Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

271

272

273

274

275

276

277

278

279

280

A-5

Appendix A: Glossary

enabled on the endpoint, that ports 137, 138, 139, and 445 be open on the

endpoint’s firewall, that the endpoint’s browser security settings allow Java

scripting, and that administrator credentials be known for the endpoint.

AH Authentication Header. A part of the IPsec protocol suite that guarantees

connectionless integrity and data origin authentication of IP datagrams. See

also ESP.

AP Access Point. A network component that receives and sends wireless LAN

signals to wireless network cards through its anntena(s). An AP is functionally

equivalent to a switch.

asymmetric A type of encryption algorithm wherein one key is used to encrypt and a

different key is used to decrypt.

authentication The process of confirming an endpoint’s or an end-user’s identity before

granting a network connection. Authentication can be implemented through

the use of passwords, keys, or digital certificates. A RADIUS or TACACS+ server

can handle authentication for the entire network.

authentication

protocols

Protocols that allow the peers in a connection to verify each other’s identity.

In the PPP protocol suite, authentication protocols include PAP, CHAP, and EAP.

authentication

server

A server whose function it is to authenticate end-users and endpoints. In the

802.1X framework, the component that decides whether to grant an end-user

access.

authenticator The component of the 802.1X framework that enforces authentication and

authorization. When an endpoint connects to the authenticator, the authentica-

tor forces it to authenticate to the network. The authenticator passes the

endpoint’s supplicant messages to the authentication server and enforces the

decisions made by that server. These decisions include whether the endpoint

is allowed any access at all as well as the level of access. Also called the 802.1X

device (in the NAC 800 Web browser interface) and NAS (in the RADIUS

protocol). See also 802.1X device and NAS.

authorization The process of controlling the network resources and services that an end-

user can access, usually based on the end-user’s identity; with the NAC 800,

authorization is also based on endpoint integrity. A RADIUS or TACACS+ server

or a NAC 800 can act as an authorization server. Authorization is sometimes

called “access control” although access control is properly broader than

authorization alone.