Chapter 11 - Glossary; General Terms And Abbreviations - Honeywell dolphin 70e black Network And Security Manual

11
Glossary

General Terms and Abbreviations

ACL
Authentication
Authorization
Business network
Digital signature
DMZ
Firewall
IAS
LAN
Locking down
MAC
MDM
PEAP
Port
RADIUS
Remote MasterMind
An Access Control List (ACL) is a list of user accounts and groups with each entry specifying a set of
allowed, or disallowed actions. When applied to a firewall, an ACL is a list of device addresses and
ports that may (or may not) pass through the device.
When a user logs on to a system, the authentication process verifies the user is known to the system.
See also "authorization".
When a user logs on to a system, the authorization result dictates what a known user can do within
the system. See also "authentication".
A collective term for the network and attached systems.
Using the private key of a digital certificate to encrypt the digital hash (digest) of an electronic
document, code file, etc.
Demilitarized zone (DMZ) is an area with some firewall protection, but which is visible to the outside
world. This is where business network servers for Web sites, file transfers, and email are located.
A firewall is a software or hardware barrier that sits between two networks, typically between a LAN
and the Internet. A firewall can be a standalone network appliance, part of another network device
such as a router or bridge, or special software running on a dedicated computer.
Firewalls can be programmed to block all network traffic from coming through except that which has
been configured to be allowed. By default, a firewall should block all 65,536 ports and open up only
the ports you need. If you need to browse the Web, then it should allow "outgoing" traffic on port 80.
If you would like DNS lookups to work for you, port 53 needs to be opened up for "outgoing" traffic.
If you want to access your Internet mail server through POP3, open up port 110 for outgoing traffic.
Firewalls are directional. They monitor where the traffic originates for both "incoming/inbound" and
"outgoing/outbound" traffic.
Quite frequently you will not want any unsolicited inbound traffic unless you have specific reasons (for
example, you might have a Web server that you want people to access). However, in most cases, a
Web server would probably be located outside your firewall and not on your internal network. This is
the purpose of a demilitarized zone.
The following Microsoft reference is a useful source of information about well known TCP/IP ports:
http://support.microsoft.com/kb/832017.
Internet Authentication Service (IAS) is the Microsoft implementation of a Remote Authentication
Dial-in User Service (RADIUS) server and proxy.
Local Area Network
The procedure whereby a given user is given access to only one or a few specific programs is known
as "locking down" a desktop or computer.
Media Access Control (MAC) is the lower level of the Data Link Layer (under the IEEE 802.11-1997
standard). In Wireless 802.11, MAC stands for "Medium Access Control". MAC can also be an
abbreviation for "Message Authentication Codes", a cryptographic hash added to a message to
enable the detection of tampering.
Mobile Device Management (MDM) technology provides the ability to deploy, secure, monitor,
integrate, and manage mobile devices across multi-site enterprises. MDMs help manage the
distribution of software updates, data, and configuration information across multiple devices or
groups of devices. MDMs are also used to enforce security policies. An example of MDM is the
Remote MasterMind software.
Protected Extensible Authentication Protocol (PEAP) is a protocol proposed for securely transporting
authentication data, including passwords, over 802.11 wireless networks.
A port is a logical endpoint on a network computer or device used for communications. There are
approximately 65,536 ports on which any one IP address can communicate. Some are dedicated to
specific well-known services; some are used by application services; and some will be dynamically
allocated to clients as they connect to remote services. A service listens on a known port for client
connections, if the connection is accepted, the client will address messages to that port, and the
server will send responses to the dynamically allocated client port.
Remote Authentication Dial In User Service (RADIUS) is a protocol that enables centralized
authentication, authorization, and accounting for dial-up, virtual private network, and wireless access.
Device management software available from Honeywell to facilitate the management of mobile
computers, smartphones, and bar code scanners across multi-site enterprises.
11 - 1