Page 201 / 210 Scroll up to view Page 196 - 200
NetVanta 2000 Series System Manual
Section 5, DLP-022
61200361L1-1E
© 2002 ADTRAN, Inc.
201
3.
From the menu list (located on the left side of the screen) select
N
ETWORK
I
NTERFACE
. The
E
THERNET
C
ONFIG
page will appear.
4.
From the menu list (located on the left side of the screen) select
DHCP I
NFO
.
Page 202 / 210
Section 5, DLP-022
NetVanta 2000 Series System Manual
202
© 2002 ADTRAN, Inc.
61200361L1-1E
5.
Record any information needed from this table for future use.
Follow-up Procedures
Once this procedure is complete, return to the procedure which referred you to this DLP and continue with
the tasks indicated there.
The IP address listed next to Gateways in the WAN column (172.124.37.252 for this
example) will be used when adding the default route to the NetVanta 2000 series route
table (see DLP-011). Record this address for future reference.
Page 203 / 210
61200361L1-1E
© 2002 ADTRAN, Inc.
203
GLOSSARY
Authentication
Identifying and validating a given user.
Data integrity
Traditionally, data integrity checking has involved attaching a checksum to a string of data to
check against accidental data corruption. More sophisticated security algorithms add other
validators such as time and date stamps to make sure data is not intercepted or altered.
Data Encryption Standard (DES)
Is a symmetric block cipher algorithm used as a confidentiality mechanism for the encapsulating
security payload (ESP).
Data privacy
To prevent data from being read by humans or machines during transmission, data privacy
algorithms such as Data Encryption Standard (DES) encrypt and then decrypt the data before and
after transmission.
Denial of service (DOS) attack
A method of flooding a site with "spoofed" (artificially generated) packets. A DOS tries to
generate enough traffic deny service to legitimate users. One recent method has been called
“smurfing.”
Encapsulating Security Payload
Provides confidentiality for IP datagrams by encrypting the payload data to be protected.
Encryption
The use of algorithms such as MD5 or SHA to encrypt (code) and the decrypt (decode) a
password. Most encryption algorithms rely upon some sort of private key.
Filtrating
The process of statistically sampling the queue size and dropping packets when the queue reaches
a threshold. Common methods are random early detection (RED) weighted random early detection
(WRED).
Firewall
Usually a combination of hardware and software that protects an organization's network from
external attacks or intrusions. Most firewalls make use of a proxy server that performs a validation
and filtering function for the organization.
Hash Values
Locator numbers that replace a given value with a location in a table. The locator number is later
used to retrieve the original data. Hashing is analogous to storing a coat on a coat rack. The hash
ID is saved and used later for retrieval.
Page 204 / 210
Glossary
NetVanta 2000 Series System Manual
204
© 2002 ADTRAN, Inc.
61200361L1-1E
HTTP
HyperText Transfer Protocol is the protocol that carries requests from a browser to a Web server
and also transports Web pages from a Web server back to the requesting browser. HTTP is the
most universally used Web transfer protocol, but it is not inherently a secure protocol.
ICMP Redirect
Not necessarily a malicious condition, some routers generate a redirection message whenever a
packet is rerouted. If these messages become excessive or if some mischievous person is
generating these messages in an exponential fashion this condition can become invasive.
IP Reassembly
TCP/IP is a system of packet creation, packet disassembly, packet transmission, and packet
reassembly. An intruder sometimes tries to intervene in the reassembly process and insert bogus
extra or replacement segments.
IPSec
A method of providing secure communication (Internet Protocol security) over potentially
insecure network components such as intermediate routers. IPSec defines encryption,
authentication, and key management standards. IPSec protocols support transport mode and tunnel
mode operations.
IP Spoofing
Gaining access to a computer by pretending to be at a trusted IP address. By setting up a firewall,
all access must come through the firewall and pick up the only authorized address of the firewall
after adequate authentication is completed.
Land attacks
A special type of denial of service attack where an intruder or intruding program identifies a
source and direction of a particular packet and reverses (or swaps) these two IP addresses. This
kind of attack can range from being a nuisance, to being a tragic menace if it prevents the delivery
of an important document or message.
Masquerading
An unauthorized user assumes the identity of an authorized user.
Packet filtering
Is access control at the Internet Protocol layer. This includes accepting or rejecting (dropping)
frames of data based on source and destination addresses. This is a very basic filtering method that
does not include using passwords or authentication algorithms.
Ping of death
Is a denial of service attack that relies upon TCP/IP's difficulty handling unusually large ping
packets. If not protected, a system that receives an oversize ping packet may hang or crash.
Proxy server
A firewall component that manages Internet traffic to and from a network and provides other
features such as file caching and access control. A proxy server can also improve performance by
Page 205 / 210
NetVanta 2000 Series System Manual
Glossary
61200361L1-1E
© 2002 ADTRAN, Inc.
205
caching frequently requested web pages and can filter unauthorized user requests for access to files
or designated web sites.
Replay attack
Capturing and storing a password-included packet and then reissuing that packet in an attempt to
gain unauthorized access.
Routing Information Protocol
A protocol for exchanging routing information among gateways and other hosts.
Security Associations
Agreements or negotiations between two or more communicating parties. The details of these
agreements involve decisions on which keys and algorithms are going to be used, and when these
security elements are going to be changed.
Security Parameter Index (SPI)
An arbitrary 32-bit value that is assigned to an SA when it is first created. The SPI, when
combined with the destination IP address and security protocol (AH or ESP), uniquely identifies
the SA.
Source Routing
Source routing is a strict method of routing datagrams that uses a 32-bit header that embeds a
source address, a destination address, a type of service, and other constants and variables that
combine to protect the datagram from incorrect or failed routing.
SYN Flooding
Typically most systems process a queue of about 10 connections attempts (SYNs) at a time. A
malicious intruder who fabricates connection attempts and tries to “flood” a system is using a
denial of service attack known as SYN flooding.
Traffic Shaping
Is a process of minimizing the congestion of a stream of traffic at every connection, physical or
virtual. The net effect is to optimize the overall result.
Virtual Private Network (VPN)
Is a private connection that sends private data traffic over the Internet. This lets organizations
extend network service over the Internet to branch offices and remote users creating a private
WAN (Wide Area Network).

Rate

4 / 5 based on 1 vote.

Popular Adtran Models

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top