User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550

271

272

273

274

275

276

277

278

279

280

Appendix A – Terminology

276

Certificates A digitally signed statement that contains information about an entity

and the entity's public key, thus binding these two pieces of information

together. A certificate is issued by a trusted organization (or entity)

called a Certification Authority (CA) after the CA has verified that the

entity is who it says it is.

Certificate

Authority

A Certificate Authority is a trusted third party, which certifies public

key's to truly belong to their claimed owners. It is a key part of any

Public Key Infrastructure, since it allows users to trust that a given

public key is the one they wish to use, either to send a private message

to its owner or to verify the signature on a message sent by that owner.

Certificate

Revocation List

A list of certificates that have been revoked by the CA before they

expired. This may be necessary if the private key certificate has been

compromised or if the holder of the certificate is to be denied the ability

to establish a tunnel to the SG unit.

Data Encryption

Standard (DES)

The Data Encryption Standard is a block cipher with 64-bit blocks and a

56-bit key.

Dead Peer

Detection

The method of detecting if the remote party has a stale set of keys and

if the tunnel requires rekeying. To interoperate with the SG unit, it must

conform to the draft draft-ietf-ipsec-dpd-00.txt

DHCP Dynamic Host Configuration Protocol. A communications protocol that

assigns IP addresses to computers when they are connected to the

network.

Diffie-Hellman

Group or Oakley

Group

The groups used as the basis of Diffie-Hellman key exchange in the

Oakley protocol, and in IKE.

Diffie-Hellman

Key Exchange

A protocol that allows two parties without any initial shared secret to

create one in a manner immune to eavesdropping. Once they have

done this, they can communicate privately by using that shared secret

as a key for a block cipher or as the basis for key exchange.

Distinguished

Name

A list of attributes that defines the description of the certificate. These

attributes include: country, state, locality, organization, organizational

unit and common name.

DNS Domain Name System that allocates Internet domain names and

translates them into IP addresses. A domain name is a meaningful and

easy to remember name for an IP address.

DUN Dial Up Networking.

Encapsulating

Security Payload

(ESP)

Encapsulated Security Payload is the IPSec protocol which provides

encryption and can also provide authentication service.

Encryption The technique for converting a readable message (plaintext) into

apparently random material (ciphertext) which cannot be read if

intercepted. The proper decryption key is required to read the

message.

Ethernet A physical layer protocol based upon IEEE standards.