Glossary
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
181
LILO (LInux LOader)
– LILO is a small program that sits on the master boot record of a hard drive or on the boot sector of a
partition. LILO is used to start the loading process of the Linux kernel. (There are other programs that can also do this, such
as
grub
. Most distributions/versions of Linux use LILO.) You can set up lilo to require a password to start to load the Linux
kernel, or you can set it up to require a password if you want to pass any extra options to the Linux kernel before it starts
loading.
Mapping
– Logically associating one set of values (such as addresses on one network) with values or quantities on another
set (such as devices on another network). Examples include name-address mapping, inter-network route mapping, and
DNAT port mapping. Name resolution (name to address mapping) is another example.
Masquerading
– The concealing of internal network information (LAN) form the outside. For example, the computer of a
colleague with the IP address is inside a masked network. All the computers inside his network are assigned one single,
official IP address (i.e. if he starts an HTTP request into the Internet, his IP address is replaced by the IP address of the
external network card). This way, the data packet entering the external network (Internet) contains no internal information.
The answer to the request is recognized by the firewall and diverted to the requesting computer.
MD5 (Message Digest 5)
– A one-way hashing algorithm that produces a 128-bit hash. It computes a secure, irreversible,
cryptographically strong hash value for a document. The MD5 algorithm is documented in IETF RFC 1321.
Message Digests
– Mathematical functions (aka, one-way hashes) that are easy to compute but nearly impossible to
reverse. The message digest serves as a "fingerprint" for data. As such, it is an element of most data security mechanisms
(e.g., Digital Signatures, SSL, etc.). The hashing function takes variable-length data as input, performs a function on it, and
generates a fixed-length hash value.
MPPE (Microsoft Point-to-Point Encryption)
– An encryption technology developed by Microsoft to encrypt point-to-point
links. The PPP connections can be over a VPN tunnel or over a dial-up line. MPPE is a feature of Microsoft's MPPC scheme
for compressing PPP packets. The MPPC algorithm was designed to optimize bandwidth utilization in supporting multiple
simultaneous connections. MPPE uses the RC4 algorithm, with either 40-bit or 128-bit keys, and all MPPE keys are derived
from clear text authentication of the user password. The RouteFinder supports MPPE 40-bit/128-bit encryption.
Name Resolution
– The process of mapping a name into its corresponding address.
NAT (Network Address Translation)
– IP NAT is comprised of a series of IETF standards covering various
implementations of the IP Network Address Translator. NAT translates multiple IP addresses on the private LAN to one
public address that is sent out to the Internet. This adds a level of security since the address of a PC connected to the
private LAN is never transmitted on the Internet.
Netfilter
–
The Linux packet filter and network address translation (NAT) system that aims to reduce the number of filter
points and to separate the filtering function from the NAT function. Netfilter is derived from the Linux
ipchains
and the Unix
ipfilter
packet filtering systems. The RouteFinder uses a Linux 2.4 kernel (and, for example,
iptables
for the internal logic in
the netfilter code).
Network Card
– The Ethernet PC card used to connect the RouteFinder to the internal, external or DMZ network (aka: NIC
or NIC card).
NIC
(
Network Interface Card
)
– The Ethernet PC card used to connect the RouteFinder to the internal, external or DMZ
network (aka, Network Card).
Nslookup
– A Unix program for accessing name servers. The main use is the display of IP names for a given IP address
and vice versa. Beyond that, other information can also be displayed (e.g., aliases).
Packet Filter
– An operation that blocks traffic based on a defined set of filter "rules" (e.g., IP address or port number
filtering).
PCT
(
Private Communications Technology
)
–
A protocol developed by Microsoft that is considered more secure than
SSL2. (Note that some web sites may not support the PCT protocol.)
PING
(
Packet InterNet Groper
)
– A program to test reachability of destinations by sending an ICMP echo request and
waiting for a reply. The term is also used as a verb: "Ping host X to see if it is up."
PKI
(
Public Key Infrastructure
)
–
Consists of end entities that possess key pairs, certification authorities, certificate
repositories (directories), and all of the other components, software, and entities required when using public key
cryptography.
Plaintext
– Information (text) which has not been encrypted. (The opposite is ciphertext.)
PFS
(
Perfect Forward Secrecy
)
– Refers to the notion that any single key being compromised will permit access to only
data protected by that single key. In order for PFS to exist, the key used to protect transmission of data must not be used to
derive any additional keys. If the key used to protect transmission of data was derived from some other keying material, that
material must not be used to derive any more keys. Sometimes referred to as Perfect Secret Forwarding,
PSF
is a security
method that ensures that the new key of a key exchange is in no way based on the information of an old key and is therefore
unambiguous. If an old key is found or calculated, no conclusions can be drawn about the new key. On the RouteFinder,
PFS is configured in
VPN >
IPSec
.