Multi-Tech Systems RF600, RF660, RF760

Glossary

Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 179

ESP (Encapsulating Security Payload) – An authentication protocol much like AH. IP ESP may be applied in combination

with AH. Security services can be provided between a pair of communicating hosts, between a pair of communicating

security gateways, or between a security gateway and a host. ESP may be used to provide the same security services as

AH, plus it provides an encryption service. The main difference between the ESP authentication method and the AH

authentication method is that ESP does not protect any IP header fields unless those fields are encapsulated by ESP (tunnel

mode). ESP is important for the integrity and encryption of datagrams. You can define ESP (and other protocols) for the

RouteFinder from VPN > IPSec.

Expiration Date – Certificates and keys may have a limited lifetime, and expiration dates are used to monitor and control

their useful life.

Filter – A set of rules that define what packets may pass through a network. Filters can use source, destination, or protocol

to determine whether to pass or discard a packet transmission. Part of a packet (the header) must contain information that

matches the information in the defined rules or else the packet filter will discard it.

Filtering – The act or process of defining which data traffic is to be allowed between the network and hosts, typically using

packet filter rules. Filtering is the central part of firewall security. With packet filter rules, you define which data traffic is

allowed between the networks and hosts. You can also define particular packets to be filtered and are not to be allowed to

pass through the firewall. Several types of filtering exist (e.g., Protocol filtering, port number filtering, URL address filtering,

and IP address filtering).

Finger – Windows NT and 2000 have a TCP/IP utility called Finger. This utility is an old TCP/IP tool (very popular on UNIX

systems) that matches an email address with the person who owns it and provides information about that person. While the

Finger utility is fairly old (there are more advanced tools available that perform the same general function), it still works and

can be a useful tool in certain situations.

The Finger utility was actually developed as the Finger Information Protocol. Finger was designed to provide an interface to

the Remote User Information Program (RUIP). RUIP provides information about users who have accounts on UNIX-based

computer networks. The Finger utility was created six years before the Internet was born. The first documentation on the

Finger utility was in IETF RFC742, dated December 1977. A popular slogan promoting the phone book's yellow pages was

"Let your fingers do the walking". The utility was christened "Finger", since the utility was basically designed for tracking

down people.

The Finger Information Protocol let UNIX users on college campuses create a profile, called a "Plan page", which included

personal and job-related information. A Plan page was similar to a personal home page on the Internet today. So when

someone "Fingered" your email address, they learned more about you. The Finger utility is a command line tool, so in

Windows NT or Windows 2000 you must first access a command-prompt window to use it. You then type the command

followed by an email address.

Firewall – A device that serves to shield and thus protect a (partial) network (e.g., RouteFinder) from another network (e.g.

the Internet). The entire network traffic runs via the firewall where it can be controlled and regulated. Technically this can be

achieved in different ways. The use of special hardware firewalls is rare. More frequent is the use of routers with firewall

options. The most common is use of firewall software on a specially dedicated computer.

Gateway – A combination of hardware and software that links two different types of networks. E.g., gateways between email

systems allow users on different email systems to exchange messages.

Hacker – A person who tries to, and/or succeeds at defeating computer security measures.

Hacking Lexicon – The terms used by hackers; entire dictionaries exist to document hacking terms (e.g.,

http://www.robertgraham.com/pubs/hacking-dict.html). These documents clarify many of the terms used within the context of

information security (infosec).

Hash – A one-way security function that takes an input message of arbitrary length and produces a fixed-length digest.

Used in SHA (Secure Hash Algorithm).

Header – The portion of a packet, preceding the actual data, containing source and destination information. It may also error

checking and other fields. A header is also the part of an electronic mail message that precedes the body of a message and

contains, among other things, the message originator, date and time

Host – In client-server architectures, the computer on which the server software is running is called the host. It is possible for

several servers to be running on one host, e.g. one FTP server and one email server. Hosts can be accessed with the help

of clients, e.g. with a browser or an email program. As the expression server is used for the program (i.e. the software) as

well as for the computer on which the program is running (i.e. the hardware), server and host are not clearly separated in

practice. In data telecommunication the computer from which information (such as FTP flies, news, www pages) is fetched,

is called the host. A host is also called a node in the Internet. Using an Internet host (as opposed to a local host), it is

possible to work from a distance (remote access).

Host – A computer that allows users to communicate with other host computers on a network. Individual users

communicate by using application programs, such as electronic mail, Telnet, and FTP.