Multitech MultiAccess MA30120 User Manual page 176

Communications server

Hide thumbs Also See for MultiAccess MA30120:

Quick start manual (29 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

Table of Contents

Glossary

reply packets of connections to other networks or hosts). In contrast to Masquerading, SNAT is a static address

conversion, and the rewritten source address does not need to be one of the firewall's IP addresses. To create

simple connections from private networks to the Internet, you should use the Masquerading function instead of

SNAT.

The use of private IP addresses in combination with Network Address Translation (NAT) in the form of

Masquerading, Source NAT (SNAT), and Destination NAT (DNAT) allows a whole network to hide behind one

or a few IP addresses preventing the identification of your network topology from the outside. With these

mechanisms, Internet connectivity remains available, while it is no longer possible to identify individual

machines from the outside. Using DNAT makes it possible to place servers within the protected network and

still make them available for a certain service.

– A proxy protocol that allows the user to establish a point-to-point connection between the own

SOCKS

network and an external computer via the Internet. Socks, also called Firewall Transversal Protocol, currently

exist at version 5.

– A method of security that requires a firewall to control and track the flow of

Stateful Inspection

communication it receives and sends, and to make TCP/IP-based services decisions (e.g., if it should accept,

reject, authenticate, encrypt and/or log communication attempts). To provide the highest security level possible,

these decisions must be based on the Application State and/or the Communication State (as opposed to

making decisions based on isolated packets). With stateful inspection, a firewall is able to obtain, store,

retrieve, and manipulate information it receives from all communication layers as well as from other

applications. Stateful inspection tracks a transaction and verifies that the destination of an inbound packet

matches the source of a previous outbound request. Other firewall technologies (e.g., packet filters or

application layer gateways) alone may not provide the same level of security as with stateful inspection.

– A directive in a node that tells it to use a certain router or gateway to reach a given IP subnet.

Static Route

The simplest and most common example is the default router/gateway entry entered onto any IP-connected

node (i.e., a static route telling the node to go to the Internet router for all subnets outside of the local subnet).

– The subnet mask or the net mask indicates into which groups the addresses are divided.

Subnet Mask

Based on this arrangement, individual computers are assigned to a network.

– A service run mostly on Unix and Linux systems (but is also available for most other OSes) to track

Syslog

events that occur on the system. Other devices on the network may also be configured to use a given node's

syslog server to keep a central log of what each device is doing. Analysis can often be performed on these logs

using available software to create reports detailing various aspects of the system and/or the network.

TCP (Transmission Control Protocol)

– A widely used connection-oriented, reliable (but insecure)

communications protocol which is the standard transport protocol used on the Internet. TCP is defined in IETF

RFC 793.

– The Internet standard protocol for remote terminal connection service. It is defined in IETF RFC 854

Telnet

and extended with options by many other RFCs.

TLS (Transport Layer Security)

– An open security standard that is similar to SSL3. (Note that some web

sites may not support the TLS protocol.)

– A program available on many systems that traces the path a packet takes to a destination. It is

Trace Route

mostly used to debug routing problems between hosts. A Trace Route protocol is defined in IETF RFC 1393.

– A subnetwork of hosts and routers that can trust each other not to engage in active or

Trusted Subnetwork

passive attacks. It is also assumed that the underlying communications channel such as a LAN is not being

attacked by any other means.

– Transmitting data that is structured in one protocol within the protocol or format of a different

Tunneling

protocol.

– An datagram-oriented unreliable communications protocol widely used on

UDP (User Datagram Protocol)

the Internet. It is a layer over the IP protocol. UDP is defined in IETF RFC 768.

– A UNC path (e.g., \\server) is used to help establish a link to a

UNC (Universal Naming Convention) path

network drive.

URL (Universal Resource Locator)

– URLs are used to describe the location of web pages, and are also

used in many other contexts. An example of an URL is http://www.ssh.com/ipsec/index.html. URLs are defined

in IETF RFCs 1738 and 1808.

MultiAccess Communications Server MA30120 User Guide

176

Table of Contents

Multitech MultiAccess MA30120 User Manual page 176

Related Manuals for Multitech MultiAccess MA30120

Related Products for Multitech MultiAccess MA30120

Table of Contents