Glossary
GL-20
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
TCP Intercept
With the TCP intercept feature, once the optional embryonic connection limit is reached, and until the
embryonic connection count falls below this threshold, every SYN bound for the effected server is
intercepted. For each SYN, the security appliance responds on behalf of the server with an empty
SYN/ACK segment. The security appliance retains pertinent state information, drops the packet, and
waits for the client acknowledgment. If the ACK is received, then a copy of the client SYN segment
is sent to the server and the TCP three-way handshake is performed between the security appliance
and the server. If this three-way handshake completes, may the connection resume as normal. If the
client does not respond during any part of the connection phase, then the security appliance
retransmits the necessary segment using exponential back-offs.
TDP
Tag Distribution Protocol. TDP is used by tag switching devices to distribute, request, and release tag
binding information for multiple network layer protocols in a tag switching network. TDP does not
replace routing protocols. Instead, it uses information learned from routing protocols to create tag
bindings. TDP is also used to open, monitor, and close TDP sessions and to indicate errors that occur
during those sessions. TDP operates over a connection-oriented transport layer protocol with
guaranteed sequential delivery (such as TCP). The use of TDP does not preclude the use of other
mechanisms to distribute tag binding information, such as piggybacking information on other
protocols.
Telnet
A terminal emulation protocol for TCP/IP networks such as the Internet. Telnet is a common way to
control web servers remotely; however, its security vulnerabilities have led to its replacement by SSH.
TFTP
Trivial File Transfer Protocol. TFTP is a simple protocol used to transfer files. It runs on UDP and is
explained in depth in RFC 1350.
TID
Tunnel Identifier.
TLS
Transport Layer Security. A future IETF protocol to replace SSL.
traffic policing
The traffic policing feature ensures that no traffic exceeds the maximum rate (bits per second) that you
configure, thus ensuring that no one traffic flow can take over the entire resource.
transform set
See IPSec transform set.
translate,
translation
See xlate.
transparent firewall
mode
A mode in which the security appliance is not a router hop. You can use transparent firewall mode to
simplify your network configuration or to make the security appliance invisible to attackers. You can
also use transparent firewall mode to allow traffic through that would otherwise be blocked in routed
firewall mode. See also routed firewall mode.
transport mode
An IPSec encryption mode that encrypts only the data portion (payload) of each packet, but leaves the
header untouched. Transport mode is less secure than tunnel mode.
TSP
TAPI Service Provider. See also TAP I.
tunnel mode
An IPSec encryption mode that encrypts both the header and data portion (payload) of each packet.
Tunnel mode is more secure than transport mode.
To Next Page
Loading...
