Page 326 / 351 Scroll up to view Page 321 - 325
326
modem.
Modulator/demodulator. Device used to convert a dig-
ital signal to an analog signal for transmission over standard
telephone lines. A modem at the other end of the connection
converts the analog signal back to a digital signal.
MRU.
Maximum Receive Unit. The maximum packet size, in
bytes, that a network interface will accept.
MTU.
Maximum Transmission Unit. The maximum packet size,
in bytes, that can be sent over a network interface.
MULTI-LAYER.
The Open System Interconnection (OSI) model
divides network traffic into seven distinct levels, from the Physi-
cal (hardware) layer to the Application (software) layer. Those in
between are the Presentation, Session, Transport, Network,
and Data Link layers. Simple first and second generation fire-
wall technologies
inspect between 1 and 3 layers of the 7 layer
model, while our SMLI engine inspects layers 2 through 7.
-----N-----
NAK.
Negative acknowledgment. See ACK.
Name.
The Name parameter refers to the name of the config-
ured tunnel. This is mainly used as an identifier for the adminis-
trator. The Name parameter is an ASCII and is limited to 31
characters. The tunnel name is the only IPSec parameter that
does not need to match the peer gateway.
NCP.
Network Control Protocol.
Negotiation Method.
This parameter refers to the method
used during the Phase I key exchange, or IKE process. SafeHar-
bour supports Main or Aggressive Mode. Main mode requires 3
Page 327 / 351
327
two-way message exchanges while Aggressive mode only
requires 3 total message exchanges.
null modem.
Cable or connection device used to connect two
computing devices directly rather than over a network.
-----P-----
packet.
Logical grouping of information that includes a header
and data. Compare frame, datagram.
PAP.
Password Authentication Protocol. Security protocol within
the PPP protocol suite that prevents unauthorized access to
network services. See RFC 1334 for PAP specifications. Com-
pare CHAP.
parity.
Method of checking the integrity of each character
received over a communication channel.
Peer External IP Address.
The Peer External IP Address is the
public, or routable IP address of the remote gateway or VPN
server you are establishing the tunnel with.
Peer Internal IP Network.
The Peer Internal IP Network is the
private, or Local Area Network (LAN) address of the remote
gateway or VPN Server you are communicating with.
Peer Internal IP Netmask.
The Peer Internal IP Netmask is the
subnet mask of the Peer Internal IP Network.
PFS Enable.
Enable
P
erfect
F
orward
S
ecrecy. PFS forces a DH
negotiation during Phase II of IKE-IPSec SA exchange. You can
disable this or select a DH group 1, 2, or 5. PFS is a security
principle that ensures that any single key being compromised
will permit access to only data protected by that single key. In
Page 328 / 351
328
PFS, the key used to protect transmission of data must not be
used to derive any additional keys. If the key was derived from
some other keying material, that material must not be used to
derive any more keys.
PING.
Packet INternet Groper. Utility program that uses an
ICMP echo message and its reply to verify that one network
node can reach another. Often used to verify that two hosts can
communicate over a network.
PPP.
Point-to-Point Protocol. Provides a method for transmitting
datagrams over serial router-to-router or host-to-network con-
nections using synchronous or asynchronous circuits.
Pre-Shared Key.
The Pre-Shared Key is a parameter used for
authenticating each side. The value can be an ASCII or Hex and
a maximum of 64 characters
.
Pre-Shared Key Type.
The Pre-Shared Key Type classifies the
Pre-Shared Key. SafeHarbour supports
ASCII
or
HEX
types
protocol.
Formal set of rules and conventions that specify how
information can be exchanged over a network.
PSTN.
Public Switched Telephone Network.
-----R-----
repeater.
Device that regenerates and propagates electrical
signals between two network segments. Also known as a hub.
RFC.
Request for Comment. Set of documents that specify the
conventions and standards for TCP/IP networking.
Page 329 / 351
329
RIP.
Routing Information Protocol. Protocol responsible for dis-
tributing information about available routes and networks from
one router to another.
RJ-11.
Four-pin connector used for telephones.
RJ-45.
Eight-pin connector used for 10BaseT (twisted pair
Ethernet) networks.
route.
Path through a network from one node to another. A
large internetwork can have several alternate routes from a
source to a destination.
routing table.
Table stored in a router or other networking
device that records available routes and distances for remote
network destinations.
-----S-----
SA Encrypt Type.
SA Encryption Type refers to the symmetric
encryption type. This encryption algorithm will be used to
encrypt each data packet. SA Encryption Type values supported
include
DES
and
3DES
.
SA Hash Type.
SA Hash Type refers to the Authentication
Hash algorithm used during SA negotiation. Values supported
include
MD5 SHA1
. N/A will display if NONE is chose for Auth
Protocol.
Security Association.
From the IPSEC point of view, an SA is
a data structure that describes which transformation is to be
applied to a datagram and how. The SA specifies:
The authentication algorithm for AH and ESP
The encryption algorithm for ESP
Page 330 / 351
330
The encryption and authentication keys
Lifetime of encryption keys
The lifetime of the SA
Replay prevention sequence number and the replay bit table
An arbitrary 32-bit number called a Security Parameters Index
(SPI), as well as the destination host’s address and the IPSEC
protocol identifier, identify each SA. An SPI is assigned to an SA
when the SA is negotiated. The SA can be referred to by using
an SPI in AH and ESP transformations. SA is unidirectional. SAs
are commonly setup as bundles, because typically two SAs are
required for communications. SA management is always done
on bundles (setup, delete, relay).
serial communication.
Method of data transmission in which
data bits are transmitted sequentially over a communication
channel
SHA-1.
An implementation of the U.S. Government
S
ecure
H
ash
A
lgorithm; a 160-bit authentication algorithm.
Soft MBytes.
Setting the Soft MBytes parameter forces the
renegotiation of the IPSec Security Associations (SAs) at the
configured Soft MByte value. The value can be configured
between
1 and 1,000,000 MB
and refers to data traffic passed.
If this value is not achieved, the Hard MBytes parameter is
enforced.
Soft Seconds.
Setting the Soft Seconds parameter forces the
renegotiation of the IPSec Security Associations (SAs) at the
configured Soft Seconds value. The value can be configured
between 60 and 1,000,000 seconds.

Rate

4 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top