Appendix B – Terminology
173
IPSec tunnel The IPSec connection to securely link two private parties across
insecure and public channels.
IPSec with
Dynamic DNS
Dynamic DNS can be run on the IPSec endpoints thereby creating an
IPSec tunnel using dynamic IP addresses.
IKE IKE is a profile of ISAKMP that is for use by IPsec. It is often called
simply IKE. IKE creates a private, authenticated key management
channel. Using that channel, two peers can communicate, arranging
for sessions keys to be generated for AH, ESP or IPcomp. The
channel is used for the peers to agree on the encryption, authentication
and compression algorithms that will be used. The traffic to which the
policies will applied is also agreed upon.
ISAKMP ISAKMP is a framework for doing Security Association Key
Management. It can, in theory, be used to produce session keys for
many different systems, not just IPsec.
Key lifetimes The length of time before keys are renegotiated.
LAN Local Area Network.
LED Light-Emitting Diode.
Local Private Key
Certificate &
Passphrase
The private part of the public/private key pair of the certificate resides
on the CyberGuard SG appliance. The passphrase is a key that can be
used to lock and unlock the information in the private key certificate.
Local Public Key
Certificate
The public part of the public/private key pair of the certificate resides on
the CyberGuard SG appliance and is used to authenticate against the
CA certificate.
MAC address The hardware address of an Ethernet interface. It is a 48-bit number
usually written as a series of 6 hexadecimal octets, e.g.
00:d0:cf:00:5b:da. A CyberGuard SG appliance has a MAC address for
each Ethernet interface. These are listed on a label on the underneath
of the device.
Main Mode This Phase 1 keying mode automatically exchanges encryption and
authentication keys and protects the identities of the parties attempting
to establish the tunnel.
Manual Keying This type of keying requires the encryption and authentication keys to
be specified.
Manual Keys Predetermined encryption and authentication keys used to establish the
tunnel.
Masquerade The process when a gateway on a local network modifies outgoing
packets by replacing the source address of the packets with its own IP
address. All IP traffic originating from the local network appears to
come from the gateway itself and not the machines on the local
network.
MD5 Message Digest Algorithm Five is a 128 bit hash. It is one of two
message digest algorithms available in IPSec.
