Table of Contents
Advertisement
VPN
RSA
The RSA is a kind of asymmetric cryptography. User has two keys, one is the secret key can use it to
encrypt as connected. The other one is the opened key, which the sender can get it if authenticated, and
use it to encrypt the data to recipient.
Preshared Key
Use the Preshared Key to process the IPSec authentication in VPN.
ISAKMP
The IP Secur i ty Ass ocia tio n Ke y M an age men t Pro toco l (ISAKMP), provides the way to create
the Security Association (SA) between two PCs. The SA can access the encoding between two PCs,
and the MIS engineer can assign which key size or Preshared Key and algorithm to use. The SA also
includes many connection ways, for instance, use the ISAKMP SA between two PCs, and assign which
ENC algorithm (DES, triple DES, 40 bytes DES or not to use) and authentication to use.
Main mode
When starting the IKE process in VPN, will provides main mode and aggressive mode to select. The
main mode request the user authentication with 6 messages as starting the data exchange, can
enhance the data transferring security.
Aggressive mode
The aggressive mode still request the user authentication with only provides 3 messages as starting the
data exchange.
AH (Authentication Header)
The Authentication Header is a mechanism for providing strong integrity and authentication for IP
datagram.
ESP
The Encapsulated Security Payload provides the authentication and authentication test. Also provides
the secure and protective data exchange.
CS-2000 UTM Content Security Gateway User's Manual
- 149 -
Advertisement
Table of Contents
