Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

281

282

283

284

285

286

287

288

289

290

A-16

Appendix A: Glossary

PAP Password Authentication Protocol. A protocol used to authenticate a client

to a remote server or an Internet service provider. PAP transmits usernames

and passwords in unencrypted plaintext, making it insecure. For more infor-

mation, see RFC 1334 at http://www.ietf.org/rfc/rfc1334.txt.

PCM ProCurve Manager. ProCurve’s SNMP solution.

PDA Personal Digital Assistant. A hand-held computing device that can run

applications or store data. Some PDAs have radio or infrared transmission

capabilities.

PDP Policy Decision Point. An authentication server, often a RADIUS server or NAC,

that accepts authorization requests, and based on the policies that it contains,

returns a verdict: access denied or permitted, and under what conditions.

PEAP Protected EAP. A transport mechanism developed to provide much of the

security of EAP-TLS without forcing endpoints to use digital certificates, thereby

drastically cutting the work to implement the protocol. PEAP requires only a

server-side PKI certificate to create a secure TLS tunnel to protect end-user

authentication.

peer-to-peer See P2P.

PEP Policy Enforcement Point. A network component, usually a NAS, that

enforces the policy that was chosen by the PDP. The PEP performs the task of

either dropping the signal from an unauthorized endpoint or permitting the

endpoint to connect to the network.

permanent agent An agent that is installed on an endpoint and not removed. The NAC EI agent is

a permanent agent. See also transient agent.

PKI Public Key Infrastructure. A system of digital certificates, CAs, and other

registration authorities that verify and authenticate each party in an Internet

transaction. PKI enables devices to privately exchange data using a public

infrastructure such as the Internet by managing keys and certificates. From a

trusted CA, an end-user obtains a certificate, which includes the user’s iden-

tification information, a public key, and the CA’s signature. The end-user also

obtains the corresponding private key. The user authenticates with the certif-

icate. In addition, devices can encrypt messages destined to the user with the

user’s public key, which the user’s endpoint then decrypts with the private key.

PoE Power over Ethernet. Technology that permits the transmission of electrical

energy over Ethernet cabling to provide power to a component on the end of

the cable, typically an AP or

RP.