Security Solutions
A-7
Appendix A: Glossary
certificate An electronic document that contains a public key and is digitally signed by a
third-party issuer such as a CA. Digital certificates are used for network
authentication. They contain the certificate holder’s name or other identifying
information, a serial number, the expiration date, and a copy of the certificate
holder’s public key, which validates data signed by the corresponding private
key.
certificate
authority
See CA.
Challenge
Handshake
Authentication
Protocol
See CHAP.
CHAP Challenge Handshake Authentication Protocol. An authentication protocol
that is supported by PPP and also incorporated in RADIUS. With CHAP, the
authenticator sends the client a “challenge” text. The client creates a hash
value from its pre-shared password and the text. The authenticator also
creates a hash value from the same text. The authenticator compares the hash
values. If they match, authentication succeeds and the link is established. For
more information, see RFC 2759 at http://www.ietf.org/rfc/rfc2759.txt.
cluster See enforcement cluster.
combination
server
See CS.
credentials A username and its corresponding password.
CS Combination Server. A NAC 800 that functions as both an ES and an MS and
acts as a stand-alone device.
D
data store The location where an endpoint’s credentials are stored. Possible data stores
are: a local database of users, a Windows domain controller that runs Active
Directory, an LDAP server such as OpenLDAP or Novell eDirectory, or another
RADIUS server (accessed via proxy requests).
deployment
method
Sometimes called “deployment option,” the way in which the NAC 800 is
connected to the LAN relative to other components such as routers, switches,
DHCP servers, and the Internet. The deployment method is determined by the
quarantine method and the access method that the network will employ. The
NAC 800 supports three deployment methods: 802.1X deployment, inline deploy-
ment, and DHCP deployment.