1. Home
    2. /
  2. Manuals
    3. /
  3. Netopia
    4. /
  4. Netopia-3000
    5. /
  5. 31
Page 151 / 161 Scroll up to view Page 146 - 150
151
Appendix B
ESP
E
ncapsulation S
ecurity P
ayload (ESP) header provides confidentiality,
data origin authentication, connectionless integrity, anti-replay pro-
tection, and limited traffic flow confidentiality. It encrypts the contents
of the datagram as specified by the Security Association. The ESP
transformations encrypt and decrypt portions of datagrams, wrapping
or unwrapping the datagram within another IP datagram. Optionally,
ESP transformations may perform data integrity validation and com-
pute an Integrity Check Value for the datagram being sent. The com-
plete IP datagram is enclosed within the ESP payload.
Ethernet
crossover cable
See crossover cable.
-----F-----
FCS
Frame Check Sequence. Data included in frames for error control.
flow control
Technique using hardware circuits or control characters to regulate
the transmission of data between a computer (or other DTE) and a
modem (or other DCE). Typically, the modem has buffers to hold data;
if the buffers approach capacity, the modem signals the computer to
stop while it catches up on processing the data in the buffer. See CTS,
RTS, xon/xoff.
fragmentation
Process of breaking a packet into smaller units so that they can be
sent over a network medium that cannot transmit the complete packet
as a unit.
frame
Logical grouping of information sent as a link-layer unit. Compare
datagram, packet.
FTP
File Transfer Protocol. Application protocol that lets one IP node trans-
fer files to and from another node.
FTP server
Host on network from which clients can transfer files.
-----H-----
Hard MBytes
Setting the Hard MBytes parameter forces the renegotiation of the
IPSec Security Associations (SAs) at the configured Hard MByte value.
The value can be configured between 1 and 1,000,000 MB and refers
to data traffic passed.
Hard Seconds
Setting the Hard Seconds parameter forces the renegotiation of the
IPSec Security Associations (SAs) at the configured Hard Seconds value.
The value can be configured between 60 and 1,000,000 seconds
hardware handshake
Method of flow control using two control lines, usually Request to
Send (RTS) and Clear to Send (CTS).
HDLC
High-level Data Link Control.
HDSL
High-data-rate Digital Subscribe Line. Modems on either end of one
or more twisted pair wires that deliver T1 or E1 speeds. T1 requires
two lines and E1 requires three. Compare ADSL, SDSL.
header
The portion of a packet, preceding the actual data, containing source
and destination addresses and error-checking fields.
HMAC
H
ash-based
M
essage
A
uthentication
C
ode
hop
A unit for measuring the number of routers a packet has passed
through when traveling from one network to another.
hop count
Distance, measured in the number of routers to be traversed, from a
local router to a remote network. See metric.
hub
Another name for a repeater. The hub is a critical network element
that connects everything to one centralized point. A hub is simply a
box with multiple ports for network connections. Each device on the
network is attached to the hub via an Ethernet cable.
Downloaded from
www.Manualslib.com
manuals search engine
Page 152 / 161
152
Appendix B
-----I-----
IKE
I
nternet
K
ey
E
xchange protocol provides automated key management
and is a preferred alternative to manual key management as it pro-
vides better security. Manual key management is practical in a small,
static environment of two or three sites. Exchanging the key is done
through manual means. Because IKE provides automated key
exchange, it is good for larger, more dynamic environments.
INSPECTION
The best option for Internet communications security is to have an
SMLI firewall constantly inspecting the flow of traffic: determining
direction, limiting or eliminating inbound access, and verifying down
to the packet level that the network traffic is only what the customer
chooses. The Cayman Gateway works like a network super traffic cop,
inspecting and filtering out undesired traffic based on your security
policy and resulting configuration.
interface
A connection between two devices or networks.
internet address
IP address. A 32-bit address used to route packets on a TCP/IP net-
work. In dotted decimal notation, each eight bits of the 32-bit number
are presented as a decimal number, with the four octets separated by
periods.
IPCP
Internet Protocol Control Protocol. A network control protocol in PPP
specifying how IP communications will be configured and operated
over a PPP link.
IPSEC
A protocol suite defined by the Internet Engineering Task Force to
protect IP traffic at packet level. It can be used for protecting the data
transmitted by any service or application that is based on IP, but is
commonly used for VPNs.
ISAKMP
I
nternet
S
ecurity
A
ssociation and
K
ey
M
anagement
P
rotocol is a
framework for creating connection specific parameters. It is a protocol
for establishing, negotiating, modifying, and deleting SAs and pro-
vides a framework for authentication and key exchange. ISAKMP is a
part of the IKE protocol.
ISDN
Integrated Services Digital Network. A digital network with circuit and
packet switching for voice and data communications at data rates up
to 1.544 or 2.048 Mbps over telephone networks.
-----K-----
Key Management
The Key Management algorithm manages the exchange of security
keys in the IPSec protocol architecture. SafeHarbour supports the
standard
Internet Key Exchange (IKE)
-----L-----
LCP
Link Control Protocol. Protocol responsible for negotiating connection
configuration parameters, authenticating peers on the link, determin-
ing whether a link is functioning properly, and terminating the link.
Documented in RFC 1331.
LQM Link Quality
Monitoring
Optional facility that lets PPP make policy decisions based on the
observed quality of the link between peers. Documented in RFC 1333.
loopback test
Diagnostic procedure in which data is sent from a devices's output
channel and directed back to its input channel so that what was sent
can be compared to what was received.
Downloaded from
www.Manualslib.com
manuals search engine
Page 153 / 161
153
Appendix B
-----M-----
magic number
Random number generated by a router and included in packets it
sends to other routers. If the router receives a packet with the same
magic number it is using, the router sends and receives packets with
new random numbers to determine if it is talking to itself.
MD5
A 128-bit,
m
essage-
d
igest, authentication algorithm used to create
digital signatures. It computes a secure, irreversible, cryptographically
strong hash value for a document. Less secure than variant SHA-1.
metric
Distance, measured in the number of routers a packet must traverse,
that a packet must travel to go from a router to a remote network. A
route with a low metric is considered more efficient, and therefore
preferable, to a route with a high metric. See hop count.
modem
Modulator/demodulator. Device used to convert a digital signal to an
analog signal for transmission over standard telephone lines. A
modem at the other end of the connection converts the analog signal
back to a digital signal.
MRU
Maximum Receive Unit. The maximum packet size, in bytes, that a
network interface will accept.
MTU
Maximum Transmission Unit. The maximum packet size, in bytes, that
can be sent over a network interface.
MULTI-LAYER
The Open System Interconnection (OSI) model divides network traffic
into seven distinct levels, from the Physical (hardware) layer to the
Application (software) layer. Those in between are the Presentation,
Session, Transport, Network, and Data Link layers. Simple first and
second generation firewall technologies
inspect between 1 and 3 lay-
ers of the 7 layer model, while our SMLI engine inspects layers 2
through 7.
-----N-----
NAK
Negative acknowledgment. See ACK.
Name
The Name parameter refers to the name of the configured tunnel. This
is mainly used as an identifier for the administrator. The Name param-
eter is an ASCII and is limited to 31characters. The tunnel name is the
only IPSec parameter that does not need to match the peer gateway.
NCP
Network Control Protocol.
Negotiation Method
This parameter refers to the method used during the Phase I key
exchange, or IKE process. SafeHarbour supports Main or Aggressive
Mode. Main mode requires 3 two-way message exchanges while
Aggressive mode only requires 3 total message exchanges.
null modem
Cable or connection device used to connect two computing devices
directly rather than over a network.
-----P-----
packet
Logical grouping of information that includes a header and data.
Compare frame, datagram.
PAP
Password Authentication Protocol. Security protocol within the PPP
protocol suite that prevents unauthorized access to network services.
See RFC 1334 for PAP specifications. Compare CHAP.
parity
Method of checking the integrity of each character received over a
communication channel.
Peer External IP Address
The Peer External IP Address is the public, or routable IP address of the
remote gateway or VPN server you are establishing the tunnel with.
Downloaded from
www.Manualslib.com
manuals search engine
Page 154 / 161
154
Appendix B
Peer Internal IP Network
The Peer Internal IP Network is the private, or Local Area Network
(LAN) address of the remote gateway or VPN Server you are communi-
cating with.
Peer Internal IP Netmask
The Peer Internal IP Netmask is the subnet mask of the Peer Internal IP
Network.
PFS-DH
P
erfect
F
orward
S
ecrecy
D
iffie
H
ellman Group. PFS forces a DH negoti-
ation during Phase II of IKE-IPSec SA exchange. You can disable this or
select a DH group 1, 2, or 5. PFS is a security principle that ensures
that any single key being compromised will permit access to only data
protected by that single key. In PFS, the key used to protect transmis-
sion of data must not be used to derive any additional keys. If the key
was derived from some other keying material, that material must not
be used to derive any more keys.
PING
Packet INternet Groper. Utility program that uses an ICMP echo mes-
sage and its reply to verify that one network node can reach another.
Often used to verify that two hosts can communicate over a network.
PPP
Point-to-Point Protocol. Provides a method for transmitting datagrams
over serial router-to-router or host-to-network connections using
synchronous or asynchronous circuits.
Pre-Shared Key
The Pre-Shared Key is a parameter used for authenticating each side.
The value can be an ASCII or Hex and a maximum of 64 characters
.
Pre-Shared Key Type
The Pre-Shared Key Type classifies the Pre-Shared Key. SafeHarbour
supports
ASCII
or
HEX
types
protocol
Formal set of rules and conventions that specify how information can
be exchanged over a network.
PSTN
Public Switched Telephone Network.
-----R-----
repeater
Device that regenerates and propagates electrical signals between two
network segments. Also known as a hub.
RFC
Request for Comment. Set of documents that specify the conventions
and standards for TCP/IP networking.
RIP
Routing Information Protocol. Protocol responsible for distributing
information about available routes and networks from one router to
another.
RJ-45
Eight-pin connector used for 10BaseT (twisted pair Ethernet) net-
works.
route
Path through a network from one node to another. A large internet-
work can have several alternate routes from a source to a destination.
routing table
Table stored in a router or other networking device that records avail-
able routes and distances for remote network destinations.
RTS
Request to Send. Circuit activated in hardware flow control when a
computer (or other DTE) is ready to transmit data to a modem (or
other DCE). See CTS, xon/xoff.
-----S-----
SA Encrypt Type
SA Encryption Type refers to the symmetric encryption type. This
encryption algorithm will be used to encrypt each data packet. SA
Encryption Type values supported include
DES
,
3DES
,
CAST
and
Blow-
fish
.
SA Hash Type
SA Hash Type refers to the Authentication Hash algorithm used during
SA negotiation. Values supported include
MD5 SHA1
. N/A will display
if NONE is chose for Auth Protocol.
Downloaded from
www.Manualslib.com
manuals search engine
Page 155 / 161
155
Appendix B
Security Association
From the IPSEC point of view, an SA is a data structure that describes
which transformation is to be applied to a datagram and how. The SA
specifies:
• The authentication algorithm for AH and ESP
• The encryption algorithm for ESP
• The encryption and authentication keys
• Lifetime of encryption keys
• The lifetime of the SA
• Replay prevention sequence number and the replay bit table
An arbitrary 32-bit number called a Security Parameters Index (SPI), as
well as the destination host’s address and the IPSEC protocol identi-
fier, identify each SA. An SPI is assigned to an SA when the SA is nego-
tiated. The SA can be referred to by using an SPI in AH and ESP
transformations. SA is unidirectional. SAs are commonly setup as bun-
dles, because typically two SAs are required for communications. SA
management is always done on bundles (setup, delete, relay).
serial communication
Method of data transmission in which data bits are transmitted
sequentially over a communication channel
SHA-1
An implementation of the U.S. Government
S
ecure
H
ash
A
lgorithm; a
160-bit authentication algorithm.
SLIP
Serial Line Internet Protocol. Predecessor to PPP that allows communi-
cation over serial point-to-point connections running TCP/IP. Defined
in RFC 1055.
Soft MBytes
Setting the Soft MBytes parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Soft MByte value. The
value can be configured between
1 and 1,000,000 MB
and refers to data
traffic passed. If this value is not achieved, the Hard MBytes parameter
is enforced.
Soft Seconds
Setting the Soft Seconds parameter forces the renegotiation of the
IPSec Security Associations (SAs) at the configured Soft Seconds value.
The value can be configured between 60 and 1,000,000 seconds.
SPI
The
S
ecurity
P
arameter
I
ndex is an identifier for the encryption and
authentication algorithm and key. The SPI indicates to the remote fire-
wall the algorithm and key being used to encrypt and authenticate a
packet. It should be a unique number greater than 255.
STATEFUL
The Cayman Gateway monitors and maintains the state of any network
transaction. In terms of network request-and-reply, state consists of
the source IP address, destination IP address, communication ports,
and data sequence. The Cayman Gateway processes the stream of a
network conversation, rather than just individual packets. It verifies
that packets are sent from and received by the proper IP addresses
along the proper communication ports in the correct order and that no
imposter packets interrupt the packet flow. Packet filtering monitors
only the ports involved, while the Cayman Gateway analyzes the con-
tinuous conversation stream, preventing session hijacking and denial
of service attacks.
static route
Route entered manually in a routing table.
subnet mask
A 32-bit address mask that identifies which bits of an IP address rep-
resent network address information and which bits represent node
identifier information.
synchronous
communication
Method of data communication requiring the transmission of timing
signals to keep PPP peers synchronized in sending and receiving
blocks of data.
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4 / 5 based on 1 vote.

Popular Netopia Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top