Glossary
Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
183
DNS (Domain Name System)
(also
Domain Name Service
)
– Refers to the more user-friendly names, or
aliases instead of having to use computer-friendly IP addresses. Name servers take care of the conversion from
number to name. Every institution connected to the Internet must operate at least two independent name
servers that can give information about its names and numbers. Additionally, there is a name server for every
top-level domain that lists all the subordinate name servers of that domain. Thus the Domain Name System
represents a distributed
hierarchical database. Normally, however, the database is not accessed by the user
him-/herself, but by the network application that he/she is presently working with.
DDoS (Distributed Denial of Service)
– Attacks are a nefarious extension of DoS attacks because they are
designed as a coordinated attack from many sources simultaneously against one or more targets. See also
"DoS attacks".
DoS (Denial of Service) attacks
–
A major concern to the Internet community because they attempt to render
target systems inoperable and/or render target networks inaccessible. DoS attacks typically generate a large
amount of traffic from a given host or subnet and it's possible for a site to detect such an attack in progress and
defend themselves. See also "Distributed DoS attacks".
Encapsulation
– The technique used by layered protocols in which a layer adds header information to the
protocol data unit (PDU) from the layer above. For example, in Internet terminology, a packet would contain a
header from the physical layer, followed by a header from the datalink layer (e.g., Ethernet), followed by a
header from the network layer (IP), followed by a header from the transport layer (e.g. TCP), followed by the
application protocol data.
Encryption
– A form of security wherein readable data is changed to a form that is unreadable to unauthorized
users. Encryption involves the conversion of data into a secret code for transmission over a public network. The
original (plain) text is converted into coded form (called cipher text) using an encryption algorithm. The cipher
text is decoded (decrypted) at the receiving end, and is converted back into plain text.
ESP (Encapsulating Security Payload
)
– An authentication protocol much like AH. IP ESP may be applied in
combination with AH. Security services can be provided between a pair of communicating hosts, between a pair
of communicating security gateways, or between a security gateway and a host. ESP may be used to provide
the same security services as AH, plus it provides an encryption service. The main difference between the ESP
authentication method and the AH authentication method is that ESP does not protect any IP header fields
unless those fields are encapsulated by ESP (tunnel mode). ESP is important for the integrity and encryption of
datagrams. You can define ESP (and other protocols) for the RouteFinder from
VPN > IPSec
.
Expiration Date
–
Certificates and keys may have a limited lifetime, and expiration dates are used to monitor
and control their useful life.
Filter
– A set of rules that define what packets may pass through a network. Filters can use source, destination,
or protocol to determine whether to pass or discard a packet transmission. Part of a packet (the header) must
contain information that matches the information in the defined rules or else the packet filter will discard it.
Filtering
– The act or process of defining which data traffic is to be allowed between the network and hosts,
typically using packet filter rules. Filtering is the central part of firewall security. With packet filter rules, you
define which data traffic is allowed between the networks and hosts. You can also define particular packets to
be filtered and are not to be allowed to pass through the firewall. Several types of filtering exist (e.g., Protocol
filtering, port number filtering, URL address filtering, and IP address filtering).
Finger
– Windows NT and 2000 have a TCP/IP utility called
Finger
. This utility is an old TCP/IP tool (very
popular on UNIX systems) that matches an email address with the person who owns it and provides information
about that person. While the Finger utility is fairly old (there are more advanced tools available that perform the
same general function), it still works and can be a useful tool in certain situations.
The Finger utility was actually developed as the Finger Information Protocol. Finger was designed to provide an
interface to the Remote User Information Program (RUIP). RUIP provides information about users who have
accounts on UNIX-based computer networks. The Finger utility was created six years before the Internet was
born. The first documentation on the Finger utility was in IETF RFC742, dated December 1977. A popular
slogan promoting the phone book's yellow pages was "Let your fingers do the walking". The utility was
christened "Finger", since the utility was basically designed for tracking down people.
The Finger Information Protocol let UNIX users on college campuses create a profile, called a "Plan page",
which included personal and job-related information. A Plan page was similar to a personal home page on the
Internet today. So when someone "Fingered" your email address, they learned more about you. The Finger
utility is a command line tool, so in Windows NT or Windows 2000 you must first access a command-prompt
window to use it. You then type the command followed by an email address.
