User guide
Glossary
Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 182
MPPE (Microsoft Point-to-Point Encryption) – An encryption technology developed by Microsoft to encrypt
point-to-point links. The PPP connections can be over a VPN tunnel or over a dial-up line. MPPE is a feature of
Microsoft's MPPC scheme for compressing PPP packets. The MPPC algorithm was designed to optimize
bandwidth utilization in supporting multiple simultaneous connections. MPPE uses the RC4 algorithm, with
either 40-bit or 128-bit keys, and all MPPE keys are derived from clear text authentication of the user password.
The RouteFinder supports MPPE 40-bit/128-bit encryption.
Name Resolution – The process of mapping a name into its corresponding address.
NAT (Network Address Translation) – IP NAT is comprised of a series of IETF standards covering various
implementations of the IP Network Address Translator. NAT translates multiple IP addresses on the private LAN
to one public address that is sent out to the Internet. This adds a level of security since the address of a PC
connected to the private LAN is never transmitted on the Internet.
Netfilter – The Linux packet filter and network address translation (NAT) system that aims to reduce the number
of filter points and to separate the filtering function from the NAT function. Netfilter is derived from the Linux
ipchains and the Unix ipfilter packet filtering systems. The RouteFinder uses a Linux 2.4 kernel (and, for
example, iptables for the internal logic in the netfilter code).
Network Card – The Ethernet PC card used to connect the RouteFinder to the internal, external or DMZ
network (aka: NIC or NIC card).
NIC (Network Interface Card) – The Ethernet PC card used to connect the RouteFinder to the internal, external
or DMZ network (aka, Network Card).
Nslookup – A Unix program for accessing name servers. The main use is the display of IP names for a given IP
address and vice versa. Beyond that, other information can also be displayed (e.g., aliases).
Packet Filter – An operation that blocks traffic based on a defined set of filter "rules" (e.g., IP address or port
number filtering).
PCT (Private Communications Technology) – A protocol developed by Microsoft that is considered more
secure than SSL2. (Note that some web sites may not support the PCT protocol.)
PING (P
acket InterNet Groper) – A program to test reachability of destinations by sending an ICMP echo
request and waiting for a reply. The term is also used as a verb: "Ping host X to see if it is up."
PKI (Public Key Infrastructure) – Consists of end entities that possess key pairs, certification authorities,
certificate repositories (directories), and all of the other components, software, and entities required when using
public key cryptography.
Plaintext – Information (text) which has not been encrypted. (The opposite is ciphertext.)
PFS (Perfect Forward Secrecy) – Refers to the notion that any single key being compromised will permit
access to only data protected by that single key. In order for PFS to exist, the key used to protect transmission
of data must not be used to derive any additional keys. If the key used to protect transmission of data was
derived from some other keying material, that material must not be used to derive any more keys. Sometimes
referred to as Perfect Secret Forwarding, PSF is a security method that ensures that the new key of a key
exchange is in no way based on the information of an old key and is therefore unambiguous. If an old key is
found or calculated, no conclusions can be drawn about the new key. On the RouteFinder, PFS is configured in
VPN > IPSec.
Policy – The purpose of an IPSec Security Policy is to define how an organization is going to protect itself. The
policy will generally require two parts: a general policy and specific rules
(e.g., a system-specific policy). The general policy sets the overall approach to Security. The rules define what
is and what is not allowed. The Security Policy describes how data is protected, which traffic is allowed or
denied, and who can and cannot use various network resources.
Port – Where as only the source and target addresses are required for transmission on the IP level, TCP and
UDP require further characteristics to be introduced that allow a differentiation of the separate connections
between two computers. A connection on the TCP and UDP level are thus clearly identified by the source
address and the source port, as well as by the target address and the target port.
Port Range – A series of TCP or UDP port numbers that can be set in RouteFinder protocol service definitions.
For example, when adding a service from Networks & Services > Services, enter the source (client) port. The
entry options are a single port (e.g. 80), a list separated by commas (e.g. 25, 80, 110), or a port range
(e.g.
1024:64000).