Networking & InfrastructureGlossary

The numeric address that identifies a device on a network — like a street address for computers. Two flavors: IPv4 (the familiar 192.168.x.x format) and IPv6 (longer, hexadecimal — IPv4 ran out of addresses years ago).

Why it matters: Every device on your network has one. Devices with the same IP can't both reach the internet, which is why router and DHCP configuration matters. Most firewall rules and access controls are defined by IP address ranges.

Related: Subnet, DHCP, MAC Address, NAT, DNS

The system that translates human-friendly website names (brydansolutions.com) into the numeric IP addresses computers actually use to find each other. Every internet action — loading a webpage, sending email, opening Teams — starts with a DNS lookup.

Why it matters: Because DNS underpins everything, it's both critical and a security target. Filtering DNS lookups (DNS filtering) blocks employees from reaching known malicious sites before the connection even happens — one of the highest-leverage security controls available.

Related: IP Address

The protocol your router uses to automatically assign IP addresses to devices when they join the network. Without DHCP, every device would need to be manually configured with an IP address, gateway, DNS server, and subnet mask.

Why it matters: When DHCP breaks, nothing new can join the network — laptops connect to Wi-Fi but can't reach the internet. Common cause of "the internet isn't working" calls. Servers and printers usually get static IPs to avoid changing addresses.

Related: IP Address, Router

The device that connects your local network to the internet (and to other networks). Decides where each packet of data should go. The router in a small office is also usually the firewall, DHCP server, and Wi-Fi access point all in one box.

Why it matters: Your router is the single most important piece of network equipment in the office. Cheap consumer routers run out of capacity around 20 users; business-grade is worth the cost if you're past the home-office tier.

Related: Switch, Firewall, DHCP

The device that connects multiple wired devices on the same network (computers, printers, servers). Different from a router: a switch moves data within ONE network; a router moves data BETWEEN networks. In small offices, you may not have a separate switch — your router has switch ports built in.

Why it matters: When the office is growing past 8 wired devices, a dedicated switch is usually the answer (most consumer routers max out around 4 wired ports). Managed switches add VLAN support, traffic prioritization, and visibility.

Related: Router, VLAN, LAN

Hardware or software that sits at the edge of your network (or on each device) and decides which network traffic is allowed in or out, based on rules. Modern "next-generation" firewalls also inspect the contents of traffic and block known malicious sites.

Why it matters: A firewall is the first wall attackers hit when trying to reach your network from outside. It's a baseline security control — every business has one (your router includes one) — but the quality and configuration matter enormously.

Related: Zero Trust, NAT, DMZ, Network Segmentation, Router, Port Forwarding, DDoS

The network inside a single physical location — your office network. Includes everything connected to your router, both wired and Wi-Fi. Bounded by the building (or the campus). Devices on the same LAN can typically communicate directly with each other.

Why it matters: What's on the LAN is the security perimeter most businesses are still operating with: "trusted inside the office, untrusted outside." Zero Trust challenges that assumption, but the LAN is still the practical baseline for most network design.

Related: WAN, VLAN, Switch

A network that spans multiple locations — connecting offices in different cities, or your office to a data center. Often built on top of the public internet using VPNs; larger organizations use dedicated WAN circuits (MPLS, SD-WAN) for performance.

Why it matters: Multi-location businesses live and die by WAN reliability. If the office-to-cloud connection is slow or flaky, every user feels it. WAN design is often the difference between "the cloud feels fast" and "the cloud is unusable."

Related: LAN, VPN, ISP

A way to split one physical network (sharing the same switches and cables) into multiple logically separate networks. Common uses: separating Wi-Fi guest traffic from internal traffic, isolating VoIP phones from regular computers, putting security cameras on their own segment.

Why it matters: VLANs are how you do network segmentation without buying separate hardware for each segment. A breach on one VLAN can be contained from spreading to others — critical for limiting attack blast radius.

Related: Network Segmentation, Switch, Subnet, LAN, SSID, Guest Network

A logical subdivision of a network — defined by an IP address range and a "subnet mask" that specifies the boundary. Devices on the same subnet can reach each other directly; devices on different subnets need a router to communicate.

Why it matters: Subnetting is how you organize larger networks: one subnet for office Wi-Fi, another for servers, another for guest access. Done well, it improves performance and limits broadcast traffic. Done poorly, devices can't reach each other and nobody knows why.

Related: IP Address, VLAN

The company that provides your internet connection — Cox, Lumen, AT&T, Spectrum, etc. They give you a circuit (cable, fiber, fixed wireless), assign a public IP address, and route your traffic to the rest of the internet.

Why it matters: Your business depends on your ISP being up. Having a second ISP (different provider AND different physical path to the building) is the foundation of internet failover — without it, an ISP outage means your business stops.

Related: Bandwidth, Failover, WAN

The maximum amount of data that can move through a network connection per second — measured in Mbps (megabits per second) or Gbps (gigabits). Different from latency: bandwidth is volume (how much), latency is speed (how fast a single request returns).

Why it matters: Throwing more bandwidth at a slow application rarely helps if latency is the problem. Bandwidth matters for large transfers (cloud backup, video streaming, file sync); latency matters for interactive use (Teams meetings, remote desktop).

Related: Latency, ISP, QoS, VoIP

A connection that encrypts your internet traffic and routes it through a private tunnel before reaching the public internet. Originally built so remote workers could reach files on the office network securely; now also used to protect data on public Wi-Fi.

Why it matters: A VPN keeps prying eyes — including your ISP and anyone on the same Wi-Fi — from seeing what you're sending. Most cyber-insurance policies and compliance frameworks require VPN use for remote access to business systems.

Related: Zero Trust, WAN, Port Forwarding

When a primary system fails, traffic automatically reroutes to a standby system so users don't notice the outage. Common in internet connectivity (a backup ISP takes over), email, servers, and phone systems.

Why it matters: Failover is what separates "we had an outage" from "we had a problem the customer never saw." The investment is usually small compared to the lost revenue from even a few hours of downtime.

Related: BCDR, Disaster Recovery, Availability Zone, Redundancy, ISP, Load Balancer, VoIP, Failback

Designing systems with duplicates so that the failure of one component doesn't take down the whole service. Two ISPs, two firewalls, two power supplies in a server. Redundancy is what makes failover possible.

Why it matters: Redundancy costs money up front (you're paying for hardware that sits idle until something else breaks). It pays for itself the first time a single point of failure would have caused real downtime — which is usually within the equipment's lifespan.

Related: Failover, Load Balancer

A device or service that distributes incoming network traffic across multiple backend servers, so no single server gets overwhelmed. Also detects when a backend server fails and stops sending it traffic — built-in failover.

Why it matters: Load balancers are standard for any web application serving more than a handful of users at once. Cloud providers (Azure, AWS) offer load balancers as a service; for on-premise apps, dedicated hardware or software handles it.

Related: Failover, Redundancy

A globally distributed network of servers that cache copies of your website's static content (images, videos, JavaScript) near users — so a visitor in Tokyo loads your site from a Tokyo CDN node instead of from a server in Las Vegas. Cloudflare, Fastly, and Akamai are major CDNs.

Why it matters: Without a CDN, a global website is slow for users far from your server. With one, the same site feels fast everywhere. Many CDNs also provide DDoS protection and security filtering as built-in features.

Related: Latency, Region, DDoS

Phone service that runs over your internet connection instead of traditional copper phone lines. Modern business phone systems are almost all VoIP — they cost less, work anywhere with internet, and integrate with email, chat, and CRM platforms.

Why it matters: If your internet goes down, your phones go down too. A VoIP phone system makes network reliability and failover planning a direct business-continuity issue, not just an IT one.

Related: Failover, QoS, Bandwidth

Network configuration that prioritizes certain traffic types over others — e.g., guaranteeing that VoIP and video meetings get bandwidth first, even when someone's running a big file download on the same connection.

Why it matters: Without QoS, choppy phone calls during meetings or video conferences are usually the symptom. A few minutes of QoS configuration on a business-grade router can resolve months of "the audio cut out again" complaints.

Related: VoIP, Bandwidth, Latency

The delay between sending a network request and getting a response back, measured in milliseconds. Affected by physical distance to the server, network congestion, and the processing time at both ends. Lower is better; sub-100 ms feels instant to users.

Why it matters: When a cloud application feels slow, latency is often the cause — and it's usually fixable by choosing a closer region. Always test from where your users actually are, not from the data center where the developers tested.

Related: Region, Bandwidth, CDN, QoS, Edge Computing

The protocol web browsers and servers use to talk to each other. When you load a page, your browser sends HTTP requests; the server sends HTTP responses. Plain HTTP is unencrypted — anyone in between can read it.

Why it matters: Modern websites should never use plain HTTP. If you see a site without the padlock icon (HTTPS), assume passwords, credit cards, and any other data you type are visible to anyone watching your connection.

Related: HTTPS

HTTP wrapped in TLS encryption. The padlock icon in your browser confirms HTTPS. Everything sent between your browser and the website — passwords, payment details, personal data — is encrypted and can't be read by anyone in between.

Why it matters: HTTPS is now the standard, not the exception. Browsers warn users about plain-HTTP sites, search engines penalize them, and most modern features (PWAs, payment APIs) require HTTPS. Free certificates from Let's Encrypt mean cost isn't an excuse.

Related: HTTP, SSL/TLS

An old protocol for transferring files between computers over a network. Plain FTP is unencrypted (passwords and files travel as plain text); SFTP (over SSH) and FTPS (over TLS) are the modern, secure replacements.

Why it matters: If a vendor or partner is still asking you to upload via plain FTP, push back — there's no reason to use unencrypted file transfer in 2026. SFTP is functionally identical from a user's perspective but actually secure.

Related: SSH

The protocol email servers use to send messages to each other. Your Outlook or Exchange Online server uses SMTP to deliver email to the recipient's mail server. Inbound delivery uses different protocols (IMAP, POP3) for reading messages back to your email client.

Why it matters: SPF, DKIM, and DMARC are all about authenticating SMTP traffic — proving that an email claiming to come from your domain actually did. Misconfigured SMTP authentication is why so many businesses' emails land in spam folders.

Related: SPF, DKIM, DMARC

A protocol for securely connecting to a remote computer's command line, and for securely transferring files (SFTP, SCP). Encrypts everything in transit. The standard way administrators access servers and network equipment for management.

Why it matters: If IT staff access your servers via SSH, that's a good sign — it's the secure standard. SSH keys (instead of passwords) are even more secure and required by many compliance frameworks.

Related: FTP

The different versions of Wi-Fi: Wi-Fi 5 (802.11ac), Wi-Fi 6 (802.11ax) added efficiency and multi-device performance, Wi-Fi 6E added a new 6 GHz frequency band, Wi-Fi 7 (802.11be) is the latest with much higher throughput. Newer standards require new hardware on BOTH the access point and the device.

Why it matters: Wi-Fi 6 is the practical minimum for any office today — it handles many simultaneous devices far better than Wi-Fi 5. Wi-Fi 7 is overkill for most small businesses; Wi-Fi 6 or 6E hits the sweet spot of price and capability.

Related: SSID, Mesh Wi-Fi

The name of a Wi-Fi network — what shows up in the list of available networks on your phone or laptop. Businesses often have multiple SSIDs from the same access points: one for staff, one for guests, sometimes one for IoT devices.

Why it matters: Separating staff and guest Wi-Fi via different SSIDs (each on its own VLAN) is one of the easiest network-segmentation wins available. Guest devices can't reach internal resources; the office printer can't expose itself to hotel-style guests.

Related: Wi-Fi Standards, Guest Network, VLAN

The current Wi-Fi encryption standard — replaces the older WPA2 (still common) and the long-deprecated WEP (never use). Provides stronger encryption, protection against password guessing, and better security for IoT devices that can't easily enter long passwords.

Why it matters: If your Wi-Fi is still on WPA2, it's not urgent but worth upgrading when you replace access points. WEP is actively dangerous and trivially crackable — any equipment still configured for WEP needs to change today, not soon.

Related: SSL/TLS

A separate Wi-Fi network for visitors, contractors, or BYOD devices — usually with its own password, isolated from the business's main network so guest devices can reach the internet but not internal servers, printers, or files.

Why it matters: Without a guest network, visitors connect to the main office Wi-Fi and have visibility (or worse) into business resources. With one, they're a separate broadcast domain that can't see anything internal. Setting one up takes minutes; benefits last for the equipment's lifetime.

Related: SSID, VLAN, Network Segmentation

A Wi-Fi setup using multiple access points that work as a single coordinated network — your device roams between them automatically as you move through the building, without manually reconnecting. Distinct from "range extenders," which create a separate (slower) network.

Why it matters: Single-access-point setups leave Wi-Fi dead zones in any office larger than ~1,500 square feet. Mesh systems eliminate the dead zones and the "why does my laptop keep dropping?" calls. Business-grade mesh (Ubiquiti, Aruba) outperforms consumer mesh dramatically.

Related: Wi-Fi Standards

The technique your router uses to share one public IP address among many devices on your internal network. Outgoing requests are translated to look like they came from the public IP; incoming responses are routed back to the right internal device.

Why it matters: NAT is one reason most home and small-office networks aren't directly exposed to the internet — internal devices don't have public IPs and can't be reached from outside without explicit configuration. Not a substitute for a firewall, but a useful side effect.

Related: Firewall, IP Address, Port Forwarding

A firewall configuration that maps a port on your public IP address to a specific internal device — "any internet traffic hitting our router on port 3389 goes to the office server." Lets external services reach internal resources that would otherwise be hidden behind NAT.

Why it matters: Port forwarding is how internal services get exposed to the internet — but it's also a frequent security mistake. Every open port is a potential attack surface. Modern best practice is to avoid port forwarding entirely, preferring VPN or Zero Trust access instead.

Related: Firewall, NAT, VPN

A unique identifier burned into every network interface (Wi-Fi card, Ethernet port) at the factory. Different from an IP address (which is assigned and can change); the MAC address is the hardware identity. Format: six pairs of hex digits like 00:1A:2B:3C:4D:5E.

Why it matters: Useful for network access control (only known MAC addresses allowed), tracking devices across IP changes, and DHCP reservations. Modern OSes randomize MAC addresses on public networks for privacy — useful to know if you're trying to track devices reliably.

Related: IP Address

The practice of dividing a network into smaller, isolated zones — so a breach in one zone doesn't automatically have access to everything. Common segments: user devices, servers, IoT / cameras, guest, payment systems (PCI).

Why it matters: Once attackers get inside ONE part of your network, segmentation limits how far they can spread. Required by PCI-DSS for payment environments; recommended by NIST for any business handling sensitive data. VLANs are the usual mechanism.

Related: VLAN, Zero Trust, Least Privilege, PCI-DSS, Firewall, Guest Network, DMZ, IoT

A network segment that sits between your internal network and the public internet — used to host services that need to be publicly accessible (a web server, an email server) while keeping the rest of your internal network protected. The DMZ is the buffer zone.

Why it matters: Modern cloud architecture (managed services, SaaS) has reduced the need for traditional DMZs. They still matter when you're hosting internet-facing services yourself; the principle of isolating publicly-accessible servers from sensitive internal ones remains sound.

Related: Firewall, Network Segmentation

An attack that floods a target website, service, or network with so much traffic that legitimate users can't reach it. Distributed across many sources (botnets, hijacked devices) so simply blocking one IP doesn't help. Different from a breach — DDoS doesn't steal data, it just takes you offline.

Why it matters: Small businesses aren't usually direct DDoS targets, but they can be collateral damage when their hosting provider or DNS gets hit. CDNs and providers like Cloudflare offer DDoS protection as a built-in feature; for self-hosted sites, it's worth front-ending with one.

Related: CDN, Firewall