|
Digital Signature: A one-way
MD5 or SHA-1 hash of a message encrypted with the private key of the message
originator, use to verify the integrity of a message and ensure non-repudiation.
Hash: A mathematical function
converts a message into a fixed-size numeric value known as a message digest
or hash. The MD5 algorithm produces
128-bit message digest, whereas the Secure Hash Algorithm-1 (SHA-1) generates
a 160-bit message digest. The hash of
a message is encrypted with the private key of the sender to produce the
digital signature.
Non-repudiation: A security
feature that prevents the sender of data from being able to deny ever having
sent the data.
Perimeter Network: A network
between the Internet and the protected internal network (the network or
computer that is connected to a Gateway which connects to the Internet
Gateway). The bastion host resides
on the perimeter network (between the two Gateways, also called demilitarized
zone – DMZ).
Port Scanning: The method for
discovering which ports are open (or which Internet service – e.g., telnet,
ftp etc.) are enabled.
Proxy Server: A server on the
bastion host that enables internal clients to access external servers and
external clients to access servers inside the protected network. Proxy servers can be configured for a
particular service (e.g., FTP, HTTP, SHH).
Public-key Cryptography: An
encryption method that uses a private and public key to encrypt and decrypt
the information sent over the Internet.
Anything encrypted with public
key can be decrypted with the corresponding private key, and vice versa.
|
