|
3DES
|
Triple DES encryption/decryption algorithm
|
|
AH
|
Authentication header. Provides authentication of the sender
and of data integrity.
|
|
CA
|
Certificate authority
|
|
DES
|
Data Encryption Standard encryption algorithm
|
|
DPD
|
Dead peer detection, which enables router to detect when communication
to remote peer has been disconnected. Also known as IKE keepalive.
|
|
DSS
|
Digital Signature Standard authentication algorithm
|
|
ESP
|
Encapsulating Security Payload, which provides data integrity,
data confidentiality and, optionally, sender's authentication
|
|
FQDN
|
Fully qualified domain name, which consists of the hostname
and domain name for a specific system
|
|
HMAC
|
Hashed Message Authentication Code
|
|
IKE
|
Internet Key Exchange
|
|
IKE endpoint
|
IP address of the entity that is one of two endpoints in an
IKE/ISAKMP SA.
|
|
Inbound traffic
|
In the context of a secure interface, already secured traffic
arriving on that interface (identified based on its SPI). This traffic
is cleared and checked against the security parameters set for that
interface.
|
|
IPSec
|
Internet Protocol Security
|
|
IPSec endpoint
|
IP address of the entity that is one of two endpoints in an
IPSec SA
|
|
ISAKMP
|
Internet Security Association and Key Management Protocol
|
|
ISAKMP SA
|
Security associations used to secure control channels between
security gateways. These are negotiated via IKE phase 1.
|
|
MDx
|
Message Digest hash algorithm
|
|
Nonce
|
A random value used to detect and protect against replay attacks
|
|
Outbound traffic
|
In the context of a secure interface, the clear traffic forwarded
to the interface (either by policy or by routing) that is typically
secured according to security parameters set for that interface.
|
|
PFS
|
Perfect forward secrecy
|
|
RSA
|
Rivest-Shamir-Adleman encryption algorithm
|
|
SA
|
Security association. The set of security parameters that dictate
how IPSec processes a packet, including encapsulation protocol and
session keys. A single secure tunnel uses multiple SAs.
|
|
Secure tunnel
|
A virtual connection between two security gateways used to exchange
data packets in a secure way. A secure tunnel is made up of a local
SA and a remote SA, where both are negotiated in the context of an
ISAKMP SA.
|
|
SHA
|
Secure Hash Algorithm
|
|
SPI
|
Security parameter index
|
|
VPN
|
Virtual private network
|
