Need Immediate Help?
At Cybera, we understand the importance of delivering the highest possible quality of service and customer care. To receive immediate support from a Cybera representative, please call 1-866-429-2372 or email firstname.lastname@example.org.
Login to SmartView
Cybera's SmartView network management application provides real-time status of all network connections and alerts our clients to critical events on their network. To login to SmartView, click on the logo below.
A2A (Application-to-Application Networks)
Application-specific virtual networks which directly connect discrete applications from enabling application client to core application server located in data centers, cloud services or partner networks.
Access Control List
(ACL) a set of data that informs a computer's operating system which permissions, or access rights, that each user or group has to a specific system object, such as a directory or file. Each object has a unique security attribute that identifies which users have access to it, and the ACL is a list of each object and user access privileges such as read, write or execute.
Any-to-Any traffic patterns
Traffic routes which enable the shortest route between application client and application server independent of the traditional site-to-site corporate network.
Any network system which is designed for a specific purpose of delivering information, services, transactions or value added functions.
Application Defined Network
(ADN) A network that uses software-defined network and security components to provide a dedicated network to each specific application, with customized security and network policies to meet the requirements of that specific application.
Any software client, codec, or server that facilitates a specific application function as part of an integrated system with connections to a core server.
Network access demarcation point located in a data center or cloud service for the aggregation of multiple connections from application clients or enablers.
Application Gateway Provider
Specific service provider providing an application gateway for the aggregation of multiple client connections.
Consistency of a specific application availability for use.
- To securely deploy unlimited new applications on a network.
- Enablement of unlimited Application Defined Networks (ADNs) on a single network platform.
- Maintaining complete compartmentalized application security even while using high speed and affordable public broadband.
- Facilitation of applications to your business from corporate data centers, cloud service providers, card processor gateways or virtually anywhere your applications exist.
- To add customized security and performance functionality to the delivery of your network applications.
Advanced Persistent Threat
(APT) A network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.
Address Resolution Protocol
(ARP) A telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. ARP was defined by RFC 826 in 1982. It is Internet Standard STD 37. It is also the name of the program for manipulating these addresses in most operating systems. ARP is used to convert an IP address to a physical address such as an Ethernet address.
A dynamic database resident in a network router for providing address resolution in the routing of packets based on IP addresses.
A core switching network based on a minimum of three network nodes located in different geographic locations providing route diversity and failover in the transit of data traffic between two end points.
Specific points within a network where bandwidth is limited resulting in restricted throughput of data traffic.
BYOA (Bring Your Own Application)
The ability to establish custom application gateways on a third party network.
BYOB (Bring Your Own Broadband)
The ability to selection the preferred broadband alternative for use in access a third party network service.
BYOD (Bring Your Own Device)
The ability to use a foreign or non-approved device on a third party network.
To separate applications, physically or virtually, into distinct routing environments or compartments that eliminate the sharing of common routing elements which are commonly exploited in unauthorized security breaches.
The part of the router architecture that is concerned with drawing the network map, or the information in a routing table that defines what to do with incoming packets. Control plane functions, such as participating in routing protocols, run in the architectural control element. In most cases, the routing table contains a list of destination addresses and the outgoing interface(s) associated with them. Control plane logic also can define certain packets to be discarded, as well as preferential treatment of certain packets for which a high quality of service is defined by such mechanisms as differentiated services.
Cybera ONE® Appliance
A secure application routing device that incorporates a secure Linux server to host applications and routing software that enables virtualization of the routing and security architecture which enables multiple ADNs. Provides multiple methodologies of interfacing including dual LAN Ethernet ports, embedded Wi-Fi module, embedded 3G/4G module, serial interface conversion ports and USB ports along with eight Ethernet LAN ports for wide applicability with application clients. Brokers with the Cybera ONE SecureCORE Cloud to facilitate a secure overlay network over public broadband connections.
Sometimes called the forwarding plane, defines the part of the router architecture that decides what to do with packets arriving on an inbound interface. Most commonly, it refers to a table in which the router looks up the destination address of the incoming packet and retrieves the information necessary to determine the path from the receiving element, through the internal forwarding fabric of the router, and to the proper outgoing interface(s). The IP Multimedia Subsystem architecture uses the term transport plane to describe a function roughly equivalent to the routing control plane.
An application system used commonly in retail stores to dynamically deliver informational and advertising graphics, videos and messages to prompt specific behavior by patrons.
In networking, DIY refers to purchasing equipment components that must be configured, integrated, installed and administered by the buyer assuming the proper level of expertise is present. As compared to a solution where the purchaser contracts to have the turnkey implementation of the equipment performed by external resources with the proper expertise.
DNS Look Up
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates easily memorized domain names to the numerical IP addresses needed for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet.
In routing, encapsulation is the process of formatting legacy protocols for transport within an IP network. Data which has already been formatted into a legacy transport protocol must be further formatted to properly fit within IP packet payloads and appropriately marked within the packet header for proper reassembly at the opposite end.
Environmental Monitoring System (EMS)
A software application system which typically polls remote devices such as gauges, sensors, electrical switches and alarms to efficiently monitor the remote environment for compliance, safety, security or to maintain optimal conditions through control of the remote device configuration parameters.
The process of switching active routing paths from a primary connection to a secondary connection in the event of a failure of the primary connection.
A condition where an event occurs, such as a primary connection failure, but remains undiagnosed due to unforeseen conditions or errors to create a failure in the recognition or communication of the diagnosis, so the application system fails to act in accordance.
Devices that have not been formally issued in a controlled environment to the end user, but is still allowed to participate on the network, such as a Wi-Fi network. Commonly referred to as Bring Your Own Device (BYOD), foreign devices are frequently the causes of intended or unintended introduction of unwanted viruses and malware into a network.
The connection demarcation between two networks.
An unauthorized user that attempts to damage, inhibit or break into a network.
HIPAA (Health Insurance Portability and Accountability Act)
HIPAA was intended to make the health care system in the United States more efficient by standardizing health care transactions and protecting patient privacy rights. The Privacy Rule gives individuals the right to request that a covered entity correct any inaccurate PHI. It also requires covered entities to take reasonable steps to ensure the confidentiality of communications with individuals. For example, an individual can ask to be called at his or her work number instead of home or cell phone numbers.
Refers to a direct connection between two end points that does not traverse a more complex connection infrastructure. An example could include the establishment of a direct virtual pathway from a POS system directly to a payment gateway, versus traversing a site-to-site connection back to a corporate host before being routed to a payment gateway.
HSRH (High Speed Remote Helpdesk)
The method of accessing remote helpdesk services over secure broadband versus tradition dial business lines. An example would be a POS vendor providing remote support for an in-store POS system over a secure authenticated connection with logging of the technician's actions as to not compromise PCI-DSS compliance.
Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. In its popular deployment on the internet, HTTPS provides authentication of the web site and associated web server that one is communicating with, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the web site that one intended to communicate with (as opposed to an imposter), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
A more complex process of filtering HTTPS packets to reduce the potential of an unauthorized third party using HTTPS to spoof a web site to obtain unauthorized access to a network.
A primary aggregation point for multiple connections. Commonly used in context of a “hub and Spoke” network where all remote sites connect back to a hub site forming a star network topology. Hub and spoke topologies are the most common traditional network architecture, although meshed topologies are also less commonly used.
Internet Facing Application/Traffic
Any application that utilizes traffic patterns that traverse the open Internet using public IP addressing. Any application that is public facing assumes the risk of unauthorized entry by third parties, which results in the need for significant security infrastructure to protect against such threats. Internet facing applications are the primary sources for network breaches (with the notable exception of internal employee breaches) and commonly serve as the entry point or beachhead for breaches into other partitioned network segments.
In networking, the process of placing a network segment or application onto its own physical network infrastructure in order to reduce the possibility of security bleed in the even the application is breached.
LAN (Local Area Network)
A private network located on premise that uses private IP addressing and NAT to protect from public network connections. Two LANs are connected via some form of Wide Area Network (WAN) to enable communication and application traffic between LANs. LANs may be composed of multiple subnets where different private IP addressing ranges, ACL statements and firewalls are used to separate one LAN segment from another.
LEC (Local Exchange Carrier)
A provider of local voice and data services such as phone lines or broadband Internet. LECs are regulated entities that serve defined geographic markets.
Legacy Serial Interfaces
Computer or device interfaces that use a 9 or 25 pin DBU to connect to a network or adjacent system. Serial interfaces are increasingly being replaced by higher speed and less costly interfaces such as Ethernet and USB, and thus are referred to as legacy. Although, serial interfaces remain in widespread use due to the replacement costs or network interface change costs associated with the systems they enable.
The risk of court ordered penalties due to fault. In security breaches it is common that if a company network is breached, they are subject to multiple class action law suits even if not information or financial loss is present. The costs of defending against these suits are part of the cost of litigation liability in additional to the damage awards.
Mileage Sensitive Circuits
Common with private line access circuits provided by Local Exchange Carriers to account for the approximate costs associated with the distance of the customer site from the LEC end office. Mileage sensitive circuits are also subject to backhaul costs where a site is located in an independent LEC territory that charges for their network use.
Cybera's Network/Security Configuration Change process which allows customers to quickly submit configuration change requests to existing installations for operational and security purposes. The NSCC change request form is located on our SmartView portal or from a Cybera sales representative.
The Open Networking Foundation (ONF), a user-led organization dedicated to promotion and adoption of software-defined networking (SDN), manages the OpenFlow standard. ONF defines OpenFlow as the first standard communications interface defined between the controls and forwarding layers of an SDN architecture. OpenFlow allows direct access to and manipulation of the forwarding plane of network devices such as switches and routers, both physical and virtual (hypervisor-based). It is the absence of an open interface to the forwarding plane that has led to the characterization of today's networking devices as monolithic, closed, and mainframe-like. A protocol like OpenFlow is needed to move network control out of proprietary network switches and into control software that's open source and locally managed.
A private virtual network which operates over a public broadband connection without using the public IP address in its operation. Overlay network functionality is resident to ADN and allows for the selection of the optimal local bandwidth alternative to the site. An overlay network brokers with a secure cloud termination environment and is independent of any public IP addressing. Overlay networks can be used to extend third party ADNs into a partner network without compromising the network or allowing the ADN to be subject to security policy changes in the partner network.
The process of segmenting devices and network subnets from one another through firewall partitions, ACL statements and installation of separate devices. Partitioning requires fairly complex network configurations and multiple devices to isolate each network application from one another to improve security.
Defined by the PCI Standards Council as anything that is within the Card Data Environment (CDE) that processes, stores or transmits cardholder data is in-scope for PCI compliance. Although there are significant nuances and complexities around the definition of the CDE and the clear demarcation of scope depending on the specific payment network.
The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for enhancing payment account data security.
Network rules that define the specific performance requirements around individual ADNs. Performance policies can include the establishment of queuing priority to ensure one application is prioritized over another application due to its importance or latency sensitivity.
The ability of a device to be able to be connected to power and the network and auto-configure itself for proper functionality. Plug-and-Play devices do not require expensive technicians to perform installation, configuration and integration.
Network rules that define the performance of the network. Policies can be categorized into security policies, performance policies and reliability policies. Policies are defined and pre-established to govern network performance according to custom requirements.
POS (Point-of-Sale System)
An application system used in retail environments to transact cash, credit/debit and other payments from patrons. The POS system is required to be a highly secure system to protect against credit card data theft under the PCI-DSS compliance guidelines. POS systems connect over various types of networks to payment processor gateways or enterprise credit switches to conduct the transaction authorizations.
Priority Policy Parameters
The specific rules defined to ensure one traffic type is treated in a more expeditious manner than other traffic types on the network.
Private Cloud Backbone
A core private network architecture that is separate or controlled from the pen public Internet. Private cloud backbones have inherent capabilities to re-route connections in the event of a route or gateway failure without manual reconfiguration of all end point devices.
The process of a problem with one application or network segment affecting adjacent applications or network segments on the same physical circuit. A common phenomenon resulting from the aggregation of multiple applications on a common wide area connection that makes problem isolation very difficult and time consuming to resolve.
The process of identifying the root cause of a problem.
An application authorized to perform specific functions on behalf of another application in order to allow an application system to operate more efficiently or securely.
Payment Card Industry Qualified Security Assessor (PCI QSA) is a designation conferred by the PCI Security Standards Council to individuals it deems qualified to perform PCI assessments and consulting services. To qualify as a PCI QSA, an individual must meet information security education requirements, take appropriate training from the PCI Security Standards Council and be employed by an approved PCI security and auditing firm. PCI QSAs must be re-certified annually. A PCI QSA is hired as an impartial third party by organizations subject to the PCI Data Security Standard to conduct a PCI assessment or advise the organization on how to achieve PCI compliance. During a PCI assessment, the QSA determines whether the organization has met the PCI 12 requirements, either directly or through compensating controls. The QSA then completes a Report on Compliance (ROC) to verify the organization's compliance. The ROC is sent to the organization's acquiring bank, which then sends it to the appropriate credit card company for verification.
A proprietary ADN functionality provided by Cybera that diagnoses primary and secondary connection failures through three separate tests in order to most rapidly and accurately determine an outage has occurred and to quickly establish an alternate route in less than a minute.
Network rules that define the specific network availability requirements around individual ADNs. Reliability policies can include the ability of specific ADNs to re-route to a secondary connection while other ADNs remain down to ensure consistent performance of the priority ADNs.
Problems caused by network addressing and configuration issues on a specific network. Route conflicts are common in VPN based networks where duplicate addressing causes network routes to become confused resulting in errors or misdirected packets. Route conflicts can be quite difficult to resolve or may require added complexity to the network to establish source NAT or destination NAT rules at specific points in the network that create inconsistencies that are more difficult to administer. Applications such as payment traffic and HIPAA related traffic are strictly controlled by compliance standards and must not allow any route conflicts to bleed into these networks. This becomes a significant barrier to implementing new applications on a network with payment traffic due to the introduction of new route conflicts.
Commonly referred to as ARP tables which perform the IP addressing resolution and establishment of traffic routes.
S2S (Site-to-Site Networks)
Networks based on a point-to-point architecture with remote “spokes” all connecting to a primary “hub” between geographically distributed sites. In S2S networks, all traffic routes must traverse the physical site-to-site connections. Compared to application-to-application (A2A) networks where individual application-specific ADNs connect directly to the intended destination regardless of the site-to-site corporate network topology.
SDN (Software Defined Networks)
Is an approach to computer networking which allows network administrators to manage network services through abstraction of lower level functionality. This is done by decoupling the system that makes decisions about where traffic is sent (the control plane) from the underlying systems that forwards traffic to the selected destination (the data plane). The inventors and vendors of these systems claim that this simplifies networking. SDN requires some method for the control plane to communicate with the data plane. One such mechanism, OpenFlow, is often misunderstood to be equivalent to SDN, but other mechanisms could also fit into the concept. The Open Networking Foundation was founded to promote SDN and OpenFlow as marketing using the term cloud computing became popular. SDN technology is most commonly addressing the high peak environments of cloud service data centers to provide a greater level of resource allocation across multi-vendor networks.
Secure Application Appliance
A multi-function network security and routing device which has the inherent capability of hosting specific applications on the internal server while enabling a virtualized routing and security environment for each application connected or hosted on the appliance.
A cloud service that does not operate on the open Internet. Secure clouds provide the ability of private enterprise networks or applications to securely connect to the cloud services without using public IP addressing.
The process of a network breach on an Internet facing application or network to migrate to other network segments. Security bleed commonly occurs in Advanced Persistent Threat scenarios where an unauthorized user establishes a network beachhead and remains stealth over extended periods of time to identify security holes in the network to exploit and advance progression into the broader network.
The process of an unauthorized user gaining access to adjacent network segments on a common network infrastructure. Security cascade is the result of Internet facing applications being breached and leading to more expansive access to the entire network.
Incongruence's in network security policies being administered on a common network housing multiple applications of differing criticality and or information sensitivity. Security conflicts commonly occur on network infrastructures that share common network interfaces, routing tables and wide area connections to support multiple application traffic types or networks.
Rules that define authorizations, access privileges, administration privileges, and segmentation of traffic types or subnets in order to maintain the integrity of the network.
The process of segmenting devices and network subnets from one another through firewall partitions, ACL statements and installation of separate devices. Partitioning requires fairly complex network configurations and multiple devices to isolate each network application from one another to improve security.
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization's information technology (IT) security. SIEM combines SIM (security information management) and SEM (security event management) functions into one security management system.
Single Purpose Routers
Discrete routing devices inserted into the network to perform specific application functions in an effort to physically partition one application from other applications on the network. Single purpose routers require additional capital costs and increased tax on IT resources due to additional configuration, installation, integration and administration.
A specific brick and mortar location within an enterprise networks such as a store, office, branch or factory.
Cybera proprietary network and service management portal for use by customers to see services purchased by their organization.
SMC (Solutions Management Center)
Cybera's 24x7x365 network management center that monitors customers networks and conducts problem isolation and resolution of network elements on behalf of customers.
Simple Network Management Protocol is an “Internet-standard protocol for managing devices on IP networks”. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects. A manager-to-agent request to retrieve the value of a variable or list of variables. Desired variables are specified in variable bindings (values are not used). Retrieval of the specified variable values is to be done as an atomic operation by the agent. A Response with current values is returned.
A site within an enterprise network that connects to a primary hub. Commonly used in context of a “hub and Spoke” network where all remote sites connect back to a hub site forming a star network topology. Hub and spoke topologies are the most common traditional network architecture, although meshed topologies are also less commonly used.
A land based connection such as a phone line, cable, DSL or fiber circuit typically serving as an access methodology to a network backbone or the Internet. As compared to a wireless connection which can use Wi-Fi-, 3G/4G, fixed wireless or VSAT.
An unauthorized intrusion into a specific network segment.
Universal Policy Controller (UPC)
A centralized configuration and policy management system that programmatically inserts a wide range of customized security services into the network on a per-flow, per-application or per-user basis. A UPC can also implement security dynamically and across all defined sites within a network simultaneously.
Virtual VPN Concentrators
A network device that allows multiple VPNs to be terminated without jeopardizing the integrity of each VPN. Commonly used in service provider networks or at corporate hub locations to aggregate the termination of multiple discrete VPN connections.
Logical firewalls that operate on a specific network connection independent of any other application or network traffic that might be on the network.
Logical network routers that are dedicated to specific networks or applications without sharing critical components such as ARP tables, ACLs, or routing engines.
Logical server capacity which is compartmentalized from other shared elements on a server, allowing complete server functionality with mitigated security risk form other virtual servers on the same physical hardware.
Virtual LAN (VLAN)
In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN or VLAN. This is usually achieved on switch or router devices. Simpler devices only support partitioning on a port level (if at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for various VLANs.
Virtual Private Network (VPN)
A VPN extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefitting from the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. A VPN connection across the Internet is similar to a wide area network (WAN) link between the sites. From a user perspective, the extended network resources are accessed in the same way as resources available from the private network. VPNs allow employees to securely access their company's intranet while traveling outside the office. Similarly, VPNs securely and cost-effectively connect geographically disparate offices of an organization, creating one cohesive virtual network. VPN technology is also used by ordinary Internet users to connect to proxy servers for the purpose of protecting one's identity.
Wide Area Network (WAN)
a network that covers a broad area (i.e., any telecommunications network that links across metropolitan, regional, or national boundaries) using private or public network transports. Business and government entities utilize WANs to relay data among employees, clients, buyers, and suppliers from various geographical locations. In essence, this mode of telecommunication allows a business to effectively carry out its daily function regardless of location. The Internet can be considered a WAN as well, and is used by businesses, governments, organizations, and individuals for almost any purpose imaginable, albeit with the risk of using public IP addressing.
Network administrative divisions assigning the specific use of physical ports to a specific device or network. Physical security zones on network routers allow a single port or group of ports to be used only by authorized devices that are typically identified by their unique MAC address. In ADN, physical ports are zoned for a specific device, such as a POS system, and mapped to a specific ADN so that they are compartmentalized, physically and logically, from all other applications on the network.
Cybera ONE® is a registered trademark of Cybera, Inc.