The Authentication Header is one of the security protocols used with IPSec.
AH provides authentication and integrity, for the entire packet (both the IP header and the data carried in the packet). AH signs the entire packet. It does not encrypt the data.
The data is readable, but protected from modification. Packet integrity is assured by digital signatures applied to each packet.
Border Gateway Protocol (BGP)
A routing protocol designed for use between autonomous systems. BGP is especially useful for detecting routing loops.
The Dynamic Host Configuration Protocol is a series of network protocols and services that allow for automatic assignment of IP
addressing information to TCP/IP network clients configured as DHCP Client computers.
Diffie-Hellman groups are used to determine the length of the base prime numbers used during the key exchange. The longer the
prime number used, the more difficult it is to break the encryption code.
A DMZ or Demilitarized Zone, is a typically a network segment that is located inside of the firewall, but outside your internal
network. The subnet represented as the DMZ can either be placed between the firewall and the gateway to your internal network, or you can use a
Multihomed server that allows you to set different security policies to each network interface.
An hierarchical name service for TCP/IP hosts. DNS allows users to connect to network resources via friendly host names, rather
than having to remember IP addresses for network servers.
Encapsulating Security Payload (ESP)
ESP provides confidentiality, in addition to authentication and integrity. ESP is one of the security protocols used in
Each time you click a glossary term, you'll see a window like this displaying the term and its definition. To see the entire
glossary, click Show All Terms.
Interior Gateway Routing Protocol (IGRP)
IGRP is a distance vector routing protocol developed by Cisco Systems, Inc.
Internet Security Association and Key Management Protocol (ISAKMP)
Internet Security Association and Key Management Protocol (ISAKMP) defines a common framework to support the establishment of
security associations which are used by IPSec. When combined with the Oakley protocol, it is referred to as the Internet Key Exchange (IKE).
Message Authentication Code, or Media Access Control. A Message Authentication Code is the result of hashing, and often referred
to as a Hash Message Authentication Code or HMAC. This is the digital signature applied to signed packets. A Media Access Control address is a
hardware addressed applied to a network interface.
A protocol that automates distribution of multicast address configurations for network clients.
NAT enables private IP addresses to be translated into public IP addresses for traffic to and from the Internet.
A session layer interface used to allow NetBIOS applications to work properly on TCP/IP based networks.
Network Address Translation
Oakley key generation protocol
A Key Generation Protocol used to create secure keys for the establishment of a Security Association.
Open Shortest Path First (OSPF)
A Link State Routing Protocol.
Open Systems Interconnection (OSI)
A framework designed by the International Standards Organization for which new network protocols to based themselves.
Packet assembler-disassembler (PAD)
A network device used on X.25 internetworks.
The Routing and Remote Access Service. A collection of network services relating to routing and remote access that are brought
together into a single Microsoft Management Console.
Server authorization list
The Sockets session layer interface. Microsoft Proxy Server 2.0 provides a SOCKS proxy for non-Microsoft clients to access
Internet resources via the Proxy Server.
IPSec communications in Transport mode support end-to-end protection of data.
IPSec communications in Tunnel Mode support end-to-end protection of data only between the tunnel endpoints. This endpoints are
typically VPN Servers.
Virtual Private Networks. Virtual network connections established over public networks that allow for authentication and
encryption of data. VPNs use tunneling technology and private network communications take place inside the encrypted tunnel over the public
Windows Internet Name Service. The name of the Microsoft NetBIOS Name Service. A WINS Server resolve NetBIOS names to IP
The Windows Sockets Session Layer interface. Applications written for the WinSock interface use DNS hosts names for resource name resolution.