129
Fortress : Glossary
Bridge GUI The browser-based graphical user interface through which the Fortress Secure Wireless
Access Bridge is configured and managed, locally or remotely.
CCITT Comite Consultatif Internationale de Telegraphie et Telephonie, former name of the
ITU-T.
client
In the Fortress Controller FISh (command-line) interface and front-panel LCD, devices
on the encrypted (WLAN) side of the network and running the Fortress Secure Client.
In the Fortress Gateway FISh (command-line) interface, devices on the unencrypted
(LAN) side of Gateway.
In client-server architecture, an application that relies on another, shared application
(server) to perform some of its functions, typically for an end-user device.
Client Refer to
Fortress Secure Client.
controller A device that controls data transfer between a computer and a peripheral device.
Controller Refer to
Fortress Security Controller.
Controller GUI The browser-based graphical user interface through which the Fortress Security Con-
troller is configured and managed, locally or remotely.
Crypto Officer password A FIPS-defined term—sometimes,
Crypto password—the a
dministrator password in For-
tress devices in FIPS-enabled operating mode.
Data Link Layer Refer to
DLC
.
DES Data Encryption Standard—formerly, a FIPS-approved NIST standard for data encryp-
tion using 64 bits (56-bit encryption, 8 parity bits). NIST withdrew its FIPS-approval for
DES on May 19, 2005.
device authentication
In Fortress Technologies products, the means by which MaPS/ACS controls network
access at the level of individual devices, tracking them via their generated Device IDs
and providing the network administrator tools to explicitly allow and disallow them on
the network; one of the factors in Fortress’s Multi-factor Authentication™.
Device ID
In Fortress Technologies products, a 16-digit hexadecimal value generated for, and
unique to each, Fortress controller device and Secure Client device on the Fortress-
secured network. Device IDs are used for
device authentication and are neither modifi-
able nor transferable.
DHCP
Dynamic Host Configuration Protocol—an Internet protocol describing a method for
flexibly assigning device IP addresses from a defined pool of available addresses as
each networked device comes online, through a client-server architecture. DHCP is an
alternative to a network of fixed IP addresses.
Diffie-Hellman key establishment A protocol by which two parties with no prior knowledge of one another can agree upon
a shared secret key for symmetric key encryption of data over an insecure channel.
Also,
Diffie-Hellman-Merkle key establishment;
exponential key exchange.
DLC Data Link Control—the second lowest network layer in the OSI Model, also referred to
as the
Data Link Layer,
OSI Layer 2 or simply
Layer 2. The DLC layer contains two sub-
layers: the MAC and LLC layers.
DMZ Demilitarized Zone—in IT, a computer (or subnet) loca ted between the priv ate LAN a nd
a public network, usually the Internet.
DoD Department of Defense
EAP Extensible Authentication Protocol—defined by RFC 2284, a general protocol for user
authentication. EAP is implemented by a number of authentication services, including
RADIUS.
EAP-MD5 An EAP security algorithm developed by RSA Security® that uses a 128-bit generated
number string, or hash, to verify the authenticity of a data transfers.
EAP-TLS EAP-Transport Layer Security—a Point-to-Point Protocol (PPP) extension supporting
mutual authentication, integrity-protected cipher suite negotiation, and key exchange
between two endpoints, within PPP.
EAP-TTLS EAP-Tunneled TLS—An EAP-TLS protocol developed by Funk and Certicom that uses
TLS to establish a secure connection between a client and server.