TMS zl Management and Configuration Guide ST.1.2.100916
B-16
Glossary
IP reassembly
attack
An attack that degrades network performance by exploiting the network’s IP
reassembly guidelines.
IP spoofing Creating packets with a forged IP address. IP spoofing is used to conceal an
attacker’s IP address or to deceive network devices into thinking a packet
originated from a trusted IP address.
IPDS Another name for IDS/IPS.
IPS Intrusion Prevention System. A network device that can prevent network
attacks before they begin or stop an attack in progress.
IPS port map A list of which port(s) an application runs on.
IPsec Internet Protocol security. A suite of protocols that are used to establish a
VPN tunnel between devices that communicate over the Internet, thereby
protecting their data. For more information, see the IPsec Working Group
home page at http://www.ietf.org/html.charters/OLD/ipsec-charter.html.
IPsec certificate See certificate.
IPsec
encapsulation
The process by which an AH or ESP header is added to a packet to be sent over
an IPsec VPN.
IPsec policy The policy that the TMS zl Module uses to carry out IKE phase 2 when
negotiating an IPsec SA.
IPsec proposal This is the TMS zl Module's equivalent of a transform set, which is the combi-
nation of security protocols, algorithms, and other settings applied to IPsec
VPN traffic.
IPsec remote
access server
See IRAS.
IPsec SA An SA established with IPsec. See also VPN tunnel.
IPSecuritas A VPN client for Mac OS X.
IRAS IPsec Remote Access Server. The device that provides access to the target VPN
network. An IRAS is also known as a security gateway.
ISAKMP Internet Security Association and Key Management Protocol. The protocol
that defines the procedures for authenticating peers, creating and managing
security associations (SAs), key generation techniques, and threat mitigation.
ISN Initial Sequence Number. Negotiated in the first 2 steps of the 3-way hand-
shake, an ISN is the number given to the first packet in a TCP session.