|
OpenConnect
OpenConnect is an open-source software application for connecting to virtual private networks (VPN), which implement secure point-to-point connections. It was originally written as an open-source replacement for Cisco's proprietary AnyConnect SSL VPN client, which is supported by several Cisco routers. The OpenConnect client added support for Juniper Networks' SSL VPN in version 7.05, then for Palo Alto Networks' GlobalProtect VPN in version 8.00, for Pulse/Junos VPN in version 8.04, and for Fortinet FortiGate, F5 BiGIP, and Array Networks in version 8.20. Protocols Cisco AnyConnect Cisco AnyConnect VPNs utilize TLS to authenticate and configure routing, then DTLS to efficiently encrypt and transport the tunneled VPN traffic, and can fall back to TLS-based transport where firewalls block UDP-based traffic. The DTLS protocol used by Cisco AnyConnect servers was based on a non-standard, pre-release draft of DTLS 1.0, until support for the DTLS 1.2 standard was added in ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications. It runs in the presentation layer and is itself composed of two layers: the TLS record and the TLS handshake protocols. The closely related Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications. In technical writing you often you will see references to (D)TLS when it applies to both versions. TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999, and the c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Virtual Private Network
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The benefits of a VPN include increases in functionality, security, and management of the private network. It provides access to resources that are inaccessible on the public network and is typically used for remote workers. Encryption is common, although not an inherent part of a VPN connection. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated circuits or with tunneling protocols over existing networks. A VPN available from the public Internet can provide some of the benefits of a wide area network (WAN). From a user perspective, the resources available within the private network can be accessed remotely. Types Virtual private networks may be classified into several categories: ;Remote acce ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Datagram Transport Layer Security
Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel. Definition The following documents define DTLS: * for use with User Datagram Protocol (UDP), * for use with Datagram Congestion Control Protocol (DCCP), * for use wi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GnuTLS
GnuTLS (, the GNU Transport Layer Security Library) is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network transport layer, as well as interfaces to access X.509, PKCS #12, OpenPGP and other structures. Features GnuTLS consists of a library that allows client applications to start secure sessions using the available protocols. It also provides command-line tools, including an X.509 certificate manager, a test client and server, and random key and password generators. GnuTLS has the following features: * TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols * Datagram TLS (DTLS) 1.2, and DTLS 1.0, protocols * TLS-SRP: Secure remote password protocol (SRP) for TLS authentication * TLS-PSK: Pre-shared key (PSK) for TLS authentication * X.509 and OpenPGP certificate handling * CPU assisted cryptography and cryptographic accelerator support ( ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Rekeying (cryptography)
In cryptography, rekeying refers to the process of changing the session key—the encryption key of an ''ongoing'' communication—in order to limit the amount of data encrypted with the same key. Roughly equivalent to the classical procedure of changing codes on a daily basis, the key is changed after a pre-set volume of data has been transmitted or a given period of time has passed. In contemporary systems, rekeying is implemented by forcing a new key exchange, typically through a separate protocol like Internet key exchange (IKE). The procedure is handled transparently to the user. A prominent application is Wi-Fi Protected Access (WPA), the extended security protocol for wireless networks that addresses the shortcomings of its predecessor, WEP, by frequently replacing session keys through the Temporal Key Integrity Protocol (TKIP), thus defeating some well-known key recovery attacks. In public key infrastructure, rekeying (or "re-keying") leads to issuance of new certifi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Keepalive
A keepalive (KA) is a message sent by one device to another to check that the link between the two is operating, or to prevent the link from being broken. Description Once a TCP connection has been established, that connection is defined to be valid until one side closes it. Once the connection has entered the connected state, it will remain connected indefinitely. But in reality the connection will not last indefinitely. Most firewall or NAT systems will close a connection if there has not been any activity in some time period. The Keep Alive signal can be used to trick intermediate hosts to not close the connection due to inactivity. It is also possible that one host is no longer listening (e.g. application or system crash). In this case the connection is closed, but no ```FIN``` was ever sent. In this case a KeepAlive packet can be used to interrogate a connection to check if it is still intact. A keepalive signal is often sent at predefined intervals, and plays an important r ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Dead Peer Detection
Dead Peer Detection (DPD) is a method of detecting a dead Internet Key Exchange (IKE) peer. The method uses IPsec traffic patterns to minimize the number of messages required to confirm the availability of a peer. DPD is used to reclaim the lost resources in case a peer is found dead and it is also used to perform IKE peer failover. References RFC 3706 - A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers {{compu-network-stub IPsec ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Client Certificate
In cryptography, a client certificate is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication Mutual authentication or two-way authentication (not to be confused with two-factor authentication) refers to two parties authenticating each other at the same time in an authentication protocol. It is a default mode of authentication in some proto ... designs, providing strong assurances of a requester's identity. See also * Client-authenticated TLS handshake References Public-key cryptography Key management {{Cryptography-stub ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenSSL
OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites. OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available. The OpenSSL Software Foundation (OSF) represents the OpenSSL project in most legal capacities including contributor license agreements, managing donations, and so on. OpenSSL Software Services (OSS) also represents the OpenSSL project for support contracts. OpenSSL is available for most Unix-like operating systems (including Linux, macOS, and BSD), Microsoft Windows and OpenVMS. Project history The OpenSSL ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
C (programming Language)
C (''pronounced like the letter c'') is a General-purpose language, general-purpose computer programming language. It was created in the 1970s by Dennis Ritchie, and remains very widely used and influential. By design, C's features cleanly reflect the capabilities of the targeted CPUs. It has found lasting use in operating systems, device drivers, protocol stacks, though decreasingly for application software. C is commonly used on computer architectures that range from the largest supercomputers to the smallest microcontrollers and embedded systems. A successor to the programming language B (programming language), B, C was originally developed at Bell Labs by Ritchie between 1972 and 1973 to construct utilities running on Unix. It was applied to re-implementing the kernel of the Unix operating system. During the 1980s, C gradually gained popularity. It has become one of the measuring programming language popularity, most widely used programming languages, with C compilers avail ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Check Point
Check Point is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management. , the company has approximately 6,000 employees worldwide. Headquartered in Tel Aviv, Israel and San Carlos, California, the company has development centers in Israel and Belarus and previously held in United States (ZoneAlarm), Sweden (former Protect Data development centre) following acquisitions of companies who owned these centers. The company has offices in over 70 locations worldwide including main offices in North America, 10 in the United States (including in San Carlos, California and Dallas, Texas), 4 in Canada (including Ottawa, Ontario) as well as in Europe (London, Paris, Munich, Madrid) and in Asia Pacific (Singapore, Japan, Bengaluru, Sydney) . History Check Point was established in Ramat Gan, Israel in 1993, by Gil Sh ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SonicWall
SonicWall is an American cybersecurity company that sells a range of Internet appliances primarily directed at content control and network security. These include devices providing services for network firewalls, unified threat management (UTM), virtual private networks (VPNs), virtual firewalls, SD-WAN, cloud security and anti-spam for email. The company also markets information subscription services related to their products. The company also assists in solving problems surrounding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI-DSS). Originally a private company headquartered in Silicon Valley, it went public in 1999, before delisting in 2010. On March 13, 2012, ''USA Today'' said that Dell had announced its intent to acquire SonicWall, which then had 130 patents and 950 employees. Dell's acquisition of SonicWall became official on May 9, 2012. On June 20, 2016, Dell sold SonicWall (pa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
