SnapGear 2.0.1 User Manual

Appendix B – Terminology

173

IPSec tunnel

The IPSec connection to securely link two private parties across
insecure and public channels.

IPSec with
Dynamic DNS

Dynamic DNS can be run on the IPSec endpoints thereby creating an
IPSec tunnel using dynamic IP addresses.

IKE

IKE is a profile of ISAKMP that is for use by IPsec. It is often called
simply IKE. IKE creates a private, authenticated key management
channel. Using that channel, two peers can communicate, arranging
for sessions keys to be generated for AH, ESP or IPcomp. The
channel is used for the peers to agree on the encryption, authentication
and compression algorithms that will be used. The traffic to which the
policies will applied is also agreed upon.

ISAKMP

ISAKMP is a framework for doing Security Association Key
Management. It can, in theory, be used to produce session keys for
many different systems, not just IPsec.

Key lifetimes

The length of time before keys are renegotiated.

LAN

Local Area Network.

LED

Light-Emitting Diode.

Local Private Key
Certificate &
Passphrase

The private part of the public/private key pair of the certificate resides
on the CyberGuard SG appliance. The passphrase is a key that can be
used to lock and unlock the information in the private key certificate.

Local Public Key
Certificate

The public part of the public/private key pair of the certificate resides on
the CyberGuard SG appliance and is used to authenticate against the
CA certificate.

MAC address

The hardware address of an Ethernet interface. It is a 48-bit number
usually written as a series of 6 hexadecimal octets, e.g.
00:d0:cf:00:5b:da. A CyberGuard SG appliance has a MAC address for
each Ethernet interface. These are listed on a label on the underneath
of the device.

Main Mode

This Phase 1 keying mode automatically exchanges encryption and
authentication keys and protects the identities of the parties attempting
to establish the tunnel.

Manual Keying

This type of keying requires the encryption and authentication keys to
be specified.

Manual Keys

Predetermined encryption and authentication keys used to establish the
tunnel.

Masquerade

The process when a gateway on a local network modifies outgoing
packets by replacing the source address of the packets with its own IP
address. All IP traffic originating from the local network appears to
come from the gateway itself and not the machines on the local
network.

MD5

Message Digest Algorithm Five is a 128 bit hash. It is one of two
message digest algorithms available in IPSec.