Avaya 3.7 User Manual

Page 317

background image

Signing Certificates

Issue 4 May 2005

317

O

Oakley

A key exchange protocol used in IPSec as part of the Internet Key Exchange
protocol.

P

Packet Filter

Hardware or software mechanism used in firewalls to discards packets based
on the contents of the packet headers.

Perfect Forward
Secrecy

Perfect Forward Secrecy defines a parameter of ISAKMP in which disclosure of
long-term secret keying material does not compromise the secrecy of the
exchanged keys from previous communications. Enabling Perfect Forward
Secrecy is “more secure”. See the IETF draft-ietf-ipsec-oakley-02.txt for more
information on Perfect Forward Secrecy.

PKI

Public Key Infrastructure is the organization of certificate issuers and certificate
management processes.

Preshared Secret

Preshared Secret is the simplest key management method used to construct a
VPN. Authentication key exchanges between security gateways in the VPN are
based on a single pre-shared secret known to all security gateways.

Public Key
Certificate

A special block of data used to identify the owner of a particular public key. It
describes the value of a public key, the key’s owner, and the digital signature of
the issuing authority.

R

RADIUS

Remote Authentication Dial In User Service is a client/server remote user
authentication protocol in widespread use.

Resilient Tunnel

A mechanism of providing automatic backup of a secure tunnel between two
endpoints. In practical application, a primary security gateway sends a
“heartbeat” packets to a secondary security gateway every few seconds
(configurable). Should the primary security gateway fail, the secondary security
gateway will stop receiving the heartbeat packets. When this happens, the
secondary security gateway switches over and takes on the role of primary
security gateway.

S

SA

Security Association is an IPSec agreement between to communicating
devices on which authentication and encryption algorithms (including key
lifetimes) are used.

Session Key

A cryptographic key that has a finite life expectancy, typically for a single
session.

Signing Certificates

See Certificates, Signing