Kerio WinRoute Firewall 6.0




Глоссарий - часть 2


Kerberos

It is a standard protocol used for user authentication within Windows 2000/2003. Users connect to central servers ( Key Distribution Center — KDC) and the servers send them encrypted keys for connection to other servers within the network. In case of the Windows 2000/2003 domains, function of KDC is provided by the particular domain server.

LDAP

LDAP (Lightweight Directory Access Protocol) is an Internet protocol used to access directory services. Information about user accounts and user rights, about hosts included in the network, etc. are stored in the directories. Typically LDAP is used by email applications to search for email addresses and to delivery management (Microsoft Active Directory).

NAT

NAT (Network Address Translation ) stands for substitution of IP addresses in packets passing through the firewall:

  • source address translation (Source NAT, SNAT) — in packets going from local networks to the Internet source (private) IP addresses are substituted with the external (public) firewall address. Each packet sent from the local network is recorded in the NAT table. If any packet incoming from the Internet matches with a record included in this table, its destination IP address will be substituted by the IP address of the appropriate host within the local network and the packet will be redirected to this host. Packets that do not match with any record in the NAT table will be dropped.

  • destination address translation (Destination NAT, DNAT, it is also called port mapping) — is used to enable services in the local network from the Internet. If any packet incoming from the Internet meets certain requirements, its IP address will be substituted by the IP address of the local host where the service is running and the packet is sent to this host.

The NAT technology enables connection from local networks to the Internet using a single IP address. All hosts within the local network can access the Internet directly as if they were on a public network (certain limitations are applied). Services running on local hosts can be mapped to the public IP address.

Network mask




Содержание  Назад  Вперед