User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550

281

282

283

284

285

286

287

288

289

290

Appendix A – Terminology

279

NTP Network Time Protocol (NTP) used to synchronize clock times in a

network of computers.

Oakley Group See Diffie-Hellman Group or Oakley Group.

PAT Port Address Translation. The translation of a port number used on

one network to a port number on another network.

PEM, DER,

PCKS#12

PCKS#07

These are all certificate formats.

Perfect Forward

Secrecy

A property of systems such as Diffie-Hellman key exchange which use

a long-term key (such as the shared secret in IKE) and generate short-

term keys as required. If an attacker who acquires the long-term key

provably can neither read previous messages which he may have

archived nor read future messages without performing additional

successful attacksthen the system has PFS. The attacker needs the

short-term keys in order to read the traffic and merely having the long-

term key does not allow him to infer those. Of course, it may allow him

to conduct another attack (such as man-in-the-middle) which gives him

some short-term keys, but he does not automatically get them just by

acquiring the long-term key.

Phase 1 Sets up a secure communications channel to establish the encrypted

tunnel in IPSec.

Phase 2 Sets up the encrypted tunnel in IPSec.

PPP Point-to-Point Protocol. A networking protocol for establishing simple

links between two peers.

PPPoE Point to Point Protocol over Ethernet. A protocol for connecting users

on an Ethernet to the Internet using a common broadband medium

(e.g. single DSL line, wireless device, cable modem, etc).

PPTP Point to Point Tunneling Protocol. A protocol developed by Microsoft™

that is popular for VPN applications. Although not considered as

secure as IPSec, PPP is considered "good enough" technology.

Microsoft has addressed many flaws in the original implementation.

Preshared secret A common secret (passphrase) that is shared between the two parties.

Quick Mode This Phase 2 keying mode automatically exchanges encryption and

authentication keys that actually establishes the encrypted tunnel.

Rekeying The process of renegotiating a new set of keys for encryption and

authentication.

Road warrior A remote machine with no fixed IP address.

Router A network device that moves packets of data. A router differs from

hubs and switches because it is "intelligent" and can route packets to

their final destination.

RSA Digital

Signatures

A public/private RSA key pair used for authentication. The SG unit can

generate these key pairs. The public keys need to be exchanged

between the two parties in order to configure the tunnel.