Novell BorderManager Glossary

Novell provides an exhaustive glossary of technical terms. Refer to that glossary for details of most of the networking terms. For more information on the Novell Glossary see Novell Glossary of Networking Terms. In this section we discuss some of the key terms used in Novell BorderManager VPN services and Novell Client Firewall 2.0 product that is available along with this release.

Authentication Rules

The data receiver knows who is the data sender. User authentication allows an administrator to grant or reject access to specific users from specific IP addresses, based on their user credentials. Authentication rules and policies are defined and stored in eDirectory and are globally managed through the iManager-based VPN services.

Certificate Authority

A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity. CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be.

Encryption

The process of scrambling or coding data for security purposes. Through encryption we translate data into a secret code. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.

Key Material Object

An eDirectory object that contains the public key, private key, certificate, and certificate chain. It is also known as a Key Material Object (KMO) or, in the eDirectory/NDS schema, as NDSPKI:Key Material.

Loopback

Is a special IP address (127.0.0.1) reserved for feedback when testing software on a node without having to dispatch the package on the network.

PKI

A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction.

Password Expiry Notice

A password is a secret series of characters that enables a user to access a file, computer, or program. On multi-user systems, each user must enter his or her password before the computer will respond to commands. The password helps ensure that unauthorized users do not access the computer. The expiry notice for a password can be set so that the password is null after that period.

Plug-in

Is an independent component that can be added or removed from a software package to extend the capability of that software. The software must be designed and built to support plug-ins. Plug-in technology allows third party developers to create plug-ins specific to that software enabling the software to do many more things.

Preset

A preset in NCF is a pre-defined setting or group of settings for an event or action. A preset can apply many settings simultaneously with one mouse click. This saves time for users who would otherwise need to apply each setting manually.

Pre Shared Key

The preshared key can be an ACSII text or hexadecimal character key.

Profiles

A control file that is usually easily modified and is used to customize aspects of a program.

Public Key

A cryptographic system two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key.

Referrer

Is part of the HTTP request that contains the URL of the last page visited before the request.

Spyware

Is hidden software or a concealed part of some software that is secretly or unknowingly installed on your computer. Spyware collects information (usually for marketing purposes) and sends it-without the user's knowledge-to the author or organization that originated the spyware

Stealth Mode

Stealth mode in NCF makes your computer invisible to hackers while letting you browse the Internet. Normally, when your computer receives a connection request from another computer, it lets that computer know that this port is closed. In stealth mode, your computer will not respond, making it seem like it is not turned on or not connected to the Internet.

Traffic Rules

Traffic Rules are policies that govern accessibility for a user through a VPN connection.

Trusted Root

An entity, usually a certification authority (CA), that a particular system recognizes and trusts to verify a public key. Any public key certificate signed by a trusted root is considered valid.

Trusted Root Certificate

A certificate that contains the public key of a trusted root.

Trusted Root Certificate Object

An eDirectory object that contains a trusted root certificate. The object's eDirectory schema name is NDSPKI:Trusted Root Object. The trusted root certificate can be exported and used as needed.

Trusted Root Container

An eDirectory object that contains Trusted Root Certificate objects. The container object's eDirectory schema name is NDSPKI:Trusted Root.

Trusted Root Object

Defines an object that holds a trusted root certificate from a trusted Certificate Authority.

Tunnel IP Address

The process of encapsulating a packet within a packet of a different protocol. Using tunneling, two networks based on the same protocol can communicate across a network based on a different protocol. Tunnel IP Address is the address used to route the encrypted traffic across the VPN network to reach the protected networks. It is the virtual Network Interface used to achieve IP/IPX tunneling and routing mechanism for site-to-site connections.

User Certificate

A user certificate provides the user the ability to prove his identity. In addition to vouching for the user's identity, the digital certificate will also enable you to encrypt and digitally sign transactions thus ensuring the confidentiality and integrity of your communications.

VPN Master

This is the NBM VPN gateway that is the Master of the site-to-site VPN network. The site-to-site configuration consisting of the site-to-site properties, VPN members, and VPN Policies are configured at the VPN Master, and the Master distributes the configuration to the VPN Slave servers. Additionally, if the site-to-site network uses Star topology, all the data traffic between the VPN Slave networks is routed through the VPN Master.

VPN Slave

The other NBM VPN gateways in a site-to-site VPN network are called VPN Slaves. The Slaves receive the site-to-site configuration including the site-to-site properties, VPN Members and the VPN Policies from the VPN Master.