Security Solutions

A-10

Appendix A: Glossary

enforcement

cluster

A logical group of one or more ESs that are controlled by an MS. Each cluster

can support only one deployment method, but an MS can control multiple ESs,

each supporting a different deployment method.

enforcement

server

See ES.

ES Enforcement Server. In a multiple-NAC 800 installation, the ES applies the

NAC policies that are defined on the MS and enforces quarantining.

ESP Encapsulating Security Protocol. A part of the IPsec protocol suite that

provides origin authenticity, integrity, and confidentiality protection for pack-

ets. See also AH.

Ethernet ports On the NAC 800, port 1 connects to the LAN and provides inband management.

The use of port 2 varies, depending on the deployment method. For the inline

deployment method, port 2 might connect to a VPN or remote-access server. For

the DCHP deployment method, port 2 connects to a DHCP server. For the 802.1X

development method, port 2 connects to a port configured to mirror the DHCP

server connection.

exception A rule that exempts a particular endpoint or group of endpoints from testing.

You can specify that the excepted endpoints be either always or never granted

access.

Extensible

Authentication

Protocol

See EAP.

FreeS/WAN Free Secure Wide Area Networking. An implementation of IPsec and IKE for

Linux. For more information, see the official web site at http://

www.freeswan.org/intro.html.

GTC See EAP-GTC.