Cisco 7604 Configuration Manual page 706

Glossary
Computer Telephony Interface Quick Buffer Encoding. A protocol used in IP telephony between the
CTIQBE
Cisco CallManager and CTI
protocol inspection module and supports NAT, PAT, and bi-directional NAT. This enables Cisco IP
SoftPhone and other Cisco TAPI/JTAPI applications to communicate with Cisco CallManager for call
setup and voice traffic across the FWSM.
Enables the FWSM to provide faster traffic flow after user authentication. The cut-through proxy
cut-through proxy
challenges a user initially at the application layer. After the security appliance authenticates the user,
it shifts the session flow and all traffic flows directly and quickly between the source and destination
while maintaining session state information.
D
Describes any method that manipulates data so that no attacker can read it. This is commonly achieved
data confidentiality
by data encryption and keys that are only available to the parties involved in the communication.
Describes mechanisms that, through the use of encryption based on
data integrity
algorithms, allow the recipient of a piece of protected data to verify that the data has not been modified
in transit.
A security service where the receiver can verify that protected data could have originated only from
data origin
the sender. This service requires a data integrity service plus a
authentication
secret key
Application of a specific algorithm or cipher to encrypted data so as to render the data comprehensible
decryption
to those who are authorized to see the information. See also encryption.
Data encryption standard. DES was published in 1977 by the National Bureau of Standards and is a
DES
secret key encryption scheme based on the Lucifer algorithm from IBM. Cisco uses DES in classic
crypto (40-bit and 56-bit key lengths),
performs encryption three times using a 56-bit key. 3DES is more secure than DES but requires more
processing for encryption and decryption. See also AES, ESP.
Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses to hosts
DHCP
dynamically, so that addresses can be reused when hosts no longer need them and so that mobile
computers, such as laptops, receive an IP address applicable to the
A public key cryptography protocol that allows two parties to establish a shared secret over insecure
Diffie-Hellman
communications channels. Diffie-Hellman is used within
Diffie-Hellman is a component of
Diffie-Hellman refers to a type of public key cryptography using asymmetric encryption based on
Diffie-Hellman
Group 1, Group 2, large prime numbers to establish both Phase 1 and Phase 2 SAs. Group 1 provides a smaller prime
Group 5, Group 7 number than Group 2 but may be the only version supported by some
Group 5 uses a 1536-bit prime number, is the most secure, and is recommended for use with AES.
Group 7 has an elliptical curve field size of 163 bits and is for use with the Movian VPN client, but
works with any peer that supports Group 7 (ECC). See also
See certificate.
digital certificate
See interface.
DMZ
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
GL-4
TAPI and
is shared only between the sender and receiver.
Oakley
JTAPI applications. CTIQBE is used by the TAPI/JTAPI
key
IPSec crypto (56-bit key), and 3DES (triple DES), which
IKE to establish session keys.
key exchange.
VPN
secret key or public key
distribution mechanism, where a
LAN to which it is connected.
IPSec peers. Diffe-Hellman
and encryption.
OL-20748-01