Filter
Top Products
Glossary of terms
388
IP address
IP address is a unique 32-bit number used to identify the host in the Internet.
It is specified by numbers of the decimal system (0-255) separated by dots (e.g.
195.129.33.1). Each packet contains information about where it was sent from
(source IP address) and to which address it is to be delivered (destination IP ad-
dress).
IPSec
IPsec (IP Security Protocol) is an extended IP protocol which enables secure data
transfer. It provides services similar to SSL/TLS, however, these services are pro-
vided on a network layer. IPSec can be used for creation of encrypted tunnels be-
tween networks (VPN) — so called tunnel mode, or for encryption of traffic between
two hosts— so called transport mode.
Kerberos
Kerberos is a system used for secure user authentication in network environments.
It was developed at the MIT university and it is a standard protocol used for user
authentication under Windows 2000/2003. Users connect to central servers ( Key
Distribution Center — KDC) and the servers send them encrypted keys (so called
tickets) for connection to other servers within the network. In case of the Windows
2000/2003 domains, function of KDC is provided by the particular domain server.
LDAP
LDAP (Lightweight Directory Access Protocol) is an Internet protocol used to access
directory services. Information about user accounts and user rights, about hosts
included in the network, etc. are stored in the directories.
NAT
NAT (Network Address Translation ) stands for substitution of IP addresses in pack-
ets passing through the firewall:
• source address translation (Source NAT, SNAT) — in packets going from local
networks to the Internet source (private) IP addresses are substituted with the
external (public) firewall address. Each packet sent from the local network is
recorded in the NAT table. If any packet incoming from the Internet matches
with a record included in this table, its destination IP address will be substituted
by the IP address of the appropriate host within the local network and the packet
will be redirected to this host. Packets that do not match with any record in the
NAT table will be dropped.
• destination address translation (Destination NAT, DNAT, it is also called port
mapping) — is used to enable services in the local network from the Internet. If
any packet incoming from the Internet meets certain requirements, its IP address
will be substituted by the IP address of the local host where the service is running
and the packet is sent to this host.