Академический Документы
Профессиональный Документы
Культура Документы
A5 algorithm 780
AAA security model 872
accounting 873
address allocation 131
Address Resolution (ATMARP and InATMARP) 47
Address Resolution Protocol (ARP)
algorithm 122
BOOTP 126
cache 119
Ethernet 31, 120
Frame Relay 44
IEEE 802.2 standard 31
IEEE 802.x standards 120
IPv6 354
packet 120, 125
Proxy-ARP 123
reply 119
request 119
algorithm
block 779
Diffie-Hellman 784
digital signature 790, 837
key-exchange 783
public-key 781783
RSA 783
stream 779
symmetric 779780
anycast 86
application-level gateway 796
arithmetic, modular 783
ARPANET 14
Network Working Group 13
Assigned Numbers RFC 814
Asynchronous Transfer Mode 47
ATM 47, 51, 53, 56, 58
atm 50
ATM LAN emulation 56
ATMARP 47
ATM-Attached Host Functional Group (AHFG) 62
attacks 772
Authentication 773
authentication 36, 777, 779, 781, 786787, 800,
963
cache
ARP cache 119
ICMPv6 neighbor cache 356
CBC 779
CCITT 13
Cell 51
certificate 773, 832, 859
certificate authority 837, 881
certification authority (CA) 791
checksum
IPv6 333
chicken and egg problem 127
cipher 778
restricted 778
Cipher Block Chaining (CBC) 779
ciphertext 782
circuit-level gateway 796
Classical IP over ATM 50, 61
classless inter-domain routing (CIDR)
IP prefix 97
cleartext 777
client/server model 10
CLNP 40, 42
codebook 779
collision-resistant 785
combined tunnel 826
Commercial Internet Exchange (CIX) 17
Connections
ATM 47
FDDI 33
Frame Relay 41
ISDN 38
MPC+ 46
MPOA 60
964
PPP 35
SLIP 34
SONET 45
X.25 39
cryptanalysis 773, 777
cryptanalyst 793
cryptographic algorithm 778
cryptography 777, 785
strong 777
cryptography, strong 777
cryptosystem 783, 792
DARPA 13
Data Encryption Standard (DES) 779, 865
Data Link Connection Identifier (DLCI) 41
data-link layer 8
DCA 14
decryption 777778
Default Forwarder Function Group (DFFG) 63
default router 63
Defense Advanced Research Projects Agency
(DARPA) 13
Defense Communication Agency (DCA) 14
Demilitarized Zone (DMZ) 808
denial-of-service attack 772773, 813, 830, 879
Department of Defense (DoD) 14
DES 779, 783, 792, 865
destination options extension header 817, 822
DHCPv6 371
dictionary attack 772
Diffie-Hellman 783784, 793, 835836, 839840,
842, 844845
digital certificate 791
digital envelope 787
digital signature 781, 787, 838839
Digital Signature Standard 788, 831
discrete logarithms 783, 785
diskless host 126
Distributed Computing Environment (DCE) 469
DOI 833834
Domain Name System (DNS) 24
IPv6 381
IPv6 extensions 368
IPv6 inverse lookups 368
resource record (RR)
format 368
resource record for IPv6 368
e-business 862
ECB 779
Edge Device Functional Group (EDFG) 62
Electronic Codebook Mode (ECB) 779
Encapsulating Security Payload (ESP)
authentication 818, 824
Authentication Data 820
CDMF 819
combinations with AH 823
DES-CBC transform 819
encryption 818
ESP authentication data 818
ESP header 818
ESP trailer 818
HMAC-MD5 820
HMAC-SHA-1 820
integrity check 818
Integrity Check Value (ICV) 820
IP fragment 818
IPv6 environment 822
Next Header field 820
Pad Length 820
Padding 820
Payload Data 819
replay protection 819
Security Parameter Index (SPI) 819
Sequence Number 819
transform 810
transport mode 820, 824
tunnel mode 820, 824
encapsulation 812
encryption 777778, 787, 848
773
encryption algorithm 834
encryption key 778
ephemeral port 10
Ethernet
802.2 Logical Link Control (LLC) 31
ARP 31, 120
DIX 30, 120
DSAP 31
frame formats 30
header fields 30
IEEE 802.3 standard 30, 32
IEEE 802.4 standard 32
IEEE 802.5 standard 32
IEEE 802.x standards 127
IPv6 354
LSAP 31
protocol-type number 30
SNAP 31
SSAP 31
Subnetwork Access Protocol (SNAP) 31
Extended TACACS 873
factoring 782
FDDI 33
File Transfer Protocol (FTP)
normal mode 801
passive mode 801
proxy server 800801
Index
965
fingerprint 785
firewall 12, 776, 811, 829
advanced filtering 798
application-level gateway 807, 848
authentication 800
bastion host 807808
circuit-level gateway 803, 846
demilitarized zone 808
DMZ 808
dual-homed gateway 806
filter rules 797
FTP normal mode 801
FTP passive mode 801
FTP proxy 800801
HTTP proxy 800
IBM Firewall 800
inbound connections 804
introduction 12
logging 800
non-secure network 795
outbound connections 804
packet-filtering 797
packet-filtering firewall 805
packet-filtering router 808
packet-filtering rules 797
policy 776, 797
proxy 799, 804, 806
screened host firewall 807
screened subnet firewall 808
secure network 795
security ID cards 800
service level filtering 798
SOCKS 804
source/destination level filtering 798
TELNET proxy 801
Flags field 813
For Your Information (FYI) document 25
forwarding capacity 61
Fragment Offset 813
fragmentation 104
fragmentation extension header 817, 822
Frame Relay
ARP 44
Data Link Connection Identifier (DLCI) 41
Network Level Protocol ID (NLPID) 42
protocol data unit (PDU) 41
Subnetwork Access Protocol (SNAP) 42
virtual circuit 41
966
IAB 22
IASG Coordination Functional Group (ICFG) 62
ICMPv6 352
IDEA 780
IEEE 802.11 27
IEEE 802.x standards 31
IESG 21
impersonation 772
InATMARP 47
initialization vector 792
initialization vector (IV) 779
integrity check 779, 786
integrity checking 773
International Data Encryption Algorithm (IDEA) 780
Internet 1314
Acceptable Use Policy (AUP) 16
Advance Network and Services (ANS) 16
ANS CO+RE 16
Commercial Internet Exchange (CIX) 16
Commercial use of 16
Internet Architecture Board (IAB) 2122
Internet Assigned Numbers Authority (IANA) 21,
25, 86, 814
Internet Control Message Protocol (ICMP) 109
Address Mask Reply 117
Address Mask Request 117
Destination Unreachable 111
Echo 111
Echo Reply 111
MTU 104
Record Route option 107
routing options 105
Strict Source Routing option 106
timestamp 107
TTL 101
Internet Service Providers (ISPs) 17
Internet Society (ISOC) 21
Internet2
participants 19
Internet2 mission 18
Internetwork Address Sub-Group (IASG) 62
internetworking 13
internetwork-layer protocol 60
IP 50
protocol stack 125
IP address
exhaustion 86, 329
IP address exhaustion 329
IP datagram 98
introduction 8
IP datagram header 99
IP gateway 11
IP prefix 97
IP Security Architecture (IPSec)
combinations of AH and ESP 823
combined tunnel 826
concepts 810
cryptographic concepts 777
Diffie-Hellman algorithm 784
Diffie-Hellman key exchange 784
Digital Signature Algorithm 790
encapsulation 812
Hashed Message Authentication Code (HMAC)
789
HMAC 789
IPSec module 811
iterated tunneling 823
modulus 783784
nested tunneling 823
private exponent 784
private key 784
processing sequence 824
public exponent 784
public key 784
RSA algorithm 783
SA bundle 811, 823
Security Association (SA) 810
Security Association Database (SAD) 811
Index
967
968
ISAKMP/Oakley
application-layer security 839
authentication 783, 839840
authentication key 837
authentication mechanism 831, 839
authentication method 834
certificate 832, 837, 846
certificate authority 837
certificate payload 837, 839
Certificate Request message 838
certificates 840
composite value 836
cryptographic key 831
cryptographic keys 835, 837, 840
denial-of-service 830
destination port 833
Diffie-Hellman 832, 835836, 838840, 842,
845
Diffie-Hellman algorithm 784
digital signature 838839
Digital Signature Algorithm 790, 837
Digital Signature Standard 831
DOI 833834
Domain of Interpretation (DOI) 833834, 842
encryption 839
encryption algorithm 834
Encryption Bit 838
Encryption Flag 841
encryption key 837
exponent 835
Flags field 838
hash function 840
Hash Payload 842844
identity 835
identity payload 837839
Identity Protect exchange 832
Initiator Cookie 833834, 836
ISAKMP header 833834, 838839, 844
Key Exchange attribute 840
Key Exchange field 836
Key Exchange Payload 843
KEY_OAKLEY 834835
keying material 830, 836837, 844845
LDAP 838
man-in-the-middle 830
master key 832
master secret 831
Message 1 833, 841, 845
Message 2 834, 843, 845
B-channel 38
D-channel 38
maximum transmission unit (MTU) 39
NRZ encoding 38
PPP encapsulation 38
Primary Rate Interface (PRI) 38
ISO 13
ISP 829
iterated tunneling 823
ITU-T 13
IV 779
KAS 868
KDBM 870
Kerberos Authentication Server (KAS) 868
Kerberos Database Manager (KDBM) 870
Kerberos Key Distribution Server (KKDS) 871
Kerberos System
assumed goals
accounting 864
authentication 864
authorization 864
assumptions 864
authentication process 866, 870
authorization model 871
database management 870
naming 865
instance name 865
principal name 865
realm name 865
key length 782
key management 780, 848, 884
key refresh 773
keyed algorithm 778
key-exchange 780
key-exchange algorithm 783
keying material 830, 836, 844845
keyspace 778
KKDS 871
Index
969
latency 61
Layer 2 Forwarding (L2F) 875
Layer 2 Tunneling Protocol (L2TP) 875
Access Concentrator 876
LAC 876
LNS 876
NAS 876
Network Access Server 876
Network Server 876
security features 879
session 876
tunnel 876
LDAP 838
link layer 8
LIS 48
Logical IP Subnetwork (LIS) 53
long-term key 790
Loose Source Routing 105
Lotus Notes 792
LSAP 31
970
NAS 873
National Institute of Standards and Technology
(NIST) 788
National Science Foundation (NSF) 15
National Science Foundation Network (NFSNET)
15
National Security Agency (NSA) 788
neighbor discovery 353
nested tunneling 823
NetBIOS 812
Network Access Points (NAPs) 17
network access server 873
Network Control Program (NCP) 13
network interface layer 8
network layer 8
Next Generation Internet (NGI) initiative 18
NIST 788
nonce 835836, 841842, 844845
non-repudiation 773, 779, 782
NSA 788
packet-filtering 796
packet-filtering router 796
Path MTU Discovery 109
Perfect Forward Secrecy (PFS) 831, 840
per-session key 791
PFS 831, 840
PGP 780
physical layer 62
Ping 117
point of presence 875
Point-to-Point Protocol (PPP) 874
authentication 36
IP Control Protocol (IPCP) 37
IPCP 37
L2TP tunnel 877
LCP 36
Link Control Protocol (LCP) 36
NCP 36
Network Control Protocol (NCP) 36
Synchronous Digital Hierarchy (SDH) 45
Synchronous Optical Network (SONET) 45
Synchronous Payload Envelope (SPE) 46
Van Jacobson Header Compression 37
Point-to-Point Tunneling Protocol (PPTP) 875
prefix discovery 357
Pretty Good Privacy (PGP) 780
prime factor 790
prime number 782
principal identifier 865
private IP address 812
private key 780, 790
protocol number
in an IPv6 header 331
protocol virtual LAN (PVLAN) 60
proxy 796
proxy server 846
proxy-ARP 82
concept 123
pseudo-header
IPv6 333
pseudo-random function 834
pseudorandom generator 793
public key 780, 790791, 831, 860
public-key algorithm 782783
public-key algorithms 781
PVC 48
RADIUS 873
random function 793
random-number generator 792
RC2 794
RC4 794
Real-Time Transport Protocol 756
Index
971
RFC 1483 53
RFC 1492 873
RFC 1510 864
RFC 1518 9596
RFC 1518 - 1520 95
RFC 1519 95
RFC 1520 95, 98
RFC 1542 22, 126
RFC 1577 61
RFC 1579 803
RFC 1594 25
RFC 1618 38
RFC 1619 45
RFC 1661 35
RFC 1662 35
RFC 1700 25, 40, 48
RFC 1755 55
RFC 1809 346
RFC 1812 25
RFC 1827 818
RFC 1886 367368, 390
RFC 1905 640
RFC 1906 640
RFC 1918 89
RFC 1928 847848
RFC 1929 847
RFC 1961 847
RFC 2026 21
RFC 2050 89
RFC 2058 873
RFC 2131 130
RFC 2132 126, 129130, 134, 137
RFC 2138 873
RFC 2181 25
RFC 2185 379
RFC 2223 22
RFC 2225 50, 53
RFC 2236 119
RFC 2246 861
RFC 2341 875
RFC 2362 261
RFC 2373 339, 345, 390
RFC 2374 342
RFC 2375 344
RFC 2400 25, 50
RFC 2402 814, 817
RFC 2406 818, 822
RFC 2427 41
RFC 2460 346, 390
972
Index
973
subnet number 73
subnets 72
subnetting
static 74
variable length 74
Subnetwork Access Protocol (SNAP) 31, 40, 42
supernetting 96
SVC 48
symmetric algorithm 779780
symmetric-key 860
Synchronous Digital Hierarchy (SDH) 45
Synchronous Optical Network (SONET) 45
Synchronous Payload Envelope (SPE) 46
TACACS 873
TACACS+ 873
tapping the wire 772
TCP
SOCKS-enabled stack 847
TELNET
proxy server 801
Terminal Access Controller Access Control System
873
TGS 868
Ticket-Granting Server (TGS) 868
time stamp 782
time-to-live
IP 101
IPSec Authentication Header (AH) 813
IPv6 hop limit 332
Token-Ring LAN 33
transform 810
transparent subnetting 123
transport adjacency 823, 826
triple-DES 780
Trivial File Transfer Protocol (TFTP)
BOOTP 126
trust chain 792
tunnel 876
tunneling 381, 812, 848
two-way random number handshake 773
Type of Service (TOS) 813
type-length-value (TLV) 335
unicast
address 84
974
well-known port 10
Wireless Application Protocol (WAP) 27
X.25
Call Request packet 39
Call User Data (CUD) 39
network-layer protocol identifier (NLPID) 39
Organizationally Unique Identifier (OUI) 41
Protocol Data Unit (PDU) 39
Protocol Identifier (PID) 41
Subnetwork Access Protocol (SNAP) 40
Subsequent Protocol Identifier (SPI) 39
virtual circuits 39
X.509 certificates 861
XTACACS 873