NT Lan Manager. A Microsoft Windows challenge-response authentication method.
NTLM
Network time protocol.
NTP
O
A key exchange protocol that defines how to acquire authenticated keying material. The basic
Oakley
mechanism for Oakley is the
Simplifies access control by letting you apply access control statements to groups of network objects,
object grouping
such as protocol, services, hosts, and networks.
Open Shortest Path First. OSPF is a routing protocol for IP networks. OSPF is a routing protocol
OSPF
widely deployed in large networks because of its efficient use of network bandwidth and its rapid
convergence after changes in topology. The FWSM supports OSPF.
Organizational Unit. An X.500 directory attribute.
OU
Refers to traffic whose destination is on an interface with lower security than the source interface.
outbound
An
ACL
outbound ACL
The first interface, usually port 0, that connects to other "untrusted" networks outside the FWSM; the
outside
Internet. See also interface,
P
PPTP
PAC
operation and of handling the
one or more PNSs. It may also tunnel non-IP protocols.
See
PAT
The FWSM feature that gathers and reports a wide variety of feature statistics, such as
Perfmon
connections/second, xlates/second, etc.
perfect forward secrecy. PFS enhances security by using different security key for the
PFS
and Phase 2 SAs. Without PFS, the same security key is used to establish SAs in both phases. PFS
ensures that a given
other words, if someone were to break a key, PFS ensures that the attacker would not be able to derive
any other key. If PFS were not enabled, someone could hypothetically break the
copy all the
IPSec SA
to IPSec. The attacker would have to break each
See
Phase 1
See
Phase 2
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Diffie-Hellman
applied to outbound traffic.
interface
Access Concentrator. A device attached to one or more PSTN or ISDN lines capable of
PPTP
Dynamic
PAT,
interface
PAT, and
IPSec SA
IPSec
protected data, and then use knowledge of the
setup by this
IKE
SA. With PFS, breaking
IPSec Phase
1.
IPSec Phase
2.
key exchange algorithm. Oakley is defined in RFC 2412.
names, outbound.
protocol. The PAC need only implement TCP/IP to pass traffic to
Static
PAT.
key was not derived from any other secret (like some other keys). In
IKE
would not give an attacker immediate access
IPSec SA
IKE SA
IKE SA
secret to compromise the
individually.
Glossary
PPP
IPSec
Phase 1
secret key,
GL-13