A standard developed by the IEEE that enables authentication and key management for IEEE 802 local area networks.

Limiting the flow of information from the resources of a system only to authorized persons, programs, processes, or other systems in a network.

In the context of wireless networking, it is a device that coordinates the wireless clients' use of wired resources.

Holding people responsible for their actions.

The methods by which one can establish who or what performed a certain action, such as tracking a user's data connection and logging system users.

A NIST–endorsed encryption standard in replacement of DES. It uses the Rijndael symmetric block cipher algorithm and can process data blocks of 128 bits, using three different key lengths: 128, 192, and 256 bits.

A device used in wireless networks that increases the strength of received and transmitted transmissions.

A device that radiates or receives a modulated signal through the air so that wireless clients can receive it.

A cryptographic algorithm that uses different keys for encryption and decryption; also called a public key algorithm.

The act of trying to bypass security controls on a system. An attack can be active, resulting in the alteration of data, or passive, resulting in the release of data.

A chronological record of system activities that is sufficient to enable the reconstruction and examination of a given sequence of events.

The process of validating the claimed identity of an end user or a device such as a host, server, switch, router, and so on.

The security elements usually used to provide secure access to resources.

The IPsec header used to verify that the contents of a packet haven't been modified in transit.

The act of granting access rights to a user, groups of users, system, or program.

A state in computing systems and networks in which the system is operable and can run the services it is supposed to offer.

The process of using hard-to-forge physical characteristics of individuals, such as fingerprints and retinal patterns, to authenticate users.

An encryption method in which data is encrypted and decrypted in fixed-size blocks.

A way of trying to break an encryption algorithm in which every possible key is applied to the encrypted text to determine whether the resulting plaintext is meaningful.

A security mechanism for dial-in connections to a network in which a user calls in, requests a connection, and then hangs up. The destination system calls the initiator back at a known number and therefore reliably confirms the identity of the caller.

A server that provides call control and configuration management for IP telephony devices.

A message, digitally signed with the private key of a trusted third party , stating that a specific public key belongs to someone or something with a specified name and set of attributes.

See Also certificate authority (CA):.

An entity trusted to sign digital certificates and, therefore, vouch for the identity of others.

A digitally signed list of all certificates created by a given certificate authority that have not yet expired but are no longer valid.

An authentication protocol used to authenticate peers in a PPP connection.

A procedure that transforms data between readable text and ciphertext.

A method of using a block cipher to encrypt an arbitrarily sized message in which the encryption of each block depends on the previous blocks. This links the blocks into one logical "chain."

Encrypted plaintext that must first be decrypted to produce readable text.

A message that is not encrypted (synonymous with plaintext).

In the context of security, to invade something by getting around its security procedures.

A formal organization of system administrators whose members provide services pertaining to issues relating to computer and network security.

Assurance that data is not read or accessed by unauthorized persons.

A digital code that can be used to encrypt, decrypt, and sign information.

A protocol for cryptographically securing messages; it provides encryption and signatures for arbitrary content.

The science of writing or reading coded messages.

The process of ensuring that only authorized entities that are allowed to see the data can see it in a usable format.

A secret key cryptographic scheme standardized by NIST; it has been deprecated by NIST in favor of the AES algorithm.

The process of ensuring that data has not been altered or destroyed during transit.

A method of unscrambling encrypted information to make it legible.

Any action that prevents any part of a network or host system from functioning in accordance with its intended purpose.

An algorithm that provides a way for two parties to establish a shared secret key that only they know, even though they are communicating over an insecure channel.

A string of bits appended to a message (an encrypted hash) that provides authentication and data integrity; typically this term applies only to signatures generated using public key encryption.

A digital signature algorithm developed by the NSA.

A set of distributed computing technologies that provide security services to protect and control access to data.

When multiple machines in separate locations are used to launch a denial-of-service attack.

Where computer-produced evidence for a court of law takes the form of a printout.

A protocol used to map host names to IP addresses and vice versa.

The IPsec protocol that provides the security services of confidentiality, traffic-flow confidentiality, connectionless integrity, data origin authentication, and an antireplay service.

A method of scrambling information in such a way that it is not readable by anyone except the intended recipient, who must decrypt it to read it.

A general protocol for PPP authentication that supports multiple authentication mechanisms.

Standards published by NIST with which all U.S. government computer systems should comply.

A system, based on either hardware or software, that applies rules to control the type of networking traffic between two networks.

A cryptographic peripheral (a PCMCIA card) that provides encryption/ decryption and digital signature functions.

A standard created by the International Telecommunications Union (ITU) that provides specifications for real-time, interactive videoconferencing, data sharing, and audio applications such as IP telephony.

A device used in IP voice networks that provides central management and control services that are needed to ensure reliable, commercially feasible communications.

A device used in IP voice networks that provides data format translation, control signaling translation, audio and video codec translation, and call setup and termination functionality on both sides of the network.

A device used in H.323 networks that enables conferencing between three or more endpoints.

An endpoint where H.323 data streams and signaling originate and terminate.

The resulting string of bits from a hash function.

A mathematical computation that results in a fixed-length string of bits (digital code) from an arbitrary size input; a one-way hash function is not reversible to produce the original input.

The ability to present credentials as if you are something or someone you are not.

Assurance that the data has not been altered except by people who are explicitly intended to modify it.

A cryptographic algorithm taking a 128-bit key, which is more efficient to implement in software than is DES.

The collection of laws in the United States that regulates the export of dangerous technologies; until recently, ITAR had jurisdiction over all software with data encryption capability.

An administrative organization that assigns standard IP-related constants, such as IP addresses and IP protocol numbers.

A standards body whose focus is to design protocols for use in the Internet. Its publications are called Requests For Comments (RFCs).

The protocol that specifically defines the negotiation and keying exchange for IPsec.

A framework for a key management protocol for IPsec that is a required part of the complete IPsec implementation.

Any device that supports placing and receiving calls in an IP telephony network.

A set of network layer protocols that collectively can be used to secure IP traffic.

A secret-key network authentication protocol, developed at Massachusetts Institute of Technology (MIT), which uses the DES cryptographic algorithm for encryption and a centralized key database for authentication.

The practice of storing cryptographic keys with one or more third parties.

A human-readable code that is unique to a public key; it can be used to verify ownership of the public key.

When an intruder is able to intercept traffic and can as a result hijack an existing session, alter the transmitted data, or inject bogus traffic into the network.

A VoIP protocol standard.

A fixed-length quantity generated cryptographically and associated with a message to reassure the recipient that the message is genuine. The term is most often used in connection with secret-key cryptography. (A public key MAC is usually called a digital signature.)

The value returned by a hash function (same as a hash).

A one-way hash algorithm that generates a 128-bit output.

Another term used in place of MAC .

See Also Message Authentication Code (MAC):.

An agency of the U.S. government that establishes national technical standards.

An agency of the U.S. government responsible for listening in on and decoding all foreign communications of interest to the security of the United States.

The process of converting one IP address to another IP address; often used to connect networks with a private address space to the Internet.

A specification for use with IPsec that determines how to detect the use of NAT and how to handle addressing in those environments.

A property of a cryptographic system that prevents a sender from denying later that he or she sent a message or performed a certain action.

A protected, private character string used to authenticate an identity.

A simple authentication method used with PPP.

A standardized Internet encapsulation of IP over point-to-point links.

An IETF standard that specifies the means to encapsulate PPP packets over the Ethernet link layer.

A technique used by potential network intruders to discover which application services are available for exploitation.

A digital code used to decrypt information and provide digital signatures. This key should be kept secret by its owner; it has a corresponding public key.

In the context of SIP, it is an intermediate device that handles the routing of SIP messages.

A digital code used to encrypt information and verify digital signatures. This key can be made widely available; it has a corresponding private key.

A trusted and effective key and certificate management system.

In the context of SIP networks, it provides the client with information about the next hop or hops that a message should take so that the client can directly contact the next-hop server or user agent.

In the context of SIP networks, it is a device that processes requests from user agents for registration of their current location.

Messages used in an H.323 network to define communications between endpoints and a gatekeeper.

A protocol developed by Livingston Enterprises, Inc., as an access server authentication and accounting protocol.

Documents that specify Internet standards; some documents contain informational overviews and introductory topics.

The possibility that a particular vulnerability will be exploited.

The process of identifying security risks, determining their impact, and identifying areas requiring protection.

A variable-key-size block cipher designed by Ron Rivest for RSA Data Security, Inc.

A variable-key-size stream cipher designed by Ron Rivest for RSA Data Security, Inc.

A public key cryptographic algorithm that can encrypt or decrypt data and can apply or verify a digital signature.

An internetworking device that directs traffic between networks.

The method by which a host or gateway decides where to send a datagram.

An authentication program that relies on a one-way function for its security.

A digital code that is shared by two parties; it is used to encrypt and decrypt data.

A one-way hash algorithm designed by NIST that has a 160-bit digest.

An IETF specification that builds security on top of the industry standard MIME protocol.

A protocol for secure remote login and other secure network services over an insecure network.

A cryptographic protocol, designed by Netscape, which provides data security at the socket level; widely used to protect World Wide Web traffic.

The boundary at which security controls are placed to protect network assets.

The set of rules and practices that regulate how an organization manages, protects, and distributes sensitive information.

The principal IETF standard for multimedia conferencing over IP.

A credit card-sized device with an embedded computer chip, also called a token, which can store digital certificates that can establish one's identity.

The process of using human fallibilities to bypass security systems.

A transport layer-based secure networking proxy protocol.

An attempt to gain access to a networked device by posing as an authorized user, device, or program.

An encryption method that encrypts and decrypts arbitrarily sized messages one character at a time.

A cryptographic algorithm that uses the same key for encryption and decryption; also called a secret key algorithm.

A AAA protocol largely used for dialup connection management.

Any circumstance or event with the potential to cause harm to a networked system. A threat can take the form of malicious demands, such as network intruders, and nonmalicious dangers, such as lightning strikes.

An IETF standard that provides transport layer security over connection-oriented protocols.

An algorithm that uses DES and one, two, or three keys to encrypt/decrypt/encrypt the data.

The firm belief or confidence in the honesty, integrity, reliability, justice, and so on of another person or thing.

A vehicle for encapsulating packets inside a protocol that is understood at the entry and exit points of a given network; also, a secure virtual connection through the Internet or an intranet.

The capability of reaching a certain area, either a physical location or a logical computer network, without permission.

The path descriptor to a specific network resource and the protocol used to accesses it (for example, http://www.cisco.com/).

In the context of SIP-based networks, it is the combined functionality of a user client agent and a user client server.

In the context of SIP-based networks, it is the client application that initiates SIP requests.

In the context of SIP-based networks, it is the server application that responds to a SIP request on behalf of the user.

A unique character string or numeric value used by a system to identify a specific user.

In the context of VoIP networks, it provides IP-based voice-mail storage and an auto-attendant (an automated attendant providing voice services) for services such as user directory lookup and call forwarding.

A general term used to refer to any gateway that provides voice services including such features as Public Switched Telephone Network (PSTN) access, IP packet routing, backup call processing, and voice services.

A weakness in security procedures, network design, or implementation that can be exploited to violate a corporate security policy.

A technique that involves the exploitation of an organization's telephone, dial, and private branch exchange (PBX) systems to penetrate internal network and computing resources.

The protocol used in 802.11 networks to provide link-level encrypted communication between the client and an access point.