Glossary
Multi-Tech RouteFinder RF650VPN User Guide
233
designed to optimize bandwidth utilization in supporting multiple simultaneous connections. MPPE uses
the RC4 algorithm, with either 40-bit or 128-bit keys, and all MPPE keys are derived from cleartext
authentication of the user password. The RouteFinder supports MPPE 40-bit/128-bit encryption.
Name Resolution
– The process of mapping a name into its corresponding address.
NAT (Network Address Translation)
– IP NAT is comprised of a series of IETF standards covering
various implementations of the IP Network Address Translator initially defined in IETF RFC 1631. NAT
translates multiple IP addresses on the private LAN to one public address that is sent out to the Internet.
This adds a level of security since the address of a PC connected to the private LAN is never transmitted
on the Internet.
Netfilter
– The Linux packet filter and network address translation (NAT) system that aims to reduce the
number of filter points and to separate the filtering function from the NAT function. Netfilter is derived from
the Linux ipchains and the Unix ipfilter packet filtering systems.
The RouteFinder uses a Linux 2.4 kernel (and, for example, iptables for the internal logic in the netfilter
code).
Network Card
– The Ethernet PC card used to connect the RouteFinder to the internal, external or DMZ
network (Aka, NIC or NIC card).
NIC (Network Interface Card)
– The Ethernet PC card used to connect the RouteFinder to the internal,
external or DMZ network (Aka, Network Card).
Nslookup
– A Unix program for accessing name servers. The main use is the display of IP names for a
given IP address and vice versa. Beyond that, other information can also be displayed (e.g., aliases).
Packet Filter
– An operation that blocks traffic based on a defined set of filter "rules" (e.g., IP address or
port number filtering).
PCT (Private Communications Technology)
–
A protocol developed by Microsoft that is considered
more secure than SSL2. (Note that some web sites may not support the PCT protocol.)
PING (Packet InterNet Groper)
– A program used to test reachability of destinations by sending them an
ICMP echo request and waiting for a reply. The term is also used as a verb: "Ping host X to see if it is
up!"
PKI (Public Key Infrastructure)
–
Consists of end entities that possess key pairs, certification
authorities, certificate repositories (directories), and all of the other components, software, and entities
required when using public key cryptography.
Plaintext
– Information (text) which has not been encrypted. (The opposite is ciphertext.)
PFS (Perfect Forward Secrecy)
– Refers to the notion that any single key being compromised will permit
access to only data protected by that single key. In order for PFS to exist, the key used
to protect transmission of data must not be used to derive any additional keys. If the key used to protect
transmission of data was derived from some other keying material, that material must
not be used to derive any more keys. Soemtimes referred to as Perfect Secret Forwarding,
PSF is a security method that ensures that the new key of a key exchange is in no way based on the
information of an old key and is therefore unambiguous. If an old key is found or calculated, no
conclusions can be drawn about the new key. On the RF650VPN, PFS is configured in VPN|IPSec
Configurations.
Policy
– The purpose of an IPSec Security Policy is to define how an organization is going to protect
itself. The policy will generally require two parts: a general policy and specific rules
(e.g., a system-specific policy). The general policy sets the overall approach to Security. The rules define
what is and what is not allowed. The Security Policy describes how data is protected, which traffic is
allowed or denied, and who can and cannot use various network resources.
Port
– Where as only the source and target addresses are required for transmission on the IP level, TCP
and UDP require further characteristics to be introduced that allow a differentiation of the separate
