Glossary

certificate-based authentication

certificate

CGI

CHAP

challenge-response

The use of Secure Sockets Layer (SSL) and certificates to authenticate and encrypt HTTP traffic.

Digital representation of user or device attributes, including a public key, that is signed with an authoritative private key.

common gateway interface. This mechanism is used by HTTP servers (web servers) to pass parameters to executable scripts in order to generate responses dynamically.

Challenge-Handshake Authentication Protocol. A protocol that uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks.

CHAP is an authentication technique where after a link is established, a server sends a challenge to the requestor. The requestor responds with a value obtained by using a one-way hash function. The server checks the response by comparing it its own calculation of the expected hash value. If the values match, the authentication is acknowledged otherwise the connection is usually terminated.

A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). Most security systems that rely on smart cards are based on challenge-response. A user is given a code (the challenge) which he or she enters into the smart card. The smart card then displays a new code (the response) that the user can present to log in.

checksum

cipher

A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.

A cryptographic algorithm for Encryption and Decryption. The method used to transform a readable message (called plaintext or cleartext) into an unreadable, scrambled, or hidden message (called ciphertext).

ciphertext

The encrypted form of the message being sent. Ciphertext is data that has been encrypted. It is the

 

 

 

 

 

 

output of the encryption process and can be transformed back into a readable form (plaintext) with the

 

 

 

 

 

 

appropriate decryption key.

client

A system entity that requests and uses a service provided by another system entity, called a "server." In

 

 

 

 

 

 

some cases, the server may itself be a client of some other server.

client/server

Describes the relationship between two computer programs in which one program, the client, makes a

 

 

 

 

 

 

service request from another program, the server, which fulfills the request. Although the client/server

 

 

 

 

 

 

idea can be used by programs within a single computer, it is a more important idea in a network. In a

 

 

 

 

 

 

network, the client/server model provides a convenient way to interconnect programs that are

 

 

 

 

 

 

distributed efficiently across different locations.

collision

Occurs when multiple systems transmit simultaneously on the same wire.

command sets

Contains a set of permitted commands for TACACS+ based, per-command authorization.

community string

A character string used to identify valid sources for Simple Network Management Protocol (SNMP)

 

 

 

 

 

 

requests, and to limit the scope of accessible information. Ravlin units use a community string, such as

 

 

 

 

 

 

a password, allowing only a limited set of management stations to access its MIB.

computer network

A collection of host computers together with the sub-network or inter-network through which they can

 

 

 

 

 

 

exchange data.

confidentiality

The need to ensure that information is disclosed only to those who are authorized to view it.

 

 

 

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

 

 

 

 

 

GL-4

 

 

 

 

OL-24201-01

 

 

 

 

 

 

 

Page 623 Page 625
Page 624
Image 624
Cisco Systems OL-24201-01 manual GL-4
Page 623 Page 625
Top Page Image Contents