A

Provides remote access to a corporate intranet or extranet over a shared infrastructure with the same policies as a private network. Access VPNs enable users to access corporate resources whenever, wherever, and however they require. Access VPNs encompass analog, dial, ISDN, Digital Subscriber Line (DSL), mobile IP, and cable technologies to securely connect mobile users, telecommuters, or branch offices.

Access Control List.

Asymmetric Digital Subscriber Line. A type of DSL supporting upstream and downstream speeds that are different.

Authentication Header. A security protocol that provides authentication and optional replay-detection services. AH is embedded in the data to be protected (a full IP datagram, for example). AH can be used either by itself or with Encryption Security Payload (ESP).

Asynchronous Transfer Mode.

C

Call Admission Control.

Customer Edge router. This device is typically located at the customer site and connects to the service provider network. Same as CPE.

Cisco InfoCenter.

Competitive Local Exchange Carrier.

Central Office.

Class of Service. Classification of traffic that allows differentiated processing using prioritization and QOS features.

Customer Premises Equipment. Same as CE, more widely used in IPsec VPNs.

Cisco Subscriber Registration Center.

D

Data Encryption Standard. The DES was published in 1977 by the National Bureau of Standards and is a secret key encryption scheme based on the Lucifer algorithm from IBM. The contrast of DES is public-key. Cisco uses DES in classic crypto (40-bit and 56-bit key lengths), IPsec crypto (56-bit key), and on the PIX Firewall (56-bit key).

E

Links customers, suppliers, partners, or communities of interest to a corporate intranet over a shared infrastructure using dedicated connections. Businesses enjoy the same policies as a private network, including security, QoS, manageability, and reliability.

G

Generic Routing Encapsulation. Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. By connecting multiprotocol subnetworks in a single-protocol backbone environment, IP tunneling using GRE allows network expansion across a single-protocol backbone environment.

I

Intrusion Detection System.

Internet Key Exchange. A hybrid protocol that uses part Oakley and part of another protocol suite called SKEME inside the Internet Security Association and Key Management Protocol (ISAKMP) framework. IKE is used to establish a shared security policy and authenticated keys for services (such as IPsec) that require keys. Before any IPsec traffic can be passed, each router/firewall/host must be able to verify the identity of its peer. This can be done by manually entering pre-shared keys into both hosts, by a CA service, or the forthcoming secure DNS (DNSSec). This is the protocol formerly known as ISAKMP/Oakley, and is defined in The Internet Key Exchange (IKE). A potential point of confusion is that the acronyms "ISAKMP" and "IKE" are both used in Cisco IOS software to refer to the same thing. These two items are somewhat different, as you will see in the next definition.

Links corporate headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections. Businesses enjoy the same policies as a private network, including security, quality of service (QoS), manageability, and reliability.

IP Address Management.

Internet Security Association and Key Management Protocol. A protocol framework that defines the mechanics of implementing a key exchange protocol and negotiation of a security policy.

IP Solution Center 3.0

M

Message Digest 5. A one way hashing algorithm that produces a 128-bit hash. Both MD5 and Secure Hash Alogorithm (SHA) are variations on MD4, which is designed to strengthen the security of this hashing algorithm. SHA is more secure than MD4 and MD5. Cisco uses hashes for authentication within the IPsec framework.

O

Operations Support Systems.

Outsource Security/VPN Management provider.

P

Provider router. This device connects to one or more customer sites in the service provider network.

Point Of Presence or service provider center.

Q

Quality of Service. Features providing prioritization, policing, congestion management and shaping of the traffic based on its classification.

S

Service Level Agreement. Set of parameter values (e.g., availability) that the service provider agrees to provide to customers.

Security Operations Center.

A secure method of analyzing packets that places extensive information about a data packet in a table. In order for a session to be established, information about the connection must match information stored in the table.

V