Wednesday, December 20, 2006

Networking Infrastructure Glossary

DES, 3DES (Data Encryption Standard, Triple DES) A standard method of encrypting and decrypting data. A DES key has a 64-bit value; 8 bits are used to check parity, 56 bits for the encryption algorithm. Triple DES uses three 56-bit keys, for a total of 168 bits.

Diffie-Hellman A public-key cryptography protocol, first published in the 1970s. It allows two parties to establish a shared secret over an insecure communications channel and is used within IKE to establish session keys.

ESP (Encapsulating Security Payload) An encryption and validation standard used with IPsec.

IKE (Internet Key Exchange) An automatic security negotiation and key management service, used with the IPsec protocols.

IPsec (IP Security) A widely used collection of security protocols developed and supported by the IETF (Internet Engineering Task Force), which allows for private and secure communications across the public Internet. Over 40 RFCs (requests for comments) specify authentication, encryption, and key management in IPsec.

L2TP (Layer 2 Tunneling Protocol) A merging of features from PPTP and Cisco's L2F. It is used to encapsulate PPP frames and transmit them across a TCP/IP network. As an IETF standard, L2TP is supported by many VPN providers

MPLS (MultiProtocol Label Switching) An IETF–defined protocol that is used in IP traffic management. Basically, it provides a means for one router to pass on its routing priorities to another router by means of a label and without having to examine the packet and its header, thus saving the time required for the latter device to look up the address for the next node. It can also facilitate Quality of Service (QoS).

PPP (Point-to-Point Protocol) A TCP/IP-based protocol used to transmit IP packets over serial point-to-point links.

PPTP (Point-to-Point Tunneling Protocol) A tunneling protocol developed by Ascend Communications, ECI Telecom, Microsoft, and U.S. Robotics that encapsulates PPP frames over TCP/IP networks. There is no standard implementation of PPTP.

RADIUS (Remote Authentication Dial-In User Service) A client/server protocol and software package that enables remote-access servers (VPN concentrators in this case) to communicate with a central server to authenticate dial-in users and authorize their access to the requested systems or services.

RSA The public-key cryptographic system developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. RSA is the most commonly used public-key encryption and authentication algorithm.

TACACS (Terminal Access Controller Access Control System) A protocol for authenticating users attempting to gain access to servers, networks, and remote-access servers. Similar to but less secure than RADIUS and TACACS+