The Tls Alg - D-Link DFL-1660 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
6.2.10. The TLS ALG
6.2.10. The TLS ALG
Overview
Transport Layer Security (TLS) is a protocol that provides secure communications over the public
Internet between two end points through the use of cryptography as well as providing endpoint
authentication.
Typically in a TLS client/server scenario, only the identity of the server is authenticated before
encrypted communication begins. TLS is very often encountered when a web browser connects with
a server that uses TLS such as when a customer accesses online banking facilities. This is
sometimes referred to as an HTTPS connection and is often indicated by a padlock icon appearing in
the browser's navigation bar.
TLS can provide a convenient and simple solution for secure access by clients to servers and avoids
many of the complexities of other types of VPN solutions such as using IPsec. Most web browsers
support TLS and users can therefore easily have secure server access without requiring additional
software.
The Relationship with SSL
TLS is a successor to the Secure Sockets Layer (SSL) but the differences are slight. Therefore, for
most purposes, TLS and SSL can be regarded as equivalent. In the context of the TLS ALG, we can
say that the NetDefend Firewall is providing SSL termination since it is acting as an SSL end-point.
Supported Standards
With SSL and TLS, NetDefendOS provides termination support for SSL 3.0 as well as TLS 1.0,
with RFC 2246 defining the TLS 1.0 support (and NetDefendOS supporting the server side part of
RFC 2246).
Both NetDefendOS TLS ALG and SSL VPN also support renegotiation as defined by RFC 5746.
TLS is Certificate Based
TLS security is based on the use of digital certificates which are present on the server side and sent
to a client at the beginning of a TLS session in order to establish the server's identity and then be the
basis for encryption. Certificates which are Certificate Authority (CA) signed can be used on the
server in which case a client's web browser will automatically recognize the validity of the
certificate.
Self-signed certificates can be used instead of CA signed certificates on the server. With self-signed
certificates, the client's web browser will alert the user that the certificate's authenticity is not
recognized and the user will have to explicitly tell the browser to accept the certificate and continue.
Note: Outgoing calls do not need a specific rule
There is no need to specify a specific rule for outgoing calls. NetDefendOS monitors
the communication between "external" phones and the Gatekeeper to make sure that it
is possible for internal phones to call the external phones that are registered with the
gatekeeper.
322
Chapter 6. Security Mechanisms
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
