Fortress Technologies ecure Wireless Access Bridge User Manual

129

Fortress : Glossary

Bridge GUI

The browser-based graphical user interface through which the Fortress Secure Wireless
Access Bridge is configured and managed, locally or remotely.

CCITT

Comite Consultatif Internationale de Telegraphie et Telephonie, former name of the
ITU-T.

client

In the Fortress Controller FISh (command-line) interface and front-panel LCD, devices
on the encrypted (WLAN) side of the network and running the Fortress Secure Client.
In the Fortress Gateway FISh (command-line) interface, devices on the unencrypted
(LAN) side of Gateway.
In client-server architecture, an application that relies on another, shared application
(server) to perform some of its functions, typically for an end-user device.

Client Refer to

Fortress Secure Client.

controller A device that controls data transfer between a computer and a peripheral device.

Controller Refer to

Fortress Security Controller.

Controller GUI

The browser-based graphical user interface through which the Fortress Security Con-
troller is configured and managed, locally or remotely.

Crypto Officer password

A FIPS-defined term—sometimes,

Crypto password—the administrator password in For-

tress devices in FIPS-enabled operating mode.

Data Link Layer Refer to

DLC.

DES

Data Encryption Standard—formerly, a FIPS-approved NIST standard for data encryp-
tion using 64 bits (56-bit encryption, 8 parity bits). NIST withdrew its FIPS-approval for
DES on May 19, 2005.

device authentication

In Fortress Technologies products, the means by which MaPS/ACS controls network
access at the level of individual devices, tracking them via their generated Device IDs
and providing the network administrator tools to explicitly allow and disallow them on
the network; one of the factors in Fortress’s Multi-factor Authentication™.

Device ID

In Fortress Technologies products, a 16-digit hexadecimal value generated for, and
unique to each, Fortress controller device and Secure Client device on the Fortress-
secured network. Device IDs are used for

device authentication and are neither modifi-

able nor transferable.

DHCP

Dynamic Host Configuration Protocol—an Internet protocol describing a method for
flexibly assigning device IP addresses from a defined pool of available addresses as
each networked device comes online, through a client-server architecture. DHCP is an
alternative to a network of fixed IP addresses.

Diffie-Hellman key establishment

A protocol by which two parties with no prior knowledge of one another can agree upon
a shared secret key for symmetric key encryption of data over an insecure channel.
Also,

Diffie-Hellman-Merkle key establishment; exponential key exchange.

DLC

Data Link Control—the second lowest network layer in the OSI Model, also referred to
as the

Data Link Layer, OSI Layer 2 or simply Layer 2. The DLC layer contains two sub-

layers: the MAC and LLC layers.

DMZ

Demilitarized Zone—in IT, a computer (or subnet) located between the private LAN and
a public network, usually the Internet.

DoD Department of Defense

EAP

Extensible Authentication Protocol—defined by RFC 2284, a general protocol for user
authentication. EAP is implemented by a number of authentication services, including
RADIUS.

EAP-MD5

An EAP security algorithm developed by RSA Security® that uses a 128-bit generated
number string, or hash, to verify the authenticity of a data transfers.

EAP-TLS

EAP-Transport Layer Security—a Point-to-Point Protocol (PPP) extension supporting
mutual authentication, integrity-protected cipher suite negotiation, and key exchange
between two endpoints, within PPP.

EAP-TTLS

EAP-Tunneled TLS—An EAP-TLS protocol developed by Funk and Certicom that uses
TLS to establish a secure connection between a client and server.