Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 864

Network and Security Manager Administration Guide
E
Encryption
Equal Cost Multipath
(ECMP)
ESP/AH
Ethernet
Export Rules
External Neighbors
Extranet
F
Filters
Firewall
814
Encryption is the process of changing data into a form that can be read only by the intended
receiver. To decipher the message, the receiver of the encrypted data must have the proper
decryption key. In traditional encryption schemes, the sender and the receiver use the same
key to encrypt and decrypt data. Public-key encryption schemes use two keys: a public key,
which anyone may use, and a corresponding private key, which is possessed only by the person
who created it. With this method, anyone may send a message encrypted with the owner's
public key, but only the owner has the private key necessary to decrypt it. PGP (Pretty Good
Privacy) and DES (Data Encryption Standard) are two of the most popular public-key encryption
schemes.
Equal cost multipath assists with load balancing among two to four routes to the same
destination or increases the effective bandwidth usage among two or more destinations. When
enabled, security devices use the statically defined routes or dynamically learn multiple routes
to the same destination through a routing protocol. The security device assigns routes of equal
cost in round robin fashion. Default. disabled
AH and ESP are IP level security headers that were originally proposed by the Network Working
Group focused on IP security mechanisms known as IPSec. The term IPSec refers to packets,
keys, and routes associated with ESP and AH headers. The IP Authentication Header (AH)
provides authentication. The IP Encapsulating Security Header (ESP) provides confidentiality
to IP datagrams.
Ethernet is a local area network (LAN) technology invented at the Xerox Corporation, Palo
Alto Research Center. Ethernet is a best-effort delivery system that uses CSMA/CD technology.
Ethernet can be run over a variety of cable schemes, including thick coaxial, thin coaxial, twisted
pair, and fiber optic cable. Ethernet is a standard for connecting computers into a local area
network (LAN). The most common form of Ethernet is called 10BaseT, which denotes a peak
transmission speed of 10 Mbps using copper twisted-pair cable.
When you have two or more virtual routers on a security device, you can configure export rules
that define which routes on one virtual router are allowed to learned by another virtual router.
See also Import Rules.
Two BGP routers that are peers that reside in two different autonomous systems.
An extranet connects two or more intranets. If an intranet as a company's internal Web site
enables users inside the company to communicate and exchange information, an extranet
connects that virtual space with another company's intranet, thus enabling these two (or
more) companies to share resources and communicate over the Internet in their own virtual
space. This technology greatly enhances business to business communications.
A filter organizes log entries based on administrator specifications.
A firewall device that protects and controls incoming and outgoing traffic on network
connections. Firewalls protect internal servers from damage (intentional or otherwise) and
enable authorized external access.
Copyright © 2010, Juniper Networks, Inc.