Avaya 3.7 用户手册

A key exchange protocol used in IPSec as part of the Internet Key Exchange 
protocol.

Hardware or software mechanism used in firewalls to discards packets based 
on the contents of the packet headers.

Perfect Forward Secrecy defines a parameter of ISAKMP in which disclosure of 
long-term secret keying material does not compromise the secrecy of the 
exchanged keys from previous communications. Enabling Perfect Forward 
Secrecy is “more secure”. See the IETF draft-ietf-ipsec-oakley-02.txt for more 
information on Perfect Forward Secrecy. 

Public Key Infrastructure is the organization of certificate issuers and certificate 
management processes.

Preshared Secret is the simplest key management method used to construct a 
VPN. Authentication key exchanges between security gateways in the VPN are 
based on a single pre-shared secret known to all security gateways.

A special block of data used to identify the owner of a particular public key. It 
describes the value of a public key, the key’s owner, and the digital signature of 
the issuing authority. 

Remote Authentication Dial In User Service is a client/server remote user 
authentication protocol in widespread use. 

A mechanism of providing automatic backup of a secure tunnel between two 
endpoints. In practical application, a primary security gateway sends a 
“heartbeat” packets to a secondary security gateway every few seconds 
(configurable). Should the primary security gateway fail, the secondary security 
gateway will stop receiving the heartbeat packets. When this happens, the 
secondary security gateway switches over and takes on the role of primary 
security gateway.

Security Association is an IPSec agreement between to communicating 
devices on which authentication and encryption algorithms (including key 
lifetimes) are used.

A cryptographic key that has a finite life expectancy, typically for a single 
session. 

See Certificates, Signing