Appendix B – Terminology
172
Extranet
A private network that uses the public Internet to securely share
business information and operations with suppliers, vendors, partners,
customers, or other businesses. Extranets add external parties to a
company's intranet.
Failover
A method for detecting that the main Internet connection (usually a
broadband connection) has failed and the CyberGuard SG apliance
cannot communicate with the Internet. If this occurs, the CyberGuard
SG appliance automatically moves to a lower speed, secondary
Internet connection.
Fall-forward
A method for shutting down the failover connection when the main
Internet connection can be re-established.
Firewall
A network gateway device that protects a private network from users on
other networks. A firewall is usually installed to allow users on an
intranet access to the public Internet without allowing public Internet
users access to the intranet.
Gateway
A machine that provides a route (or pathway) to the outside world.
Hashes
A code, calculated based on the contents of a message. This code
should have the property that it is extremely difficult to construct a
message so that its Hash comes to a specific value.Hashes are useful
because they can be attached to a message, and demonstrate that it
has not been modified. If a message were to be modified, then its hash
would have changed, and would no longer match the original hash
value.
Hub
A network device that allows more than one computer to be connected
as a LAN, usually using UTP cabling.
IDB
Intruder Detection and Blocking. A feature of your CyberGuard SG
appliance that detects connection attempts from intruders and can also
optionally block all further connection attempts from the intruder's
machine.
Internet
A worldwide system of computer networks - a public, cooperative, and
self-sustaining network of networks accessible to hundreds of millions
of people worldwide. The Internet is technically distinguished because
it uses the TCP/IP set of protocols.
Intranet
A private TCP/IP network within an enterprise.
IP Compression
A good encryption algorithm produces ciphertext that is evenly
distributed. This makes it difficult to compress. If one wishes to
compress the data it must be done prior to encrypting. The IPcomp
header provides for this. One of the problems of tunnel mode is that it
adds 20 bytes of IP header, plus 28 bytes of ESP overhead to each
packet. This can cause large packets to be fragmented. Compressing
the packet first may make it small enough to avoid this fragmentation.
IPSec
Internet Protocol Security. IPSec provides interoperable, high quality,
cryptographically-based security at the IP layer and offers protection for
network communications.