Glossary

EAP

Extensible Authentication Protocol. A protocol for wireless networks that expands on Authentication

 

methods used by the PPP (Point-to-Point Protocol), a protocol often used when connecting a computer

 

to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart

 

cards, certificates, one-time passwords, and Public Key Encryption authentication.

EAP-MD5

EAP-TLS

Extensible Authentication Protocol-Message Digest 5. An EAP security algorithm developed by RSA Security that uses a 128-bit generated number string, or hash, to verify the authenticity of a data communication.

Extensible Authentication Protocol-Translation Layer Security. A high-security version of EAP that requires authentication from both the client and the server. If one of them fails to offer the appropriate authenticator, the connection is terminated. Used to create a secured connection for 802.1X by preinstalling a digital certificate on the client computer. EAP-TLS is the protocol that serves for mutual authentication and integrity-protected cipher suite negotiation and key exchange between a client and server. Both the client and the server use X.509 certificates to verify their identities to each other.

F

false rejects

FTP

filter

filtering router

firewall

fragmentation

frames

full duplex

fully-qualified domain name

When an authentication system fails to recognize a valid user.

File Transfer Protocol . A TCP/IP protocol specifying the transfer of text or binary files across the network.

Used to specify which packets will or will not be used. It can be used in sniffers to determine which packets get displayed, or by firewalls to determine which packets get blocked.

An inter-network router that selectively prevents the passage of data packets according to a security policy. A filtering router may be used as a firewall or part of a firewall. A router usually receives a packet from a network and decides where to forward it on a second network. A filtering router does the same, but first decides whether the packet should be forwarded at all, according to some security policy. The policy is implemented by rules (packet filters) loaded into the router.

A TCP/IP Fragmentation Attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media. The TCP packet (and its header) are carried in the IP packet. In this attack the second fragment contains incorrect offset. When packet is reconstructed, the port number will be overwritten.

The process of storing a data file in several "chunks" or fragments rather than in a single contiguous sequence of bits in one place on the storage medium.

Data that is transmitted between network points as a unit complete with addressing and necessary protocol control information. A frame is usually transmitted serial bit by bit and contains a header field and a trailer field that "frame" the data. (Some control frames contain no data.)

A type of duplex communications channel which carries data in both directions at once. Refers to the transmission of data in two directions simultaneously. Communications in which both sender and receiver can send at the same time.

A server name with a hostname followed by the full domain name.

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

 

OL-24201-01

 

 

GL-9

 

 

 

 

 

Page 629
Image 629
Cisco Systems OL-24201-01 manual GL-9, Ftp