Glossary
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 183
PuTTY – A simple but excellent SSH and Telnet replacement for Windows 95/98/NT that happens to be free. Installation is
simple - you download PuTTY.exe and store it somewhere on your system that's convenient.
Qmail – A security-oriented Unix mailer daemon developed by Dan Bernstein.
RADIUS – RADIUS stands for Remote Authentication Dial-In User Service. RADIUS is a protocol with which the router
can obtain information for the user authentication from a central server.
RFC (Request For Comments) – A document of Internet Society under standardization. See also IETF.
RFC 921 – A policy statement on the implementation of the Domain Style Naming System on the Internet. RFC 921 details
the schedule for the implementation for the Domain Style Naming System in terms of 1) the names themselves, 2) the
method of translating names to addresses, and 3) the relationship between the Internet and the rest of the world.
RFC 953 – The official IETF specification of the Hostname Server Protocol, a TCP-based host information program and
protocol. The function of this server is to deliver machine-readable name/address information describing networks,
gateways, hosts, and eventually domains, within the Internet environment. To access this server from a program, establish a
TCP connection to port 101 (decimal) at the service host, SRI-NIC.ARPA (26.0.0.73 or 10.0.0.51).
RFC 1918 – An IETF standard for Address Allocation for Private Internets.
Rijndael (pronounced Rhine-doll) – A security standard for data encryption chosen as the proposed U.S. government AES
standard to protect sensitive data and to spur the digital economy, replacing DES. The RouteFinder uses Rijndael in the
SSH IPSec client software (refer to Appendix F of this manual).
Router (Gateway) – A router is a device that selects intelligent pathways for network packets. Strictly speaking, a gateway is
something different than a router, but in connection with TCP/IP, both terms are synonyms. To establish connections
throughout world and not just stay within one’s own network, one has to introduce this router (gateway) to one’s computer.
Normally, the highest address on the network 134.93.178.0 is the address 134.93.179.254 (since 134.93.179.255 is the
broadcast). Generally, a router is a node that forwards packets not addressed to itself. Requirements for a router are
defined in IETF RFC 1812.
RSA – A public key encryption and digital signature algorithm. It was invented by Ron Rivest, Adi Shamir, and Leonard
Adleman. The RSA algorithm was patented by RSA Security, but the patent expired in September 2000.
Rsync – A synchronization protocol that uses checksums to determine differences (as opposed to using modification dates)
and does a partial file transfer (transferring only the differences instead of entire files). Rsync was developed by Andrew
Tridgell and Paul Mackerras; the rsync daemon (rsyncd) provides an efficient, secure method for making files available to
remote sites.
Rules – The configuration settings used to set how packets are filtered. The rules are set with the network and service
definitions set up in the Networks & Services menu. When setting packet filter rules, the two basic types of security policies
are:
1. All packets are allowed through – the rules setup must be informed explicitly what is forbidden.
2. All packets are blocked – the rules setup needs information about which packets to let through.
This lets you explicitly define which packets may pass through the filter. All other packets are blocked and can be
displayed for viewing. See also "Filtering".
SA (Security Association) – A unidirectional connection created for security purposes. All traffic traversing an SA is
provided the same security processing. In IPSec, an SA is an Internet layer abstraction implemented via the use of an AH or
ESP. It contains data controlling how a transformation is applied to an IP packet. The data is determined using specially
defined SA management mechanisms. The data may be the result of an automated SA and key negotiation or it may be
defined manually. The SA is defined in IETF RFC 2401.
SCP (Secure copy) – The main purpose of SCP is the safe copying of files between local and remote computers. The
RouteFinder supports login using SCP. A Windows SCP client can be downloaded from http://winscp.vse.cz/eng/. WinSCP
is freeware SCP client for Windows 95/98/2000/NT using SSH (Secure shell). WinSCP manages some other actions with
files beyond the basic file copying function.
Secret Key – The key used both for encryption and decryption in secret-key cryptography.
Secure Channel – A communication medium that is safe from the threat of eavesdroppers.
Seed – A random bit sequence used to generate another, usually longer, pseudo-random bit sequence.
Security Policy – Enterprises should have a carefully planned set of statements in place regarding network protection. A
good corporate Internet security policy should define acceptable use, acceptable means of remote access, information types
and required encryption levels, firewall hardware and software management processes and procedures, non-standard
access guidelines, and a policy for adding new equipment to the network. New security protocols, new services, and
security software upgrades should also be considered. The purpose of a security policy is to define how an organization is
going to protect itself. The policy will generally require two parts: a general policy and specific rules (system specific policy).
The general policy sets the overall approach to security. The rules define what is and what is not allowed. The security policy
describes how data is protected, which traffic is allowed or denied, and who is able to use the network resources.