Security terms, Other terms – THALES DATACRYPTOR User Manual

Page 18

background image

Background Information

Datacryptor Ethernet User Manual

Page 18

THALES

Authenticate Management Data - The Datacryptor Ethernet uses the HMAC keyed hash variant
of the SHA-1(Secure Hash Algorithm) to authenticate management data using SNMP v3.

Security Terms

Diffie-Hellman – Diffie-Hellman is a method for key exchange that allows two autonomous
systems to exchange a secret key over an untrusted network without prior secrets. Diffie-
Hellman groups define the strength supplied to the Diffie-Hellman calculation for the later
creation of keys by the peers. Three of the five available groups are generated from modulo
function (MODP) calculations and the leveraging of very large prime numbers.

Peer – A peer is a Datacryptor that acts as a tunnel endpoint. A peer encrypts or decrypts data,
adding or stripping away headers, respectively.

Other Terms

Layer2 -The Datacryptor Ethernet is designed to work as a Layer two encryptor.

The addressing scheme is physical i.e. the addresses are MAC (Media Access Control) addresses
hard coded into a device at the time of manufacture. It is generally a 48-bit address which is
usually displayed in hexadecimal format as six two digit parts 01-0B-3B-18-00-CA.

It should be noted that when the unit is operating in the Tunneling mode the peer unit MAC
address must be obtained and entered in the box provided on the relevant property tab.

Frame Checksum (FCS) - FCS is an error detection system based on the numerical value of the
number of set bits in the Frame (packet). This value is transmitted alongside the message, and
the receiving device then applies the same criteria and compares the two values.

Auto-negotiation - Auto-negotiation was devised to address the need for multi-speed devices
on a network to operate at the optimum settings. It achieves this by taking control of the
connection medium and detecting the various mode options available in the device on the other
end, while also advertising its own capabilities. Thus it enables the connection to configure the
highest performance mode of interoperation.

Note:

The Datacryptor 1 Gig Ethernet only supports I000 Mbps full duplex, and the
10 Gig Ethernet unit only supports I0,000 Mbps full duplex. The 100 Mb
Ethernet unit can be set to run at speeds of I0 Mbps and I00 Mbps.
The 10 Gig Ethernet unit does not support Auto-negotiation.

Jumbo frames - Jumbo frame is the name given to frames larger than the standard Ethernet
MTU of 1500 bytes. The Datacryptor Ethernet encryptor does not have an MTU limit and will
therefore allow Jumbo frames. Frame size is only limited if fragmentation is enabled.

Multiprotocol Label Switching – MPLS is a solution to the question of many of the earlier
network problems such as speed, scalability and quality of service. This is achieved by the
defining of paths across the network by the addition of label information to a packet to aid
routing etc. It is referred to as multi-protocol because it supports a number of communication
methods such as IP, Frame Relay and ATM. The Datacryptor Ethernet unit is transparent to this
operation as long as the equipment is being deployed in a point-to-point environment.