Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

access policy
A set of access rules that determines the behavior of ISA Server.
active caching
An ISA Server feature that automatically initiates new requests to update cached file objects without user intervention. Requests can be activated based on the length of time an object has been cached or was last retrieved from the object's source location. This type of caching can be used to assure the validity of specified data in the cache.
alerting
A feature that warns administrators about suspicious network events, such as rejected packets and protocol violations.
application filter
Software that can perform protocol-specific or system-specific tasks, such as authentication. An application filter provides an extra layer of security for the Firewall service.
authentication
Validation of a user's logon information to determine permission to access a resource or perform an operation.
automatic discovery
A feature that allows clients to be configured so that they automatically find the appropriate ISA Server computer.

B

Basic authentication
A method of authentication that encodes the user name and password. Basic authentication is called plaintext because the encoding (base-64) can be decoded by anyone with a common decoding utility. Note that encoding is not the same as encryption.
broadcasting
The delivery of data packets to all computers on a network.

C

cache
A store of frequently retrieved objects and URLs located on the cache drive of an ISA Server computer. Instead of retrieving an object directly from an Internet Web server, the object is stored and retrieved from the cache instead. Caches improve network performance by reducing the number of objects which need to be retrieved from the Internet. This means faster client access to popular objects and less bandwidth overhead.
cache drive
A cache drive is a hard disk partition where cached content is stored on an ISA Server computer that is configured for caching. Each cache drive is identified by its drive letter, such as C: or D:, and each cache drive has a limited amount of space, in megabytes, that can be allocated for caching.
cache policy
A set of rules and configuration parameters that determine the behavior of the ISA Server cache.
chaining
A method of linking multiple ISA Server computers together. Individual ISA Server and proxy computers or any combination can be chained. Communication is in an upstream, hierarchical order.
chained authentication
The authentication that an ISA Server computer provides when routing requests to an upstream server.
client certificate
Used when the SSL protocol provides authentication by checking the contents of an encrypted digital identification submitted by the client's Web browser during the logon process. This certificate contains information about the client and about the organization that issued the certificate.

D

datagram
See packet.
default gateway
In TCP/IP, the intermediate network device on the local network that has knowledge of the network IDs of the other networks in the Internet, so it can forward the packets to other gateways until they are delivered to the one connected to the specified destination.
DHCP
See Dynamic Host Configuration Protocol (DHCP).
dial-up connection
A connection that uses a telephone device, such as a modem.
Digest authentication
An authentication method for HTTP requests, in which an encrypted digest or hash of the user’s credentials and additional data is created in a process known as hashing. This way, no other user can impersonate the original sender of the request. It can be used only in Windows 2000 and Windows Server 2003 domains.
DMZ
See perimeter network.
DNS
See Domain Name System (DNS).
DNS server
The server containing information for name resolution involved in mapping computer IP addresses to their domain name.
domain name
The computer name that substitutes for a network IP address. For example, you may use http://www.microsoft.com instead of the IP address 157.45.60.81.
Domain Name System (DNS)
A protocol and computer-naming hierarchy used throughout the Internet to map computer IP addresses to their domain name.
Dynamic Host Configuration Protocol (DHCP)
A protocol that offers dynamic assignment of IP addresses and related information for temporarily connected network users. DHCP provides safe, reliable, and simple TCP/IP network configuration, prevents address conflicts, and helps conserve the use of IP addresses through centralized management of address allocation.

E

encryption
The process of making information indecipherable to protect it from unauthorized viewing or use, especially during network transmission or when it is stored on a transportable magnetic medium.
endpoint
The originating or destination location of a call request. Each person participating in a conference call is an endpoint.
event frequency threshold
The number of times per second that an event will occur before issuing an alert.

F

File Transfer Protocol (FTP)
The Internet standard protocol for transferring files between computers. FTP uses the Telnet and TCP protocols. The server requires a client to supply a logon user name and password before honoring requests.
firewall
A system or combination of systems that enforces a boundary between two or more networks and keeps intruders out of Internal networks. Firewalls serve as barriers for packets passing from one network to another.
firewall chaining
Configures how requests from Firewall clients will be routed, either directly to the Internet (with or without a dial-up connection), or to an upstream proxy server (with or without a dial-up connection).
Firewall client
A computer with Firewall Client software installed and enabled.
Firewall service
An API service used by ISA Server that provides redirection and remote execution of Windows Sockets (Winsock) applications over connections involving a computer on an Internal network (intranet) and remote computers on the Internet.
forward caching
Caching that is implemented for clients on the Internal network accessing servers on the Internet.
FTP
See File Transfer Protocol.

G

gateway
A device that connects networks that use different communication protocols. A gateway translates different transmission formats and protocols so that information can be passed from one to another.

H

hash
A single numerical value that is calculated from a specified set of data using a hashing algorithm. Cache Array Routing Protocol (CARP) uses the hash values calculated from a requested URL and the names of the ISA Server computers in an array, to determine the specific ISA Server computer to which a client request is routed.
header
In data packet communications, a specified number of bytes that precedes the actual data being transmitted. It identifies control information used to deliver, route, and process the data contents of a packet.
hierarchical caching
The forwarding of a client HTTP request from an ISA Server computer to another proxy upstream. The downstream (source) proxy forwards client requests that it cannot service from its own cache.
host name
The name of a device on a network. For a device on a Windows NT 4.0 or Windows 2000 network, this can be the same as the computer name, but it does not have to be.
HTTPS
See Secure HTTP (HTTPS).

I

ICMP
See Internet Control Message Protocol (ICMP).
integrated Windows authentication
A secure form of authentication, where user name and password are not sent across the network.
Internet Control Message Protocol (ICMP)
An extension to Internet Protocol that supports packets containing error, control, and informational messages. For example, ping uses ICMP to test an Internet connection.
Internet Protocol (IP)
Specifies the format of data in packets, also known as datagrams, and the addressing scheme for these packets. Most networks combine IP with a higher level protocol, TCP, to establish a virtual connection between a destination and a source.
Internet service provider (ISP)
A company that provides access to the Internet.
Intrusion detection
A mechanism to detect when an attack is attempted against a network protected by ISA Server.
IP
See Internet Protocol (IP).
IP address
An identifier for a computer or device on a TCP/IP network, including the Internet.
ISA Server Control service
A Windows 2000 service that is responsible for various services and functions within ISA Server.
ISA Server Management
The interface tool used to manage ISA Server computers.
ISP
See Internet service provider (ISP).

K

Kerberos V5
A network authentication protocol supporting authentication services. Windows 2000 implements Kerberos V5 in its security schema.

L

L2TP
See Layer Two Tunneling Protocol (L2TP).
Layer Two Tunneling Protocol (L2TP)
An industry-standard Internet tunneling protocol that provides encapsulation for ending Point-to-Point Protocol (PPP) frames across packet-oriented media.

M

message digest
A mathematical algorithm used for routing client requests within an array or a chain. The result of the message digest determines which specific ISA Server computer to send the client request.
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
A method of authentication in which a server uses Windows Server 2003 security to allow access to its resources.
MIME
See Multipurpose Internet Mail Extensions (MIME).
MS-CHAP
See Microsoft Challenge Handshake Authentication Protocol (MS-CHAP).
Multipurpose Internet Mail Extensions (MIME)
A way of configuring browsers to view files that are in multiple formats. MIME makes available the exchanging of objects, different character sets, and multimedia in e-mail programs on different computer systems.

N

NAT
See network address translation (NAT).
NAT editor
NAT provides translation of the IP, TCP, and UDP headers. A NAT editor is used to make modification to the IP packet beyond the translation of these headers.
network address translation (NAT)
An Internet standard that enables a local network to use one set of IP addresses for internal traffic and a second set for external traffic. In effect, it hides internal IP addresses and enables a company to use more internal IP addresses, which, because they are only used internally, will not conflict with IP addresses used by other organizations.
Network News Transfer Protocol (NNTP)
The Internet standard protocol for posting, distributing, and reading network news messages posted among newsgroups on the Internet. Messages are posted to NNTP servers and are accessed by NNTP clients (news readers).
negative caching
The caching of HTTP error conditions associated with accessing a particular URL. If the URL is unavailable, the error response message can be cached and returned to subsequent clients that request the same URL.
NNTP
See Network News Transfer Protocol (NNTP).
NTFS file system
An advanced file system that supports file system recovery, large storage media, and object-oriented applications. NTFS also offers enhanced security over the older FAT file system.

O

ODBC
See Open Database Connectivity (ODBC).
Open Database Connectivity (ODBC)
An API that enables applications to access data from a variety of database systems.

P

packet
A piece of a message transmitted as a fixed number of bytes over a packet-switching network, which is a network using a protocol that divides messages into packets before sending them. Each packet is transmitted individually, perhaps through different routes, and the original message is reassembled at the destination. A packet contains the destination address, as well as the data. In an IP network, these packets are often known as datagrams.
packet filtering
A method of controlling the flow of IP packets to and from ISA Server. When packet filtering is enabled, all packets are dropped unless explicitly allowed by ISA Server.
pass-through authentication
A feature of ISA Server that allows a client's authentication information to be passed to a destination server for both incoming and outgoing Web requests.
perimeter network
A network set up separately from an organization's private network and the Internet. The advantage of a perimeter network is that it allows external users access to specific servers located in the perimeter network, while preventing access to the internal corporate network. A perimeter network is also known as DMZ, demilitarized zone, and screened subnet.
ping
A TCP/IP utility that verifies connections to one or more remote computers by sending ICMP packets and listening for reply packets.
Point-to-Point Tunneling Protocol (PPTP)
A networking protocol that enables remote users to access corporate networks securely across the Internet by dialing into an Internet service provider (ISP) or by connecting directly to the Internet. PPTP supports multiprotocol virtual private networks (VPNs). Because PPTP allows multiprotocol encapsulation, users can send any packet type over an IP network.
POP
See Post Office Protocol (POP).
port
In TCP/IP networks, an endpoint to a logical connection. Certain services and protocols often use default port numbers, identifying a certain Internet application with a specific connection.
Post Office Protocol (POP)
A network protocol that permits a client computer to access e-mail messages on a server. Usually, this means that a POP3 server is used to allow a client computer to retrieve mail that an SMTP server is holding for it.
PPTP
See Point-to-Point Tunneling Protocol (PPTP).
processing time
A measure of the elapsed server time needed to fully process a client request and return an object from the server cache to the client.
protocol
Software that allows computers to communicate over a network. The Internet protocol is TCP/IP.
publishing rule
Controls the handling of incoming requests for internal network resources in ISA Server. Web publishing rules are configured to determine how incoming requests to internal Web servers are handled. Server publishing rules are used to handle incoming requests to servers (such as SMTP and FTP) on the Internal network.

Q

QoS
See Quality of Service (QoS).
Quality of Service (QoS)
A set of quality-assurance standards and mechanisms for data transmission.

R

remote administration
The practice of administering a computer from another computer connected across the network.
reverse caching
Caching implemented for incoming requests to local Web servers from the Internet.
routing
The process of forwarding packets to other routers. Routing is used with arrays to direct client requests for Internet objects. Routing is done in conjunction with arrays, chained ISA Server computers, or directly to the Internet.
rule element
A group of properties defined for a rule.

S

scheduled cache
A cache feature that can be customized to download HTTP content directly to the ISA Server cache, upon request or by configuring a schedule. This means that cache content can be updated in anticipation of client requests.
secondary connection
A range of port numbers, protocol, and direction used for additional connections or packets that follow the initial connection. One or more secondary connections can be configured.
Secure HTTP (HTTPS)
An extension to HTTP that supports various encryption and authentication measures to keep all transactions secure from end to end.
secure network address translation clients (SecureNAT clients)
Client computers that do not have Firewall client software installed. Requests from SecureNAT clients are essentially handled by the Firewall service and derive the benefits provided by this service.
Secure Sockets Layer (SSL)
A protocol that supplies secure data communication through data encryption and decryption. SSL enables communications privacy over networks.
SecureNAT
See secure network address translation clients (SecureNAT clients).
server certificate
A means of identifying information about the server. When a client requests an SSL object from a server, it requests that the server authenticate itself to the client. A server certificate is used for this purpose.
server publishing rule
A rule that is configured to specify how incoming requests to internal servers on the local network will be handled.
Simple Mail Transfer Protocol (SMTP)
An Internet standard protocol used for exchanging e-mail messages between SMTP servers on the Internet.
SMTP
See Simple Mail Transfer Protocol (SMTP).
socket
A logical communications channel used by TCP/IP applications. Sockets are data structures created by using a combination of device IP addresses and reserved TCP/UDP port numbers to indicate connection and delivery service information. Winsock is a Windows-based implementation of sockets.
SOCKS
A protocol for traversing firewalls in a secure and controlled manner, made available to the public by the Internet Engineering Task Force (IETF).
SSL
See Secure Sockets Layer (SSL).
SSL bridging
The ability of ISA Server to encrypt or decrypt client requests and pass the request to a destination Web server.
SSL tunneling
The ability of ISA Server to allow a client to establish a tunnel through the ISA Server directly to the Web server with the requested HTTPS object. Whenever a client browser requests an HTTPS object through the ISA Server computer, SSL tunneling is used.
system policy
A set of rules that controls how the ISA Server computer communicates with specific resources on the Internal network.

T

TCP
See Transmission Control Protocol (TCP).
TCP/IP
See Transmission Control Protocol/Internet Protocol (TCP/IP).
terminals
Equipment that provides real-time communications. Terminals must support audio communications, but support for video or data communications is optional. A computer running Microsoft NetMeeting 3.0 or higher is an example of an H.323 terminal.
Time to Live (TTL)
A custom setting that can be set to 0 or to a specified percentage of the age of an HTTP object. This setting determines the expiration policy of HTTP objects held in the ISA Server cache.
Transmission Control Protocol (TCP)
The Internet standard transport protocol that provides reliable, two-way connected service that allows an application to send a stream of data end-to-end between two computers across a network. The Internet protocol suite is often called TCP/IP.
Transmission Control Protocol/Internet Protocol (TCP/IP)
A family of networking protocols that allows computers with diverse hardware architectures and various operating systems to communicate across interconnected networks and the Internet. TCP/IP includes standards for how computers communicate and conventions for connecting networks and routing traffic. Every computer on the Internet supports TCP/IP.
TTL
See Time to Live (TTL).

U

UDP
See User Datagram Protocol (UDP).
User Datagram Protocol (UDP)
A standard transport protocol in TCP/IP networking that provides connectionless service for unacknowledged delivery of packets. UDP adds port addresses to the service provided by IP.

V

virtual private network (VPN)
A network that is constructed using public systems such as the Internet, but uses security mechanisms to ensure privacy, so that only authorized users are allowed access.
VPN
See virtual private network (VPN).

W

Web Proxy client
A client computer that has a Web browser application, which complies with HTTP 1.1, and is configured to use the Firewall service of ISA Server.
Web publishing rule
A rule that is configured to specify how incoming requests to internal Web servers will be handled.
well-known port
Any port in the range of 1-2048.
Windows NT Challenge/Response authentication
See Microsoft Challenge Handshake Authentication Protocol (MS-CHAP).
Windows Sockets (Winsock)
A Windows implementation of the widely used University of California-Berkeley Sockets API. Winsock is a networking API used to create TCP/IP-based sockets applications. Winsock provides interfaces between applications and the transport protocol, and works as a bidirectional connection for incoming and outgoing data.
Winsock
See Windows Sockets (Winsock).

Additional Links

Search

Support

Documentation

Authorization

 
Forgot your password?
Register

Subscribe

Subscribe to company news