|
Security
Terms/Acronyms
Today we'll take
a look at some of the terms associated with security related technologies. Some
terms have been, or will be, covered in their own Networking Tip.
Firewall
A firewall is a combination of hardware and software that protects the
resources of a private network from internal and external attacks. The primary
purpose of a firewall is to provide a point of entry where protection can be
applied. It limits access between protected and unprotected networks by looking
at each incoming packet and allowing authorized addresses through while
rejecting unknown or suspicious addresses. Firewalls are commonly used in LAN
environments connected to the Internet.
VPN
A virtual private network (VPN) is a private network constructed across a
public network such as the Internet. A VPN can be made secure, even though it is
using existing Internet connections to carry data communication. Security
measures involve encrypting data before sending it across the Internet and
decrypting the data at the other end. An additional level of security can be
added by encrypting the originating and receiving network address.
PKI
A public key infrastructure (PKI) combines software, encryption technologies,
and services to allow information to be sent across an unsecure network, like
the Internet, securely and privately. Public key encryption uses two keys to
encrypt and decrypt data - a public key and a private key. Data that is
encrypted with the public key is decrypted with the private key. A user
distributes the public key and keeps the private key. For example, if user A
sends a message to user B using a public key, then user B must have the private
key in order to read that message.
NAT
Network address translation (NAT) gives a company using a LAN the ability to
protect their internal addresses from the Internet. NAT uses two sets of IP
address - one for internal use and the other for external use. NAT allows
unregistered IP addresses to be used internally and translates them to a
company's legally registered IP address to connect to the Internet.
FIPS
Federal Information Processing Standards (FIPS) are a set of standards developed
by the National Institute of Standards and Technology for use by the U.S.
government. FIPS use algorithms and cryptographic functions to ensure security.
FIPS 140-1 is one of the more commonly known FIPS standards that specifies
security requirements related to the design and implementation of cryptographic
modules.
IPsec
IP security (IPSec) is a collection of security measures that ensures the
confidentiality and authenticity of IP packets traveling across an internet. It
supports two encryption modes: transport and tunnel. Transport mode encrypts
only the data portion (the payload) of each packet, but leaves the header
untouched. The more secure tunnel mode encrypts both the header and the payload.
On the receiving end, an IPSec-compliant device decrypts each packet. Both the
sending and the receiving devices must share a public key for this to work.
RADIUS
Remote Authentication Dial-In User Service (RADIUS) was originally
designed as a way to authenticate external users who were dialing in to a
company (hence the name). Over the years enhancements have been made to include
different types of authentication inside the LAN (firewalls, VPNs,
authentication, etc.) RADIUS is designed to carry authentication, authorization,
and configuration information between a network device that requires
authentication and an authentication server.
| 