Glossary VPN/DSL Security Option
A-2 24-10618-155 Rev. A
This document contains confidential and proprietary information of Johnson Controls, Inc.
© 2012 Johnson Controls, Inc.
In traditional encryption schemes, the sender and the receiver use the same key to encrypt
and decrypt data. Public-key encryption schemes use two keys: a public key, which anyone
may use, and a corresponding private key, which is possessed only by the person who created
it. With this method, anyone may send a message encrypted with the owner’s public key, but
only the owner has the private key necessary to decrypt it. DES (Data Encryption Standard)
and 3DES (Triple DES) are two of the most popular public-key encryption schemes.
ESP/AH – The IP level security protocols, AH and ESP, were originally proposed by the
Network Working Group focused on IP security mechanisms, IPSec. The term IPSec is used
loosely here to refer to packets, keys, and routes that are associated with these protocols. The
IP Authentication Header (AH) protocol provides authentication.
The Encapsulating Security Protocol (ESP) provides both authentication and encryption.
ESP – The Encapsulating Security Payload (ESP) protocol provides a means to ensure
privacy (encryption), and source authentication and content integrity (authentication). ESP in
tunnel mode encapsulates the entire IP packet (header and payload), and then appends a new
IP header to the now encrypted packet. This new IP header contains the destination address
needed to route the protected data through the network.
With ESP, you can encrypt and authenticate, encrypt only, or authenticate only. For
encryption, you can choose either of the following encryption algorithms:
Data Encryption Standard (DES) – A cryptographic block algorithm with a 56-bit key.
Triple DES (3DES) – A more powerful version of DES in which the original DES algorithm is
applied in three rounds, using a 168-bit key. DES provides a significant performance savings
but is considered unacceptable for many classified or sensitive material transfers.
Advanced Encryption Standard (AES) – An emerging encryption standard which, when adopted
by Internet infrastructures worldwide, will offer greater interoperability with other network
security devices. This version of AES uses a 128-bit key.
For authentication, you can use either MD5 or SHA-1 algorithms.
Filter List – A list of IP addresses permitted to send packets to the current routing domain.
Firewall – A security system, usually a combination of hardware and software, intended to
protect a network against external threats coming from another network, including the
Internet. Firewalls prevent an organization's networked computers from communicating
directly with computers that are external to the network, and vice versa. Instead, all incoming
and outgoing communication is routed through a proxy server outside the organization's
network. Firewalls also audit network activity, recording the volume of traffic and
information about unauthorized attempts to gain access.
Gateway – The router that resides at the point of entry to the current routing domain, often
called the default gateway.
Internet Key Exchange (IKE) – The method for exchanging keys for encryption and
authentication over an unsecured medium, such as the Internet.
To Next Page
Loading...
