Angenieux 1270A450-005 user manual Security Terms, Other Terms

Authenticate Management Data - The Datacryptor Ethernet uses the HMAC keyed hash variant of the SHA-1(Secure Hash Algorithm) to authenticate management data using SNMP v3.

Security Terms

Diffie-Hellman– Diffie-Hellman is a method for key exchange that allows two autonomous systems to exchange a secret key over an untrusted network without prior secrets. Diffie- Hellman groups define the strength supplied to the Diffie-Hellman calculation for the later creation of keys by the peers. Three of the five available groups are generated from modulo function (MODP) calculations and the leveraging of very large prime numbers.

Peer – A peer is a Datacryptor that acts as a tunnel endpoint. A peer encrypts or decrypts data, adding or stripping away headers, respectively.

Other Terms

Layer2 -The Datacryptor Ethernet is designed to work as a Layer two encryptor.

The addressing scheme is physical i.e. the addresses are MAC (Media Access Control) addresses hard coded into a device at the time of manufacture. It is generally a 48-bit address which is usually displayed in hexadecimal format as six two digit parts 01-0B-3B-18-00-CA.

It should be noted that when the unit is operating in the Tunneling mode the peer unit MAC address must be obtained and entered in the box provided on the relevant property tab.

Frame Checksum (FCS) - FCS is an error detection system based on the numerical value of the number of set bits in the Frame (packet). This value is transmitted alongside the message, and the receiving device then applies the same criteria and compares the two values.

Auto-negotiation - Auto-negotiation was devised to address the need for multi-speed devices on a network to operate at the optimum settings. It achieves this by taking control of the connection medium and detecting the various mode options available in the device on the other end, while also advertising its own capabilities. Thus it enables the connection to configure the highest performance mode of interoperation.

Note: The Datacryptor 1 Gig Ethernet only supports I000 Mbps full duplex, and the 10 Gig Ethernet unit only supports I0,000 Mbps full duplex. The 100 Mb Ethernet unit can be set to run at speeds of I0 Mbps and I00 Mbps.

The 10 Gig Ethernet unit does not support Auto-negotiation.

Jumbo frames - Jumbo frame is the name given to frames larger than the standard Ethernet MTU of 1500 bytes. The Datacryptor Ethernet encryptor does not have an MTU limit and will therefore allow Jumbo frames. Frame size is only limited if fragmentation is enabled.

Multiprotocol Label Switching – MPLS is a solution to the question of many of the earlier network problems such as speed, scalability and quality of service. This is achieved by the defining of paths across the network by the addition of label information to a packet to aid routing etc. It is referred to as multi-protocol because it supports a number of communication methods such as IP, Frame Relay and ATM. The Datacryptor Ethernet unit is transparent to this operation as long as the equipment is being deployed in a point-to-point environment.