, an encryption key is requested and transferred using asymmetrical encryption. This key is then used to encrypt (symmetrically) the data.
Subnet mask divides an IP address in two parts: network mask and an address of a host in the network. Mask have the same form as IP addresses (i.e. 255.255.255.0
), however, its value is needed to be understood as a 32-bit number with certain number of ones on the left end and zeros as the rest. The mask cannot have an arbitrary value. Number one in a subnet mask represents a bit of the network address and zero stands for a host's address bit. All hosts within a particular subnet must have identical subnet mask and network part of IP address.
Transmission Control Protocol is a transmission protocol which ensures reliable and sequential data delivery. It establishes so called virtual connections and provides tools for error correction and data stream control. It is used by most of applications protocols which require reliable transmission of all data, such as HTTP, FTP, SMTP, IMAP, etc.
TCP protocol uses the following special control information — so called flags:
SYN (Synchronize) — connection initiation (first packet in each connection)
ACK (Acknowledgement) — acknowledgement of received data
RST (Reset) — request on termination of a current connection and on initiation of a new one
URG (Urgent) — urgent packet
PSH (Push) — request on immediate transmission of the data to upper TCP/IP layers
FIN (Finalize) — connection finalization
Name used for all traffic protocols used in the Internet (i.e. for IP, ICMP, TCP, UDP, etc.). TCP/IP does not stand for any particular protocol!
Transport Layer Security. New version of SSL protocol. This version is approved by the IETF and it is accepted by all the top IT companies (i.e. Microsoft Corporation).
User Datagram Protocol is a transmission protocol which transfers data through individual messages (so called datagrams). It does not establish new connections nor it provides reliable and sequential data delivery, nor it enables error correction or data stream control. It is used for transfer of small-sized data (i.e. DNS queries) or for transmissions where speed is preferred from reliability (i.e. realtime audio and video files transmission).
Virtual Private Network, VPN represents secure interconnection of private networks (i.e. of individual offices of an organization) via the Internet. Traffic between both networks (so called tunnel) is encrypted. This protects networks from tapping. VPN incorporates special tunneling protocols, such as PPTP (Point-to-Point Tunneling Protocol) and Microsoft's IPSec.
WinRoute contains a proprietary VPN implementation called Kerio VPN.
The WINS (Windows Internet Name Service) service is used for resolution of hostnames to IP addresses within Microsoft Windows networks.