Transparent firewall A Layer 2 firewall that behaves like a “stealth firewall.” In other words, it is not seen as a router hop to connected devices. In this implementation, the security appliance connects the same network on its inside and outside ports. However, each interface resides on a separate VLAN.

Transport mode Uses a packet’s original IP header, as opposed to adding a tunnel header for packets traveling over an IPsec-protected VPN. This approach works well in networks in which increasing a packet’s size could cause an issue.

Triple Data Encryption Standard (3DES) Applies the DES algorithm three times in a row to a plain-text block, but each application uses a different key. Applying DES three times with different keys makes brute-force attacks on 3DES unfeasible. This stems from the fact that the basic algorithm has stood the test of time, weathering 35 years in the field, proving quite trustworthy.

Trojan horse A piece of software that appears to perform a certain action but in fact performs another action, such as a computer virus. This action, generally encoded in a hidden payload, may or may not be malicious in nature.

Tunnel mode Unlike transport mode, tunnel mode encapsulates an entire packet traveling over an IPsec-protected VPN. As a result, the encapsulated packet has a new IPsec header. This new header has source and destination IP address information that reflects the two VPN termination devices at two different sites. Therefore, tunnel mode is frequently used in an IPsec site-to-site VPN.

Turbo access control list (ACL) Processes ACLs into lookup tables for greater efficiency. Turbo ACLs use the packet header to access these tables in a small, fixed number of lookups, independent of the existing number of ACL entries.

User datagram protocol (UDP) A communications protocol that has no error recovery features and is mostly used to send streamed material over the Internet.

VACL VLAN access control list. An ACL applied within a VLAN, as opposed to an ACL applied when traffic travels from one VLAN, or subnet, to another (as typically seen on a router).

virtual private network (VPN) A logical connection (sometimes called a tunnel) that can be established over an “untrusted” network (such as the Internet). An IPsec VPN can use a series of security protocols and algorithms to protect the traffic flowing over a VPN tunnel.

virtual SAN (VSAN) Created from a collection of ports that are part of a set of connected Fibre Channel switches. Together these ports form a virtual fabric. Ports within a single switch may be partitioned off to form multiple VSANs. Conversely, multiple switches may be used together, and any number of their ports may be joined to form a single VSAN.